$PANW Risk Factor changes from 00/09/01/23/2023 to 00/09/06/24/2024

Item 1A. Risk FactorsOur operations and financial results are subject to various risks and uncertainties including those described below. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks or others not specified below materialize, our business, financial condition, and operating results could be materially adversely affected, and the market price of our common stock could decline. In addition, the impacts of any worsening of the economic environment may exacerbate the risks described below, any of which could have a material impact on us. Risk Factor SummaryOur business is subject to numerous risks and uncertainties. These risks include, but are not limited to, the following:•Our operating results may be adversely affected by unfavorable economic and market conditions and the uncertain geopolitical environment.•Our business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected.•Our revenue growth rate in recent periods may not be indicative of our future performance, and we may not be able to maintain profitability, which could cause our business, financial condition, and operating results to suffer.•Our operating results may vary significantly from period to period, which makes our results difficult to predict and could cause our results to fall short of expectations, and such results may not be indicative of future performance.•Seasonality may cause fluctuations in our revenue.•If we are unable to sell new and additional product, subscription, and support offerings to our end-customers, especially to large enterprise customers, our future revenue and operating results will be harmed.•If we are unable to attract new customers, our future results of operations could be harmed.•We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales or renewals of these subscription and support offerings are not immediately reflected in full in our operating results.•The sales prices of our products, subscriptions, and support offerings may decrease, which may reduce our revenue and gross profits and adversely impact our financial results.•We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited and our operating results will be harmed.•We are exposed to the credit and liquidity risk of our customers, and to credit exposure in weakened markets, which could result in material losses.•A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.•We face intense competition in our market and we may lack sufficient financial or other resources to maintain or improve our competitive position.•We may acquire other businesses, which could subject us to adverse claims or liabilities, require significant management attention, disrupt our business, adversely affect our operating results, may not result in the expected benefits of such acquisitions, and may dilute stockholder value.•If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed.•Issues in the development and deployment of AI may result in reputational harm and legal liability and could adversely affect our results of operations. •A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability, and adversely impact our financial results.•Defects, errors, or vulnerabilities in our products, subscriptions, or support offerings, the failure of our products or subscriptions to block a virus or prevent a security breach or incident, misuse of our products, or risks of product liability claims could harm our reputation and adversely impact our operating results.•Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results.- 15 -Table of Contents•Claims by others that we infringe their intellectual property rights could harm our business.•Our proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.•Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.•We license technology from third parties, and our inability to maintain those licenses could harm our business.•Because we depend on manufacturing partners to build and ship our hardware products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers.•Managing the supply of our hardware products and product components is complex. Insufficient supply and inventory would result in lost sales opportunities or delayed revenue, while excess inventory would harm our gross margins.•Because some of the key components in our hardware products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which, in certain cases, have disrupted or delayed our scheduled product deliveries to our end-customers, increased our costs and may result in the loss of sales and end-customers.•If we are unable to attract, retain, and motivate our key technical, sales, and management personnel, our business could suffer.•We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.•We are exposed to fluctuations in foreign currency exchange rates, which could negatively affect our financial condition and operating results.•We face risks associated with having operations and employees located in Israel.•We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.•We may incur increased costs to comply with privacy and data protection laws and, if we fail to comply, we could be subject to government enforcement actions, private litigation and adverse publicity.•If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.•We are obligated to maintain proper and effective internal control over financial reporting. We may not complete our analysis of our internal control over financial reporting in a timely manner, or our internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.•Our reputation and/or business could be negatively impacted by ESG matters and/or our reporting of such matters.•Failure to comply with governmental laws and regulations could harm our business.•We may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change, or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes.•We may still incur substantially more debt or take other actions that would diminish our ability to make payments on our Notes when due.•The market price of our common stock historically has been volatile, and the value of an investment in our common stock could decline.•The convertible note hedge and warrant transactions may affect the value of our common stock.•The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute stock held by all other stockholders.•We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance shareholder value, and share repurchases could affect the price of our common stock.•We do not intend to pay dividends for the foreseeable future.•Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock.•Our business is subject to the risks of earthquakes, fire, power outages, floods, health risks, and other catastrophic events, and to interruption by man-made problems, such as terrorism.- 16 -Table of ContentsRisks Related to Global Economic and Geopolitical ConditionsOur operating results may be adversely affected by unfavorable economic and market conditions and the uncertain geopolitical environment.We operate globally, and as a result, our business and revenues are impacted by global economic and geopolitical conditions. The instability in the global credit markets, inflation, changes in public policies such as domestic and international regulations, taxes, any increases in interest rates, fluctuations in foreign currency exchange rates, or international trade agreements, international trade disputes, geopolitical turmoil, and other disruptions to global and regional economies and markets continue to add uncertainty to global economic conditions.U.”) has imposed restrictive sanctions on Russia, Russian entities, and Russian citizens (“Sanctions on Russia”). We are subject to these governmental sanctions and export controls, which may subject us to liability if we are not in full compliance with applicable laws. Any continued or further uncertainty, weakness or deterioration in economic and market conditions or the geopolitical environment could have a material and adverse impact on our business, financial condition, and results of operations, including reductions in sales of our products and subscriptions, longer sales cycles, reductions in subscription or contract duration and value, slower adoption of new technologies, alterations in the spending patterns or priorities of current and prospective customers (including delaying purchasing decisions), increased costs for the chips and components to manufacture our products, and increased price competition.Risks Related to Our BusinessRISKS RELATED TO OUR GROWTHOur business and operations have experienced growth in recent periods, and if we do not effectively manage any future growth or are unable to improve our systems, processes, and controls, our operating results could be adversely affected.We have experienced growth and increased demand for our products and subscriptions over the last few years. As a result, our employee headcount has increased, and we expect it to continue to grow over the next year. For example, from the end of fiscal 2023 to the end of fiscal 2024, our headcount increased from 13,948 to 15,289 employees. In addition, as we have grown, the number of end-customers has also increased, and we have managed more complex deployments of our products and subscriptions with larger end-customers. The growth and expansion of our business and product, subscription, and support offerings places a significant strain on our management, operational, and financial resources. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner.We may not be able to successfully implement, scale, or manage improvements to our systems, processes, and controls in an efficient or timely manner, which could result in material disruptions of our operations and business. In addition, our existing systems, processes, and controls may not prevent or detect all errors, omissions, or fraud. We may also experience difficulties in managing improvements to our systems, processes, and controls, or in connection with third-party software licensed to help us with such improvements. Any future growth would add complexity to our organization and require effective coordination throughout our organization. Failure to manage any future growth effectively could result in increased costs, disrupt our existing end-customer relationships, reduce demand for or limit us to smaller deployments of our products, or materially harm our business performance and operating results. Our revenue growth rate in recent periods may not be indicative of our future performance, and we may not be able to maintain profitability, which could cause our business, financial condition, and operating results to suffer.We have experienced revenue growth rates of 16. Our revenue for any quarterly or annual period should not be relied upon as an indication of our future revenue or revenue growth for any future period. If we are unable to maintain consistent or increasing revenue or revenue growth, the market price of our common stock could be volatile, and it may be difficult for us to maintain profitability or maintain or increase cash flow on a consistent basis. We anticipate that our operating expenses will continue to increase in the foreseeable future as we continue to grow our business. Our growth efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenues sufficiently, or at all, to offset increasing expenses. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our products or subscriptions, increasing competition, a decrease in the growth of, or a demand shift in, our overall market, or a failure to capitalize on growth opportunities. We have also entered into a substantial amount of capital commitments for operating lease obligations and other purchase commitments. Any failure to increase our revenue as we grow our business could prevent us from maintaining profitability or maintaining or increasing cash flow on a consistent basis, or satisfying our capital commitments. If we are unable to navigate these challenges as we encounter them, our business, financial condition, and operating results may suffer.Our operating results may vary significantly from period to period, which makes our results difficult to predict and could cause our results to fall short of expectations, and such results may not be indicative of future performance.Our operating results have fluctuated in the past, and will likely continue to fluctuate in the future, as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including those factors described in this Risk Factor section. For example, we have historically received a substantial portion of sales orders and generated a substantial portion of revenue during the last few weeks of each fiscal quarter. If expected revenue at the end of any fiscal quarter is delayed for any reason, including the failure of anticipated purchase orders to materialize (particularly for large enterprise end-customers with lengthy sales cycles), our logistics partners’ inability to ship products prior to fiscal quarter-end to fulfill purchase orders received near the end of a fiscal quarter, our failure to manage inventory to meet demand, any failure of our systems related to order review and processing, or any delays in shipments based on trade compliance requirements (including new compliance requirements imposed by new or renegotiated trade agreements), our revenue could fall below our expectations and the estimates of analysts for that quarter. Due to these fluctuations, comparing our revenue, margins, or other operating results on a period-to-period basis may not be meaningful, and our past results should not be relied on as an indication of our future performance. This variability and unpredictability could also result in our failure to meet our revenue, margin, or other operating result expectations contained in any forward-looking statements (including financial or business expectations we have provided) or those of securities analysts or investors for a particular period. If we fail to meet or exceed such expectations for these, or any other, reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.Seasonality may cause fluctuations in our revenue.We believe there are significant seasonal factors that may cause our second and fourth fiscal quarters to record greater revenue sequentially than our first and third fiscal quarters. We believe that this seasonality results from a number of factors, including:•end-customers with a December 31 fiscal year-end choosing to spend remaining unused portions of their discretionary budgets before their fiscal year-end, which potentially results in a positive impact on our revenue in our second fiscal quarter;•our sales compensation plans, which are typically structured around annual quotas and commission rate accelerators, which potentially results in a positive impact on our revenue in our fourth fiscal quarter; and•the timing of end-customer budget planning at the beginning of the calendar year, which can result in a delay in spending at the beginning of the calendar year, potentially resulting in a negative impact on our revenue in our third fiscal quarter.As we continue to grow, seasonal or cyclical variations in our operations may become more pronounced, and our business, operating results, and financial position may be adversely affected.RISKS RELATED TO OUR PRODUCTS AND TECHNOLOGYIf we are unable to sell new and additional product, subscription, and support offerings to our end-customers, especially to large enterprise customers, our future revenue and operating results will be harmed. If our efforts to sell additional products and subscriptions to our end-customers are not successful, our revenues may grow more slowly than expected or decline.- 18 -Table of ContentsSales to large enterprise end-customers, which is part of our growth strategy, involve risks that may not be present, or that are present to a lesser extent, with sales to smaller entities, such as (a) longer sales cycles and the associated risk that substantial time and resources may be spent on a potential end-customer that elects not to purchase our products, subscriptions, and support, and (b) increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements. Deployments for large enterprise end-customers are also more complex, require greater product functionality, scalability, and a broader range of services, and are more time-consuming. All of these factors add further risk to business conducted with these end-customers. Failure to realize sales from large enterprise end-customers could materially and adversely affect our business, operating results, and financial condition.If we are unable to attract new customers, our future results of operations could be harmed.To increase our revenue and maintain profitability, we must add new customers. To do so, we must successfully convince prospective customers of the value of adopting our solutions. We are engaging in costly marketing and sales efforts to accelerate platformization and attract new customers, which may fail or may not be as successful as intended or at all. Additionally, prospective customers’ decisions to purchase our solutions depend on a variety of factors, many of which are out of our control. These factors significantly impact our ability to add new customers and increase the time, resources and sophistication required to do so. For example, prospective customers may face real or perceived switching costs when switching to our solutions from legacy security vendors and products. Deployment of our solutions may require a significant commitment of resources from our customers. Any deterioration in general economic conditions, including as a result of the geopolitical environment or inflation (as well as government policies such as raising interest rates in response to inflation), have in the past caused, and may in the future cause, our current and prospective customers to delay or cut their overall security and IT operations spending. If our efforts to attract new customers are not successful, our sales may not grow as quickly as anticipated, or at all, and our business, operating results, and financial condition will be harmed.We rely on revenue from subscription and support offerings, and because we recognize revenue from subscription and support over the term of the relevant service period, downturns or upturns in sales or renewals of these subscription and support offerings are not immediately reflected in full in our operating results.Subscription and support revenue accounts for a significant portion of our revenue, comprising 80.1% of total revenue in fiscal 2023, and 75.2% of total revenue in fiscal 2022. Sales and renewals of subscription and support contracts may decline and fluctuate as a result of a number of factors, including end-customers’ level of satisfaction with our products and subscriptions, the frequency and severity of subscription outages, our product uptime or latency, the prices of our products and subscriptions, and reductions in our end-customers’ spending levels. Existing end-customers have no contractual obligation to, and may not, renew their subscription and support contracts after the completion of their initial contract period. Additionally, our end-customers may renew their subscription and support agreements for shorter contract lengths or on other terms that are less economically beneficial to us. If our sales of new or renewal subscription and support contracts decline, our total revenue and revenue growth rate may decline, and our business will suffer. In addition, because we recognize subscription and support revenue over the term of the relevant service period, which is typically one to five years, a decline in subscription or support contracts in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter but will negatively affect our revenue in future fiscal quarters.The sales prices of our products, subscriptions, and support offerings may decrease, which may reduce our revenue and gross profits and adversely impact our financial results.The sales prices for our products, subscriptions, and support offerings may decline for a variety of reasons, including competitive pricing pressures, discounts, a change in our mix of products, subscriptions, and support offerings, anticipation of the introduction of new products, subscriptions, or support offerings, or promotional programs or pricing pressures. Furthermore, we anticipate that the sales prices and gross profits for our products could decrease over product life cycles. Declining sales prices could adversely affect our revenue, gross profits, and profitability.We rely on our channel partners to sell substantially all of our products, including subscriptions and support, and if these channel partners fail to perform, our ability to sell and distribute our products and subscriptions will be limited and our operating results will be harmed.Substantially all of our revenue is generated by sales through our channel partners, including distributors and resellers.0% of our total revenue. As of July 31, 2024, two distributors individually represented 10% or more of our gross accounts receivable and in the aggregate represented 31.5% of our gross accounts receivable. In addition, our channel partners may be unsuccessful in marketing, selling, and supporting our products and subscriptions. We may not be able to incentivize these channel partners to sell our products and subscriptions to end-customers and, in particular, to large enterprises. These channel partners may also have incentives to promote our competitors’ products and may devote more resources to the marketing, sales, and support of competitive products. Our agreements with our channel partners may generally be terminated for any reason by either party with advance notice prior to each annual renewal date. We cannot be certain that we will retain these channel partners or that we will be able to secure additional or replacement channel partners. In addition, any new channel partner requires extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability, and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products or subscriptions to end-customers or violate laws or our corporate policies. If we fail to effectively manage our sales channels or channel partners, our ability to sell our products and subscriptions and operating results will be harmed.We are exposed to the credit and liquidity risk of our customers, and to credit exposure in weakened markets, which could result in material losses.Most of our sales are made on an open credit basis. Beyond our open credit arrangements, we have also experienced demands for customer financing and deferred payments due to, among other things, macro-economic conditions. Increases in deferred payments result in payments being made over time, negatively impacting our short-term cash flows, and subject us to risk of non-payment by our customers, including as a result of insolvency. We monitor customer payment capability in granting such financing arrangements, seek to limit the amounts to what we believe customers can pay and maintain reserves we believe are adequate to cover exposure for doubtful accounts to mitigate credit risks of these customers. However, there can be no assurance that these programs will be effective in reducing our credit risks. To the degree that turmoil in the credit markets makes it more difficult for some customers to obtain financing, those customers’ ability to pay could be adversely impacted, which in turn could have a material adverse impact on our business, operating results, and financial condition.Our exposure to the credit risks relating to the financing activities described above may increase if our customers are adversely affected by a global economic downturn or periods of economic uncertainty. If we are unable to adequately control these risks, our business, operating results, and financial condition could be harmed. In addition, in the past, we have experienced non-material losses due to bankruptcies among customers. If these losses increase due to global economic conditions, they could harm our business and financial condition.A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. The substantial majority of our sales to date to government entities have been made indirectly through our channel partners. Government certification requirements for products and subscriptions like ours may change, thereby restricting our ability to sell into the federal government sector until we have attained the revised certification. If our products and subscriptions are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products, subscriptions, and support offerings to such governmental entity, or be at a competitive disadvantage, which would harm our business, operating results, and financial condition. Government demand and payment for our products, subscriptions, and support offerings may be impacted by government shutdowns, public sector budgetary cycles, contracting requirements, and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products, subscriptions, and support offerings. Government entities may have statutory, contractual, or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future operating results. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our products, subscriptions, and support offerings, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely impact our operating results in a material way. Additionally, the U.S. government may require certain of the products that it purchases to be manufactured in the United States and other relatively high-cost manufacturing locations, and we may not manufacture all products in locations that meet such requirements, affecting our ability to sell these products, subscriptions, and support offerings to the U.S. government.The industry for enterprise security products is intensely competitive, and we expect competition to increase in the future from established competitors and new market entrants. They may be able to devote greater resources to the promotion and sale of products and services than we can, and they may offer lower pricing than we do. Further, they may have greater resources for research and development of new technologies, the provision of customer support, and the pursuit of acquisitions. They may also have larger and more mature intellectual property portfolios, and broader and more diverse product and service offerings, which allow them to leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products and subscriptions, including incorporating cybersecurity features into their existing products or services and product bundling, selling at zero or negative margins, and offering concessions or a closed technology offering. Some competitors may have broader distribution and established relationships with distribution partners and end-customers. Other competitors specialize in providing protection from a single type of security threat, which may allow them to deliver these specialized security products to the market more quickly than we can.We also face competition from companies that have entrenched legacy offerings at end-user customers. End-user customers have also often invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier such as us. In addition, as our customers refresh the security products bought in prior years, they may seek to consolidate vendors, which may result in current customers choosing to purchase products from our competitors. Due to budget constraints or economic downturns, organizations may add solutions to their existing network security infrastructure rather than replacing it with our products and subscriptions.Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors, or continuing market consolidation. Our competitors and potential competitors may be able to develop new or disruptive technologies, products, or services, and leverage new business models that are equal or superior to ours, achieve greater market acceptance of their products and services, disrupt our markets, and increase sales by utilizing different distribution channels than we do. In addition, new and enhanced technologies, including AI and machine learning, continue to increase our competition. To compete successfully, we must accurately anticipate technology developments and deliver innovative, relevant, and useful products, services, and technologies in a timely manner. Some of our competitors have made or could make acquisitions of businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered and adapt more quickly to new technologies and end-customer needs. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. If we are unable to compete successfully, or if competing successfully requires us to take aggressive pricing or other actions, our business, financial condition, and results of operations would be adversely affected.We may acquire other businesses, which could subject us to adverse claims or liabilities, require significant management attention, disrupt our business, adversely affect our operating results, may not result in the expected benefits of such acquisitions, and may dilute stockholder value.As part of our business strategy, we acquire and make investments in complementary companies, products, or technologies. The identification of suitable acquisition candidates is difficult, and we may not be able to complete such acquisitions on favorable terms, if at all. In addition, we may be subject to claims or liabilities assumed from an acquired company, product, or technology; acquisitions we complete could be viewed negatively by our end-customers, investors, and securities analysts; and we may incur costs and expenses necessary to address an acquired company’s failure to comply with laws and governmental rules and regulations. Additionally, we may be subject to litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders, or other third parties, which may differ from or be more significant than the risks our business faces. Any integration process may require significant time and resources, which may disrupt our ongoing business and divert management’s attention, and we may not be able to manage the integration process successfully or in a timely manner. We may have difficulty retaining key personnel of the acquired business. In addition, any acquisitions may be viewed negatively by our customers, financial markets, or investors and may not ultimately strengthen our competitive position or achieve our goals and business strategy.We may have to pay cash, incur debt, or issue equity or equity-linked securities to pay for any future acquisitions, each of which could adversely affect our financial condition or the market price of our common stock. Furthermore, the sale of equity or issuance of equity-linked debt to finance any future acquisitions could result in dilution to our stockholders. The occurrence of any of these risks could harm our business, operating results, and financial condition.If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product and subscription introductions and transitions to meet changing end-customer needs in the enterprise security industry, our competitive position and prospects will be harmed.The enterprise security industry has grown quickly and continues to evolve rapidly. Moreover, many of our end-customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems, and networking protocols. If we fail to effectively anticipate, identify, and respond to rapidly evolving technological and market developments in a timely manner, our business will be harmed. In order to anticipate and respond effectively to rapid technological changes and market developments, as well as evolving security threats, we must invest effectively in research and development to increase the reliability, availability, and scalability of our existing products and subscriptions and introduce new products and subscriptions. Our investments in research and development, including investments in AI, may not result in design or performance improvements, marketable products, subscriptions, or features, or may not achieve the cost savings or additional revenue that we expect. In addition, new and evolving products and services, including those that use AI, require significant investment and raise ethical, technological, legal, regulatory, and other challenges, which may negatively affect our brands and demand for our products and services. Because all of these investment areas are inherently risky, no assurance can be given that such strategies and offerings will be successful or will not harm our reputation, financial condition, and operating results.In addition, we must continually change our products and expand our business strategy in response to changes in network infrastructure requirements, including the expanding use of cloud computing. For example, organizations are moving portions of their data to be managed by third parties, primarily infrastructure, platform, and application service providers, and may rely on such providers’ internal security measures. While we have historically been successful in developing, acquiring, and marketing new products and product enhancements that respond to technological change and evolving industry standards, we may not be able to continue to do so, and there can be no assurance that our new or future offerings will be successful or will achieve widespread market acceptance. If we fail to accurately predict and address end-customers’ changing needs and emerging technological trends in the enterprise security industry, including in the areas of AI, mobility, virtualization, cloud computing, and software-defined networks, our business could be harmed. The technology in our portfolio is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, while minimizing the impact on network performance. Additionally, some of our new features and related enhancements may require us to develop new hardware architectures that involve complex, expensive, and time-consuming research and development processes. The development of our portfolio is difficult and the timetable for commercial release and availability is uncertain as there can be long time periods between releases and availability of new features. If we experience unanticipated delays in the availability of new products, features, and subscriptions, and fail to meet customer expectations for such availability, our competitive position and business prospects will be harmed. The success of new features depends on several factors, including appropriate new product definition, differentiation of new products, subscriptions, and features from those of our competitors, and market acceptance of these products, services, and features. Moreover, successful new product introduction and transition depends on a number of factors, including our ability to manage the risks associated with new product production ramp-up issues, the availability of application software for new products, the effective management of purchase commitments and inventory, the availability of products in appropriate quantities and costs to meet anticipated demand, and the risk that new products may have quality or other defects or deficiencies, especially in the early stages of introduction. There can be no assurance that we will successfully identify opportunities for new products and subscriptions, develop and bring new products and subscriptions to market in a timely manner, achieve market acceptance of our products and subscriptions, or that products, subscriptions, and technologies developed by others will not render our products, subscriptions, and technologies obsolete or noncompetitive. We have incorporated, and are continuing to develop and deploy, AI into many of our products and solutions, including services that support our products and solutions. We are also incorporating AI into the operations of our business. For example, AI algorithms may have flaws, and datasets used to train models may be insufficient or contain biased information. The AI that is being incorporated into our products, solutions, and business operation tools may not be successful or beneficial, and instead may cause technical, legal or ethical problems or result in increased costs. The investments that we are making across our business in AI reflect our ongoing efforts to innovate and provide products and services that are useful to our customers, as well as provide efficiencies in our business. Such investments ultimately may not be commercially viable or may not result in an adequate return of capital and we may incur unanticipated liabilities. These efforts could subject us to regulatory risk, legal liability, including under new proposed legislation regulating AI in jurisdictions such as the E.U. and regulations being considered in other jurisdictions, or brand or reputational harm.The rapid evolution of AI, including potential government regulation of AI, requires us to invest significant resources to develop, test, and maintain AI in our products and services in a manner that meets evolving requirements and expectations. The rules and regulations adopted by policymakers over time may require us to make changes to our business practices. Developing, testing, and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems. The use or adoption of AI technologies in our products may result in exposure to claims by third parties of copyright infringement or other intellectual property misappropriation, which may require us to pay compensation or license fees to third parties. The evolving legal, regulatory, and compliance framework for AI technologies may also impact our ability to protect our own data and intellectual property against infringing use.A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability, and adversely impact our financial results.Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. In addition to traditional computer “hackers,” malicious code (such as viruses and worms), phishing attempts, employee theft or misuse, and denial of service attacks, sophisticated nation-state and nation-state supported actors engage in intrusions and attacks (including advanced persistent threat intrusions and supply chain attacks), and add to the risks to our internal networks, cloud-deployed enterprise and customer-facing environments and the information they store and process. Incidences of cyberattacks and other cybersecurity breaches and incidents have increased and are likely to continue to increase. We and our third-party service providers face security threats and attacks from a variety of sources. Despite our efforts and processes to prevent breaches of our internal networks, systems, and websites, our data, corporate systems, and security measures, as well as those of our third-party service providers, are still vulnerable to computer viruses, break-ins, phishing attacks, ransomware attacks, or other types of attacks from outside parties, or breaches due to employee error, malfeasance, or some combination of these. We cannot guarantee that the measures we have taken to protect our networks, systems, and websites will provide adequate security. Furthermore, as a well-known provider of security solutions, we may be a more attractive target for such attacks. The conflict in Ukraine and associated activities in Ukraine and Russia may increase the risk of cyberattacks on various types of infrastructure and operations, and the United States government has warned companies to be prepared for a significant increase in Russian cyberattacks in response to the Sanctions on Russia. A security breach or incident, or an attack against our service availability suffered by us, or our third-party service providers, could impact our networks or networks secured by our products and subscriptions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our products. In addition, the information stored or otherwise processed on our networks, or those of our third-party service providers, could be accessed, publicly disclosed, altered, lost, stolen, rendered unavailable, or otherwise used or processed without authorization, which could subject us to liability and cause us financial harm. Any actual or perceived breach of security in our systems or networks, or any other actual or perceived data security incident we or our third-party service providers suffer, could result in significant damage to our reputation, negative publicity, loss of channel partners, end-customers, and sales, loss of competitive advantages over our competitors, increased costs to remedy any problems and otherwise respond to any incident, regulatory investigations and enforcement actions, demands, costly litigation, and other liability. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating, and putting in place additional tools, devices, and other measures designed to prevent actual or perceived security breaches and other security incidents, as well as the costs to comply with any notification obligations resulting from any security incidents. Any of these negative outcomes could adversely impact the market perception of our products and subscriptions and end-customer and investor confidence in our company and could seriously harm our business or operating results.Because our products and subscriptions are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their commercial release and deployment by our end-customers. For example, from time to time, certain of our end-customers have reported defects in our products related to performance, scalability, and compatibility. Additionally, defects or vulnerabilities may cause our products or subscriptions to become temporarily unavailable, to be vulnerable to security attacks, cause them to fail to help secure networks, or temporarily interrupt end-customers’ networking traffic, or the availability of other information technology infrastructure or systems. For example, in April 2024, we became aware of a command injection vulnerability in the GlobalProtect feature of certain versions of our PAN-OS software. To remediate the matter, we published a security advisory to advise customers, provided software updates for affected PAN-OS versions, and are actively engaged in customer outreach, support and remediation efforts for potentially impacted customers. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques and provide a solution in time to protect our end-customers’ networks. In addition, due to the Russian invasion of Ukraine, there could be a significant increase in Russian cyberattacks against our customers, resulting in an increased risk of a security breach of our end-customers’ systems.Furthermore, defects or errors in products or software or updates to those products or software could result in a failure to effectively update end-customers’ hardware and cloud-based products or otherwise cause problems in our customers hardware, networks or information technology infrastructure or systems. The data centers, networks, and cloud infrastructure that we use to deliver our products and services may experience technical failures and downtime or may fail to meet the increased requirements of a growing installed end-customer base, any of which could temporarily or permanently expose our end-customers’ networks, leaving their networks unprotected against the latest security threats. Moreover, our products must interoperate with our end-customers’ existing infrastructure, which often have varied specifications, utilize multiple protocol standards, deploy products from multiple vendors, and contain multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. Any such technical failure, downtime or failures in general may temporarily or permanently disable our end-customers’ networks, information technology infrastructure or other systems, or expose our end-customers’ networks to attacks from security threats.Further, our products and subscriptions may be misused by end-customers or third parties that obtain access to our products and subscriptions. For example, our products and subscriptions could be used to censor private access to certain information on the Internet. Such use of our products and subscriptions for censorship could result in negative press coverage and negatively affect our reputation.The limitation of liability provisions in our standard terms and conditions of sale may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. The sale and support of our products and subscriptions also entails the risk of product liability claims. Although we may be indemnified by our third-party manufacturers for product liability claims arising out of manufacturing defects, because we control the design of our products and subscriptions, we may not be indemnified for product liability claims arising out of design defects. While we maintain insurance coverage for certain types of losses, our insurance coverage may not adequately cover any claim asserted against us, if at all. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our reputation. This risk is heightened by the inclusion of a “heuristics” feature in our products and subscriptions, which attempts to identify applications and other threats not based on any known signatures but based on characteristics or anomalies which indicate that a particular item may be a threat. These false positives may impair the perceived reliability of our products and subscriptions and may therefore adversely impact market acceptance of our products and subscriptions and could result in damage to our reputation, negative publicity, loss of channel partners, end-customers and sales, increased costs to remedy any problem, and costly litigation.Our ability to sell our products and subscriptions is dependent on the quality of our technical support services and those of our channel partners, and the failure to offer high-quality technical support services could have a material adverse effect on our end-customers’ satisfaction with our products and subscriptions, our sales, and our operating results.After our products and subscriptions are deployed within our end-customers’ networks, our end-customers depend on our technical support services, as well as the support of our channel partners, to resolve any issues relating to our products. Many larger enterprise, service provider, and government entity end-customers have more complex networks and require higher levels of support than smaller end-customers. If our channel partners do not effectively provide support to the satisfaction of our end-customers, we may be required to provide direct support to such end-customers, which would require us to hire additional personnel and to invest in additional resources. If we are not able to hire such resources fast enough to keep up with unexpected demand, support to our end-customers will be negatively impacted, and our end-customers’ satisfaction with our products and subscriptions will be adversely affected. Additionally, to the extent that we may need to rely on our sales engineers to provide post-sales support while we are ramping up our support resources, our sales productivity will be negatively impacted, which would harm our revenues. Accordingly, our failure, or our channel partners’ failure, to provide and maintain high-quality support services could have a material adverse effect on our business, financial condition, and operating results.RISKS RELATED TO INTELLECTUAL PROPERTY AND TECHNOLOGY LICENSINGClaims by others that we infringe their intellectual property rights could harm our business.Companies in the enterprise security industry own large numbers of patents, copyrights, trademarks, domain names, and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation, or other violations of intellectual property rights. In addition, non-practicing entities also frequently bring claims of infringement of intellectual property rights. Third parties are asserting, have asserted, and may in the future assert claims of infringement of intellectual property rights against us. For example, on January 31, 2024, in the Centripetal Networks, Inc. lawsuit against us, a jury returned a verdict of non-willful infringement with a lump sum amount of $151.5 million, plus statutory interest, for which we have accrued $184.4 million for the verdict amount and estimated interest as of July 31, 2024. Additional examples of patent infringement cases have been disclosed in Note 12.

Commitments and Contingencies in Part II, Item 8 of this Annual Report on Form 10-K. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product. Furthermore, we may be unaware of the intellectual property rights of others that may cover some or all of our technology, products, subscriptions, and services. As we expand our footprint, both in our platforms, products, subscriptions, and services and geographically, more overlaps occur and we may face more infringement claims both in the United States and abroad. While we have been increasing the size of our patent portfolio, our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, litigation has involved and will likely continue to involve patent-holding companies or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence or protection. In addition, we have not registered our trademarks in all of our geographic markets and failure to secure those registrations could adversely affect our ability to enforce and defend our trademark rights. Any claim of infringement by a third party, even those without merit, could cause us to incur substantial costs defending against the claim, could distract our management from our business, and could require us to cease use of such intellectual property. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. A successful claimant could secure a judgment, or we may agree to a settlement that prevents us from distributing certain products or performing certain services or that requires us to pay substantial damages, royalties, or other fees. Any of these events could seriously harm our business, financial condition, and operating results.- 25 -Table of ContentsOur proprietary rights may be difficult to enforce or protect, which could enable others to copy or use aspects of our products or subscriptions without compensating us.We rely and expect to continue to rely on a combination of confidentiality and license agreements with our employees, consultants, and third parties with whom we have relationships, as well as trademark, copyright, patent, and trade secret protection laws, to protect our proprietary rights. We have filed various applications for certain aspects of our intellectual property. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection, which could prevent our patent applications from issuing as patents or invalidate our patents following issuance. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Additional uncertainty may result from changes to patent-related laws and court rulings in the United States and other jurisdictions. As a result, we may not be able to obtain adequate patent protection or effectively enforce any issued patents.Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or subscriptions or obtain and use information that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors, and end-customers, and generally limit access to and distribution of our proprietary information. However, we cannot be certain that we have entered into such agreements with all parties who may have or have had access to our confidential information or that the agreements we have entered into will not be breached. We cannot guarantee that any of the measures we have taken will prevent misappropriation of our technology. Because we may be an attractive target for computer hackers, we may have a greater risk of unauthorized access to, and misappropriation of, our proprietary information. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States. From time to time, we may need to take legal action to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others, or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results, and financial condition. Attempts to enforce our rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time, and effort required to create the innovative products that have enabled us to be successful to date. Any of these events would have a material adverse effect on our business, financial condition, and operating results.Our use of open source software in our products and subscriptions could negatively affect our ability to sell our products and subscriptions and subject us to possible litigation.Our products and subscriptions contain software modules licensed to us by third-party authors under “open source” licenses. Some open source licenses contain requirements that we make available applicable source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products or subscriptions with lower development effort and time and ultimately could result in a loss of product sales for us. From time to time, there have been claims against companies that distribute or use open source software in their products and subscriptions, asserting that open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be licensed open source software. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products and subscriptions on terms that are not economically feasible, to reengineer our products and subscriptions, to discontinue the sale of our products and subscriptions if reengineering could not be accomplished on a timely basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, operating results, and financial condition. In addition, many of the risks associated with usage of open source software, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that our processes for controlling our use of open source software in our products and subscriptions will be effective. We license technology from third parties, and our inability to maintain those licenses could harm our business.We incorporate technology that we license from third parties, including software, into our products and subscriptions. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our products and subscriptions. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Some of our agreements with our licensors may be terminated for convenience by them. We may also be subject to additional fees or be required to obtain new licenses if any of our licensors allege that we have not properly paid for such licenses or that we have improperly used the technologies under such licenses, and such licenses may not be available on terms acceptable to us or at all. If we are unable to continue to license any of this technology because of intellectual property infringement claims brought by third parties against our licensors or against us, or claims against us by our licensors, or if we are unable to continue our license agreements or enter into new licenses on commercially reasonable terms, our ability to develop and sell products and subscriptions containing such technology would be severely limited and our business could be harmed. Additionally, if we are unable to license necessary technology from third parties, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards. This would limit and delay our ability to offer new or competitive products and subscriptions and increase our costs of production. As a result, our margins, market share, and operating results could be significantly harmed.RISKS RELATED TO OPERATIONSBecause we depend on manufacturing partners to build and ship our hardware products, we are susceptible to manufacturing and logistics delays and pricing fluctuations that could prevent us from shipping customer orders on time, if at all, or on a cost-effective basis, which may result in the loss of sales and end-customers.We depend on manufacturing partners, primarily our EMS provider, Flex, to manufacture our hardware product lines. Our hardware products are manufactured by our manufacturing partners at facilities located primarily in the United States. Some of the components in our products are sourced either through Flex or directly by us from component suppliers outside the United States. The portion of our hardware products that are sourced outside the United States may subject us to geopolitical risks, additional logistical risks or risks associated with complying with local rules and regulations in foreign countries. For example, the United States and Chinese governments have each enacted, and discussed additional, import tariffs. Some components that we import for final manufacturing in the United States have been impacted by these tariffs. Our manufacturing partners typically fulfill our supply requirements on the basis of individual purchase orders. We do not have long-term contracts with these manufacturers that guarantee capacity, the continuation of particular pricing terms, or the extension of credit limits. Accordingly, they are not obligated to continue to fulfill our supply requirements and the prices we pay for manufacturing services could be increased on short notice. Our contract with Flex permits them to terminate the agreement for their convenience, subject to prior notice requirements. If we are required to change manufacturing partners, our ability to meet our scheduled product deliveries to our end-customers could be adversely affected, which could cause the loss of sales to existing or potential end-customers, delayed revenue or an increase in our costs which could adversely affect our gross margins. Any production interruptions for any reason, such as a natural disaster, epidemic or pandemic, capacity shortages, or quality problems at one of our manufacturing partners would negatively affect sales of our product lines manufactured by that manufacturing partner and adversely affect our business and operating results.- 27 -Table of ContentsManaging the supply of our hardware products and product components is complex. Insufficient supply and inventory would result in lost sales opportunities or delayed revenue, while excess inventory would harm our gross margins.Our manufacturing partners procure components and build our hardware products based on our forecasts, and we generally do not hold inventory for a prolonged period of time. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and analyses from our sales and product management organizations, adjusted for overall market conditions. In order to reduce manufacturing lead times and plan for adequate component supply, from time to time we may issue forecasts for components and products that are non-cancelable and non-returnable.Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to forecast accurately and effectively manage supply of our hardware products and product components. If we ultimately determine that we have excess supply, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. If our actual component usage and product demand are lower than the forecast we provide to our manufacturing partners, we accrue for losses on manufacturing commitments in excess of forecasted demand. Alternatively, insufficient supply levels may lead to shortages that result in delayed hardware product revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily available. If we are unable to effectively manage our supply and inventory, our operating results could be adversely affected.Because some of the key components in our hardware products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which, in certain cases, have disrupted or delayed our scheduled product deliveries to our end-customers, increased our costs and may result in the loss of sales and end-customers.Our hardware products rely on key components, including integrated circuit components, which our manufacturing partners purchase on our behalf from a limited number of component suppliers, including sole source providers. The manufacturing operations of some of our component suppliers are geographically concentrated in Asia and elsewhere, which makes our supply chain vulnerable to regional disruptions, such as natural disasters, fire, political instability, civil unrest, power outages, or health risks. We are also monitoring the tensions between China and Taiwan, and between the U.S. and China, which could have an adverse impact on our business or results of operations in future periods.Further, we do not have volume purchase contracts with any of our component suppliers, and they could cease selling to us at any time. If we are unable to obtain a sufficient quantity of these components in a timely manner for any reason, sales of our hardware products could be delayed or halted, or we could be forced to expedite shipment of such components or our hardware products at dramatically increased costs. Our component suppliers also change their selling prices frequently in response to market trends, including industry-wide increases in demand. Because we do not have, for the most part, volume purchase contracts with our component suppliers, we are susceptible to price fluctuations related to raw materials and components and may not be able to adjust our prices accordingly. Additionally, poor quality in any of the sole-sourced components in our products could result in lost sales or sales opportunities.If we are unable to obtain a sufficient volume of the necessary components for our hardware products on commercially reasonable terms or the quality of the components do not meet our requirements, we could also be forced to redesign our products and qualify new components from alternate component suppliers. The resulting stoppage or delay in selling our hardware products and the expense of redesigning our hardware products would result in lost sales opportunities and damage to customer relationships, which would adversely affect our business and operating results.If we are unable to attract, retain, and motivate our key technical, sales, and management personnel, our business could suffer.Our future success depends, in part, on our ability to continue to attract, retain, and motivate the members of our management team and other key employees. For example, we are substantially dependent on the continued service of our engineering personnel because of the complexity of our offerings. Competition for highly skilled personnel, particularly in engineering, including in the areas of AI and machine learning, is often intense, especially in the San Francisco Bay Area, where we have a substantial presence and need for such personnel. In addition, the industry in which we operate generally experiences high employee attrition. Our future performance depends on the continuing services and contributions of our senior management to execute on our business plan and to identify and pursue new opportunities and product innovations. If we are unable to hire, integrate, train, or retain the qualified and highly skilled personnel required to fulfill our current or future needs, our business, financial condition, and operating results could be harmed. As we grow and change, we may find it difficult to maintain these important aspects of our corporate culture. While we are taking steps to develop a more inclusive and diverse workforce, there is no guarantee that we will be able to do so. Any failure to preserve our culture as we grow could limit our ability to innovate and could negatively affect our ability to retain and recruit personnel, continue to perform at current levels or execute on our business strategy.We generate a significant amount of revenue from sales to distributors, resellers, and end-customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.Our ability to grow our business and our future success will depend to a significant extent on our ability to expand our operations and customer base worldwide. Many of our customers, resellers, partners, suppliers, and manufacturers operate around the world. Operating in a global marketplace, we are subject to risks associated with having an international reach and compliance and regulatory requirements. We may experience difficulties in attracting, managing, and retaining an international staff, and we may not be able to recruit and maintain successful strategic distributor relationships internationally. Business practices in the international markets that we serve may differ from those in the United States and may require us in the future to include terms other than our standard terms related to payment, warranties, or performance obligations in end-customer contracts.S. and foreign laws, including antitrust regulations, anti-corruption laws, such as the U.S.K.”) Bribery Act, U.S. or foreign sanctions regimes and export or import control laws, and any trade regulations ensuring fair trade practices.These and other factors could harm our future international revenues and, consequently, materially impact our business, operating results, and financial condition. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks effectively could limit the future growth of our business.We are exposed to fluctuations in foreign currency exchange rates, which could negatively affect our financial condition and operating results.Our sales contracts are denominated in U.S. dollars, and therefore, our revenue is not subject to foreign currency risk; however, in the event of a strengthening of the U.S. dollar against foreign currencies in which we conduct business, the cost of our products to our end-customers outside of the United States would increase, which could adversely affect our financial condition and operating results. If we are not able to successfully hedge against the risks associated with foreign currency fluctuations, our financial condition and operating results could be adversely affected. We have entered into forward contracts in an effort to reduce our foreign currency exchange exposure related to our foreign currency denominated expenditures. As of July 31, 2024, the total notional amount of our outstanding foreign currency forward contracts was $1. For more information on our hedging transactions, refer to Note 6.

Derivative Instruments in Part II, Item 8 of this Annual Report on Form 10-K. The effectiveness of our existing hedging transactions and the availability and effectiveness of any hedging transactions we may decide to enter into in the future may be limited and we may not be able to successfully hedge our exposure, which could adversely affect our financial condition and operating results.- 29 -Table of ContentsWe face risks associated with having operations and employees located in Israel.We have business operations in Israel and intend to continue growing our presence in Israel. Our operations in Israel could be disrupted by political instability, civil unrest, terrorist attacks, acts of violence, acts of war, or other military actions, including the hostilities in Israel and the surrounding region. The future of peace efforts between Israel and its Arab neighbors remains uncertain. The effects of hostilities and violence on the Israeli economy and our operations in Israel are unclear, and we cannot predict the effect on us of further increases in these hostilities or future armed conflict, political instability, or violence in the region. Current or future tensions and conflicts in the Middle East could adversely affect our business, operating results, financial condition, and cash flows. We cannot predict the full impact of these conditions on us in the future, particularly if emergency circumstances or an escalation in the political situation occurs. If many of our employees in Israel are called for active duty for a significant period of time, our operations and our business could be disrupted and may not be able to function at full capacity. Any disruption in our operations in Israel could adversely affect our business.We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.Because we incorporate encryption technology into our products, certain of our products are subject to U.S. export controls and may be exported outside the United States only with the required export license or through an export license exception. If we were to fail to comply with U.S. export licensing requirements, U.S. customs regulations, U.S. economic sanctions, or other laws, we could be subject to substantial civil and criminal penalties, including fines, incarceration for responsible employees and managers, and the possible loss of export or import privileges. Obtaining the necessary export license for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments, and persons. Even though we take precautions to ensure that our channel partners comply with all relevant regulations, any failure by our channel partners to comply with such regulations could have negative consequences for us, including reputational harm, government investigations, and penalties.In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions, such as the Sanctions on Russia, or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons, or technologies targeted by such regulations could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets would likely adversely affect our business, financial condition, and operating results.RISKS RELATED TO PRIVACY AND DATA PROTECTIONWe may incur increased costs to comply with privacy and data protection laws and, if we fail to comply, we could be subject to government enforcement actions, private litigation and adverse publicity.A wide variety of laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, and other processing of personal data in jurisdictions where we and our customers operate. Compliance with these laws and regulations is difficult and costly. For example, we are subject to the E.U. General Data Protection Regulation (“E.U. GDPR”) and the U.K. General Data Protection Regulation (“U.K. GDPR,” and collectively the “GDPR”), both of which impose stringent data protection requirements, provide for costly penalties for noncompliance (up to the greater of (a) €20 million under the “E.U. GDPR” or £17.5 million under the “U.K. GDPR,” and (b) 4% of annual worldwide turnover), and confer the right upon data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations.- 30 -Table of ContentsThe GDPR requires, among other things, that personal data be transferred outside of the E.U. (or, in the case of the U.K. GDPR, the U.K.) to the United States and other jurisdictions only where adequate safeguards are implemented or a derogation applies. In practice, we rely on standard contractual clauses approved under the GDPR to carry out such transfers and to receive personal data subject to the GDPR (directly or indirectly) in the United States. In addition, with respect to the personal data that we process on behalf of our customers, we self-certified to the E.U.-U.S. Data Privacy Framework (“E.U.-U.S. The E.U.-U.S. DPF has been recognized as adequate under the E.U. law to allow transfers of personal data from the E.U. to companies in the U.S. that have self-certified to the framework. However, the E.U.-U.S. DPF may be subject to legal challenge, which could cause the legal requirements for data transfers from the E.U. to be uncertain. Among other effects, we may experience additional costs associated with increased compliance burdens, reduced demand for our offerings from current or prospective customers in the European Economic Area (“EEA”), Switzerland, and the U.K. (collectively, “Europe”) to use our products, on account of the risks identified in the Schrems II decision, and we may find it necessary or desirable to make further changes to our processing of personal data of European residents. Moreover, much like with Schrems II, we anticipate future legal challenges to the approved data transfer mechanisms between Europe and the United States, including a challenge to the E.U.-U.S. DPF. Such legal challenges could result in additional legal and regulatory risk, compliance costs, and in our business, operating results, and financial condition being harmed. The CCPA requires, among other things, covered companies to provide enhanced disclosures to California consumers and to afford such consumers certain rights regarding their personal data, including the right to opt out of data sales for targeted advertising, and creates a private right of action to individuals affected by a data breach, if the breach was caused by a lack of reasonable security. The effects of the CCPA have been significant, requiring us to modify our data processing practices and policies and to incur substantial costs and expenses for compliance. Moreover, additional state privacy laws have been passed and will require potentially substantial efforts to obtain compliance. These include laws enacted in at least 19 states, and six other states have active privacy bills pending in state legislative processes. We may also from time to time be subject to obligations relating to personal data by contract, or face assertions that we are subject to self-regulatory obligations or industry standards. Additionally, the Federal Trade Commission and many state attorneys general are more regularly bringing enforcement actions in connection with federal and state consumer protection laws for false or deceptive acts or practices in relation to the online collection, use, dissemination, and security of personal data. Internationally, data localization laws may mandate that personal data collected in a foreign country be processed and stored within that country. We and our customers may face risk of enforcement actions by regulators or data protection authorities, private litigation and adverse publicity including reputational damage and loss of customer confidence for alleged violations of any of the foregoing obligations. These potential liabilities and enforcement actions could also have an overall negative effect on our business, operating results, and financial condition. The amount and scope of insurance we maintain may not cover all types of claims that may arise. Notably, public perception of potential privacy, data protection, or information security concerns—whether or not valid—may harm our reputation and inhibit adoption of our products and subscriptions by current and future end-customers. Each of these laws and regulations, and any changes to these laws and regulations, or new laws and regulations, could impose significant limitations, or require changes to our business model or practices or growth strategy, which may increase our compliance expenses and make our business more costly or less efficient to conduct.Our income tax obligations are based in part on our corporate structure and intercompany arrangements, including the manner in which we develop, value, and use our intellectual property and the valuations of our intercompany transactions. The tax laws applicable to our business, including the laws of the United States and various other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws, regulations, and policies, including in an effort to raise additional tax revenue. For example, beginning in fiscal 2023, we were required to capitalize and amortize research and development expenses as required by the Tax Cuts and Jobs Act. As a result of this change and our increased profitability, we have paid significantly more U.S. cash taxes during fiscal 2024 and we expect our cash tax payments to increase in future periods. It is possible that domestic or international tax authorities may subject us to tax examinations, or audits, and such tax authorities may disagree with certain positions we have taken, and any adverse outcome of such an examination, review or audit could result in additional tax liabilities and penalties and otherwise have a negative effect on our financial position, operating results, and cash flow. Further, the determination of our worldwide provision for or benefit from income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded on our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.In addition, our future income tax obligations could be adversely affected by changes in, or interpretations of, tax laws, regulations, policies, or decisions in the United States or in the other jurisdictions in which we operate. If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in the market price of our common stock.The preparation of consolidated financial statements in conformity with U.S. generally accepted accounting principles (“U.S. GAAP”) requires management to make estimates and assumptions that affect the amounts reported on our consolidated financial statements and accompanying notes.

For more information, refer to the section entitled “Critical Accounting Estimates” in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of this Annual Report on Form 10-K.We are obligated to maintain proper and effective internal control over financial reporting. We may not complete our analysis of our internal control over financial reporting in a timely manner, or our internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.If we are unable to assert that our internal controls are effective, our independent registered public accounting firm may not be able to formally attest to the effectiveness of our internal control over financial reporting. If, in the future, our chief executive officer, chief financial officer, or independent registered public accounting firm determines that our internal control over financial reporting is not effective as defined under Section 404, we could be subject to one or more investigations or enforcement actions by state or federal regulatory agencies, stockholder lawsuits, or other adverse actions requiring us to incur defense costs, pay fines, settlements, or judgments, causing investor perceptions to be adversely affected and potentially resulting in a decline in the market price of our stock.- 32 -Table of ContentsOur reputation and/or business could be negatively impacted by ESG matters and/or our reporting of such matters.There is an increasing focus from regulators, certain investors, and other stakeholders concerning ESG matters, both in the United States and internationally. We communicate certain ESG-related initiatives, goals, and/or commitments regarding environmental matters, diversity, responsible sourcing and social investments, and other matters in our annual ESG Report, on our website, in our filings with the SEC, and elsewhere. These initiatives, goals, or commitments could be difficult to achieve and costly to implement. We could fail to achieve, or be perceived to fail to achieve, our ESG-related initiatives, goals, or commitments. In addition, we could be criticized for the timing, scope or nature of these initiatives, goals, or commitments, or for any revisions to them. To the extent that our required and voluntary disclosures about ESG matters increase, we could be criticized for the accuracy, adequacy, or completeness of such disclosures. Our actual or perceived failure to achieve our ESG-related initiatives, goals, or commitments could negatively impact our reputation, result in ESG-focused investors not purchasing and holding our stock, or otherwise materially harm our business.In addition, we are or may become subject to various new and proposed climate-related and other sustainability-related laws and regulations, including, for example, the E.U.’s Corporate Sustainability Reporting Directive. Additional regulation may require us to incur significant additional costs associated with increased compliance burdens, including the implementation of additional internal controls processes and procedures, and impose increased oversight obligations on our management and board of directors, as well as require us to retain third-party experts.Failure to comply with governmental laws and regulations could harm our business.Our business is subject to regulation by various federal, state, local, and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, privacy, data security, and data-protection laws, anti-bribery laws (including the U.S. Foreign Corrupt Practices Act and the U.K. Anti-Bribery Act), import/export controls, federal securities laws, and tax laws and regulations. These laws and regulations may also impact our innovation and business drivers in developing new and emerging technologies (e.g., AI and machine learning). In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, or injunctions. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation resulting from any alleged noncompliance, our business, operating results, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions, litigation, and sanctions could harm our business, operating results, and financial condition.Risks Related to Our Notes and Common StockWe may not have the ability to raise the funds necessary to settle conversions of our Notes, repurchase our Notes upon a fundamental change, or repay our Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of our Notes.375% Convertible Senior Notes due 2025 (the “2025 Notes”). We will need to make cash payments (a) if holders of our 2025 Notes require us to repurchase all, or a portion of, their 2025 Notes upon the occurrence of a fundamental change (e.g., a change of control of Palo Alto Networks, Inc.) before the maturity date, (b) upon conversion of our 2025 Notes, or (c) to repay our 2025 Notes in cash at their maturity unless earlier converted or repurchased. Effective August 1, 2024 through October 31, 2024, all of the 2025 Notes are convertible. If all of the note holders decided to convert their 2025 Notes, we would be obligated to pay the $1.0 billion principal amount of the 2025 Notes in cash. Under the terms of the 2025 Notes, we also have the option to settle the amount of our conversion obligation in excess of the aggregate principal amount of the 2025 Notes in cash or shares of our common stock. If our cash provided by operating activities, together with our existing cash, cash equivalents, and investments, and existing sources of financing, are inadequate to satisfy these obligations, we will need to obtain third-party financing, which may not be available to us on commercially reasonable terms or at all, to meet these payment obligations.In addition, our ability to repurchase or to pay cash upon conversion of our 2025 Notes may be limited by law, regulatory authority, or agreements governing our future indebtedness. Our failure to repurchase our 2025 Notes at a time when the repurchase is required by the applicable indenture governing such 2025 Notes or to pay cash upon conversion of such 2025 Notes as required by the applicable indenture would constitute a default under the indenture. A default under the applicable indenture or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase our 2025 Notes or to pay cash upon conversion of our 2025 Notes.We and our subsidiaries may incur substantial additional debt in the future, subject to the restrictions contained in our debt instruments, that could have the effect of diminishing our ability to make payments on our 2025 Notes when due. The market price of our common stock historically has been volatile, and the value of an investment in our common stock could decline.The market price of our common stock has historically been, and is likely to continue to be, volatile and could be subject to wide fluctuations in response to various factors, some of which are beyond our control and unrelated to our business, operating results, or financial condition. These fluctuations could cause a loss of all or part of an investment in our common stock.In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. Securities litigation could result in substantial costs, divert our management’s attention and resources from our business, and have a material adverse effect on our business, operating results, and financial condition.The convertible note hedge and warrant transactions may affect the value of our common stock.In connection with the sale of our 2025 Notes, we entered into convertible note hedge transactions (the “2025 Note Hedges”) with certain counterparties. In connection with each such sale of the 2025 Notes, we also entered into warrant transactions with the counterparties pursuant to which we sold warrants (the “2025 Warrants”) for the purchase of our common stock.The applicable counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the outstanding 2025 Notes (and are likely to do so during any applicable observation period related to a conversion of our 2025 Notes). This activity could also cause or prevent an increase or a decrease in the market price of our common stock or our 2025 Notes, which could affect a note holder’s ability to convert its 2025 Notes and, to the extent the activity occurs during any observation period related to a conversion of our 2025 Notes, it could affect the amount and value of the consideration that the note holder will receive upon conversion of our 2025 Notes. In addition, we do not make any representation that the counterparties or their respective affiliates will engage in these transactions or that these transactions, once commenced, will not be discontinued without notice.The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, the conversion of our Notes or exercise of the related Warrants, or otherwise will dilute stock held by all other stockholders.Our amended and restated certificate of incorporation authorizes us to issue up to 1.0 billion shares of common stock and up to 100.0 million shares of preferred stock with such rights and preferences as may be determined by our board of directors. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline.We cannot guarantee that our share repurchase program will be fully consummated or that it will enhance shareholder value, and share repurchases could affect the price of our common stock.As of July 31, 2024, we had $500. On August 15, 2024, our board of directors authorized a $500.0 million increase to our share repurchase program, bringing the total remaining authorization for future share repurchases to $1. The repurchase authorization will expire on December 31, 2025, and may be suspended or discontinued at any time without prior notice. Although our board of directors has authorized a share repurchase program, we are not obligated to repurchase any specific dollar amount or to acquire any specific number of shares under the program. The share repurchase program could affect the price of our common stock, increase volatility, and diminish our cash reserves. In addition, the program may be suspended or terminated at any time, which may result in a decrease in the price of our common stock. We do not intend to pay dividends for the foreseeable future.We have never declared or paid any dividends on our common stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, stockholders may only receive a return on their investments in our common stock if the market price of our common stock increases.Our charter documents and Delaware law, as well as certain provisions contained in the indentures governing our Notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock.Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change in control of our company or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:•establish that our board of directors is divided into three classes, Class I, Class II, and Class III, with three-year staggered terms;•authorize our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval;•provide our board of directors with the exclusive right to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death, or removal of a director;•prohibit our stockholders from taking action by written consent;•specify that special meetings of our stockholders may be called only by the chairman of our board of directors, our president, our secretary, or a majority vote of our board of directors;•require the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws;•authorize our board of directors to amend our bylaws by majority vote; and•establish advance notice procedures with which our stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting. In addition, as a Delaware corporation, we are subject to Section 203 of the Delaware General Corporation Law. These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. Any of these provisions could, under certain circumstances, depress the market price of our common stock.Both our corporate headquarters and the location where our products are manufactured are located in the San Francisco Bay Area, a region known for seismic activity. In addition, other natural disasters, such as fire or floods, a significant power outage, telecommunications failure, terrorism, an armed conflict, cyberattacks, epidemics and pandemics such as COVID-19, or other geopolitical unrest could affect our supply chain, manufacturers, logistics providers, channel partners, end-customers, or the economy as a whole, and such disruption could impact our shipments and sales. These risks may be further increased if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, the loss of customers, or the delay in the manufacture, deployment, or shipment of our products, our business, financial condition, and operating results would be adversely affected.Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products and subscriptions could reduce our ability to compete and could harm our business.We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features to enhance our portfolio, improve our operating infrastructure, or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we engage in future debt financings, the holders of such additional debt would have priority over the holders of our common stock. Current and future indebtedness may also contain terms that, among other things, restrict our ability to incur additional indebtedness. In addition, we may be required to take other actions that would otherwise be in the interests of the debt holders and would require us to maintain specified liquidity or other ratios, any of which could harm our business, operating results, and financial condition. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected. Unresolved Staff CommentsNot applicable.- 36 -Table of ContentsItem 1C. CybersecurityAs a global cybersecurity provider, cybersecurity risk management is an integral part of our overall enterprise risk management program. We recognize the critical importance that a strong cybersecurity risk management program plays in maintaining the trust and confidence of our customers, end users, business partners, stockholders and employees. We have established processes and procedures for identifying, evaluating, and responding to risks from cybersecurity threats, including any potential unauthorized access to our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems, data, or information assets.Cybersecurity Risk Management and StrategyOur cybersecurity risk management program includes written policies, standards, and procedures for maintaining data privacy, product security and information security to mitigate cybersecurity risks, and to identify, evaluate and respond to cybersecurity threats, vulnerabilities and incidents. Our cybersecurity risk management program and strategy is implemented across several areas, which include, but are not limited to, the following:•Information Security. The organizational, administrative and technical measures we implement are based on recognized security frameworks established by the National Institute of Standards and Technology, security measures aligned with the ISO/IEC 27000 series of standards, and other generally recognized industry standards. The program is assessed regularly and in light of new and emerging cybersecurity risks. •Technical Safeguards and Product Security. We deploy and maintain a variety of technologies to prevent and detect cybersecurity threats across the network, endpoint and cloud. We also apply security-by-design principles in our software development lifecycle, track vulnerabilities of open-source software, and run internal and external network scans at least weekly and after any meaningful change in our network configuration. We conduct regular application security assessments, including our assessments for internet-facing applications that collect, transmit, or display end user data. We also employ tooling in certain areas to help prevent deviations from policy.•Incident Response and Reporting. We maintain incident response and recovery protocols to enable prompt, effective and orderly identification, evaluation, management, and disposition of actual and potential security threats and incidents, including for purposes of escalation and internal and external-notification steps. This allows for prompt direction of appropriate personnel and resources for incident management and response, and internal notification to appropriate members of management, which may include our chief executive officer, chief product officer, chief information security officer, general counsel, chief financial officer, and/or chief accounting officer, and the security committee of our board of directors (the “Security Committee”). The protocols also establish steps designed to publicly report and/or alert external stakeholders as and when required by applicable law or otherwise determined appropriate. •Third-Party Risk Management. We maintain a risk-based approach to identifying and overseeing cybersecurity risks presented by certain third parties, including vendors, service providers, suppliers, operations parties, and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. This includes a security process to conduct due diligence prior to engaging contractors and vendors and assess the security capabilities of subcontractors and vendors on a periodic basis.•Risk and Readiness Assessments. We engage in at least quarterly assessments and testing of the effectiveness of our cybersecurity risk management program and incident response protocols that are designed to identify and evaluate vulnerabilities and weaknesses, address cybersecurity threats and test our readiness to respond to cybersecurity incidents. These efforts include, but are not limited to, threat modeling, vulnerability scans, penetration testing, audits, and tabletop exercises. We regularly engage third parties to perform assessments on our cybersecurity measures, such as audits and independent reviews of our compliance with various security compliance standards, including those established by the American Institute of Certified Public Accountants, operating effectiveness and penetration tests. The results of such assessments are reported to management and we adjust our cybersecurity policies, standards, processes and practices as necessary based on the information provided by these assessments, audits and reviews. •Awareness and Training. We provide regular training for educating employees about corporate policies and procedures and information security designed to provide our employees with knowledge of best practices and effective tools for safeguarding our data and assets and reducing security risks based on the human threat vector. Our information security compliance training, data protection training, and code of conduct training is mandatory for all employees. - 37 -Table of Contents•Governance. As discussed in more detail below under the heading, “Cybersecurity Governance,” our board of directors’ has delegated oversight of enterprise security risk management, including, but not limited to, cybersecurity risk management to the Security Committee. As part of our cybersecurity risk management procedures, senior members of management and the Security Committee are informed regarding security events based on established reporting thresholds, and are provided ongoing updates regarding any such meaningful threat or incident.We have not identified any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially impacted or are reasonably likely to materially impact us, including our business strategy, results of operations, or financial condition, to date. However, we face ongoing and increasing cybersecurity risks, including from threat actors that are becoming more sophisticated and effective over time, and we can provide no assurance that there will not be incidents in the future or that past or future threats or incidents will not materially affect us, including our business strategy, results of operations, or financial conditions.

For additional information regarding these risks, please refer to Part I, Item 1A, “Risk Factors,” in this Form 10-K, including, but not limited to, the risk factor entitled “A network or data security incident may allow unauthorized access to our network or data, harm our reputation, create additional liability, and adversely impact our financial results.” Cybersecurity GovernanceThe Security Committee, which is composed of all of our independent directors, facilitates our board of directors’ responsibility for oversight of security matters, including product security, data security, cybersecurity, security risk management, risk exposure and related controls and enterprise risk management related to these risks. The Security Committee reports regularly to the Board following meetings of the Security Committee with respect to its review and assessment of security matters and other matters that are relevant to the Security Committee’s discharge of its responsibilities. The Security Committee meets quarterly to review with our chief information security officer and other members of management, which may include our chief executive officer, chief product officer, chief financial officer, and general counsel, our cybersecurity programs, cybersecurity risks, mitigation or remediation strategies, and other matters impacting the committee’s responsibilities. Management is responsible for day-to-day risk management activities, including identifying, assessing and managing our exposure to cybersecurity risks, establishing processes and procedures to ensure that potential cybersecurity risk exposures are monitored, implementing appropriate mitigation or remediation measures as needed, and maintaining cybersecurity risk management programs. Our chief information security officer is responsible for defining, overseeing, managing, implementing, and reviewing compliance with the information security programs described above under the heading “Cybersecurity Risk Management and Strategy.” Our chief information security officer receives regular reports from our information security team and monitors the prevention, detection, and mitigation or remediation of cybersecurity risks. In addition, as described in further detail above under the heading “Cybersecurity Risk Management and Strategy,” a cross functional team is involved in assessing and managing the risks from cybersecurity threats and incidents, and reporting information about risks to the Security Committee.Our information security team consists of dedicated personnel who are experienced information systems security professionals and information security managers with many years of experience across a variety of technology sub-specialties. In particular, our chief information security officer has extensive experience in the management of cybersecurity risk management programs, having served in various roles in information technology and security for over 20 years, including having previously served as the chief security officer of two other publicly traded technology companies. In addition, six of the ten members of our board of directors have expertise in overseeing cybersecurity and information security management.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
CHNC	2 days, 17 hours ago
KARX	2 days, 22 hours ago
SMBC	2 days, 22 hours ago
TPCS	2 days, 22 hours ago
APXI	2 days, 22 hours ago
BLUE	2 days, 22 hours ago
GLGI	2 days, 22 hours ago
SLQT	2 days, 23 hours ago
AMRK	3 days ago
CSUI	3 days, 1 hour ago
EVI	3 days, 22 hours ago
FARM	3 days, 22 hours ago
RLGT	3 days, 22 hours ago
IBEX	3 days, 22 hours ago
EGAN	3 days, 22 hours ago
ZS	3 days, 23 hours ago
AIAD	4 days, 7 hours ago
EPM	4 days, 22 hours ago
LSAK	4 days, 23 hours ago
LYTS	4 days, 23 hours ago
IROQ	5 days, 1 hour ago
INNV	5 days, 21 hours ago
GROW	5 days, 22 hours ago
CTLP	5 days, 22 hours ago
MTRX	5 days, 23 hours ago
DREM	5 days, 23 hours ago
TMGI	6 days, 2 hours ago
BFYW	6 days, 8 hours ago
LTRX	6 days, 22 hours ago
FEAM	6 days, 22 hours ago
CTLT	1 week, 2 days ago
VYST	1 week, 2 days ago
GCBC	1 week, 2 days ago
PANW	1 week, 2 days ago
TWIN	1 week, 2 days ago
CBKM	1 week, 3 days ago
FLWS	1 week, 3 days ago
GDLC	1 week, 3 days ago
LTCN	1 week, 3 days ago
BCHG	1 week, 3 days ago
BRC	1 week, 3 days ago
STRT	1 week, 3 days ago
CSCO	1 week, 3 days ago
BOWL	1 week, 3 days ago
PDEX	1 week, 3 days ago
WMPN	1 week, 4 days ago
WRPT	1 week, 4 days ago
SASI	1 week, 4 days ago
INTU	1 week, 4 days ago
SGMA	1 week, 5 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - PANW

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$PANW Risk Factor changes from 00/09/01/23/2023 to 00/09/06/24/2024

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - PANW

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

$PANW Risk Factor changes from 00/09/01/23/2023 to 00/09/06/24/2024

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing