LifeLock 2013 Annual Report Download - page 15

Download and view the complete annual report

Please find page 15 of the 2013 LifeLock annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 102

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102

tax assets, and net income of $23.5 million in 2012, including a $14.2 million income tax benefit resulting from our acquisition of ID Analytics. We had net
losses of $4.3 million and $15.4 million in 2011 and 2010, respectively.
Our recent growth, including our growth in revenue and customer base, may not be sustainable or may decrease, and we may not generate sufficient
revenue to maintain annual profitability. Moreover, we expect to continue to make significant expenditures to maintain and expand o ur business, to operate as a
consolidated entity with ID Analytics and Lemon, and to continue our transition to operating as a public company, including costs related to our compliance
with Section 404 of the Sarbanes-Oxley Act of 2002, as amended, or the Sarbanes-Oxley Act. These increased expenditures will make it more difficult for us to
maintain future annual profitability. Our ability to maintain annual profitability depends on a number of factors, including our ability to attract and service
customers on a profitable basis. If we are unable to maintain annual profitability, we may not be able to execute our business plan, our prospects may be
harmed, and our stock price could be materially and adversely affected.


Our services require us to collect, store, use, and transmit significant amounts of confidential information, including personally identifiable
information, credit card information, and other critical data. We employ a range of information technology solutions, controls, procedures, and processes
designed to protect the confidentiality, integrity, and availability of our critical assets, including our data and information technology systems. While we
engage in a number of measures aimed to protect against security breaches and to minimize problems if a data breach were to occur, our information
technology systems and infrastructure may be vulnerable to damage, compromise, disruption, and shutdown due to attacks or breaches by hackers or due to
other circumstances, such as employee error or malfeasance or technology malfunction. The occurrence of any of these events, as well as a failure to promptly
remedy these events should they occur, could compromise our systems, and the information stored in our systems could be accessed, publicly disclosed, lost,
stolen, or damaged. Any such circumstance could adversely affect our ability to attract and maintain customers as well as strategic partners, cause us to
suffer negative publicity, and subject us to legal claims and liabilities or regulatory penalties. In addition, unauthorized parties might alter information in our
databases, which would adversely affect both the reliability of that information and our ability to market and perform our services. Techniques used to obtain
unauthorized access or to sabotage systems change frequently and generally are difficult to recognize and react to effectively and are constantly evolving. We
may be unable to anticipate these techniques or to implement adequate preventive or reactive measures. Several recent, highly publicized data security breaches
at other companies have heightened consumer awareness of this issue and may embolden individuals or groups to target our systems or those of our strategic
partners or enterprise customers.
Security technologies and information, including encryption and authentication technology licensed from third parties, are a key aspect of our security
measures designed to secure our critical assets. While we routinely seek to update these technologies and information, advances in computer capabilities, new
discoveries in the field of cryptography, or other developments may result in the technology we use becoming obsolete, breached, or compromised and cause us
to incur additional expenses associated with upgrading our security systems. In addition, security information provided to us by third parties may be
inaccurate, incomplete, or outdated, which could cause us to make misinformed security decisions and could materially and adversely affect our business.
Under payment card rules and our contracts with our card processors, we could be liable to the payment card issuing banks for their cost of issuing
new cards and related expenses if there is a breach of payment card information that we store. In addition, if we fail to follow payment card industry security
standards, even if there is no compromise of customer information, we could incur significant fines or lose our ability to give customers the option of using
payment cards to fund their payments or pay their fees. If we were unable to accept payment cards, our business would be materially harmed.
Many states have enacted laws requiring companies to notify individuals of data security breaches involving their personal data. In the United States,
federal and state laws provide for over 45 laws and notification regimes, all of which we are subject to, and additional requirements may be instituted in the
future. In the event of a data security breach, these mandatory disclosures often lead to widespread negative publicity. In addition, complying with such
numerous and complex regulations in the event of a data security breach is often expensive, difficult, and time consuming, and the failure to comply with
these regulations could subject us to regulatory scrutiny and additional liability and harm our reputation.
Any actual or perceived security breach, whether successful or not and whether or not attributable to the failure of our services or our information
technology systems, as well as our failure to promptly and appropriately react to a breach, would likely harm our reputation, adversely affect ma rket
perception of our services, and cause the loss of customers and strategic partners. Our property and business interruption insurance may not be adequate to
compensate us for losses or failures that may occur. Our third-party insurance coverage will vary from time to time in both type and amount depending on
availability, cost, and our decisions with respect to risk retention.


Our brand recognition and reputation are critical aspects of our business. We believe that maintaining and further enhancing our LifeLock and ID
Analytics brands as well as our reputation will be critical to retaining existing customers and attracting new customers. We also believe that the importance of
our brand recognition and reputation will continue to increase as competition in our
12