Document
false--12-31FY20182018-12-3110-K0001660280YestruetrueNon-accelerated Filer687500000TENABLE HOLDINGS, INC.falsefalseNoNo0.0580.014100000160000188000P5YP4YP3Y0.010.019385500050000000024472000931260002447200093126000372080004102200073521000P5YP3Y00300000P1YP1YP1YP2YP3YP2Y0.5010.4700.3350.4330.5000.4520.3190.4130.0150.0240.0270.0290.0110.0190.0230.027P2Y1M6DP7M6D500000002300080000.010.0115848000420000001584800039538000 0001660280 2018-01-01 2018-12-31 0001660280 2019-02-22 0001660280 2018-12-31 0001660280 2017-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2018-12-31 0001660280 tenb:SeriesBRedeemableConvertiblePreferredStockMember 2017-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2017-12-31 0001660280 tenb:SeriesBRedeemableConvertiblePreferredStockMember 2018-12-31 0001660280 2017-01-01 2017-12-31 0001660280 2016-01-01 2016-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2017-01-01 2017-12-31 0001660280 us-gaap:AdditionalPaidInCapitalMember 2018-01-01 2018-12-31 0001660280 us-gaap:CommonStockMember 2017-01-01 2017-12-31 0001660280 tenb:SeriesBRedeemableConvertiblePreferredStockMember 2016-01-01 2016-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2015-12-31 0001660280 tenb:SeriesBRedeemableConvertiblePreferredStockMember 2016-12-31 0001660280 us-gaap:CommonStockMember 2018-01-01 2018-12-31 0001660280 tenb:SeriesBRedeemableConvertiblePreferredStockMember 2018-01-01 2018-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2018-01-01 2018-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2016-01-01 2016-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2016-12-31 0001660280 us-gaap:CommonStockMember 2015-12-31 0001660280 2017-01-01 0001660280 us-gaap:RetainedEarningsMember 2018-12-31 0001660280 2015-12-31 0001660280 us-gaap:CommonStockMember 2018-12-31 0001660280 us-gaap:RetainedEarningsMember 2017-12-31 0001660280 us-gaap:AdditionalPaidInCapitalMember 2016-01-01 2016-12-31 0001660280 tenb:SeriesBRedeemableConvertiblePreferredStockMember 2015-12-31 0001660280 us-gaap:CommonStockMember 2016-01-01 2016-12-31 0001660280 us-gaap:AdditionalPaidInCapitalMember 2017-01-01 2017-12-31 0001660280 us-gaap:RetainedEarningsMember 2017-01-01 2017-12-31 0001660280 us-gaap:RetainedEarningsMember 2017-01-01 0001660280 us-gaap:CommonStockMember 2016-12-31 0001660280 us-gaap:AdditionalPaidInCapitalMember 2017-12-31 0001660280 us-gaap:CommonStockMember 2017-12-31 0001660280 us-gaap:AdditionalPaidInCapitalMember 2018-12-31 0001660280 2016-12-31 0001660280 us-gaap:AdditionalPaidInCapitalMember 2016-12-31 0001660280 us-gaap:RetainedEarningsMember 2016-12-31 0001660280 us-gaap:RetainedEarningsMember 2015-12-31 0001660280 tenb:SeriesBRedeemableConvertiblePreferredStockMember 2017-01-01 2017-12-31 0001660280 us-gaap:RetainedEarningsMember 2018-01-01 2018-12-31 0001660280 us-gaap:AdditionalPaidInCapitalMember 2015-12-31 0001660280 us-gaap:AdditionalPaidInCapitalMember 2017-01-01 0001660280 us-gaap:RetainedEarningsMember 2016-01-01 2016-12-31 0001660280 srt:MaximumMember 2018-01-01 2018-12-31 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2017-01-01 2017-12-31 0001660280 2019-01-01 2018-12-31 0001660280 us-gaap:TechnologyBasedIntangibleAssetsMember 2018-12-31 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2020-01-01 2018-12-31 0001660280 us-gaap:AccountingStandardsUpdate201602Member 2018-01-01 0001660280 tenb:OneDistributorMember us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember 2017-01-01 2017-12-31 0001660280 2018-01-01 0001660280 us-gaap:CommonStockMember us-gaap:OverAllotmentOptionMember 2018-07-30 2018-07-30 0001660280 us-gaap:SalesRevenueNetMember tenb:SalesMethodRiskMember 2018-01-01 2018-12-31 0001660280 us-gaap:LicenseAndMaintenanceMember 2018-01-01 2018-12-31 0001660280 2018-07-30 0001660280 us-gaap:TechnologyBasedIntangibleAssetsMember 2017-12-31 0001660280 us-gaap:SalesRevenueNetMember tenb:SalesMethodRiskMember 2017-01-01 2017-12-31 0001660280 us-gaap:PreferredClassAMember us-gaap:IPOMember 2018-07-30 2018-07-30 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2018-01-01 2018-12-31 0001660280 tenb:OneDistributorMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2016-01-01 2016-12-31 0001660280 us-gaap:CommonStockMember us-gaap:IPOMember 2018-07-30 2018-07-30 0001660280 us-gaap:SalesRevenueNetMember tenb:SalesMethodRiskMember 2016-01-01 2016-12-31 0001660280 us-gaap:TechnologyBasedIntangibleAssetsMember 2016-09-30 0001660280 us-gaap:PreferredClassBMember us-gaap:IPOMember 2018-07-30 2018-07-30 0001660280 tenb:OneDistributorMember us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember 2018-01-01 2018-12-31 0001660280 us-gaap:AccountingStandardsUpdate201409Member us-gaap:RetainedEarningsMember 2017-01-01 0001660280 us-gaap:IPOMember 2018-07-30 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2019-01-01 2018-12-31 0001660280 2016-09-01 2016-09-30 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2021-01-01 2018-12-31 0001660280 2020-01-01 2018-12-31 0001660280 tenb:OneDistributorMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2017-01-01 2017-12-31 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2017-01-01 2017-01-01 0001660280 tenb:OneDistributorMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2018-01-01 2018-12-31 0001660280 us-gaap:IPOMember 2018-07-30 2018-07-30 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2017-01-01 0001660280 us-gaap:LicenseAndMaintenanceMember 2017-01-01 2017-12-31 0001660280 us-gaap:LicenseAndMaintenanceMember 2016-01-01 2016-12-31 0001660280 us-gaap:LicenseMember 2017-01-01 2017-12-31 0001660280 us-gaap:ServiceOtherMember 2017-01-01 2017-12-31 0001660280 us-gaap:ServiceOtherMember 2018-01-01 2018-12-31 0001660280 us-gaap:LicenseMember 2018-01-01 2018-12-31 0001660280 us-gaap:ServiceOtherMember 2016-01-01 2016-12-31 0001660280 us-gaap:LicenseMember 2016-01-01 2016-12-31 0001660280 us-gaap:TechnologyBasedIntangibleAssetsMember 2018-01-01 2018-12-31 0001660280 srt:MinimumMember 2018-01-01 2018-12-31 0001660280 us-gaap:LicenseAndMaintenanceMember 2020-01-01 2018-12-31 0001660280 us-gaap:LicenseAndMaintenanceMember 2021-01-01 2018-12-31 0001660280 us-gaap:LicenseAndMaintenanceMember 2019-01-01 2018-12-31 0001660280 us-gaap:LicenseMember srt:MinimumMember 2018-12-31 0001660280 us-gaap:LicenseAndMaintenanceMember 2018-12-31 0001660280 us-gaap:LicenseMember srt:MaximumMember 2018-12-31 0001660280 us-gaap:MoneyMarketFundsMember 2018-12-31 0001660280 us-gaap:FairValueInputsLevel1Member us-gaap:USTreasurySecuritiesMember 2018-12-31 0001660280 us-gaap:FairValueInputsLevel3Member us-gaap:CommercialPaperMember 2018-12-31 0001660280 us-gaap:FairValueInputsLevel2Member us-gaap:USTreasurySecuritiesMember 2018-12-31 0001660280 us-gaap:MoneyMarketFundsMember us-gaap:FairValueInputsLevel3Member 2018-12-31 0001660280 us-gaap:FairValueInputsLevel3Member us-gaap:USTreasurySecuritiesMember 2018-12-31 0001660280 us-gaap:FairValueInputsLevel3Member us-gaap:CorporateDebtSecuritiesMember 2018-12-31 0001660280 us-gaap:CorporateDebtSecuritiesMember 2018-12-31 0001660280 us-gaap:FairValueInputsLevel2Member us-gaap:CommercialPaperMember 2018-12-31 0001660280 us-gaap:USTreasurySecuritiesMember 2018-12-31 0001660280 us-gaap:CommercialPaperMember 2018-12-31 0001660280 us-gaap:FairValueInputsLevel1Member us-gaap:CommercialPaperMember 2018-12-31 0001660280 us-gaap:FairValueInputsLevel1Member us-gaap:CorporateDebtSecuritiesMember 2018-12-31 0001660280 us-gaap:MoneyMarketFundsMember us-gaap:FairValueInputsLevel2Member 2018-12-31 0001660280 us-gaap:FairValueInputsLevel2Member us-gaap:CorporateDebtSecuritiesMember 2018-12-31 0001660280 us-gaap:MoneyMarketFundsMember us-gaap:FairValueInputsLevel1Member 2018-12-31 0001660280 us-gaap:FurnitureAndFixturesMember 2018-12-31 0001660280 us-gaap:ComputerEquipmentMember 2017-12-31 0001660280 us-gaap:FurnitureAndFixturesMember 2017-12-31 0001660280 tenb:RightOfUseAssetsUnderFinanceLeaseMember 2018-12-31 0001660280 us-gaap:LeaseholdsAndLeaseholdImprovementsMember 2017-12-31 0001660280 us-gaap:ComputerEquipmentMember 2018-12-31 0001660280 tenb:RightOfUseAssetsUnderFinanceLeaseMember 2017-12-31 0001660280 us-gaap:LeaseholdsAndLeaseholdImprovementsMember 2018-12-31 0001660280 2017-05-04 0001660280 us-gaap:LineOfCreditMember us-gaap:BaseRateMember 2018-01-01 2018-12-31 0001660280 us-gaap:LineOfCreditMember us-gaap:LondonInterbankOfferedRateLIBORMember 2018-01-01 2018-12-31 0001660280 srt:MaximumMember 2018-12-31 0001660280 us-gaap:ScenarioForecastMember 2021-03-31 0001660280 srt:MinimumMember 2018-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2015-12-01 2015-12-31 0001660280 tenb:SeriesARedeemableConvertiblePreferredStockMember 2012-10-01 2012-10-31 0001660280 tenb:SeriesBRedeemableConvertiblePreferredStockMember 2015-12-01 2015-12-31 0001660280 us-gaap:EmployeeStockMember 2018-01-01 2018-12-31 0001660280 us-gaap:SellingAndMarketingExpenseMember 2016-01-01 2016-12-31 0001660280 us-gaap:CostOfSalesMember 2016-01-01 2016-12-31 0001660280 us-gaap:ResearchAndDevelopmentExpenseMember 2016-01-01 2016-12-31 0001660280 us-gaap:GeneralAndAdministrativeExpenseMember 2016-01-01 2016-12-31 0001660280 us-gaap:ResearchAndDevelopmentExpenseMember 2017-01-01 2017-12-31 0001660280 us-gaap:CostOfSalesMember 2017-01-01 2017-12-31 0001660280 us-gaap:ResearchAndDevelopmentExpenseMember 2018-01-01 2018-12-31 0001660280 us-gaap:CostOfSalesMember 2018-01-01 2018-12-31 0001660280 us-gaap:SellingAndMarketingExpenseMember 2017-01-01 2017-12-31 0001660280 us-gaap:SellingAndMarketingExpenseMember 2018-01-01 2018-12-31 0001660280 us-gaap:GeneralAndAdministrativeExpenseMember 2017-01-01 2017-12-31 0001660280 us-gaap:GeneralAndAdministrativeExpenseMember 2018-01-01 2018-12-31 0001660280 us-gaap:EmployeeStockOptionMember 2017-01-01 2017-12-31 0001660280 us-gaap:EmployeeStockOptionMember 2018-01-01 2018-12-31 0001660280 us-gaap:EmployeeStockOptionMember 2016-01-01 2016-12-31 0001660280 us-gaap:StockCompensationPlanMember tenb:EquityIncentivePlan2018Member 2018-12-31 0001660280 srt:MaximumMember us-gaap:RestrictedStockUnitsRSUMember 2018-01-01 2018-12-31 0001660280 srt:MaximumMember us-gaap:EmployeeStockOptionMember 2018-01-01 2018-12-31 0001660280 us-gaap:RestrictedStockMember 2018-12-31 0001660280 us-gaap:RestrictedStockMember 2018-01-01 2018-12-31 0001660280 us-gaap:RestrictedStockUnitsRSUMember 2018-12-31 0001660280 us-gaap:EmployeeStockMember 2018-12-31 0001660280 tenb:EquityIncentivePlan2018Member 2018-12-31 0001660280 us-gaap:RestrictedStockUnitsRSUMember 2018-01-01 2018-12-31 0001660280 tenb:EquityIncentivePlan2018Member 2018-01-01 2018-12-31 0001660280 2015-01-01 2015-12-31 0001660280 us-gaap:RestrictedStockMember 2017-01-01 2017-12-31 0001660280 us-gaap:RestrictedStockUnitsRSUMember 2016-12-31 0001660280 us-gaap:RestrictedStockUnitsRSUMember 2017-01-01 2017-12-31 0001660280 us-gaap:RestrictedStockUnitsRSUMember 2017-12-31 0001660280 us-gaap:RestrictedStockMember 2016-12-31 0001660280 us-gaap:RestrictedStockMember 2017-12-31 0001660280 srt:MinimumMember us-gaap:RestrictedStockUnitsRSUMember 2018-01-01 2018-12-31 0001660280 srt:MaximumMember us-gaap:EmployeeStockMember 2018-01-01 2018-12-31 0001660280 srt:MinimumMember us-gaap:EmployeeStockMember 2018-01-01 2018-12-31 0001660280 srt:MinimumMember us-gaap:EmployeeStockOptionMember 2018-01-01 2018-12-31 0001660280 srt:MaximumMember us-gaap:EmployeeStockOptionMember 2016-01-01 2016-12-31 0001660280 srt:MinimumMember us-gaap:EmployeeStockOptionMember 2016-01-01 2016-12-31 0001660280 us-gaap:RestrictedStockMember 2018-01-01 2018-12-31 0001660280 us-gaap:EmployeeStockOptionMember 2018-01-01 2018-12-31 0001660280 us-gaap:RestrictedStockUnitsRSUMember 2018-01-01 2018-12-31 0001660280 us-gaap:RedeemableConvertiblePreferredStockMember 2018-01-01 2018-12-31 0001660280 us-gaap:EmployeeStockMember 2018-01-01 2018-12-31 0001660280 us-gaap:RedeemableConvertiblePreferredStockMember 2017-01-01 2017-12-31 0001660280 us-gaap:EmployeeStockOptionMember 2016-01-01 2016-12-31 0001660280 us-gaap:EmployeeStockMember 2017-01-01 2017-12-31 0001660280 us-gaap:EmployeeStockMember 2016-01-01 2016-12-31 0001660280 us-gaap:RestrictedStockUnitsRSUMember 2017-01-01 2017-12-31 0001660280 us-gaap:EmployeeStockOptionMember 2017-01-01 2017-12-31 0001660280 us-gaap:RestrictedStockUnitsRSUMember 2016-01-01 2016-12-31 0001660280 us-gaap:RedeemableConvertiblePreferredStockMember 2016-01-01 2016-12-31 0001660280 us-gaap:RestrictedStockMember 2016-01-01 2016-12-31 0001660280 us-gaap:RestrictedStockMember 2017-01-01 2017-12-31 0001660280 us-gaap:StateAndLocalJurisdictionMember 2018-12-31 0001660280 us-gaap:AccountingStandardsUpdate201602Member 2018-12-31 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2017-03-31 0001660280 us-gaap:AccountingStandardsUpdate201409Member 2017-01-01 2017-03-31 0001660280 us-gaap:DomesticCountryMember 2018-12-31 0001660280 us-gaap:ForeignCountryMember 2018-12-31 0001660280 us-gaap:IPOMember 2018-01-01 2018-12-31 0001660280 country:US us-gaap:SalesRevenueNetMember us-gaap:GeographicConcentrationRiskMember 2018-01-01 2018-12-31 0001660280 country:US us-gaap:SalesRevenueNetMember us-gaap:GeographicConcentrationRiskMember 2016-01-01 2016-12-31 0001660280 country:US us-gaap:SalesRevenueNetMember us-gaap:GeographicConcentrationRiskMember 2017-01-01 2017-12-31 0001660280 us-gaap:EMEAMember 2018-01-01 2018-12-31 0001660280 us-gaap:EMEAMember 2016-01-01 2016-12-31 0001660280 srt:AsiaPacificMember 2016-01-01 2016-12-31 0001660280 srt:AmericasMember 2017-01-01 2017-12-31 0001660280 us-gaap:EMEAMember 2017-01-01 2017-12-31 0001660280 srt:AmericasMember 2018-01-01 2018-12-31 0001660280 srt:AmericasMember 2016-01-01 2016-12-31 0001660280 srt:AsiaPacificMember 2017-01-01 2017-12-31 0001660280 srt:AsiaPacificMember 2018-01-01 2018-12-31 0001660280 us-gaap:NonUsMember 2017-12-31 0001660280 country:US 2018-12-31 0001660280 us-gaap:NonUsMember 2018-12-31 0001660280 country:US 2017-12-31 0001660280 2017-07-01 2017-09-30 0001660280 2017-04-01 2017-06-30 0001660280 2017-01-01 2017-03-31 0001660280 2017-10-01 2017-12-31 0001660280 2018-07-01 2018-09-30 0001660280 2018-04-01 2018-06-30 0001660280 2018-01-01 2018-03-31 0001660280 2018-10-01 2018-12-31 tenb:segment xbrli:pure iso4217:USD xbrli:shares iso4217:USD xbrli:shares
Table of Contents

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
______________________________________
FORM 10-K
______________________________________
ý
Annual Report Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934
For the fiscal year ended December 31, 2018
or
o
Transition Report Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934
For the transition period from _____ to _____
Commission file number 001-38600
______________________________________
TENABLE HOLDINGS, INC.
(Exact name of registrant as specified in its charter)
______________________________________
Delaware
 
47-5580846
(State or other jurisdiction of incorporation or organization)
 
(I.R.S. Employer Identification Number)
7021 Columbia Gateway Drive, Suite 500, Columbia, Maryland, 21046
(Address of principal executive offices, including zip code)
(410) 872-0555
(Registrant’s telephone number, including area code)
______________________________________
Securities registered pursuant to Section 12(b) of the Act:
Title of each class
 
Name of exchange on which registered
Common stock, par value $0.01 per share
 
Nasdaq Global Select Market
Securities registered pursuant to Section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ¨ No ý
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ¨ No ý
Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ý No ¨
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes ý No ¨
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§ 229.405 of this chapter) is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. ý
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company” and "emerging growth company" in Rule 12b-2 of the Exchange Act.
Large accelerated filer
o
 
Accelerated filer
o
Non-accelerated filer
ý
 
 
 
Emerging growth company
ý
 
Smaller reporting company
o
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ý
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ¨ No ý
As of December 31, 2018, the aggregate market value of the common stock of the registrant held by non-affiliates was approximately $687.5 million. The registrant has elected to use December 31, 2018 as the calculation date, which was the last trading date of the registrant’s most recently completed fiscal year, because on June 30, 2018, the registrant was a privately-held company.
The number of shares of the Registrant's common stock outstanding as of February 22, 2019 was 94,955,182.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant's definitive Proxy Statement relating to the 2019 Annual Meeting of Stockholders are incorporated herein by reference in Part III of this Annual Report on Form 10-K. The Proxy Statement will be filed with the Securities and Exchange Commission within 120 days after the year ended December 31, 2018.



TENABLE HOLDINGS, INC.
TABLE OF CONTENTS
 
 
Page
PART I
 
 
Item 1.
Item 1A.
Item 1B.
Item 2.
Item 3.
Item 4.
 
 
 
PART II
 
 
Item 5.
Item 6.
Item 7.
Item 7A.
Item 8.
Item 9.
Item 9A.
Item 9B.
 
 
 
PART III
 
 
Item 10.
Item 11.
Item 12.
Item 13.
Item 14.
 
 
 
PART IV
 
 
Item 15.
Item 16.
 
 


2

Table of Contents

PART I
Forward-Looking Statements
This Annual Report on Form 10-K, including the sections entitled "Business," "Risk Factors," and "Management's Discussion and Analysis of Financial Condition and Results of Operations," contains forward-looking statements that involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to be materially different from the information expressed or implied by these forward-looking statements. Statements that are not purely historical are forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. In some cases, you can identify forward-looking statements by the words “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “might,” “objective,” “ongoing,” “plan,” “predict,” “project,” “potential,” “should,” “will,” or “would,” or the negative of these terms, or other comparable terminology intended to identify statements about the future. These forward-looking statements include, but are not limited to, statements concerning the following:
our market opportunity;
the effects of increased competition as well as innovations by new and existing competitors in our market;
our ability to adapt to technological change, release new products and product features and effectively enhance, innovate and scale our enterprise platform and solutions;
our ability to effectively manage or sustain our growth and to achieve profitability;
our ability to maintain and expand our customer base, including by attracting new customers;
our relationships with third parties, including channel partners;
potential acquisitions and integration of complementary businesses and technologies;
our ability to maintain, or strengthen awareness of, our brand;
perceived or actual problems with the security, integrity, reliability, compatibility and quality of our platform and solutions;
future revenue, hiring plans, expenses, capital expenditures, capital requirements and stock performance;
our ability to attract and retain qualified employees and key personnel and further expand our overall headcount;
our ability to stay abreast of new or modified laws and regulations that currently apply or become applicable to our business both in the United States and internationally;
our ability to maintain, protect and enhance our intellectual property;
costs associated with defending intellectual property infringement and other claims; and
the future trading prices of our common stock and the impact of securities analysts’ reports on these prices.
These statements represent the beliefs and assumptions of our management based on information currently available to us. Such forward-looking statements are subject to risks, uncertainties and other important factors that could cause actual results and the timing of certain events to differ materially from future results expressed or implied by such forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to those discussed in the section titled “Risk Factors” included under Part I, Item 1A. Furthermore, such forward-looking statements speak only as of the date of this report. Except as required by law, we undertake no obligation to update any forward-looking statements to reflect events or circumstances that occur after the date of this report.
Item 1.        Business
Overview
We are the first and only provider of solutions for a new category of cybersecurity that we call Cyber Exposure. Cyber Exposure is a discipline for managing and measuring cybersecurity risk in the digital era. We are building on our deep technology expertise in the traditional vulnerability assessment and management market and expanding that market to include modern attack surfaces and provide analytics that translate vulnerability data into business insight.

3

Table of Contents

Digital transformation is driving radical change. As organizations modernize their IT infrastructure and adopt cloud or hybrid cloud architectures that are no longer housed in the confines of their corporate networks, they have less visibility and control over the security of these assets. Organizations are also increasingly implementing modern solutions, such as Internet of Things, or IoT, devices and application containers, to enable the rapid development and deployment of new products, services and business models, as well as to drive operational efficiencies. Further, safety-critical Operational Technology, or OT, such as Industrial Control Systems, are now network-connected and need to be secured from cybersecurity threats. This digital transformation increases IT complexity and cybersecurity risk as attack surfaces expand. We refer to an organization’s inability to see the breadth of the modern attack surface and analyze the level of cyber exposure as the Cyber Exposure Gap.
While other functions in an organization, such as finance and operations, have a system to help them manage and measure risk, to date, cybersecurity risk has not been adequately measured and understood. Our platform is built to be the Cyber Exposure Command Center for an organization’s Chief Information Security Officer, or CISO. Our platform provides the CISO with unified visibility into the organization’s state of security and enables security teams to prioritize and focus their remediation efforts. Our platform also translates vulnerability data into actionable business metrics and insights that boards of directors and executives can understand and use to make strategic decisions. We believe our Cyber Exposure solutions are transforming how security is managed and measured and will help organizations more rapidly embrace digital transformation.
Our platform offerings provide broad visibility into security issues such as vulnerabilities, misconfigurations, internal and regulatory compliance violations and other indicators of the state of an organization’s security. We also provide deep analytics to help organizations measure trends in their cyber exposure over time. Our platform integrates and analyzes data from our native collectors alongside IT asset, vulnerability and threat data from third-party systems and applications to prioritize security issues for remediation and focus an organization’s resources based on risk and business criticality.
We have experienced rapid growth in recent periods. In 2018, 2017 and 2016 our total revenue was $267.4 million, $187.7 million and $124.4 million, respectively, representing year-over-year growth rates of 42% from 2017 to 2018 and 51% from 2016 to 2017. Our net loss was $73.5 million, $41.0 million and $37.2 million in 2018, 2017 and 2016, respectively.
Our Platform Offerings
Our vision is to empower every organization to understand and reduce their cybersecurity risk. We are the first and only platform designed to provide broad visibility and deep insights into cyber exposure across the entire modern attack surface, as a result of which we believe our platform can become the system of record for cybersecurity.
Our Enterprise Platform Offerings
Our enterprise platform is built to serve as the Cyber Exposure Command Center, enabling organizations to answer foundational and strategic questions such as:
Where are we exposed?
Where should we prioritize based on risk?
Are we reducing our exposure over time?
How do we compare to our peers?
Our enterprise platform offerings, including Tenable.io, Tenable.sc, previously referred to as SecurityCenter, and Industrial Security, are built to provide organizations with the breadth of visibility to accurately understand both traditional and modern attack surfaces and the depth of insight that stems from risk-based analytics, prioritization and benchmarking. Our Cyber Exposure platform automatically discovers assets, including those in cloud environments, and assesses these assets for the presence of vulnerabilities, internal and regulatory compliance violations, misconfigurations and other cybersecurity issues, analyzes and prioritizes cybersecurity risks based on the likelihood of a vulnerability being exploited and the business criticality of the asset, and provides an objective way to measure an organization’s cyber exposure.
We offer two solutions for vulnerability management which provide flexible deployment options based on a customer’s maturity in moving to the cloud. Tenable.io is our software as a service, or SaaS, offering for vulnerability

4

Table of Contents

management, and Tenable.sc is our on-premises vulnerability management offering, both of which enable organizations to quickly and accurately identify, investigate and prioritize vulnerabilities and misconfigurations across a range of traditional IT assets, such as networking infrastructure, desktops and on-premises servers, and modern IT assets, such as cloud workloads, containers, web applications, IoT and OT assets. Enterprises typically start with vulnerability management to secure traditional IT assets and expand their deployment over time to cover more traditional IT assets and/or more types of modern assets by deploying additional applications. For organizations with hybrid IT environments, some customers choose to expand their deployments to include both Tenable.sc and Tenable.io as an integrated solution spanning both on-premise and cloud-based management.
Launched in 2017 in partnership with Siemens, Industrial Security, an OT-specific offering, is an asset discovery and vulnerability assessment solution, built on our patented passive network monitoring technology. Industrial Security monitors critical infrastructure in energy, utilities and other sectors, utilizing a non-intrusive approach to give security and plant operations teams the ability to discover, visualize and monitor their most sensitive systems. Industrial Security includes comprehensive asset discovery, passive vulnerability detection and multi-site management, which allows for a consolidated view across multiple locations. We currently offer Industrial Security as a stand-alone solution, and we intend to integrate it within the Tenable.io offering.
Our enterprise platform offerings deliver the following capabilities:
Live asset discovery. We can automatically discover a broad range of traditional and modern IT assets, including on-premises infrastructure, applications, cloud environments, mobile devices, containers, IoT devices and OT systems. We use a combination of active scanning, passive network monitoring and public cloud monitoring via our connector to identify known and unknown assets on the network.
Automated exposure assessment. With every change in a customer’s computing environment, we can automatically assess and identify where there are vulnerabilities, internal and regulatory compliance violations and misconfigurations across assets and cloud environments, such as missing software patches or outdated software versions. In addition, we can help optimize existing security technology investments to identify indicators of cyber exposure, such as improperly configured anti-virus software.
Deep analytics to allow for prioritization. We combine our product and research IP with third-party data to provide business context and allow organizations to prioritize remediation efforts based on the business criticality of the asset and the severity of the issue. Additionally, we recently announced the release of Predictive Prioritization, which enables organizations to reduce business risk by focusing on the vulnerabilities with the greatest likelihood of imminently being exploited. Predictive Prioritization combines Tenable vulnerability data with third party threat and vulnerability data across 150 data sources using a proprietary machine learning algorithm developed by the Tenable Research data science team to predict the likelihood of a vulnerability being exploited. Predictive Prioritization provides a threat-based view of vulnerabilities, which is a critical component of modern vulnerability management, and will be included within both Tenable.io and Tenable.sc.
Open and extensible platform. Our platform ingests a wide set of third-party data sources to enhance analysis and integrates that data with industry-leading IT workflow, security information and event management, or SIEM, and systems management tools to accelerate remediation and provide common visibility across security and IT operations teams.
Cyber exposure measurement. Our expansive knowledge base of assets and vulnerabilities coupled with data science insights help our customers objectively score, trend and benchmark cyber exposure across their organizations, including by business unit or geography, and compare their cyber exposure against industry peers and best practices. We believe this capability is critical to help the CISO effectively translate technical information and communicate cybersecurity risk to a non-technical audience, including the C-suite and the Board of Directors, to make better strategic decisions on where to focus investment to maximize cybersecurity risk reduction. Our vision is to create industry standard metrics and benchmarks for Cyber Exposure to create an objective measure of cyber risk. In support of this vision, we plan to release Tenable Lumin to help organizations with cyber exposure measurement, which will include scoring, trending and benchmarking capabilities and data science insights.
Nessus
Our co-founder is the creator of Nessus, one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry, which underpins our enterprise platform. Since the introduction of Nessus in 1998, an extensive

5

Table of Contents

community of Nessus users has emerged. We continue to cultivate knowledge and affinity within this user base, which, when combined with our enterprise customers and our Tenable Research team of cybersecurity and data science experts, creates powerful network effects in the form of a continuous feedback loop of data and insights. We use these learnings to expand our assessment capabilities and coverage, continually optimize our solutions and inform our product strategy and innovation priorities. We believe these data and insights will also fuel and strengthen our benchmarking capabilities over time.
Nessus Professional
Nessus Professional is a vulnerability assessment solution for identifying security vulnerabilities, configuration issues and malware. Nessus Professional serves as both a stand-alone product designed for security consultants and practitioners performing one-time or ad-hoc assessment as well as an on-ramp product to our enterprise platform. With broad vulnerability coverage, accurate analysis and an easy-to-use interface, Nessus Professional offers a cost-effective and comprehensive solution for security consultants and users with ad-hoc assessment needs.
Nessus Home
We also offer a free version of our Nessus product, Nessus Home, which includes vulnerability and configuration assessment for a limited number of assets, but does not include access to support and certain features that Nessus Professional customers enjoy.
Technology Architecture
Our platform is built from the ground up to support the needs of modern IT assets and cloud environments. Our platform’s scalability can meet the requirements of the largest global enterprise customers, which may require assessment for millions of assets. In addition, we offer a published service level agreement promising 99.95% availability to help ensure the reliability of operation for our customers.
Foundational elements of our technology architecture include:
Microservices-based architecture. DevOps are software development practices and tools that increase an organization’s ability to rapidly deliver applications and services. In a DevOps model, building security into the application development process is difficult. Technologies like microservices, which structure an application as a collection of loosely coupled services, and application containers, which are lightweight, portable pieces of software used to package applications and services, have emerged to support DevOps processes. Our architecture consists of microservices running in containers provided by Docker Inc. and orchestrated by the open-source system Kubernetes. Containers allow us to utilize a DevOps philosophy in our software development lifecycle, which permits us to perform numerous code updates per day. The result is faster and more predictable time to market for new capabilities and services.
Public cloud infrastructure for agility. Our use of the public cloud delivers agility and market responsiveness without the capital investment or time delay involved with planning, purchasing and deploying hardware. It also provides a flexible cost profile in which capacity can be quickly adjusted up or down in response to new opportunities and market demand, with relatively modest fixed costs.
Scalability. Our platform scales up and down to continuously meet customer demands, through the use of public cloud infrastructure around the world. This approach provides elastic resources for compute, data transfer and storage, and allows us to meet the needs of even the largest global enterprises and government agencies. Our platform manages and supports millions of assets for multiple enterprise customers across a variety of industries, with the ability to process millions of application programming interface, or API, calls daily. The platform can scale to support IoT deployments that are an order of magnitude larger than IT deployments.
Availability. Our modern architecture, leveraging state-of-the-art public cloud services, offers high availability and high performance. It provides geographic redundancy, as well as automated backup, without the need for us to build redundant infrastructure. As a result, we offer a service level agreement for Tenable.io that promises 99.95% availability.
Portability. Tenable.io primarily resides in a public cloud environment and offers the flexibility to be deployed as traditional software in on-premises environments, partner environments and hybrid deployments.
Extensibility and integration. Our open API and software development kit, or SDK, enable import of data from third-party sources and sensors-including competitor products-to augment our native discovery,

6

Table of Contents

assessment and analytics. This is essential to providing a unified view of assets, vulnerabilities and exposure across the enterprise. These capabilities also enable flexible export of our data to third party systems.
Widely adopted industry standard file format. The “.Nessus” file format for vulnerability data used in all of our products is openly documented and supported by dozens of products and programming languages, which simplifies integration with our ecosystem partners’ technologies.
Our Technology Ecosystem
We have partnered and/or integrated with leading technology companies to pioneer the industry’s first Cyber Exposure ecosystem to help organizations build resilient cybersecurity programs. Our ecosystem consists of a variety of third-party data import sources into our platform offerings, as well as export of our data out to third-party IT systems. Our technology ecosystem connects disparate solutions and data to automate processes and accelerate an organization’s ability to understand, manage and reduce its cyber exposure.
We integrate a variety of third-party data sources into our platform to augment our native data collection and help with analysis and prioritization. Furthermore, our data is also exported out to enrich third-party IT management and security systems.
Our Growth Strategy
Our objectives are to maintain our market leadership in Cyber Exposure and to capture our large market opportunity. To accomplish these objectives, we intend to:
Continue to Acquire New Enterprise Platform Customers. We believe there is a substantial opportunity to increase adoption of our enterprise platform offerings. We have experienced strong growth in new platform customers due to investments in sales and marketing. We intend to continue to aggressively pursue new customers by adding sales capacity and leveraging our network of channel partners.
Expand Asset Coverage Within Our Customer Base. We believe we have a significant opportunity to expand our relationships with our existing customers by targeting additional teams, business units or geographies, pursuing broad enterprise deployments and generally expanding our coverage of their IT assets.
Invest in Our Technology Platform and Expand Use Cases. We intend to continue to innovate and develop our enterprise platform, including the addition of incremental capabilities, such as coverage of new attack surfaces and asset types and the addition of analytical capabilities, to help our customers measure and benchmark their cyber exposure. As we collect more data and ingest more data from third-party sources, we believe our data set will become even more valuable over time, which will allow us to continue to develop new analytical products and capabilities to our existing product suite over time. We also plan to release Tenable Lumin, a new application that will provide cyber exposure scoring, trending and benchmarking capabilities to help organizations measure their internal cyber exposure, including by business unit or geography, and against industry peers and best-in-class performers.
Accelerate International Expansion. We intend to increase our international customer base by leveraging and expanding investments in our technology, direct sales force and channel partnerships around the world.
Customers
We sell and market our enterprise platform offerings through our field sales force that works closely with our channel partners, which includes a network of distributors and resellers, in developing sales opportunities. We use a two-tiered channel model whereby we sell our enterprise platform offerings to our distributors, which in turn sell to our resellers, which then sell to end users, which we call customers.
Our customers are located in over 160 countries and include enterprises of all sizes and span a wide range of industries, including manufacturing, energy and industrials; technology, media and telecommunications; banking, insurance and finance; government, education and non-profit; healthcare; and retail and consumer.
As of December 31, 2018 and 2017, we had over 27,000 and 24,000 customers, respectively, who licensed our Tenable.io, Tenable.sc or Nessus Professional products. Our customers include 58% of the Fortune 500 and 32% of the Global 2000 organizations at December 31, 2018. In 2018, 2017 and 2016, no single customer represented more than 2% of our revenue.

7

Table of Contents

Sales and Marketing
Our sales strategy employs both a direct-touch approach through our sales forces and a low-touch approach through sales closed by our channel partners and transacted our on e-commerce website. Both direct-touch and channel-originated sales are fulfilled through our channel partnerships. Our sales and customer success renewal teams collaborate closely with our channel partners to prospect, manage and support our customers, developing and maintaining close relationships with all of our platform customers.
We sell to organizations of all sizes across a broad range of industries, with a specific focus on enterprise accounts. Our sales team is divided by customer size and geography, including Americas; Europe, the Middle East and Africa, or EMEA; and Asia Pacific and Japan, or APAC.
Our partner ecosystem provides us with a number of advantages, including increased in-bound registered sales leads, broader geographic reach and greater deal velocity. Our channel partners include distributors, value-added resellers, system integrators and managed security service providers.
Our marketing efforts focus on cultivating brand awareness and leveraging our brand strength with Nessus, building demand across all segments with a specific emphasis on our enterprise customers and delivering tailored marketing programs focused on CISOs and security executives, functional managers and security practitioners and consultants with Nessus. We also provide educational programs to DevOps teams for our Container Security and Web Application Scanning products. We execute marketing programs targeted at new customer acquisition, customer retention and cross-selling and up-selling of products across our platform.
Research and Development
Our engineering expertise combines extensive security product development experience with individuals who possess deep cloud and user interface design background. Our engineering team has groups that focus on Nessus configuration auditing, Nessus vulnerability enumeration, passive network traffic analysis and system log analysis, including public cloud.
Additionally, our Tenable Research team includes a team of cybersecurity and data science experts who produce original research and apply data science techniques to our security telemetry data to provide meaningful insights. This data fuels the benchmarking offering in our platform and we believe will become a trusted source throughout the industry for understanding Cyber Exposure. Tenable Research, including data science, is a key component of our thought leadership.
We believe ongoing and timely development of new products and features is imperative to maintaining our competitive position. We continue to invest in development of our solutions across our global innovation centers in Columbia, Maryland; Los Angeles, California; San Jose, California and Dublin, Ireland.
Our research and development expense was $76.7 million, $57.7 million and $40.1 million in 2018, 2017 and 2016, respectively.
Backlog
We define backlog as contractually committed orders to be invoiced under our existing agreements that are not included in the deferred revenue on our consolidated balance sheets. As of December 31, 2018 and 2017, we had backlog of $3.3 million and $3.1 million, respectively. We expect substantially all of the backlog at December 31, 2018 to be invoiced within the following twelve months.
Competition
The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving. We compete with a range of established and emerging cybersecurity software and services vendors, as well as homegrown solutions. With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going forward. Our competitors include: vulnerability management and assessment vendors, including Qualys and Rapid7; diversified security software and services vendors, including IBM; endpoint security vendors with nascent vulnerability assessment capabilities, including Tanium and CrowdStrike; and providers of point solutions that compete with some of the features present in our solutions. We also compete against internally-developed efforts that

8

Table of Contents

often use open source solutions.
We believe that the principal competitive factors affecting the market for cybersecurity solutions include product functionality, breadth and depth of offerings, flexibility of delivery models, ease of deployment and use, integration capabilities such as open APIs and scalability, uptime and performance. We believe that our suite of solutions generally competes favorably with respect to these factors and may serve as a complement to the solutions offered by our competitors in some cases. Some of our more established actual and potential competitors have greater name recognition, longer operating histories, more established customer relationships, larger marketing budgets and significantly greater resources than we do. In addition, as our market grows and rapidly changes, we expect it will continue to attract new competitors, including larger established companies and smaller emerging companies, which could introduce new products and services.
Intellectual Property
Our success depends in part upon our ability to protect our core technology and intellectual property. We rely on a combination of trade secrets, copyrights, patents and trademarks, as well as contractual protections, to establish and protect our intellectual property rights and protect our proprietary technology.
As of December 31, 2018, we had 14 issued patents and five patent applications pending in the United States. Our issued patents expire between 2027 and 2034 and cover our passive network scanning, monitoring and analysis technologies and additional features of our enterprise platform. As of December 31, 2018, we had 16 registered trademarks and one trademark application pending in the United States. We view our copyrights, trade secrets and know-how as a significant component of our intellectual property assets.
We also license certain software from third parties for integration into our solutions, including open source software and other software available on commercially reasonable terms. We cannot assure you that such third parties will maintain such software or continue to make it available.
We control access to and use of our proprietary software and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, customers and partners, and our software is protected by U.S. and international copyright and trade secret laws. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, licenses and confidentiality and invention assignment agreements, unauthorized parties may still attempt to copy, reverse engineer misappropriate or otherwise obtain and use our software and technology. In addition, we intend to expand our international operations, and effective patent, copyright, trademark and trade secret protection may not be available or may be limited in foreign countries.
Government Regulation
Various federal, state and foreign legislative and regulatory bodies have legislation pending that could affect our business. In particular, the European Union has passed the General Data Protection Regulation, or GDPR, which came into force on May 25, 2018. The GDPR includes more stringent operational requirements on entities that receive or process personal data (as compared to existing EU law), along with significant penalties for non-compliance, more robust obligations on data processors and data controllers, greater rights for data subjects (potentially requiring significant changes to both our technology and operations), and heavier documentation requirements for data protection compliance programs. Similarly, there are a number of federal and state level legislative proposals in the United States that could impose new obligations on us. For example, California recently enacted the California Consumer Privacy Act, or the CCPA, which creates new individual privacy rights for consumers and places increased privacy and security obligations on entities handling the personal data of consumers or households. When it goes into effect on January 1, 2020, the CCPA will require covered companies to provide new disclosures to California consumers, which could include certain of our employees based on the broad definitions in the law, to provide such consumers new ways to opt out of certain sales of personal information and to allow for a new causes of action for data breaches. In addition, some countries are considering or have passed legislation implementing more onerous data protection requirements or requiring local storage and processing of data or other requirements that could increase the cost and complexity of delivering our services.
Like other U.S.-based IT security products, our products are subject to U.S. export control laws and regulations, specifically the Export Administration Regulations, or EAR, U.S. economic and trade sanctions regulations and applicable foreign government import, export and use requirements. Certain of our products are subject to encryption controls under the EAR due to the nature of the product and its use or incorporation of encryption functionality. Under

9

Table of Contents

the encryption controls in the EAR, applicable products may only be exported outside of the United States with required export authorizations, such as a license, a license exception or other appropriate government authorizations. In addition to the restrictions under the EAR, U.S. export control laws and economic sanctions prohibit the export of products and services to countries, governments, entities or persons subject to U.S. embargoes or trade sanctions.
Employees and Culture
As of December 31, 2018, we had 1,252 employees, including 329 employees located outside of the United States. None of our employees are represented by a labor union or covered by a collective bargaining agreement. We have not experienced any work stoppages, and we consider our relations with our employees to be good.
We believe in upholding a core set of values for our entire global workforce:
One Tenable: We are united as one Tenable team. We win together. We are one team internally, with our customers, with our partners and in the market.
We Care: About our work, about our customers, about one another and about our communities. We speak straight and we do the right thing.
Deliver Results: We set high goals, take bold risks, measure honestly and deliver results that exceed expectations.
What We Do Matters: The work that we do makes a difference in the world.
Financial Information and Segments
Segment and geographic information required here in Item 1 can be found in Note 1 and Note 10 of the Notes to our Consolidated Financial Statements included in Part II, Item 8, Financial Statements, of this Form 10-K.
Corporate Information
Tenable Network Security, Inc., our predecessor, was incorporated under the laws of the State of Delaware in 2002. Tenable Holdings, Inc. was incorporated in Delaware in October 2015, and in November 2015, Tenable Network Security, Inc. was merged into our wholly-owned indirect subsidiary and in 2017 was renamed as Tenable, Inc.
Our principal executive offices are located at 7021 Columbia Gateway Drive, Suite 500, Columbia, Maryland 21046. Our telephone number is (410) 872-0555. Our website address is www.tenable.com. The information contained on, or that can be accessed through, our website is not incorporated by reference, and you should not consider any information contained on, or that can be accessed through, our website as part of this Annual Report on Form 10-K.
“Tenable,” “Nessus,” “Tenable.io” and the Tenable logo, and other trademarks or service marks of Tenable Holdings, Inc. appearing in this Annual Report on Form 10-K are the property of Tenable Holdings, Inc. This Annual Report on Form 10-K contains additional trade names, trademarks and service marks of others, which are the property of their respective owners. Solely for convenience, trademarks and trade names referred to in this Annual Report on Form 10-K may appear without the ® or TM symbols.
Available Information
Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, Proxy Statement, and amendments to reports filed pursuant to Sections 13(a) and 15(d) of the Exchange Act, are available for download free of charge from our investor relations website https://investors.tenable.com after we file them with the Securities and Exchange Commission, or the SEC. The SEC’s website https://www.sec.gov contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC.
The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file with the SEC.
Item 1A.    Risk Factors
Our operations and financial results are subject to significant risks and uncertainties including those described below. You should carefully consider the risks and uncertainties described below, in addition to other information

10

Table of Contents

contained in this Annual Report on Form 10-K, including our consolidated financial statements and related notes. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. If any of the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially and adversely affected.
Risks Related to Our Business and Industry
We have a history of losses and may not achieve or maintain profitability in the future.
We have historically incurred net losses, including net losses of $73.5 million, $41.0 million and $37.2 million in 2018, 2017 and 2016, respectively. As of December 31, 2018, we had an accumulated deficit of $466.1 million. Because the market for our offerings is highly competitive and rapidly evolving and these solutions have not yet reached widespread adoption, it is difficult for us to predict our future results of operations. While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales of our offerings to sustain or increase our growth or achieve or maintain profitability in the future. We also expect our costs to increase in future periods, which could negatively affect our future operating results if our revenue does not increase at a greater rate. In particular, we expect to continue to expend substantial financial and other resources on:
research and development related to our offerings, including investments in our research and development team;
sales and marketing, including a significant expansion of our sales organization, both domestically and internationally;
continued international expansion of our business; and
general and administrative expense, including legal and accounting expenses related to being a public company.
These investments may not result in increased revenue or growth in our business. If we are unable to increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position and results of operations will be harmed and we may not be able to achieve or maintain profitability over the long term. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays and other unknown factors that may result in losses in future periods. If our revenue growth does not meet our expectations in future periods, our financial performance may be harmed, and we may not achieve or maintain profitability in the future.
We may not be able to sustain our revenue growth rate in the future.
From 2017 to 2018, our revenue grew from $187.7 million to $267.4 million, representing year-over-year growth of 42%. This growth was primarily from an increase in subscription revenue. From 2016 to 2017, our revenue grew from $124.4 million to $187.7 million, representing year-over-year growth of 51%. Our adoption of ASU No. 2014-09, Revenue from Contracts with Customers (Topic 606), or ASC 606, as of January 1, 2017 contributed three percentage points to that growth rate. Although we have experienced rapid growth historically and currently have high customer renewal rates, we may not continue to grow as rapidly in the future due to a decline in our renewal rates, failure to attract new customers or other factors. Any success that we may experience in the future will depend in large part on our ability to, among other things:
maintain and expand our customer base;
increase revenue from existing customers through increased or broader use of our offerings within their organizations;
improve the performance and capabilities of our offerings through research and development;
continue to develop and expand our enterprise platform;
maintain the rate at which customers purchase and renew subscriptions to our enterprise platform offerings;
continue to successfully expand our business domestically and internationally; and
successfully compete with other companies.

11

Table of Contents

If we are unable to maintain consistent revenue or revenue growth, our stock price could be volatile, and it may be difficult to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth.
We may be unable to rapidly and efficiently adjust our cost structure in response to significant revenue declines, which could adversely affect our operating results.
We recognize substantially all of our revenue ratably over the term of our subscriptions and, to a lesser extent, perpetual licenses ratably over an expected period of benefit and, as a result, downturns in sales may not be immediately reflected in our operating results.
We recognize substantially all of our revenue ratably over the terms of our subscriptions with customers, which generally occurs over a one-year period and, for our perpetual licenses, over a five-year expected period of benefit. As a result, a substantial portion of the revenue that we report in each period will be derived from the recognition of deferred revenue relating to agreements entered into during previous periods. Consequently, a decline in new sales or renewals in any one period may not be immediately reflected in our revenue results for that period. This decline, however, will negatively affect our revenue in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our solutions and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. This also makes it difficult for us to rapidly increase our revenue growth through additional sales in any period, as revenue from new customers generally will be recognized over the term of the applicable agreement.
We may not be able to scale our business quickly enough to meet our customers’ growing needs.
As usage of our enterprise platform grows, and as customers expand in size or expand the number of IT assets or IP addresses under their subscriptions, we may need to devote additional resources to improving our technology architecture, integrating with third-party systems and maintaining infrastructure performance. In addition, we will need to appropriately scale our sales and marketing headcount, as well as grow our third-party channel partner network, to serve our growing customer base. If we are unable to scale our business appropriately, it could reduce the attractiveness of our solutions to customers, resulting in decreased sales to new customers, lower renewal rates by existing customers or the issuance of service credits or requested refunds, each of which could hurt our revenue growth and our reputation. Even if we are able to upgrade our systems and expand our personnel, any such expansion will be expensive and complex, requiring management time and attention. We could also face inefficiencies or operational failures as a result of our efforts to scale our infrastructure. Moreover, there are inherent risks associated with upgrading, improving and expanding our information technology systems. We cannot be sure that the expansion and improvements to our infrastructure and systems will be fully or effectively implemented on a timely basis, if at all. These efforts may reduce revenue and our margins and adversely impact our financial results.
If our enterprise platform offerings do not interoperate with our customers’ network and security infrastructure or with third-party products, websites or services, our results of operations may be harmed.
Our enterprise platform offerings, Tenable.io and Tenable.sc, must interoperate with our customers’ existing network and security infrastructure. These complex systems are developed, delivered and maintained by the customer and a myriad of vendors and service providers. As a result, the components of our customers’ infrastructure have different specifications, rapidly evolve, utilize multiple protocol standards, include multiple versions and generations of products and may be highly customized. We must be able to interoperate and provide our security offerings to customers with highly complex and customized networks, which requires careful planning and execution between our customers, our customer support teams and our channel partners. Further, when new or updated elements of our customers’ infrastructure or new industry standards or protocols, such as HTTP/2, are introduced, we may have to update or enhance our cloud platform and our other solutions to allow us to continue to provide service to customers. Our competitors or other vendors may refuse to work with us to allow their products to interoperate with our solutions, which could make it difficult for our cloud platform to function properly in customer networks that include these third-party products.
We may not deliver or maintain interoperability quickly or cost-effectively, or at all. These efforts require capital investment and engineering resources. If we fail to maintain compatibility of our cloud platform and our other solutions with our customers’ network and security infrastructures, our customers may not be able to fully utilize our solutions, and we may, among other consequences, lose or fail to increase our market share and experience reduced demand for our services, which would materially harm our business, operating results and financial condition.

12

Table of Contents

If our solutions fail to detect vulnerabilities or incorrectly detect vulnerabilities, or if they contain undetected errors or defects, our brand and reputation could be harmed.
If our solutions fail to detect vulnerabilities in our customers’ cybersecurity infrastructure, or if our solutions fail to identify new and increasingly complex methods of cyberattacks, our business and reputation may suffer. There is no guarantee that our solutions will detect all vulnerabilities, especially in light of the rapidly changing security landscape to which we must respond. Additionally, our solutions may falsely detect vulnerabilities or threats that do not actually exist. For example, our solutions rely on information provided by an active community of users who contribute new exploits, attacks and vulnerabilities. If the information from these third parties is inaccurate, the potential for false indications of security vulnerabilities increases. These false positives, while typical in the industry, may impair the perceived reliability of our offerings and may therefore adversely impact market acceptance of our products and could result in negative publicity, loss of customers and sales and increased costs to remedy any problem.
Our solutions may also contain undetected errors or defects when first introduced or as new versions are released. We have experienced these errors or defects in the past in connection with new solutions and product upgrades and we expect that these errors or defects will be found from time to time in the future in new or enhanced solutions after commercial release. Defects may cause our solutions to be vulnerable to attacks, cause them to fail to detect vulnerabilities, or temporarily interrupt customers’ networking traffic. Any errors, defects, disruptions in service or other performance problems with our solutions may damage our customers’ business and could hurt our reputation. If our solutions fail to detect vulnerabilities for any reason, we may incur significant costs, the attention of our key personnel could be diverted, our customers may delay or withhold payment to us or elect not to renew or other significant customer relations problems may arise. We may also be subject to liability claims for damages related to errors or defects in our solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our solutions may harm our business and operating results.
An actual or perceived security breach or theft of the sensitive data of one of our customers, regardless of whether the breach is attributable to the failure of our solutions, could adversely affect the market’s perception of our brand and our offerings and subject us to legal claims.
Our future quarterly results of operations are likely to fluctuate significantly due to a wide range of factors, which makes our future results difficult to predict.
Our revenue and results of operations have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control, including:
the level of demand for our enterprise platform;
the introduction of new products and product enhancements by existing competitors or new entrants into our market, and changes in pricing for solutions offered by us or our competitors;
the rate of renewal of subscriptions, and extent of expansion of IT assets under such subscriptions, with existing customers;
the mix of customers licensing our products on a subscription basis as compared to a perpetual license;
large customers failing to renew their subscriptions;
the size, timing and terms of our subscription agreements with new customers;
our ability to interoperate our solutions with our customers’ network and security infrastructure;
the timing and growth of our business, in particular through our hiring of new employees and international expansion;
network outages, security breaches, technical difficulties or interruptions with our solutions;
changes in the growth rate of the markets in which we compete;
the length of the license term, amount prepaid and other material terms of subscriptions to our solutions sold during a period;
customers delaying purchasing decisions in anticipation of new developments or enhancements by us or our competitors or otherwise;
changes in customers’ budgets;
seasonal variations related to sales and marketing and other activities, such as expenses related to our customers;
our ability to increase, retain and incentivize the channel partners that market and sell our solutions;

13

Table of Contents

our ability to integrate our solutions with our ecosystem partners’ technology;
our brand and reputation;
the timing of our adoption of new or revised accounting pronouncements applicable to public companies and the impact on our results of operations;
our ability to control costs, including our operating expenses;
our ability to hire, train and maintain our direct sales force;
unforeseen litigation and intellectual property infringement;
fluctuations in our effective tax rate; and
general economic and political conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers operate.
Any one of these or other factors discussed elsewhere in this Annual Report on Form 10-K, or the cumulative effect of some of these factors, may result in fluctuations in our revenue and operating results, meaning that quarter-to-quarter comparisons of our revenue, results of operations and cash flows may not necessarily be indicative of our future performance and may cause us to miss our guidance and analyst expectations and may cause our stock price to decline.
In addition, we have historically experienced seasonality in entering into agreements with customers. We typically enter into a significantly higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the third and fourth quarters. The increase in customer agreements in the third quarter is primarily attributable to U.S. government and related agencies, and the increase in the fourth quarter is primarily attributable to large enterprise account buying patterns typical in the software industry. We expect that seasonality will continue to affect our operating results in the future and may reduce our ability to predict cash flow and optimize the timing of our operating expenses.
We face intense competition.
The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving. We compete with a range of established and emerging cybersecurity software and services vendors, as well as homegrown solutions. With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going forward. Our competitors include: vulnerability management and assessment vendors, including Qualys and Rapid7; diversified security software and services vendors, including IBM; endpoint security vendors with nascent vulnerability assessment capabilities, including Tanium and CrowdStrike; and providers of point solutions that compete with some of the features present in our solutions. We also compete against internally-developed efforts that often use open source solutions.
Some of our actual and potential competitors have significant advantages over us, such as longer operating histories, significantly greater financial, technical, marketing or other resources, stronger brand and business user recognition, larger intellectual property portfolios and broader global distribution and presence. In addition, our industry is evolving rapidly and is becoming increasingly competitive. Larger and more established companies may focus on cybersecurity and could directly compete with us. Smaller companies could also launch new products and services that we do not offer and that could gain market acceptance quickly.
Our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, attacks by (or indicators of compromise that identify) cyber bad actors, technologies, standards or customer requirements. With the introduction of new technologies, the evolution of our offerings and new market entrants, we expect competition to intensify in the future. In addition, some of our larger competitors have substantially broader product offerings and can bundle competing products and services with other software offerings. As a result, customers may choose a bundled product offering from our competitors, even if individual products have more limited functionality than our solutions. These competitors may also offer their products at a lower price as part of this larger sale, which could increase pricing pressure on our offerings and cause the average sales price for our offerings to decline. These larger competitors are also often in a better position to withstand any significant reduction in capital spending, and will therefore not be as susceptible to economic downturns. One component of our enterprise platform involves assessing Cyber Exposure in a public cloud environment. We are dependent upon the public cloud providers to allow our solutions to access their cloud offerings. If one or more cloud providers elected to offer exclusively their own cloud security product or otherwise eliminate the ability of our solutions to access their cloud on behalf of our customers, our business and financial results could be harmed.

14

Table of Contents

Furthermore, our current and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources and products and services offerings in the markets we address. In addition, current or potential competitors may be acquired by third parties with greater available resources. As a result of such relationships and acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do. For all of these reasons, we may not be able to compete successfully against our current or future competitors.
If we do not continue to innovate and offer solutions that address the dynamic cybersecurity landscape, we may not remain competitive.
The cybersecurity market is characterized by very rapid technological advances, changes in customer requirements, frequent new product introductions and enhancements and evolving industry standards. Our success also depends on continued innovation to provide features that make our solutions responsive to the cybersecurity landscape. While we continue to invest significant resources in research and development in order to ensure that our solutions continue to address the cyber security risks that our customers face, the introduction of solutions and services embodying new technologies could render our existing solutions or services obsolete or less attractive to customers. In addition, developing new solutions and product enhancements is expensive and time-consuming, and there is no assurance that such activities will result in significant cost savings, revenue or other expected benefits. For example, we plan to release a new product, Tenable.io Lumin, and there can be no assurance that product will offer the benefits we expect or generate customer interest. We may also face delays or uncertainty in our release timing for Tenable.io Lumin that may be costly or reduce the benefits of Lumin. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected. Further, we may not be able to successfully anticipate or adapt to changing technology or customer requirements or the dynamic threat landscape on a timely basis, or at all, which would impair our ability to execute on our business strategy.
Our business and results of operations depend substantially on our customers renewing their subscriptions with us and expanding the number of IT assets or IP addresses under their subscriptions. Any decline in our customer renewals, terminations or failure to convince our customers to expand their use of subscription offerings would harm our business, results of operations, and financial condition.
Our subscription offerings are term-based and a majority of our subscription contracts entered into in 2018 and 2017 were for one year in duration. In order for us to maintain or improve our results of operations, it is important that a high percentage of our customers renew their subscriptions with us when the existing subscription term expires, and renew on the same or more favorable terms. Our customers have no obligation to renew their subscriptions, and we may not be able to accurately predict customer renewal rates. In addition, the growth of our business depends in part on our customers expanding their use of subscription offerings and related services. Historically, some of our customers have elected not to renew their subscriptions with us for a variety of reasons, including as a result of changes in their strategic IT priorities, budgets, costs and, in some instances, due to competing solutions. Our retention rate may also decline or fluctuate as a result of a number of other factors, including our customers’ satisfaction or dissatisfaction with our software, the increase in the contract value of subscription and support contracts from new customers, the effectiveness of our customer support services, our pricing, the prices of competing products or services, mergers and acquisitions affecting our customer base, global economic conditions, and the other risk factors described in this Annual Report on Form 10-K. Additionally, many of our customers, including certain top customers, have the right to terminate their agreements with us for convenience and for other reasons. We cannot assure you that customers will maintain their agreements with us, renew subscriptions or increase their usage of our software. If our customers do not maintain or renew their subscriptions or renew on less favorable terms, or if we are unable to expand our customers’ use of our software, our business, results of operations, and financial condition may be harmed.
In addition, while customers are typically invoiced in advance, including multi-year contracts, and our contracts generally do not provide for refunds during the subscription or maintenance period, a small number of customers could take the position that provisions in their customer agreements give them the right to terminate their agreement with us, or allege a material breach of their agreement with us, due to or in connection with the sale of our common stock. Early termination of these customer agreements for these reasons would generally only allow us to retain fees already paid by the customer for services rendered prior to the termination. Termination of these agreements, or allegations that we

15

Table of Contents

have breached one of these agreements with them, could decrease our customer revenue and increase legal and administrative costs.
Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliable performance of our solutions and network infrastructure.
We have experienced, and may in the future experience, disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, capacity constraints and fraud or cybersecurity attacks. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time.
Prolonged delays or unforeseen difficulties in connection with adding capacity or upgrading our network architecture when required may cause our service quality to suffer. Problems with the reliability or security of our systems could harm our reputation. Damage to our reputation and the cost of remedying these problems could negatively affect our business, financial condition, and operating results.
Any disruptions or other performance problems with our solutions could harm our reputation and business and may damage our customers’ businesses. Interruptions in our service delivery might reduce our revenue, cause us to issue credits to customers, subject us to potential liability and cause customers to not renew their purchases of our solutions.
We must maintain and enhance our brand.
We believe that developing and maintaining widespread awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our enterprise platform and attracting new customers. Brand promotion activities may not generate customer awareness or increase revenue and, even if they do, any increase in revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, or incur substantial expenses, we may fail to attract or retain customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our solutions.
We rely on third parties to maintain and operate certain elements of our network infrastructure.
We utilize data centers located in North America, Europe and Asia to operate and maintain certain elements of our own network infrastructure. Some elements of this complex system are operated by third parties that we do not control and that could require significant time to replace. We expect this dependence on third parties to continue. For example, Tenable.io is hosted on Amazon Web Services, or AWS, which provides us with computing and storage capacity. Interruptions in our systems or the third-party systems on which we rely, particularly AWS, whether due to system failures, computer viruses, physical or electronic break-ins or other factors, could affect the security or availability of our solutions, network infrastructure and website.
Our existing data center facilities and third-party hosting providers have no obligations to renew their agreements with us on commercially reasonable terms or at all, and certain of the agreements governing these relationships may be terminated by either party at any time, with no or limited notice. For example, our agreement with AWS allows AWS to terminate the agreement with 30 days’ written notice. Although we expect that we could receive similar services from other third parties, if any of our arrangements with third parties, including AWS, are terminated, we could experience interruptions on our platform and in our ability to make our platform available to customers, as well as downtime, delays and additional expenses in arranging alternative cloud infrastructure services.
It is possible that our customers and potential customers would hold us accountable for any breach of security affecting third parties’ infrastructure. We may incur significant liability from those customers and from third parties with respect to any such breach. Because our agreement with AWS limits their liability for damages, we may not be able to recover a material portion of our liabilities to our customers and third parties from AWS in the event of any breach affecting AWS systems.
If we continue to grow, we may not be able to manage our growth effectively.
We have recently experienced a period of rapid growth in our headcount and operations. In particular, we grew from 751 employees as of December 31, 2016 to 984 employees as of December 31, 2017 and to 1,252 employees as of December 31, 2018. We have also significantly increased the size of our customer base over the last several years.

16

Table of Contents

We anticipate that we will continue to significantly expand our operations and headcount in the near term. Our growth has placed, and future growth will place, a significant strain on our management, administrative, operational and financial infrastructure. Our success will depend in part on our ability to manage this growth effectively. To manage the expected growth of our operations and personnel, we will need to continue to improve our operational, financial and management controls and our reporting systems and procedures. Failure to effectively manage our growth could result in difficulty or delays in deploying our solutions and services to customers, declines in quality or customer satisfaction, increases in costs, difficulties in introducing new features or other operational difficulties. Any of these difficulties could adversely impact our business performance and results of operations.
Our rapid growth also makes it difficult to evaluate our future prospects. Our ability to forecast our future operating results is subject to a number of uncertainties, including our ability to plan for and model future growth. If our assumptions regarding these uncertainties, which we use to plan our business, are incorrect or change in reaction to changes in our markets, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, our business could suffer and the trading price of our stock may decline.
Organizations may be reluctant to purchase our enterprise platform offerings that are cloud-based due to the actual or perceived vulnerability of cloud solutions.
Some organizations, including those in the defense industry and highly regulated industries such as healthcare and financial services, have historically been reluctant to use cloud-based solutions for cybersecurity because they have concerns regarding the risks associated with the reliability or security of the technology delivery model associated with these solutions. If we or other software companies with cloud-based offerings experience security incidents, breaches of customer data, disruptions in service delivery or other problems, the market for cloud-based solutions as a whole may be negatively impacted, which in turn would negatively impact our revenue and our growth prospects.
Our sales cycle is long and unpredictable.
The timing of sales of our offerings is difficult to forecast because of the length and unpredictability of our sales cycle, particularly with large enterprises and with respect to certain of our solutions. We sell our solutions primarily to IT departments that are managing a growing set of user and compliance demands, which has increased the complexity of customer requirements to be met and confirmed during the sales cycle and prolonged our sales cycle. Our average sales cycle with an enterprise customer is approximately four months. Further, the length of time that potential customers devote to their testing and evaluation, contract negotiation and budgeting processes varies significantly, depending on the size of the organization and nature of the product or service under consideration. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result, we could lose other sales opportunities or incur expenses that are not offset by an increase in revenue, which could harm our business.
Regulatory, legislative or self-regulatory standard developments regarding privacy and data security matters could adversely affect our ability to conduct our business.
We, along with a significant number of our customers, are subject to laws, rules, regulations, and industry standards related to data privacy and cyber security, and restrictions or technological requirements regarding the collection, use, storage, protection, retention or transfer of data. In addition to current privacy and data security regulations currently in force in the jurisdictions where we operate, the GDPR came into force in May 2018. The GDPR contains numerous requirements and changes from prior European Union, or EU, law, including more robust obligations on data processors and data controllers, greater rights for data subjects, and heavier documentation requirements for data protection compliance programs. Specifically, the GDPR introduced numerous privacy-related changes for companies operating in the EU, including greater control over personal data by data subjects, such as the “right to be forgotten", increased data portability for EU consumers, data breach notification requirements, and increased fines. In particular, under the GDPR, fines of up to €20 million or up to 4% of the annual global revenue of the noncompliant company, whichever is greater, could be imposed for violations of certain of the GDPR’s requirements. The GDPR requirements apply not only to third-party transactions, but also to transfers of information between us and our subsidiaries, including employee information. We have an internal data privacy function that oversees and supervises our compliance with European data protection regulations.
In the United States and globally, governments and agencies have adopted, and could in the future adopt, modify, apply or enforce laws, policies, regulations, and standards covering data subject privacy, data security, technologies such as cookies that are used to collect, store and/or process data, marketing online, the use of data to inform marketing, the taxation of products and services, unfair and deceptive practices and the collection, including the

17

Table of Contents

collection of information, use, processing, transfer, storage and/or disclosure of data associated with unique individual internet users. We may be subject directly or via contract to such laws, policies, regulations, and standards.  New regulation or legislative actions regarding data privacy and security, together with applicable industry standards, may increase the costs of doing business and could have a material adverse impact on our operations and cash flows.
While we have taken steps to mitigate the impact on us, such as implementing standard contractual clauses as appropriate and self-certifying under the EU-US Privacy Shield, the efficacy and longevity of these mechanisms remains uncertain. Potential or actual legal proceeding could lead to one or both of these mechanisms being declared invalid.  Further, local data protection authorities general may have different interpretations of the GDPR, leading to potential inconsistencies amongst various EU states.
If we are investigated by a European data protection authority, we may face fines and other penalties. Any such investigation or charges by European data protection authorities could have a negative effect on our existing business and on our ability to attract and retain new customers. These existing and proposed laws and regulations can be costly to comply with, could expose us to significant penalties for non-compliance, can delay or impede the development or adoption of our products and services, reduce the overall demand for our services, result in negative publicity, increase our operating costs, require significant management time and attention and subject us to claims or other remedies, including fines or demands that we modify or cease existing business practices.
We rely on our third-party channel partner network of distributors and resellers to generate a substantial amount of our revenue.
Our success is dependent in part upon establishing and maintaining relationships with a variety of channel partners that we utilize to extend our geographic reach and market penetration. We use a two-tiered, indirect fulfillment model whereby we sell our products and services to our distributors, which in turn sell to our resellers, which then sell to our end users, which we call customers. We anticipate that we will continue to rely on this two-tiered sales model in order to help facilitate sales of our offerings as part of larger purchases in the United States and to grow our business internationally. In 2018, 2017 and 2016, we derived 88%, 83% and 80%, respectively, of our revenue from subscriptions and perpetual licenses sold through channel partners, and the percentage of revenue derived from channel partners may increase in future periods. Ingram Micro, Inc., a distributor, accounted for 46%, 45% and 42% of our revenue in 2018, 2017 and 2016, respectively, and 46% of our accounts receivable as of December 31, 2018 and 51% as of December 31, 2017. Our agreements with our channel partners, including our agreement with Ingram Micro, are non-exclusive and do not prohibit them from working with our competitors or offering competing solutions, and some of our channel partners may have more established relationships with our competitors. Similarly, our channel partners have no obligations to renew their agreements with us on commercially reasonable terms or at all, and certain of the agreements governing these relationships may be terminated by either party at any time, with no or limited notice. For example, our agreement with Ingram Micro allows Ingram Micro to terminate the agreement in their discretion upon 30 days’ written notice to us. If our channel partners choose to place greater emphasis on products of their own or those offered by our competitors or a result of an acquisition, competitive factors or other reasons do not continue to market and sell our solutions in an effective manner or at all, our ability to grow our business and sell our solutions, particularly in key international markets, may be adversely affected. In addition, our failure to recruit additional channel partners, or any reduction or delay in their sales of our solutions and professional services or conflicts between channel sales and our direct sales and marketing activities may harm our results of operations. Finally, even if we are successful, our relationships with channel partners may not result in greater customer usage of our solutions and professional services or increased revenue.
A portion of our revenue is generated from subscriptions and perpetual licenses sold to domestic governmental entities, foreign governmental entities and other heavily regulated organizations, which are subject to a number of challenges and risks.
A portion of our revenue is generated from subscriptions and perpetual licenses sold to governmental entities in the United States. Additionally, many of our current and prospective customers, such as those in the financial services, energy, insurance and healthcare industries, are highly regulated and may be required to comply with more stringent regulations in connection with subscribing to and implementing our enterprise platform. Selling licenses to these entities can be highly competitive, expensive and time-consuming, often requiring significant upfront time and expense without any assurance that we will successfully complete a sale. Governmental demand and payment for our enterprise platform may also be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our enterprise platform. In addition, governmental

18

Table of Contents

entities have the authority to terminate contracts at any time for the convenience of the government, which creates risk regarding revenue anticipated under our existing government contracts.
Further, governmental and highly regulated entities often require contract terms that differ from our standard customer arrangements, including terms that can lead to those customers obtaining broader rights in our solutions than would be expected under a standard commercial contract and terms that can allow for early termination. The U.S. government will be able to terminate any of its contracts with us either for its convenience or if we default by failing to perform in accordance with the contract schedule and terms. Termination for convenience provisions would generally enable us to recover only our costs incurred or committed, settlement expenses, and profit on the work completed prior to termination. Termination for default provisions do not permit these recoveries and would make us liable for excess costs incurred by the U.S. government in procuring undelivered items from another source. Contracts with governmental and highly regulated entities may also include preferential pricing terms. In the United States, federal government agencies may promulgate regulations, and the President may issue executive orders, requiring federal contractors to adhere to different or additional requirements after a contract is signed. If we do not meet applicable requirements of law or contract, we could be subject to significant liability from our customers or regulators. Even if we do meet these requirements, the additional costs associated with providing our enterprise platform to government and highly regulated customers could harm our operating results. Moreover, changes in the underlying statutory and regulatory conditions that affect these types of customers could harm our ability to efficiently provide them access to our enterprise platform and to grow or maintain our customer base. In addition, engaging in sales activities to foreign governments introduces additional compliance risks, including risks specific to the U.S. Foreign Corrupt Practices Act of 1977, as amended, or the FCPA, the U.K. Bribery Act 2010 and other similar statutory requirements prohibiting bribery and corruption in the jurisdictions in which we operate.
Some of our revenue is derived from contracts with U.S. government entities, as well as subcontracts with higher-tier contractors. As a result, we are subject to federal contracting regulations, including the Federal Acquisition Regulation, or the FAR. Under the FAR, certain types of contracts require pricing that is based on estimated direct and indirect costs, which are subject to change.
In connection with our U.S. government contracts, we may be subject to government audits and review of our policies, procedures, and internal controls for compliance with contract terms, procurement regulations, and applicable laws. In certain circumstances, if we do not comply with the terms of a contract or with regulations or statutes, we could be subject to contract termination or downward contract price adjustments or refund obligations, could be assessed civil or criminal penalties, or could be debarred or suspended from obtaining future government contracts for a specified period of time. Any such termination, adjustment, sanction, debarment or suspension could have an adverse effect on our business.
In the course of providing our solutions and professional services to governmental entities, our employees and those of our channel partners may be exposed to sensitive government information. Any failure by us or our channel partners to safeguard and maintain the confidentiality of such information could subject us to liability and reputational harm, which could materially and adversely affect our results of operations and financial performance.
We may need to reduce our prices or change our pricing model to remain competitive.
Subscriptions and perpetual licenses to our enterprise platform are generally priced based on the number of IP addresses that can be monitored, or the total IT assets that can be monitored. We expect that we may need to change our pricing from time to time. As competitors introduce new products that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. We also must determine the appropriate price to enable us to compete effectively internationally. Moreover, mid- to large-size enterprises may demand substantial price discounts as part of the negotiation of sales contracts. As a result, we may be required or choose to reduce our prices or change our pricing model, which could adversely affect our business, operating results and financial condition.
Our pricing model subjects us to various challenges that could make it difficult for us to derive expected value from our customers.
Our enterprise platform offerings are generally priced based on the number of IT assets or IP addresses that a customer chooses to monitor. As the amount of IT assets or IP addresses within our customers’ organizations grows, we may face pressure from our customers regarding our pricing, which could adversely affect our revenue and operating margins.

19

Table of Contents

Our subscription agreements and perpetual licenses generally provide that we can audit our customers’ use of our offerings to ensure compliance with the terms of such agreement or license and monitor an increase in IT assets and IP addresses being monitored. However, a customer may resist or refuse to allow us to audit their usage, in which case we may have to pursue legal recourse to enforce our rights under the agreement or license, which would require us to spend money, distract management and potentially adversely affect our relationship with our customers and users.
If our enterprise platform offerings do not achieve sufficient market acceptance, our results of operations and competitive position will suffer.
We spend substantial amounts of time and money to research and develop and enhance our enterprise platform offerings to meet our customers’ rapidly evolving demands. In addition, we invest in efforts to continue to add capabilities to our existing products and enable the continued detection of new network vulnerabilities. We typically incur expenses and expend resources upfront to market, promote and sell our new and enhanced offerings. Therefore, when we develop and introduce new or enhanced offerings, they must achieve high levels of market acceptance in order to justify the amount of our investment in developing and bringing them to market. For example, if Tenable.io does not garner widespread market adoption and implementation, our operating results and competitive position could suffer.
Further, we may make enhancements to our offerings that our customers do not like, find useful or agree with. We may also discontinue certain features, begin to charge for certain features that are currently free or increase fees for any of our features or usage of our offerings.
Our new offerings or enhancements and changes to our existing offerings could fail to attain sufficient market acceptance for many reasons, including:
failure to predict market demand accurately in terms of functionality and to supply offerings that meets this demand in a timely fashion;
defects, errors or failures;
negative publicity about their performance or effectiveness;
delays in releasing our new offerings or enhancements to our existing offerings to the market;
introduction or anticipated introduction of competing products by our competitors;
poor business conditions for our customers, causing them to delay IT purchases; and
reluctance of customers to purchase cloud-based offerings.
If our new or enhanced offerings do not achieve adequate acceptance in the market, our competitive position will be impaired, and our revenue will be diminished. The adverse effect on our operating results may be particularly acute because of the significant research, development, marketing, sales and other expenses we will have incurred in connection with the new or enhanced offerings.
Our strategy of offering and deploying our solutions in the cloud, on-premises environments or using a hybrid approach causes us to incur increased expenses and may pose challenges to our business.
We offer and sell our enterprise platform for use in the cloud, on-premises environments or using a hybrid approach using the customer’s own infrastructure. Our cloud offering enables our customers to eliminate the burden of provisioning and maintaining infrastructure and to scale their usage of our solutions quickly, while our on-premises offering allows for the customer’s complete control over data security and software infrastructure. Historically, our solutions were developed in the context of the on-premises offering, and we have less operating experience offering and selling subscriptions to our solutions via our cloud offering. Although a substantial majority of our revenue has historically been generated from customers using our solutions on an on-premises basis, our customers are increasingly adopting our cloud offering. We expect that our customers will continue to move to our cloud offering and that it will become more central to our distribution model. We expect our gross profit to increase in absolute dollars and our gross margin to decrease to the extent that revenue from our cloud-based subscriptions increases as a percentage of revenue, although our gross margin could fluctuate from period to period. To support both on-premises environments and cloud instances of our product, our support team must be trained on and learn multiple environments in which our solution is deployed, which is more expensive than supporting only a cloud offering. Moreover, we must engineer our software for an on-premises environment, cloud offering and hybrid installation, which we expect will cause us additional research and development expense that may impact our operating results. As more of our customers transition to the cloud, we may be subject to additional competitive pressures, which may harm our business. We are

20

Table of Contents

directing a significant portion of our financial and operating resources to implement a robust and secure cloud offering for our customers, but even if we continue to make these investments, we may be unsuccessful in growing or implementing our cloud offering in a way that competes successfully against our current and future competitors and our business, results of operations and financial condition could be harmed.
Our customers’ increased usage of our cloud-based offerings requires us to continually improve our computer network and infrastructure to avoid service interruptions or slower system performance.
As usage of our cloud-based offerings grows and as customers use them for more complicated applications, increased assets and with increased data requirements, we will need to devote additional resources to improving our platform architecture and our infrastructure in order to maintain the performance of our cloud offering. Any failure or delays in our computer systems could cause service interruptions or slower system performance. If sustained or repeated, these performance issues could reduce the attractiveness of our enterprise platform to customers. These performance issues could result in lost customer opportunities and lower renewal rates, any of which could hurt our revenue growth, customer loyalty and reputation.
A component of our growth strategy is dependent on our continued international expansion, which adds complexity to our operations.
We market and sell our solutions and professional services throughout the world and have personnel in many parts of the world. International operations generated 33% and 31% of our revenue in 2018 and 2017, respectively. Our growth strategy is dependent, in part, on our continued international expansion. We expect to conduct a significant amount of our business with organizations that are located outside the United States, particularly in Europe and Asia. We cannot assure that our expansion efforts into international markets will be successful in creating further demand for our solutions and professional services outside of the United States or in effectively selling our solutions and professional services in the international markets that we enter. Our current international operations and future initiatives will involve a variety of risks, including:
increased management, infrastructure and legal costs associated with having international operations;
reliance on channel partners;
trade and foreign exchange restrictions;
economic or political instability in foreign markets, including instability related to the United Kingdom’s referendum in June 2016 in which voters approved an exit from the European Union, commonly referred to as “Brexit”;
greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods;
changes in regulatory requirements, including, but not limited to data privacy, data protection and data security regulations;
difficulties and costs of staffing, managing and potentially reorganizing foreign operations;
the uncertainty and limitation of protection for intellectual property rights in some countries;
costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations;
costs of compliance with U.S. laws and regulations for foreign operations, including the FCPA, import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell or provide our solutions in certain foreign markets, and the risks and costs of non-compliance;
requirements to comply with foreign privacy, data protection and information security laws and regulations and the risks and costs of noncompliance;
heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements;
the potential for political unrest, acts of terrorism, hostilities or war;
management communication and integration problems resulting from cultural differences and geographic dispersion;
costs associated with language localization of our solutions; and
costs of compliance with multiple and possibly overlapping tax structures.

21

Table of Contents

Our business, including the sales of our solutions and professional services by us and our channel partners, may be subject to foreign governmental regulations, which vary substantially from country to country and change from time to time. Our failure, or the failure by our channel partners, to comply with these regulations could adversely affect our business. Further, in many foreign countries it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we have implemented policies and procedures designed to comply with these laws and policies, there can be no assurance that our employees, contractors, channel partners and agents have complied, or will comply, with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our solutions and could have a material adverse effect on our business and results of operations. If we are unable to successfully manage the challenges of international expansion and operations, our business and operating results could be adversely affected.
We rely on the performance of highly skilled personnel, including senior management and our engineering, professional services, sales and technology professionals.
We believe our success has depended, and continues to depend, on the efforts and talents of our senior management team and our highly skilled team members, including our sales personnel, professional services personnel and software engineers. We do not maintain key man insurance on any of our executive officers or key employees. From time to time, there may be changes in our senior management team resulting from the termination or departure of our executive officers and key employees. Our senior management and key employees are employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of any of our senior management or key employees could adversely affect our ability to build on the efforts they have undertaken and to execute our business plan, and we may not be able to find adequate replacements. We cannot ensure that we will be able to retain the services of any members of our senior management or other key employees.
Our ability to successfully pursue our growth strategy also depends on our ability to attract, motivate and retain our personnel. Competition for well-qualified employees in all aspects of our business, including sales personnel, professional services personnel and software engineers, is intense. Our recruiting efforts focus on elite universities and our primary recruiting competition are well-known, high-paying firms. Our continued ability to compete effectively depends on our ability to attract new employees and to retain and motivate existing employees. If we do not succeed in attracting well-qualified employees or retaining and motivating existing employees, our business would be adversely affected.
We must effectively develop and expand our sales and marketing capabilities.
Our ability to increase our customer base and achieve broader market acceptance of our Cyber Exposure solutions will depend to a significant extent on our ability to expand our sales and marketing operations. We plan to continue expanding our sales force and our third-party channel partner network of distributors and resellers both domestically and internationally; however, there is no assurance that we will be successful in attracting and retaining talented sales personnel or strategic partners or that any new sales personnel or strategic partners will be able to achieve productivity in a reasonable period of time or at all. We also plan to dedicate significant resources to sales and marketing programs, including through electronic marketing campaigns and trade event sponsorship and participation. All of these efforts will require us to invest significant financial and other resources and our business will be harmed if our efforts do not generate a correspondingly significant increase in revenue.
We must offer high-quality support.
Our customers rely on our personnel for support of our enterprise platform. High-quality support is important for the renewal of our agreements with existing customers and to our existing customers expanding the number of IP addresses or IT assets under their subscriptions. The importance of high-quality support will increase as we expand our business and pursue new customers. If we do not help our customers quickly resolve issues and provide effective ongoing support, our ability to sell new software to existing and new customers would suffer and our reputation with existing or potential customers would be harmed.
Our growth depends in part on the success of our strategic relationships with third parties.
In order to grow our business, we anticipate that we will continue to depend on relationships with strategic partners to provide broader customer coverage and solution delivery capabilities. We depend on partnerships with market

22

Table of Contents

leading technology companies to maintain and expand our Cyber Exposure ecosystem by integrating third party data into our platform. For example, we developed our Industrial Security solution in partnership with Siemens. Identifying partners, and negotiating and documenting relationships with them, requires significant time and resources. Our agreements with our strategic partners generally are non-exclusive and do not prohibit them from working with our competitors or offering competing solutions. Our competitors may be effective in providing incentives to third parties to favor their products or services or to prevent or reduce subscriptions to our services. If our partners choose to place greater emphasis on products of their own or those offered by our competitors or do not effectively market and sell our product, our ability to grow our business and sell software and professional services may be adversely affected. In addition, acquisitions of our partners by our competitors could result in a decrease in the number of our current and potential customers, as our partners may no longer facilitate the adoption of our solutions by potential customers.
If we are unsuccessful in establishing or maintaining our relationships with third parties, our ability to compete in the marketplace or to grow our revenue could be impaired and our operating results may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased customer usage of our solutions or increased revenue.
Catastrophic events may disrupt our business.
Our corporate headquarters are located in Columbia, Maryland. The area around Washington, D.C. could be subject to terrorist attacks. Additionally, we rely on our network and third-party infrastructure and enterprise applications, internal technology systems and our website for our development, marketing, operational support, hosted services and sales activities. In the event of a major hurricane, earthquake or catastrophic event such as fire, power loss, telecommunications failure, cyberattack, war or terrorist attack, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our software development, lengthy interruptions in our services, breaches of data security and loss of critical data, all of which could have an adverse effect on our future operating results.
Future acquisitions could disrupt our business and adversely affect our business operations and financial results.
We have in the past acquired products and technologies from other parties, and we may choose to expand our current business by acquiring additional businesses or technologies in the future. Acquisitions involve many risks, including the following:
an acquisition may negatively affect our financial results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to the acquisition;
we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of any company that we acquire, particularly if key personnel of the acquired company decide not to work for us;
an acquisition may disrupt our ongoing business, divert resources, increase our expenses and distract our management;
an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company;
we may encounter difficulties in, or may be unable to, successfully sell any acquired solutions;
an acquisition may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions;
our use of cash to pay for an acquisition would limit other potential uses for our cash; and
if we incur debt to fund such acquisition, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants.
The occurrence of any of these risks could have a material adverse effect on our business operations and financial results. In addition, we may only be able to conduct limited due diligence on an acquired company’s operations. Following an acquisition, we may be subject to unforeseen liabilities arising from an acquired company’s past or present operations and these liabilities may be greater than the warranty and indemnity limitations that we negotiate.

23

Table of Contents

Any unforeseen liability that is greater than these warranty and indemnity limitations could have a negative impact on our financial condition.
We may require additional capital to support business growth, and this capital might not be available on acceptable terms, if at all.
We expect that our existing cash and cash equivalents will be sufficient to meet our anticipated cash needs for working capital and capital expenditures for at least the next 12 months. However, we intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or enhance our product, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Our loan and security agreement with Silicon Valley Bank includes restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions, and any debt financing that we secure in the future could have similar restrictive covenants. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.
The nature of our business requires the application of complex accounting rules and regulations. Significant changes in current principles will affect our consolidated financial statements and changes in financial accounting standards or practices may cause adverse, unexpected financial reporting fluctuations and harm our results of operations.
The accounting rules and regulations that we must comply with are complex and subject to interpretation by the Financial Accounting Standards Board, or FASB, the Securities and Exchange Commission, or SEC, and various bodies formed to promulgate and interpret appropriate accounting principles. In addition, many companies’ accounting disclosures are being subjected to heightened scrutiny by regulators and the public. Further, the accounting rules and regulations are continually changing in ways that could impact our financial statements.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.
The preparation of financial statements in conformity with generally accepted accounting principles in the United States, or U.S. GAAP, requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include the determination of the estimated economic life of perpetual licenses for revenue recognition, the estimated period of benefit for deferred commissions, useful lives of long-lived assets, the valuation of stock-based compensation, including the estimated underlying fair value of our common stock prior to our IPO, the incremental borrowing rate for operating leases, and the valuation of deferred tax assets. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our common stock.
Additionally, we regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may have an adverse effect on our reputation, business, financial position and profit, or cause an adverse deviation from our revenue and operating profit target, which may negatively impact our financial results.

24

Table of Contents

Our operating results may be negatively affected if we are required to pay additional state sales tax, value added, or other transaction taxes, and we could be subject to liability with respect to all or a portion of past or future sales.
We currently collect and remit sales and use, value added and other transaction taxes in certain of the jurisdictions where we do business based on our assessment of the amount of taxes owed by us in such jurisdictions. However, in some jurisdictions in which we do business, we do not believe that we owe such taxes, and therefore we currently do not collect and remit such taxes in those jurisdictions or record contingent tax liabilities in respect of those jurisdictions.
Further, due to uncertainty in the application and interpretation of applicable tax laws in various jurisdictions, we may be exposed to sales and use, value added or other transaction tax liability. A successful assertion that we are required to pay additional taxes in connection with sales of our solutions, or the imposition of new laws or regulations requiring the payment of additional taxes, would create increased costs and administrative burdens for us. If we are subject to additional taxes and determine to offset such increased costs by collecting and remitting sales taxes from our customers, or otherwise passing those costs through to our customers, companies may be discouraged from using our solutions. Any increased tax burden may decrease our ability or willingness to compete in relatively burdensome tax jurisdictions, result in substantial tax liabilities related to past sales or otherwise harm our business and operating results.
Our ability to use net operating losses to offset future taxable income may be subject to certain limitations.
As of December 31, 2018 we had federal, state and foreign net operating loss carryforwards, or NOLs, of $85.9 million, $24.1 million, and $102.3 million, respectively, available to offset future taxable income, which begin to expire in 2030. A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire.
In addition, under the provisions of the Internal Revenue Code of 1986, as amended, or the Internal Revenue Code, substantial changes in our ownership may limit the amount of pre-change NOLs that can be utilized annually in the future to offset taxable income. Section 382 of the Internal Revenue Code imposes limitations on a company’s ability to use NOLs if a company experiences a more-than-50-percent ownership change over a three-year testing period. Based upon an analysis as of December 31, 2017, we determined that we do not expect these limitations to impair our ability to use our NOLs prior to expiration. However, if changes in our ownership occur in the future, our ability to use our NOLs may be further limited. For these reasons, we may not be able to utilize a material portion of the NOLs, even if we achieve profitability.
Uncertainties in the interpretation and application of the 2017 Tax Cuts and Jobs Act could materially affect our tax obligations and effective tax rate.
Forecasts of our income tax position and effective tax rate for financial accounting purposes are complex and subject to uncertainty because our income tax position for each year combines the effects of a mix of profits earned and losses incurred by us in various tax jurisdictions with a broad range of income tax rates, as well as changes in the valuation of deferred tax assets and liabilities, the impact of various accounting rules and changes to these rules and tax laws, the results of examinations by various tax authorities, and the impact of any acquisition, business combination or other reorganization or financing transaction. To forecast our global tax rate, we estimate our pre-tax profits and losses by jurisdiction and forecast our tax expense by jurisdiction. If the mix of profits and losses, our ability to use tax credits, our assessment of the need for valuation allowances, or effective tax rates by jurisdiction is different than those estimated, our actual tax rate could be materially different than forecasted, which could have a material impact on our results of business, financial condition and results of operations.
On December 22, 2017, U.S. Federal tax reform was enacted with the signing of the Tax Cuts and Jobs Act, or TCJA. Notable provisions of the TCJA included significant changes to corporate taxation, including reduction of the corporate tax rate from a top marginal rate of 35% to a flat rate of 21%, limitation of the tax deduction for interest expense to 30% of adjusted earnings (except for certain small businesses), limitation of the deduction for net operating losses to 80% of current year taxable income and elimination of net operating loss carrybacks, one time taxation of offshore earnings at reduced rates regardless of whether they are repatriated, elimination of U.S. tax on foreign earnings (subject to certain important exceptions), immediate deductions for certain new investments instead of deductions for depreciation expense over time, and modifying or repealing many business deductions and credits. We continue to examine the impact that the TCJA may have on our business. The impact of this tax reform on us and on holders of our common stock is uncertain and could materially impact our financial results.

25

Table of Contents

We are subject to anti-corruption laws, anti-bribery and similar laws with respect to our domestic and international operations, and non-compliance with such laws can subject us to criminal and/or civil liability and materially harm our business and reputation.
We are subject to the FCPA, the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the U.K. Bribery Act 2010, and other anti-corruption laws in countries in which we conduct activities. Anti-corruption laws are interpreted broadly and prohibit our company from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. We use third-party law firms, accountants, and other representatives for regulatory compliance, sales, and other purposes in several countries. We sell directly and indirectly, via third-party representatives, to the U.S. and non-U.S. government sectors, and our employees and third-party representatives interact with government officials. We can be held liable for the corrupt or other illegal activities of these third-party representatives, our employees, contractors, and other agents, even if we do not explicitly authorize such activities. Noncompliance with these laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, suspension and/or debarment from contracting with certain persons, the loss of export privileges, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our reputation, business, results of operations and financial condition could be materially harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees. Enforcement actions and sanctions could further harm our business, results of operations, and financial condition. Moreover, as an issuer of securities, we also are subject to the accounting and internal controls provisions of the FCPA. These provisions require us to maintain accurate books and records and a system of internal controls sufficient to detect and prevent corrupt conduct. Failure to abide by these provisions may have an adverse effect on our business, operations or financial condition.
We are subject to governmental export and import controls and economic and trade sanctions that could impair our ability to conduct business in international markets and subject us to liability if we are not in compliance with applicable laws and regulations.
The United States and other countries maintain and administer export and import laws and regulations. Our products are subject to U.S. export control and import laws and regulations, including the U.S. Export Administration Regulations, U.S. Customs regulations, and various economic and trade sanctions administered by the U.S. Treasury Department’s Office of Foreign Assets Control. We are required to comply with these laws and regulations. If we fail to comply with such laws and regulations, we and certain of our employees could be subject to substantial civil or criminal penalties, including the possible loss of export or import privileges; fines, which may be imposed on us and responsible employees or managers; and, in extreme cases, the incarceration of responsible employees or managers. Obtaining the necessary authorizations, including any required license, for a particular sale may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. In addition, changes in our solutions, or changes in applicable export or import laws and regulations may create delays in the introduction and sale of our products in international markets or, in some cases, prevent the export or import of our solutions to certain countries, governments or persons altogether. Any change in export or import laws and regulations or economic or trade sanctions, shift in the enforcement or scope of existing laws and regulations, or change in the countries, governments, persons or technologies targeted by such laws and regulations could also result in decreased use of our products, or in our decreased ability to export or sell our products to existing or potential customers. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition, and results of operations.
Furthermore, we incorporate encryption technology into certain of our solutions. Various countries regulate the import of certain encryption technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our solutions or could limit our customers’ ability to implement our solutions in those countries. Encrypted products and the underlying technology may also be subject to export control restrictions. Governmental regulation of encryption technology and regulation of imports or exports of encryption solutions, or our failure to obtain required import or export approval for our solutions, could harm our international sales and adversely affect our revenue. Compliance with applicable laws and regulations regarding the export and import of our solutions, including with respect to new solutions or changes in existing solutions, may create delays in the introduction of our solutions in international markets, prevent our customers with international operations from deploying our solutions globally or, in some cases, could prevent the export or import of our solutions to certain countries, governments, entities or persons altogether.

26

Table of Contents

Moreover, U.S. export control laws and economic sanctions programs prohibit the shipment of certain products and services to countries, governments and persons that are subject to U.S. economic embargoes and trade sanctions. Any violations of such economic embargoes and trade sanction regulations could have negative consequences, including government investigations, penalties and reputational harm.
Risks Related to Government Regulation, Data Collection and Intellectual Property
Our business could be adversely affected if our employees cannot obtain and maintain required security clearances or we cannot establish and maintain a required facility security clearance.
Certain U.S. government contracts may require our employees to maintain various levels of security clearances, and may require us to maintain a facility security clearance, to comply with Department of Defense, or DoD, requirements. The DoD has strict security clearance requirements for personnel who perform work in support of classified programs. Obtaining and maintaining security clearances for employees involves a lengthy process, and it is difficult to identify, recruit and retain employees who already hold security clearances. If our employees are unable to obtain security clearances in a timely manner, or at all, or if our employees who hold security clearances are unable to maintain their clearances or terminate employment with us, then a customer requiring classified work could terminate an existing contract or decide not to renew the contract upon its expiration. To the extent we are not able to obtain or maintain a facility security clearance, we may not be able to bid on or win new classified contracts, and existing contracts requiring a facility security clearance could be terminated.
Any failure to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.
Our success and ability to compete depend in part on our ability to protect our proprietary technology and intellectual property. To safeguard these rights, we rely on a combination of patent, trademark, copyright and trade secret laws and contractual protections in the United States and other jurisdictions, all of which provide only limited protection and may not now or in the future provide us with a competitive advantage.
As of December 31, 2018, we had 14 issued patents and five patent applications pending in the United States relating to our technology. We cannot assure you that any patents will issue from any patent applications, that patents that issue from such applications will give us the protection that we seek or that any such patents will not be challenged, invalidated or circumvented. Any patents that may issue in the future from our pending or future patent applications may not provide sufficiently broad protection and may not be enforceable in actions against alleged infringers. Obtaining and enforcing software patents in the United States is becoming increasingly challenging. Any patents we have obtained or may obtain in the future may be found to be invalid or unenforceable in light of recent and future changes in the law. We have registered the “Tenable,” “Nessus” and “Tenable.io” names and our Tenable logo in the United States and certain other countries. We have registrations and/or pending applications for additional marks in the United States; however, we cannot assure you that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable or provide adequate protection of our proprietary rights. While we have copyrights in our software we do not typically register such copyrights with the Copyright Office. This failure to register the copyrights in our software may preclude us from obtaining statutory damages for infringement under certain circumstances. We also license software from third parties for integration into our software, including open source software and other software available on commercially reasonable terms. We cannot assure you that such third parties will maintain such software or continue to make it available.
In order to protect our unpatented proprietary technologies and processes, we rely on trade secret laws and confidentiality and invention assignment agreements with our employees, consultants, strategic partners, vendors and others. Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, copy, reverse engineer or otherwise obtain and use them. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights, or develop similar technologies and processes. Further, several agreements may give customers limited rights to access portions of our proprietary source code, and the contractual provisions that we enter into may not prevent unauthorized use or disclosure of our proprietary technology or intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights. Moreover, policing unauthorized use of our technologies, trade secrets and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. To the extent that we expand our activities outside of the United States, our exposure to unauthorized copying and use of our solutions

27

Table of Contents

and proprietary information may increase. We may be unable to determine the extent of any unauthorized use or infringement of our solutions, technologies or intellectual property rights.
There can be no assurance that the steps that we take will be adequate to protect our proprietary technology and intellectual property, that others will not develop or patent similar or superior technologies, solutions or services, or that our trademarks, patents, and other intellectual property will not be challenged, invalidated or circumvented by others. Furthermore, effective trademark, patent, copyright, and trade secret protection may not be available in every country in which our software is available or where we have employees or independent contractors. In addition, the legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights in internet and software-related industries are uncertain and still evolving.
In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Our failure to secure, protect and enforce our intellectual property rights could seriously adversely affect our brand and adversely impact our business.
We may be subject to intellectual property rights claims by third parties, which are extremely costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.
Companies in the software and technology industries, including some of our current and potential competitors, own significant numbers of patents, copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights. In addition, many of these companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them. The litigation may involve patent holding companies or other adverse patent owners that have no relevant product revenue and against which our patents may therefore provide little or no deterrence. In the past, we have been subject to allegations of patent infringement that were unsuccessful, and we expect in the future to be subject to claims that we have misappropriated, misused, or infringed other parties’ intellectual property rights, and, to the extent we gain greater market visibility or face increasing competition, we face a higher risk of being the subject of intellectual property infringement claims, which is not uncommon with respect to enterprise software companies. We may in the future be subject to claims that employees or contractors, or we, have inadvertently or otherwise used or disclosed trade secrets or other proprietary information of our competitors or other parties. To the extent that intellectual property claims are made against our customers based on their usage of our technology, we have certain obligations to indemnify and defend such customers from those claims. The term of our contractual indemnity provisions often survives termination or expiration of the applicable agreement. Large indemnity payments, defense costs or damage claims from contractual breach could harm our business, results of operations and financial condition.
There may be third-party intellectual property rights, including issued or pending patents that cover significant aspects of our technologies or business methods. Any intellectual property claims, with or without merit, could be very time-consuming, could be expensive to settle or litigate, could divert our management’s attention and other resources and could result in adverse publicity. These claims could also subject us to making substantial payments for legal fees, settlement payments, and other costs or damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights. These claims could also result in our having to stop making, selling, offering for sale, or using technology found to be in violation of a third party’s rights. We might be required to seek a license for the third-party intellectual property rights, which may not be available on reasonable terms or at all. Even if a license is available to us, we may be required to pay significant upfront fees, milestones or royalties, which would increase our operating expenses. Moreover, to the extent we only have a license to any intellectual property used in our solutions, there may be no guarantee of continued access to such intellectual property, including on reasonable terms. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If a third party is able to obtain an injunction preventing us from accessing such third-party intellectual property rights, or if we cannot license or develop technology for any infringing aspect of our business, we would be forced to limit or stop sales of our software or cease business activities covered by such intellectual property, and may be unable to compete effectively. Any of these results would adversely affect our business, results of operations, financial condition and cash flows.

28

Table of Contents

Portions of our solutions utilize open source software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.
Our software contains software made available by third parties under so-called “open source” licenses. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that such open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming that what we believe to be licensed open source software infringes their intellectual property rights. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, certain open source licenses require that source code for software programs that are subject to the license be made available to the public and that any modifications or derivative works to such open source software continue to be licensed under the same terms. Further, certain open source licenses also include a provision that if we enforce any patents against the software programs that are subject to the license, we would lose the license to such software. If we were to fail to comply with the terms of such open source software licenses, such failures could result in costly litigation, lead to negative public relations or require that we quickly find replacement software which may be difficult to accomplish in a timely manner.
Although we monitor our use of open source software in an effort both to comply with the terms of the applicable open source licenses and to avoid subjecting our software to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our product or operate our business. By the terms of certain open source licenses, we could be required to release the source code of our software and to make our proprietary software available under open source licenses, if we combine or distribute our software with open source software in a certain manner. In the event that portions of our software are determined to be subject to an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all, or a portion of, that software or otherwise be limited in the licensing of our software, each of which could reduce or eliminate the value of our product. Many of the risks associated with usage of open source software cannot be eliminated, and could negatively affect our business, results of operations and financial condition.
Risks Related to Our Common Stock
Our stock price may be volatile, and the value of our common stock may decline.
The market price of our common stock may fluctuate substantially and depends on a number of factors, including those described in this “Risk Factors” section, many of which are beyond our control and may not be related to our operating performance. Factors that could cause fluctuations in the market price of our common stock include the following:
actual or anticipated changes or fluctuations in our operating results;
the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments;
industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC;
rumors and market speculation involving us or other companies in our industry;
price and volume fluctuations in the overall stock market from time to time;
changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
sales of shares of our common stock by us or our stockholders;
failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;

29

Table of Contents

developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
announced or completed acquisitions of businesses or technologies by us or our competitors;
new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
any major changes in our management or our board of directors;
general economic conditions and slow or negative growth of our markets; and
other events or factors, including those resulting from war, incidents of terrorism or responses to these events.
Recently, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry fluctuations, as well as general economic, political, regulatory and market conditions, may negatively impact the market price of our common stock. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial costs and divert our management’s attention.
An active public trading market may not continue to develop or be sustained.
Prior to our initial public offering, or IPO, in July 2018, there was no public market or active private market for our common stock. Following our IPO, an active public trading market may not continue to develop or be sustained. The lack of an active market may impair your ability to sell your shares at the time you wish to sell them or at a price that you consider reasonable. The lack of an active market may also reduce the fair value of your shares. An inactive market may also impair our ability to raise capital to continue to fund operations by selling shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.
If securities or industry analysts do not publish research or reports about our business, or publish negative reports about our business, our stock price and trading volume could decline.
The trading market for our common stock will depend, in part, on the research and reports that securities or industry analysts publish about us or our business. We do not control these analysts or the content and opinions included in their reports. As a new public company, we may be slow to attract research coverage and the analysts who publish information about our common stock will have had relatively little experience with our company, which could affect their ability to accurately forecast our results and make it more likely that we fail to meet their estimates. If our financial performance fails to meet analyst estimates or one or more of the analysts who cover us downgrade our shares or change their opinion of our shares, our share price would likely decline. In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our financial results fail to meet, or exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our common stock or publish unfavorable research about us. If one or more of these analysts cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our share price or trading volume to decline.
Future sales of substantial amounts of our common stock in the public markets, or the perception that they might occur, could reduce the price that our common stock might otherwise attain.
Sales of a substantial number of shares of our common stock in the public market, or the perception that these sales might occur, could depress the market price of our common stock, impair our ability to raise capital through the sale of additional equity securities and make it more difficult for you to sell your common stock at a time and price that you deem appropriate.
Upon the closing of our IPO, the 12,535,000 shares sold in the offering became freely tradable, and all the remaining shares of common stock outstanding at the time of our IPO became available for sale in the public market in January 2019 following the expiration of lock-up agreements between our stockholders and the underwriters for the IPO. Additionally, stockholders holding a substantial majority of the outstanding shares of our common stock have the right, subject to various conditions and limitations, to require us to file one or more registration statements covering their shares or to include their shares of our common stock in registration statements that we may file for ourselves or other stockholders. If the offer and sale of these shares are registered, they will be freely tradable without restriction

30

Table of Contents

under the Securities Act. Shares of common stock sold under such registration statements can be freely sold in the public market. In the event such registration rights are exercised and a large number of shares of common stock are sold in the public market, such sales could reduce the trading price of our common stock.
In addition, we filed a registration statement on Form S-8 under the Securities Act registering the issuance of shares of common stock subject to options or other equity awards issued or reserved for future issuance under our equity incentive plans. Shares registered under this registration statement on Form S-8 are available for sale in the public market subject to vesting arrangements and exercise of options and the restrictions of Rule 144 under the Securities Act in the case of our affiliates.
The issuance of additional stock in connection with financings, acquisitions, investments, our equity incentive plan or otherwise will dilute all other stockholders.
Our certificate of incorporation authorizes us to issue up to 500,000,000 shares of common stock and up to 10,000,000 shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, in the future we may issue common stock or other securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investment, our equity incentive plan or otherwise. The number of new shares of our common stock issued in connection with raising additional capital could constitute a material portion of the then outstanding shares of our common stock, which could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline.
Concentration of ownership among our existing directors, executive officers and holders of 5% or more of our outstanding common stock may prevent new investors from influencing significant corporate decisions, including the ability to influence the outcome of director elections and other matters requiring stockholder approval.
Our executive officers, directors and current beneficial owners of 5% or more of our common stock beneficially own a significant percentage of our outstanding common stock. These persons, acting together, will be able to significantly influence all matters requiring stockholder approval, including the election and removal of directors and any merger or other significant corporate transactions. The interests of this group of stockholders may not coincide with the interests of other stockholders.
The requirements of being a public company may strain our resources, divert management’s attention and affect our ability to attract and retain qualified board members.
As a public company, we are subject to the reporting and corporate governance requirements of the Exchange Act, the listing requirements of the Nasdaq Stock Market and other applicable securities rules and regulations, including the Sarbanes-Oxley Act and the Dodd-Frank Wall Street Reform and Consumer Protection Act. Compliance with these rules and regulations increases our legal and financial compliance costs, makes some activities more difficult, time-consuming or costly and increases demand on our systems and resources, particularly after we are no longer an “emerging growth company” as defined in the JOBS Act. Among other things, the Exchange Act requires that we file annual, quarterly and current reports with respect to our business and results of operations and maintain effective disclosure controls and procedures and internal control over financial reporting. In order to improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight may be required. As a result, management’s attention may be diverted from other business concerns, which could harm our business, financial condition, results of operations and prospects. Although we have already hired, and are in the process of hiring, additional personnel to help comply with these requirements, we may need to further expand our legal and finance departments in the future, which will increase our costs and expenses.
In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time-consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expense and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities

31

Table of Contents

intended by regulatory or governing bodies, regulatory authorities may initiate legal proceedings against us and our business and prospects may be harmed. As a result of disclosure of information in the filings required of a public company, our business and financial condition will become more visible, which may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business, financial condition, results of operations and prospects could be materially harmed, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and materially harm our business, financial condition, results of operations and prospects.
We also expect that being a public company and these new rules and regulations will make it more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified executive officers and members of our board of directors, particularly to serve on our audit committee and compensation committee.
In addition, as a result of our disclosure obligations as a public company, we may have reduced strategic flexibility and may be under pressure to focus on short-term results, which could materially and adversely affect our ability to achieve long-term profitability.
We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.
We have never declared or paid any cash dividends on our common stock and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments. In addition, our loan and security agreement with Silicon Valley Bank contains restrictive covenants that prohibit us, subject to certain exceptions, from paying dividends on our common stock.
As a result of being a public company, we are obligated to develop and maintain proper and effective internal controls over financial reporting, and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our common stock.
We are required, pursuant to Section 404 of the Sarbanes-Oxley Act, or Section 404, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for the year ending December 31, 2019. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting in our first annual report required to be filed with the SEC following the date we are no longer an “emerging growth company.” We will be required to disclose significant changes made in our internal control procedures on a quarterly basis.
We have commenced the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404, and we may not be able to complete our evaluation, testing and any required remediation in a timely fashion. Our compliance with Section 404 will require that we incur substantial professional fees and expend significant management efforts, and we may need to hire additional accounting and financial staff with appropriate public company experience and technical accounting knowledge and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404.
During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effective. We cannot assure you that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by the Nasdaq, the SEC or other

32

Table of Contents

regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.
Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of us more difficult, limit attempts by our stockholders to replace or remove members of our board of directors and our current management and could negatively impact the market price of our common stock.
Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors that are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include:
a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our board of directors;
the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;
the exclusive right of our board of directors to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our board of directors;
a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;
the requirement that a special meeting of stockholders may be called only by the chairperson of our board of directors, chief executive officer or president (in the absence of a chief executive officer) or a majority vote of our board of directors, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;
the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws, which may inhibit the ability of an acquirer to affect such amendments to facilitate an unsolicited takeover attempt;
the ability of our board of directors, by majority vote, to amend our amended and restated bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our amended and restated bylaws to facilitate an unsolicited takeover attempt; and
advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us.
These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware or the U.S. federal district courts will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers or other employees.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the sole and exclusive forum for any derivative action or proceeding brought on our behalf, any action asserting a breach of fiduciary duty owed by any of our directors, officers or other employees to us or our stockholders, any action asserting a claim against us arising pursuant to any provisions of the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws, or any action asserting a claim against us that is governed by the internal affairs doctrine. This exclusive forum provision, if permitted by applicable law, may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees, which may discourage such lawsuits against us and our directors, officers or other employees. If a court were to find this exclusive forum provision to be inapplicable or unenforceable in an action, we

33

Table of Contents

may incur additional costs associated with resolving such action in other jurisdictions, which could adversely affect our results of operations and financial condition.
Our amended and restated certificate of incorporation further provides that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. Recently, the Delaware Chancery Court issued an opinion invalidating such provision. In light of that recent decision, we will not attempt to enforce this provision of our amended and restated certificate of incorporation to the extent it is not permitted by applicable law. As a result, we may incur additional costs associated with resolving disputes that would otherwise be restricted by that provision in other jurisdictions, which could seriously harm our business.
We are an “emerging growth company” and we cannot be certain if the reduced reporting and disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies” including, but not limited to, the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We may take advantage of these exemptions until we are no longer an emerging growth company. We would cease to be an emerging growth company upon the earliest to occur of: (1) January 1, 2024, which is the beginning of the first fiscal year following the fifth anniversary of our IPO; (2) the first fiscal year after our annual gross revenue is $1.07 billion or more; (3) the date on which we have, during the previous three-year period, issued more than $1.0 billion in non-convertible debt securities; or (4) as of the end of any fiscal year in which the market value of our common stock held by non-affiliates exceeded $700.0 million as of the end of the second quarter of that fiscal year. We cannot predict if investors will find our common stock less attractive if we choose to rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.
Item 1B.    Unresolved Staff Comments
None.
Item 2.        Properties
Our principal executive offices are located in Columbia, Maryland and consist of approximately 66,000 square feet under a lease that expires in December 2020. We have signed a lease for our planned new principal executive offices to be located in Columbia, Maryland, which will consist of approximately 150,000 square feet under a lease that expires in August 2031. We maintain additional offices in multiple locations in the United States and internationally in Asia, Europe, North America and the Middle East. We believe that our current facilities are adequate to meet our ongoing needs and that suitable additional alternative spaces will be available in the future on commercially reasonable terms.
Item 3.        Legal Proceedings
From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We are not presently a party to any legal proceedings that, if determined adversely to us, would individually or taken together have a material adverse effect on our business, results of operations, financial condition or cash flows. We have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our customers by determining the scope, enforceability and validity of third-party proprietary rights, or to establish our proprietary rights. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
Item 4.        Mine Safety Disclosures
Not applicable.

34

Table of Contents

PART II
Item 5.        Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Market Information for Common Stock
Our common stock trades on the Nasdaq Global Select Market under the ticker symbol "TENB."
Holders of Record
At December 31, 2018, we had 179 holders of record. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.
Dividend Policy
We have never declared or paid any dividends on our common stock. In addition, our loan and security agreement with Silicon Valley Bank contains restrictive covenants that prohibit us, subject to certain exceptions, from paying dividends on our common stock. We currently intend to retain all available funds and any future earnings for the operation and expansion of our business and do not anticipate declaring or paying cash dividends in the foreseeable future. The payment of any future dividends will be at the discretion of our board of directors and will depend on our results of operations, capital requirements, financial condition, prospects, contractual arrangements, any limitations on payment of dividends present in our current and future debt agreements, and other factors that our board of directors may deem relevant.
Unregistered Sales of Equity Securities
Prior to the filing of our Registration Statement on Form S-8 (File No. 333-226347) in 2018, we granted under our 2016 Stock Incentive Plan options to purchase an aggregate of 6,107,848 shares of our common stock to a total of 257 employees and directors, having exercise prices ranging from $10.97 to $23.00 per share. In the same period, we granted 1,007,800 restricted stock units to a total of 957 employees with a weighted average grant date fair value of $16.44 per share. We did not grant any restricted stock awards during the period.
The offers, sales and issuances of the securities described in this section were exempt from registration either under Rule 701 promulgated under the Securities Act, in that the transactions were under written compensatory benefit plans and contracts relating to compensation, or under Section 4(a)(2) of the Securities Act or Regulation D promulgated under the Securities Act in that the transactions did not involve any public offering within the meaning of Section 4(a)(2) or, in certain cases, were acquired by accredited investors. The recipients of such securities were our employees or directors and received the securities under our equity incentive plans. Appropriate legends were affixed to the securities issued in these transactions.
On July 30, 2018, upon the closing of our IPO, all 15,847,500 shares of our Series A Redeemable Convertible Preferred Stock and 39,538,354 shares of our Series B Redeemable Convertible Preferred Stock automatically converted into an aggregate of 55,385,854 shares of our common stock. The issuance of such shares of common stock was exempt from the registration under Section 3(a)(9) of the Securities Act.
Use of Proceeds from IPO
On July 30, 2018, we completed our IPO, in which we issued and sold 12,535,000 shares of common stock at a price to the public of $23.00 per share, including 1,635,000 shares of common stock purchased by our underwriters pursuant to the full exercise of their over-allotment option to purchase additional shares. The offer and sale of all of the shares in the IPO were registered under the Securities Act pursuant to a registration statement on Form S-1 (File No. 333-226002), which was declared effective by the SEC on July 25, 2018.

35

Table of Contents

Morgan Stanley & Co. LLC, J.P. Morgan Securities LLC, Allen & Company LLC and Deutsche Bank Securities Inc. acted as active book-running managers for the offering. Stifel, Nicolaus & Company, Incorporated acted as passive book-running manager for the offering, and William Blair & Company, L.L.C. and BTIG, LLC acted as co-managers for the offering. The offering commenced on July 25, 2018 and did not terminate before all securities registered on the registration statement were sold.
We received net proceeds of $264.6 million after deducting underwriting discounts and commissions and offering expenses. No offering expenses incurred by us were paid directly or indirectly to any of our directors, officers or persons owning ten percent or more of our capital stock (or their associates or affiliates).
There has been no material change in the planned use of the IPO proceeds as described in our final prospectus for our IPO dated as of July 25, 2018 and filed with the SEC pursuant to Rule 424(b)(4) under the Securities Act on July 26, 2018.
Stock Performance Graph
This performance graph shall not be deemed "soliciting material" or to be "filed" with the SEC for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or the "Exchange Act," or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any filing of Tenable Holdings, Inc. under the Securities Act or the Exchange Act.
We have presented below the cumulative total return to our stockholders between July 26, 2018 (the date our common stock began trading on the Nasdaq Global Select Market) through December 31, 2018 in comparison to the Standard & Poor’s, or the S&P, 500 Index and the S&P Information Technology Index. All values assume a $100 initial investment, and data for the S&P 500 Index and S&P Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our common stock.
https://cdn.kscope.io/a5fc0a100f5da348a32e241760ba07f0-chart-b9e3a3fec9f29817898.jpg

36

Table of Contents

Company/Index
 
7/26/2018(1)
 
7/31/2018
 
8/31/2018
 
9/30/2018
 
10/31/2018
 
11/30/2018
 
12/31/2018
Tenable Holdings, Inc.
 
$
100.00

 
$
98.84

 
$
109.62

 
$
128.53

 
$
94.15

 
$
94.15

 
$
73.36

S&P 500 Index
 
100.00

 
99.25

 
102.26

 
102.70

 
95.57

 
97.28

 
88.35

S&P Information Technology Index
 
100.00

 
96.55

 
103.05

 
102.65

 
94.39

 
92.39

 
84.50

_______________
(1)    Base period
Issuer Purchases of Equity Securities
In May 2018, we purchased 6,737 shares of common stock from an employee for $10.97 per share pursuant to a right of first offer under a right of first refusal agreement in effect prior to the IPO, which terminated in connection with the IPO. We purchased the shares from the employee at a price per share equal to fair market value as determined by a third-party valuation as of a recent date.

37

Table of Contents

Item 6.        Selected Financial Data
The following selected consolidated statements of operations data for the years ended December 31, 2018, 2017 and 2016 and the selected consolidated balance sheet data as of December 31, 2018 and 2017 are derived from our audited consolidated financial statements included in this Annual Report on Form 10-K. The consolidated statements of operations data for the year ended December 31, 2015 and consolidated balance sheet data as of December 31, 2016 and 2015 are from our audited financial statements not included in this Annual Report on Form 10-K.
You should read the following selected financial data with the historical consolidated financial statements and related notes to those statements, as well as “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” included in this Annual Report on Form 10-K.
Consolidated Statements of Operations Data:
Year Ended December 31,
(in thousands, except per share data)
2018
 
2017
 
2016
 
2015
Revenue(1)
$
267,360

 
$
187,727

 
$
124,371

 
$
93,466

Cost of revenue(2)
43,167

 
25,588

 
14,219

 
10,914

Gross profit
224,193

 
162,139

 
110,152

 
82,552

Operating expenses:
 
 
 
 
 
 
 
Sales and marketing(2)
173,344

 
116,299

 
85,736

 
60,635

Research and development(2)
76,698

 
57,673

 
40,085

 
25,288

General and administrative(2)
46,732

 
28,927

 
20,164

 
15,348

Recapitalization costs(3)

 

 

 
67,039

Total operating expenses
296,774

 
202,899

 
145,985

 
168,310

Loss from operations
(72,581
)
 
(40,760
)
 
(35,833
)
 
(85,758
)
Other income (expense), net
1,424

 
(91
)
 
(532
)
 
(189
)
Loss before income taxes
(71,157
)
 
(40,851
)
 
(36,365
)
 
(85,947
)
Provision for (benefit from) income taxes
2,364

 
171

 
843

 
(2,188
)
Net loss and comprehensive loss
(73,521
)
 
(41,022
)
 
(37,208
)
 
(83,759
)
Accretion of Series A and B redeemable convertible preferred stock
(434
)
 
(763
)
 
(763
)
 
(29
)
Net loss attributable to common stockholders
$
(73,955
)
 
$
(41,785
)
 
$
(37,971
)
 
$
(83,788
)
 
 
 
 
 
 
 
 
Net loss per share attributable to common stockholders, basic and diluted(4)
$
(1.38
)
 
$
(1.88
)
 
$
(1.81
)
 
$
(1.45
)
Weighted-average shares used to compute net loss per share attributable to common stockholders, basic and diluted
53,669
 
22,211
 
20,974
 
57,654
_______________
(1)    We adopted Accounting Standards Codification Topic 606, Revenue From Contracts With Customers, or ASC 606, on January 1, 2017 using the modified retrospective method. The 2016 and 2015 consolidated statements of operations were not adjusted for the adoption of ASC 606. See Note 1 to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K for details on the impact of adopting ASC 606.
(2)    Includes stock-based compensation expense as follows:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
 
2015
Cost of revenue
$
1,707

 
$
281

 
$
223

 
$
52

Sales and marketing
6,911

 
1,579

 
969

 
866

Research and development
5,804

 
1,782

 
602

 
252

General and administrative
8,453

 
4,118

 
738

 
509

Total stock-based compensation expense
$
22,875

 
$
7,760

 
$
2,532

 
$
1,679


38

Table of Contents

(3)    We recorded a charge of $67.0 million primarily resulting from the repurchase price paid to common stockholders exceeding the estimated fair value of the common stock on the date of the Series B financing.
(4)    See Note 8 to our consolidated financial statements in this Annual Report on Form 10-K for details on the calculation of basic and diluted net loss per share attributable to common stockholders.
Consolidated Balance Sheet Data:
December 31,
(in thousands)
2018
 
2017
 
2016
 
2015
Cash and cash equivalents
$
165,116

 
$
27,210

 
$
34,470

 
$
43,743

Working capital (deficit)(1)
142,484

 
(69,091
)
 
(18,538
)
 
13,862

Total assets
460,612

 
164,337

 
105,494

 
83,993

Deferred revenue, current and non-current
289,903

 
225,818

 
107,447

 
63,218

Redeemable convertible preferred stock

 
277,735

 
276,972

 
276,209

Accumulated deficit
(466,108
)
 
(392,587
)
 
(313,147
)
 
(275,939
)
Total stockholders' equity (deficit)
121,763

 
(371,665
)
 
(301,918
)
 
(266,862
)
_______________
(1)    We define working capital (deficit) as total current assets less total current liabilities. See our consolidated financial statements in this Annual Report on Form 10-K for further details regarding our current assets and current liabilities. Changes in working capital (deficit) reflect increases in deferred revenue and deferred commissions as a result of our subscription model and our adoption of ASC 606.

39

Table of Contents

Item 7.        Management's Discussion and Analysis of Financial Condition and Results of Operations
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K, or this Form 10-K. This Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act and Section 21E of the Securities Exchange Act of 1934, as amended, or the Exchange Act. These statements are often identified by the use of words such as “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “plan,” “project,” “will,” “would” or the negative or plural of these words or similar expressions or variations. Such forward-looking statements are subject to a number of risks, uncertainties, assumptions and other factors that could cause actual results and the timing of certain events to differ materially from future results expressed or implied by the forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those identified herein, and those discussed in the section titled “Risk Factors,” set forth in Part I, Item 1A of this Form 10-K and in our other filings with the SEC. You should not rely upon forward-looking statements as predictions of future events. Furthermore, such forward-looking statements speak only as of the date of this report. Except as required by law, we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements.
Overview
We are the first and only provider of solutions for a new category of cybersecurity that we call Cyber Exposure. Cyber Exposure is a discipline for managing and measuring cybersecurity risk in the digital era. Our enterprise platform enables broad visibility into an organization’s cyber exposure across the modern attack surface and deep insights that help organizations translate vulnerability data into business insights to understand and reduce their cybersecurity risk.
Our enterprise platform offerings, including Tenable.io, Tenable.sc, and Industrial Security, are built to provide organizations with the breadth of visibility to accurately understand both traditional and modern attack surfaces and the depth of insight that stems from risk-based analytics, prioritization and benchmarking. Our Cyber Exposure platform automatically discovers assets, including those in cloud environments, and assesses these assets for the presence of vulnerabilities, internal and regulatory compliance violations, misconfigurations and other cybersecurity issues, analyzes and prioritizes cybersecurity risks based on the likelihood of a vulnerability being exploited and the business criticality of the asset, and provides an objective way to measure an organization’s cyber exposure.
Our enterprise platform offerings are primarily sold on a subscription basis with terms ranging from one to three years, primarily one year. These offerings are typically prepaid in advance. To a lesser extent, we generate ratably recognizable revenue from perpetual licenses and from the related ongoing maintenance.
Many of our enterprise platform customers initially use either our free or paid version of Nessus, one of the industry’s most widely deployed vulnerability assessment solutions. Nessus, which is the technology that underpins our enterprise platform offerings, is designed to quickly and accurately identify vulnerabilities, configuration and compliance issues and malware. Our free version of Nessus, Nessus Home, allows for vulnerability assessment over a limited number of IP addresses. We believe many of our Nessus customers begin with Nessus Home and subsequently upgrade to Nessus Professional, the paid version of Nessus; however, we expect many users to continue to use Nessus Home. 
We have experienced rapid growth in recent years. Revenue in 2018, 2017 and 2016 was $267.4 million, $187.7 million and $124.4 million, respectively, representing year-over-year growth of 42% and 51%, respectively. Our net loss in 2018, 2017 and 2016 was $73.5 million, $41.0 million and $37.2 million, respectively, as we continue to invest in our business and market opportunity.
Initial Public Offering
On July 30, 2018, we completed our IPO, in which we issued and sold 12,535,000 shares of common stock at the IPO price of $23.00 for net proceeds to us of $264.6 million, after underwriting discounts and commissions and other offering expenses. Upon the completion of our IPO, all 15,847,500 shares of our Series A Redeemable Convertible Preferred Stock, or Series A, and 39,538,354 shares of our Series B Redeemable Convertible Preferred Stock, or Series B, automatically converted into an aggregate of 55,385,854 shares of our common stock.

40

Table of Contents

Financial Highlights
Below are our key financial results:
 
Year Ended December 31,
(in thousands, except per share data)
2018
 
2017
 
2016
Revenue
$
267,360

 
$
187,727

 
$
124,371

Loss from operations
(72,581
)
 
(40,760
)
 
(35,833
)
Net loss
(73,521
)
 
(41,022
)
 
(37,208
)
Net loss per share attributable to common stockholders, basic and diluted
(1.38
)
 
(1.88
)
 
(1.81
)
Net cash used in operating activities
(2,559
)
 
(6,266
)
 
(2,785
)
Purchases of property and equipment
(5,733
)
 
(2,755
)
 
(5,776
)
Factors Affecting Our Performance
Product Leadership
We offer the first and only Cyber Exposure platform to provide visibility into the broadest range of traditional and modern IT assets across cloud and on-premises environments. We are intensely focused on continued innovation that empowers organizations to understand and reduce their cyber exposure. This includes ongoing development of our enterprise platform offerings. In February 2017, we released Tenable.io, our SaaS offering that is designed to provide broad visibility and insights across a broad range of traditional and modern IT assets and cloud environments.
We continue to expand the capabilities of our enterprise platform offerings, as well as our Nessus products, specifically as it relates to the ability to scan for and detect the rapidly expanding volume of vulnerabilities.
We intend to continue to invest in our engineering capabilities and marketing activities to maintain our position in the highly-competitive market for cybersecurity solutions. Our results of operations may fluctuate as we make these investments to drive increased customer adoption and usage.
New Enterprise Platform Customer Acquisition
We believe that our customer base provides a significant opportunity to expand sales of our enterprise platform offerings and that our ability to continue to grow our enterprise platform customers will increase future opportunities for renewals and follow-on sales. We believe that we have significant room to capture additional market share.
We expect to grow our enterprise platform customers by continuing to expand our sales organization and leveraging our channel partner network, which we believe will allow us to identify new enterprise customers, enter new markets, including internationally, as well as to convert more of our existing Nessus Professional customers to enterprise platform customers.
We have increased our sales and marketing headcount in recent years and we will continue to invest significantly in our partner network and sales and marketing capability in order to grow domestically and internationally.
Retaining and Expanding Revenue from Existing Customers
Our enterprise platform offerings utilize IT asset-based or IP address-based pricing models. Once enterprise customers have licensed our platform offerings, they typically seek broader coverage over their traditional IT assets, including networking infrastructure, desktops and on-premises servers. As customers launch new applications or migrate existing applications to the cloud and deploy web applications, containers, internet of things, or IoT, and operational technology, or OT, they often increase the scope of their subscriptions and/or add additional perpetual licenses to our enterprise platforms.

41

Table of Contents

We are also focused on upselling customers from Nessus Professional to our enterprise platform offerings. Nessus customers are typically organizations or independent security consultants that use Nessus for a single vulnerability assessment at a point in time. We seek to convert our Nessus Professional users to customers of our enterprise platform offerings, which provide continuous visibility and insights into their attack surface.
Further, we plan to expand existing platform capabilities and launch new products, such as Tenable.io Lumin, which we believe will drive new product purchases and follow-on purchases over time, thereby contributing to customer renewals. We believe that there is a significant opportunity to drive additional sales to existing customers, and we expect to invest in sales and marketing and customer success personnel and activities to achieve additional revenue growth from existing customers.
Our ability to increase sales to existing customers will depend on a number of factors, including satisfaction or dissatisfaction with our products and services, competition, pricing, economic conditions or overall changes in our spending levels.
Investing in Business Growth
Since our founding, we have invested significantly in growing our business. We intend to continue to invest in sales and marketing to grow our sales team, expand brand and Cyber Exposure awareness and optimize our channel partner network. We also intend to continue to invest in our research and development team to further our technological leadership position in Cyber Exposure and enhance the functionality of our solutions. Any investments we make in our sales and marketing and research and development teams will occur in advance of experiencing the benefits from such investments, so it may be difficult for us to determine if we are efficiently allocating resources in those areas. These investment activities could increase our net losses over the short term if our revenue growth does not increase at higher rates. However, we expect that these investments will ultimately benefit our results of operations.
Key Operating and Financial Metrics
To supplement our consolidated financial statements, which are prepared and presented in accordance with GAAP, we use certain operating metrics and non-GAAP financial measures, as described below, to understand and evaluate our core operating performance. These non-GAAP financial measures, which may be different than similarly titled measures used by other companies, are presented to enhance investors’ overall understanding of our financial performance and should not be considered a substitute for, or superior to, the financial information prepared and presented in accordance with GAAP.
We believe that these operating metrics and non-GAAP financial measures provide useful information about our operating and financial performance, enhance the overall understanding of our past performance and future prospects and allow for greater transparency with respect to important metrics used by management for financial and operational decision-making. We present these operating metrics and non-GAAP financial measures to assist investors in seeing our operating and financial performance using a management view and because we believe that these measures provide an additional tool for investors to use in comparing our core operating and financial performance over multiple periods with other companies in our industry.
Calculated Current Billings
We use the non-GAAP measure of calculated current billings, which we believe is a key metric to measure our periodic performance. Given that most of our customers pay in advance, we typically recognize a majority of the related revenue ratably over time. We use calculated current billings to measure and monitor our ability to provide our business with the working capital generated by upfront payments from our customers.
Calculated current billings consists of revenue recognized in a period plus the change in current deferred revenue in the corresponding period. We believe that calculated current billings, which excludes deferred revenue for periods beyond twelve months in a customer’s contractual term, more closely correlates with annual contract value and that the variability in total billings, depending on the timing of large multi-year contracts and the preference for annual billing versus multi-year upfront billing, may distort growth in one period over another. While we believe that calculated current billings provides valuable insight into the cash that will be generated from sales of our subscriptions, this metric may vary from period-to-period for a number of reasons, and therefore has a number of limitations as a quarter-to-quarter or year-over-year comparative measure. For example, calculated current billings include amounts that have not yet been recognized as

42

Table of Contents

revenue; an increasing number of large sales transactions, for which the timing has and will continue to vary, may occur in quarters subsequent to or in advance of those that we anticipate; and our calculation of current billings may be different from other companies that report similar financial measures. Additionally, calculated current billings in any one period may be impacted by the timing of customer renewals, including early renewals, which could favorably or unfavorably impact year-over-year comparisons. Because of these and other limitations, you should consider calculated current billings along with revenue and our other GAAP financial results.
The following table presents a reconciliation of revenue, the most directly comparable financial measure calculated in accordance with GAAP, to calculated current billings:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Revenue
$
267,360

 
$
187,727

 
$
124,371

Deferred revenue (current), end of period
213,644

 
154,898

 
88,011

Deferred revenue (current), beginning of period(1)
(154,898
)
 
(107,006
)
 
(54,721
)
Calculated current billings
$
326,106

 
$
235,619

 
$
157,661

_______________
(1)    In connection with adopting ASC 606, we recorded $19.0 million of current deferred revenue on January 1, 2017 related to perpetual license revenue recognized in prior periods.
Free Cash Flow
We use the non-GAAP measure of free cash flow, which we define as GAAP net cash flows from operating activities reduced by purchases of property and equipment. We believe free cash flow is an important liquidity measure of the cash (if any) that is available, after purchases of property and equipment, for investment in our business and to make acquisitions. We believe that free cash flow is useful to investors as a liquidity measure because it measures our ability to generate or use cash.
Our use of free cash flow has limitations as an analytical tool and you should not consider it in isolation or as a substitute for an analysis of our results under GAAP. First, free cash flow is not a substitute for net cash used in operating activities. Second, other companies may calculate free cash flow or similarly titled non-GAAP financial measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a tool for comparison. Additionally, the utility of free cash flow is further limited as it does not reflect our future contractual commitments and does not represent the total increase or decrease in our cash balance for a given period. Because of these and other limitations, you should consider free cash flow along with our GAAP financial measures.
The following table presents a reconciliation of net cash used in operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Net cash used in operating activities
$
(2,559
)
 
$
(6,266
)
 
$
(2,785
)
Purchases of property and equipment
(5,733
)
 
(2,755
)
 
(5,776
)
Free cash flow(1)
$
(8,292
)
 
$
(9,021
)
 
$
(8,561
)
_______________
(1)    Contributions to our employee stock purchase plan during the year ended December 31, 2018 contributed $6.3 million to free cash flow.

43

Table of Contents

Enterprise Platform Customers
We believe that our customer base provides a significant opportunity to expand sales of our enterprise platform offerings. The following tables summarize key components of our customer base:
 
Year Ended December 31,
 
2018
 
2017
 
2016
Number of new enterprise platform customers added in period(1)
1,178
 
1,017
 
786
_______________
(1)    We define an enterprise platform customer as a customer that has licensed Tenable.io or Tenable.sc for an annual amount of $5,000 or greater. New enterprise platform customers represent new customer logos during the periods presented and do not include customer conversions from Nessus Professional to enterprise platforms.
 
At December 31,
 
2018
 
2017
 
2016
Number of customers with $100,000 and greater in annual contract value at end of period
453
 
265
 
124
Non-GAAP Loss from Operations and Non-GAAP Operating Margin
We use non-GAAP loss from operations, which excludes the effect of stock-based compensation and amortization of intangible assets, as a key indicator of our financial performance, along with non-GAAP operating margin, which is calculated as non-GAAP loss from operations divided by our revenue in the period. We believe that these non-GAAP financial measures provide useful information about our core operating results over multiple periods. There are a number of limitations related to the use of the non-GAAP financial measures as compared to GAAP loss from operations and operating margin, including that non-GAAP loss from operations and non-GAAP operating margin exclude stock-based compensation expense, which has been, and will continue to be for the foreseeable future, a significant recurring expense in our business and an important part of our compensation strategy.
The following table presents a reconciliation of loss from operations, the most directly comparable financial measure calculated in accordance with GAAP, to non-GAAP loss from operations, and operating margin, the most directly comparable financial measure calculated in accordance with GAAP, to non-GAAP operating margin:
 
Year Ended December 31,
(dollars in thousands)
2018
 
2017
 
2016
Loss from operations
$
(72,581
)
 
$
(40,760
)
 
$
(35,833
)
Stock-based compensation
22,875

 
7,760

 
2,532

Amortization of intangible assets
603

 
603

 
178

Non-GAAP loss from operations
$
(49,103
)
 
$
(32,397
)
 
$
(33,123
)
 
 
 
 
 
 
Operating margin
(27
)%
 
(22
)%
 
(29
)%
Non-GAAP operating margin
(18
)%
 
(17
)%
 
(27
)%
Non-GAAP Net Loss, Non-GAAP Net Loss Per Share and Pro Forma Non-GAAP Net Loss Per Share
We use non-GAAP net loss, which excludes the effect of the accretion of Series A and B redeemable convertible preferred stock, stock-based compensation and amortization of intangible assets, as well as the related tax impact, to calculate non-GAAP net loss per share and pro forma non-GAAP net loss per share. Pro forma non-GAAP net loss per share is calculated by giving effect to the conversion of our redeemable convertible preferred stock into common stock as though the conversion occurred at the beginning of each period presented. We believe that these non-GAAP measures provide important information to management and investors because they facilitate comparisons of our core operating results over multiple periods.

44

Table of Contents

The following table presents a reconciliation of net loss, and net loss per share attributable to common stockholders, the most comparable financial measures calculated in accordance with GAAP, to non-GAAP net loss, non-GAAP net loss per share and pro forma non-GAAP net loss per share:
 
Year Ended December 31,
(in thousands, except for per share amounts)
2018
 
2017
 
2016
Net loss attributable to common stockholders
$
(73,955
)
 
$
(41,785
)
 
$
(37,971
)
Accretion of Series A and B redeemable convertible preferred stock
434

 
763

 
763

Stock-based compensation
22,875

 
7,760

 
2,532

Tax impact of stock-based compensation(1)
(218
)
 
(54
)
 
(22
)
Amortization of intangible assets(1)
603

 
603

 
178

Non-GAAP net loss
$
(50,261
)
 
$
(32,713
)
 
$
(34,520
)
 
 
 
 
 
 
Net loss per share attributable to common stockholders, basic and diluted
$
(1.38
)
 
$
(1.88
)
 
$
(1.81
)
Accretion of Series A and B redeemable convertible preferred stock
0.01

 
0.03

 
0.03

Stock-based compensation
0.42

 
0.35

 
0.12

Tax impact of stock-based compensation(1)

 

 

Amortization of intangible assets(1)
0.01

 
0.03

 
0.01

Non-GAAP net loss per share, basic and diluted
$
(0.94
)
 
$
(1.47
)
 
$
(1.65
)
 
 
 
 
 
 
Weighted-average shares used to compute net loss per share attributable to common stockholders and non-GAAP net loss per share, basic and diluted
53,669

 
22,211

 
20,974

Pro forma adjustment to reflect the assumed conversion of our convertible redeemable preferred stock as of the beginning of the period
31,107

 
55,386

 
55,386

Weighted-average shares used to compute pro forma non-GAAP net loss per share, basic and diluted
84,776

 
77,597

 
76,360

 
 
 
 
 
 
Pro forma non-GAAP net loss per share, basic and diluted
$
(0.59
)
 
$
(0.42
)
 
$
(0.45
)
________________
(1)    The tax impact of the adjustments to net loss attributable to common stockholders is based on the tax treatment for applicable tax jurisdictions. There was no tax impact related to the amortization of intangible assets as it was incurred in the United States in periods in which we had a net operating loss for which we maintained a full valuation allowance.
Components of Our Results of Operations
Revenue
We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services. We begin to recognize revenue when control of our software or services is transferred to the customer, which for sales made through distributors is concurrent with the transfer to the end user.
Our subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud-based solutions, including ongoing software updates during the contractual period. Revenue is recognized ratably over the subscription term given the critical utility provided by the ongoing updates that are released throughout the contract period.
Our perpetual licenses are generally sold with one or more years of maintenance, which includes ongoing software updates. Given the critical utility provided by the ongoing software updates and updated ability to identify network vulnerabilities included in maintenance, we combine the perpetual license and the maintenance into a single performance obligation. Perpetual license arrangements generally contain a material right related to the customer’s ability to renew

45

Table of Contents

maintenance at a price that is less than the initial license fee. We apply a practical alternative to allocating a portion of the transaction price to the material right performance obligation and estimate a hypothetical transaction price which includes fees for expected maintenance renewals based on the estimated economic life of perpetual license contracts. We allocate the transaction price between the cybersecurity subscription provided in the initial contract and the material right related to expected contract renewals based on the hypothetical transaction price. We recognize the amount allocated to the combined license and maintenance performance obligation over the initial contractual period, which is generally one year. We recognize the amount allocated to the material right over the expected maintenance renewal period, which begins at the end of the initial contractual term and is generally four years. We have estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of our technology and other factors. This estimate may change over time.
Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services are performed.
We have historically experienced, and expect in the future to experience, seasonality in entering into agreements with customers. We typically enter into a significantly higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the third and fourth quarters of the year. The increase in customer agreements in the third quarter is primarily attributable to U.S. government and related agencies, and the increase in the fourth quarter is primarily attributable to large enterprise account buying patterns typical in the software industry. Our recent growth and the ratable nature of our subscription revenue makes this seasonality less apparent in our overall financial results.
Cost of Revenue, Gross Profit and Gross Margin
Cost of revenue includes personnel costs related to our technical support group that provides assistance to customers, including salaries, benefits, bonuses, payroll taxes and stock-based compensation. Cost of revenue also includes hosting costs for Tenable.io, the costs related to professional services and training, depreciation and amortization and allocated overhead costs, which consist of information technology and facilities.
We intend to continue to invest additional resources in our cloud-based platform and our customer support team as we grow our business. The level and timing of investment in these areas could affect our cost of revenue in the future.
Gross profit, or revenue less cost of revenue, and gross margin, or gross profit as a percentage of revenue, have been and will continue to be affected by various factors, including the timing of our acquisition of new customers and our renewals of and follow-on sales to existing customers, the costs associated with operating our cloud-based platform, the extent to which we expand our customer support team and the extent to which we can increase the efficiency of our technology and infrastructure through technological improvements.
We expect our gross profit to increase in absolute dollars but our gross margin to decrease, as we expect revenue from our cloud-based subscriptions to increase as a percentage of revenue, although our gross margin could fluctuate from period to period depending on the interplay of all of these factors.
Operating Expenses
Our operating expenses consist of sales and marketing, research and development and general and administrative expenses. Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, payroll taxes and stock-based compensation expense. Operating expenses also include depreciation and amortization as well as allocated overhead costs including IT and facilities costs.

46

Table of Contents


Sales and Marketing
Sales and marketing expense consists of personnel costs, sales commissions, marketing programs, travel and entertainment, expenses for conferences and events and allocated overhead costs.
We intend to continue to make significant investments in our sales and marketing teams to grow revenue, further penetrate the market and expand our global customer base. We expect our sales and marketing expense to continue to increase in absolute dollars and to be our largest operating expense category for the foreseeable future. However, as our revenue increases, we expect our sales and marketing expense to decrease as a percentage of our revenue over the long term, although our sales and marketing expense may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
Research and Development
Research and development expense consists of personnel costs, software used to develop our products, travel and entertainment, consulting and professional fees for third-party development resources as well as allocated overhead. Our research and development expense supports our efforts to continue to add capabilities to our existing products and enable the continued detection of new network vulnerabilities.
We expect our research and development expense to continue to increase in absolute dollars for the foreseeable future as we continue to invest in research and development efforts to enhance the functionality of our cloud-based platform. However, we expect our research and development expense to decrease as a percentage of our revenue over the long term, although our research and development expense may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
General and Administrative
General and administrative expense consists of personnel costs for our executive, finance, legal, human resources and administrative departments. Additional expenses include travel and entertainment, professional fees, insurance and allocated overhead.
We expect our general and administrative expense to continue to increase in absolute dollars for the foreseeable future due to additional costs associated with accounting, compliance, insurance and investor relations as a public company. However, we expect our general and administrative expense to decrease as a percentage of our revenue over the long term, although our general and administrative expense may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
Other Income (Expense), Net
Other income (expense), net consists primarily of interest income earned on cash and cash equivalents and short-term investments, net foreign currency remeasurement and transaction gains and losses and interest expense in connection with unused fees on our revolving credit facility.
Provision for Income Taxes
Provision for income taxes consists primarily of income taxes in certain foreign jurisdictions in which we conduct business. We have recorded deferred tax assets for which a full valuation allowance has been provided, including net operating loss carryforwards and tax credits. We expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses.

47

Table of Contents

Results of Operations
The following tables set forth our consolidated results of operations for the periods presented:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Revenue
$
267,360

 
$
187,727

 
$
124,371

Cost of revenue(1)
43,167

 
25,588

 
14,219

Gross profit
224,193

 
162,139

 
110,152

Operating expenses:
 
 
 
 
 
Sales and marketing(1)
173,344

 
116,299

 
85,736

Research and development(1)
76,698

 
57,673

 
40,085

General and administrative(1)
46,732

 
28,927

 
20,164

Total operating expenses
296,774

 
202,899

 
145,985

Loss from operations
(72,581
)
 
(40,760
)
 
(35,833
)
Other income (expense), net
1,424

 
(91
)
 
(532
)
Loss before income taxes
(71,157
)
 
(40,851
)
 
(36,365
)
Provision for income taxes
2,364

 
171

 
843

Net loss and comprehensive loss
$
(73,521
)
 
$
(41,022
)
 
$
(37,208
)
_______________
(1)    Includes stock-based compensation expense as follows:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Cost of revenue
$
1,707

 
$
281

 
$
223

Sales and marketing
6,911

 
1,579

 
969

Research and development
5,804

 
1,782

 
602

General and administrative
8,453

 
4,118

 
738

Total stock-based compensation expense
$
22,875

 
$
7,760

 
$
2,532

Comparison of 2018 and 2017
Revenue
 
Year Ended December 31,
 
Change
(dollars in thousands)
2018
 
2017
 
($)
 
(%)
Revenue
$
267,360

 
$
187,727

 
$
79,633

 
42
%
The increase in revenue of $79.6 million was comprised of increases in subscription revenue of $72.9 million, perpetual license and maintenance revenue of $4.3 million and professional services and other revenue of $2.4 million. Revenue from existing customers comprised 68% of the increase, while the remaining increase was due to revenue from new customers since January 1, 2018. International revenue increased $31.6 million, or 55%.

48

Table of Contents

Cost of Revenue, Gross Profit and Gross Margin
 
Year Ended December 31,
 
Change
(dollars in thousands)
2018
 
2017
 
($)
 
(%)
Cost of revenue
$
43,167

 
$
25,588

 
$
17,579

 
69
%
Gross profit
224,193

 
162,139

 
62,054

 
38
%
Gross margin
84
%
 
86
%
 

 


The increase in cost of revenue of $17.6 million was primarily due to:
a $6.9 million increase in personnel costs, primarily due to increased headcount, including a $1.4 million increase in stock-based compensation;
a $5.3 million increase in third-party cloud infrastructure costs, largely associated with the increased adoption of Tenable.io;
a $3.3 million increase in allocated overhead costs driven by both the increase in headcount and the overall increase in such costs on a year-over-year basis;
a $0.8 million increase in software subscription expenses; and
a $0.5 million increase in depreciation and amortization.
Operating Expenses
Sales and Marketing
 
Year Ended December 31,
 
Change
(dollars in thousands)
2018
 
2017
 
($)
 
(%)
Sales and marketing
$
173,344

 
$
116,299

 
$
57,045

 
49
%
The increase in sales and marketing expense of $57.0 million was primarily due to:
a $29.2 million increase in personnel costs, largely associated with an increase in headcount, including a $5.3 million increase in stock-based compensation;
a $14.3 million increase in sales commissions, including sales commission draws, due to increased sales and the amortization of deferred commissions;
a $6.1 million increase in expenses for demand generation programs, including advertising, sponsorships and brand awareness efforts aimed at acquiring new customers; and
a $4.9 million increase in selling expenses, including travel and meeting costs and the costs of software subscriptions.
Research and Development
 
Year Ended December 31,
 
Change
(dollars in thousands)
2018
 
2017
 
($)
 
(%)
Research and development
$
76,698

 
$
57,673

 
$
19,025

 
33
%
The increase in research and development expense of $19.0 million was primarily due to:
a $15.1 million increase in personnel costs, largely associated with an increase in headcount, including a $4.0 million increase in stock-based compensation, and net of $2.4 million of development costs capitalized related to internal use software;
a $1.6 million increase in third-party cloud infrastructure costs related to the development of new and future offerings;

49

Table of Contents

a $0.7 million increase in software subscription expenses; and
a $0.6 million increase in allocated overhead driven by both the increase in headcount and the overall increase in such costs on a year-over-year basis.
General and Administrative
 
Year Ended December 31,
 
Change
(dollars in thousands)
2018
 
2017
 
($)
 
(%)
General and administrative
$
46,732

 
$
28,927

 
$
17,805

 
62
%
The increase in general and administrative expense of $17.8 million was primarily due to:
a $11.9 million increase in personnel costs, largely associated with an increase in headcount, including a $4.3 million increase in stock-based compensation;
a $3.3 million increase in professional fees, which includes costs associated with being a public company; and
a $0.8 million increase in software subscription expense.
Comparison of 2017 and 2016
Revenue
 
Year Ended December 31,
 
Change
(dollars in thousands)
2017
 
2016
 
($)
 
(%)
Revenue
$
187,727

 
$
124,371

 
$
63,356

 
51
%
The increase in revenue of $63.4 million was comprised of increases in subscription revenue of $52.5 million, perpetual license and maintenance revenue of $10.0 million and professional services and other revenue of $0.9 million. Revenue from existing customers comprised 68% of the increase, while the remaining increase was due to revenue from new customers since January 1, 2017. The increase in professional services revenue resulted from the growth of our installed customer base. The impact of the ASC 606 adoption on 2017 revenue was a net increase of $3.5 million. International revenue increased $19.3 million, or 50%, consistent with our overall revenue growth rate.
Cost of Revenue, Gross Profit and Gross Margin
 
Year Ended December 31,
 
Change
(dollars in thousands)
2017
 
2016
 
Change ($)
 
(%)
Cost of revenue
$
25,588

 
$
14,219

 
$
11,369

 
80
%
Gross profit
162,139

 
110,152

 
51,987

 
47
%
Gross margin
86
%
 
89
%
 
 
 


The increase in cost of revenue of $11.4 million was primarily due to:
a $5.4 million increase in third-party cloud infrastructure costs, largely associated with the increased adoption of Tenable.io;
a $4.0 million increase in personnel costs primarily due to increased headcount;
a $0.9 million increase in depreciation and amortization; and
a $0.8 million increase in allocated overhead costs driven by both the increase in headcount and the overall increase in such costs on a year-over-year basis.

50

Table of Contents

Operating Expenses
Sales and Marketing
 
Year Ended December 31,
 
Change
(dollars in thousands)
2017
 
2016
 
($)
 
(%)
Sales and marketing
$
116,299

 
$
85,736

 
$
30,563

 
36
%
The increase in sales and marketing expense of $30.6 million was primarily due to:
a $17.3 million increase in personnel costs, largely associated with an increase in headcount;
a $4.0 million increase in expenses for demand generation programs, including advertising, sponsorships and brand awareness efforts aimed at acquiring new customers;
a $3.9 million increase in selling expenses, including travel and meeting costs and the costs of software subscriptions;
a $2.7 million increase in sales commissions, including sales commission draws, due to increased sales and the amortization of deferred commissions, net of an $8.8 million reduction in commissions expense as a result of the adoption of ASC 606; and
a $2.1 million increase in allocated overhead costs, driven by both the increase in headcount and the overall increase in such costs on a year-over-year basis.
Research and Development
 
Year Ended December 31,
 
Change
(dollars in thousands)
2017
 
2016
 
($)
 
(%)
Research and development
$
57,673

 
$
40,085

 
$
17,588

 
44
%
The increase in research and development expense of $17.6 million was primarily due to:
a $12.7 million increase in personnel costs, largely associated with an increase in headcount, including a $1.2 million increase in stock-based compensation;
a $1.7 million increase in third-party cloud infrastructure costs related to the development of new and future offerings;
a $2.0 million increase in other expenses, primarily related to event and travel costs; and
a $1.2 million increase in allocated overhead driven by both the increase in headcount and the overall increase in such costs on a year-over-year basis.
General and Administrative
 
Year Ended December 31,
 
Change
(dollars in thousands)
2017
 
2016
 
($)
 
(%)
General and administrative
$
28,927

 
$
20,164

 
$
8,763

 
43
%
The increase in general and administrative expense of $8.8 million was primarily due to:
a $5.6 million increase in personnel costs, largely associated with an increase in headcount, including a $3.4 million increase in stock-based compensation;
a $1.0 million increase in professional fees; and
a $0.6 million increase in allocated overhead driven by both the increase in headcount and the overall increase in such costs on a year-over-year basis.

51

Table of Contents

Liquidity and Capital Resources
At December 31, 2018, we had cash and cash equivalents consisting of bank deposits and money market funds of $165.1 million and short-term investments consisting of commercial paper, U.S. Treasury and agency obligations, and corporate bonds of $118.1 million. Upon the completion of our IPO in July 2018, we received net proceeds of $264.6 million.
Since our inception and prior to our IPO, we financed our operations through cash provided by operations, including payments received from customers using our software products and services, and we did not raise any primary institutional capital prior to our IPO. The proceeds of our Series A and Series B redeemable convertible preferred stock financings were used to repurchase shares of capital stock from former stockholders. We have generated significant operating losses from our operations, as reflected by our accumulated deficit of $466.1 million at December 31, 2018.
We typically invoice our customers annually in advance and, to a lesser extent, multi-year in advance. Therefore, a substantial source of our cash is from such prepayments, which are included on our consolidated balance sheets as deferred revenue. Deferred revenue consists primarily of the unearned portion of billed fees for our subscriptions and perpetual licenses, which is subsequently recognized as revenue in accordance with our revenue recognition policy. At December 31, 2018, we had deferred revenue of $289.9 million, of which $213.6 million was recorded as a current liability and is expected to be recorded as revenue in the next 12 months, provided all other revenue recognition criteria are met.
Our principal uses of cash in recent periods have been funding our operations, expansion of our sales and marketing and research and development activities and investments in infrastructure. We expect to continue incurring operating losses and generating negative cash flows from operations in the near-term; however, we believe that our existing cash and cash equivalents and short-term investments will be sufficient to fund our operating and capital needs for at least the next 12 months. Our future capital requirements will depend on many factors, including our revenue growth rate, subscription renewal activity, the timing and extent of spending to support further infrastructure and research and development efforts, the timing and extent of additional capital expenditures to invest in new and existing office spaces, such as our new corporate headquarters, the expansion of sales and marketing and international operating activities, the timing of introduction of new product capabilities and enhancements of our platform and the continuing market acceptance of our platform.
We may in the future enter into arrangements to acquire or invest in complementary businesses, services and technologies, including intellectual property rights. We may be required to seek equity or debt financing. In the event that financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected.
Credit Facility
In May 2017, we entered into a $25.0 million revolving credit facility with Silicon Valley Bank. Pursuant to the terms of the revolving credit facility, we may issue up to $5.0 million of letters of credit, which reduce the total amount available for borrowing under such facility. The revolving credit facility terminates on May 4, 2020. To date, we have not borrowed any amounts under the revolving credit facility.
Interest on borrowings under the revolving credit facility accrues at a variable rate tied to the prime rate or the LIBOR rate, at our election. Interest is payable quarterly in arrears. We are required to pay a quarterly commitment fee that accrues at a rate of 0.25% per annum on the unused portion of the borrowing commitment.
The revolving credit facility contains customary conditions to borrowing, events of default and covenants, including restrictions on indebtedness, liens, acquisitions and investments, restricted payments and dispositions. If, as of the last day of any quarter, the outstanding balance of the revolving credit facility exceeds $5.0 million, there are financial covenants that require us to maintain a minimum level of earnings before income taxes, interest, depreciation and amortization adjusted to add changes in deferred revenue in the period and a minimum current ratio level. We were in compliance with all covenants under the revolving credit facility at December 31, 2018.

52

Table of Contents

Cash Flows
The following table summarizes our cash flows for the periods presented:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Net cash used in operating activities
$
(2,559
)
 
$
(6,266
)
 
$
(2,785
)
Net cash used in investing activities
(123,221
)
 
(2,755
)
 
(7,851
)
Net cash provided by financing activities
264,749

 
2,091

 
1,363

Effect of exchange rate changes on cash and cash equivalents and restricted cash
(1,063
)
 
(68
)
 

Net increase (decrease) in cash and cash equivalents and restricted cash
$
137,906

 
$
(6,998
)
 
$
(9,273
)
Operating Activities
In 2018, net cash used in operating activities was $2.6 million, which primarily consisted of our $73.5 million net loss, adjusted for stock-based compensation expense of $22.9 million and depreciation and amortization of $6.2 million, as well as a net cash inflow of $41.4 million from changes in operating assets and liabilities. The net inflow from changes in operating assets and liabilities was primarily due to a $64.1 million increase in deferred revenue primarily due to increased subscription sales, as a majority of our customers are invoiced in advance, partially offset by a $17.4 million increase in accounts receivable.
In 2017, net cash used in operating activities was $6.3 million, which primarily consisted of our $41.0 million net loss, adjusted for stock-based compensation expense of $7.8 million and depreciation and amortization of $4.7 million, as well as a net cash inflow of $23.1 million from changes in operating assets and liabilities. The net inflow from changes in operating assets and liabilities was primarily due to a $63.4 million increase in deferred revenue, including the cumulative impact of adopting the new revenue recognition guidance, from increased subscription sales as a majority of our customers are invoiced in advance, partially offset by a $14.8 million increase in accounts receivable. In addition, deferred commissions increased $20.1 million, including the cumulative impact of adopting the new revenue recognition guidance.
In 2016, net cash used in operating activities was $2.8 million, which primarily consisted of our $37.2 million net loss, adjusted for depreciation and amortization of $3.1 million and stock-based compensation expense of $2.5 million, as well as a net cash inflow of $27.9 million from changes in operating assets and liabilities. The net inflow from operating assets and liabilities was primarily due to an increase of $44.2 million in deferred revenue from increased subscription sales as a majority of our customers are invoiced in advance partially offset by a $13.6 million increase in accounts receivable.
Investing Activities
From 2017 to 2018, net cash used in investing activities increased by $120.5 million, primarily due to our purchase of short-term investments of commercial paper, U.S. Treasury securities and corporate bonds of $117.5 million.
From 2016 to 2017, net cash used in investing activities decreased by $5.1 million, primarily due to a reduction in capital expenditures for infrastructure equipment and leasehold improvements.
Financing Activities
From 2017 to 2018, net cash provided by financing activities increased by $262.7 million, primarily due to proceeds from our IPO, net of underwriting discounts and commissions, of $268.5 million, less payments of offering costs related to our IPO of $3.9 million.
From 2016 to 2017, net cash provided by financing activities increased by $0.7 million, primarily due to an increase of proceeds from the exercise of stock options.

53

Table of Contents

Contractual Obligations
The following table summarizes our contractual obligations at December 31, 2018:
(in thousands)
Total
 
Less than 1 year
 
1 - 3 years
 
3 - 5 years
 
More than 5 years
Operating lease commitments(1)
$
79,903

 
$
4,429

 
$
11,041

 
$
12,302

 
$
52,131

Non-cancellable purchase obligations
8,299

 
6,370

 
1,929

 

 

Total contractual obligations
$
88,202

 
$
10,799


$
12,970


$
12,302


$
52,131

_______________
(1)    Consists of future non-cancelable minimum rental payments under operating leases for our offices including $68.2 million of future lease payments related to the lease of our new headquarters, which is currently being constructed. These lease payments are expected to commence in the first quarter of 2021.
Not included in the table above is $4.8 million of unrecognized tax benefits and $0.9 million of asset retirement obligations, because the timing of future cash outflows is uncertain.
In October 2017, we entered into a new lease agreement for office space in Columbia, Maryland to serve as our new corporate headquarters, and expect to incur approximately $10 million of capital expenditures related to leasehold improvements associated with the build-out. We plan to take possession of the leased office space in mid-2019, at which time we will record a right-of-use asset and corresponding lease liability, and begin to record rent expense. We expect to start making recurring rental payments under the lease in the first quarter of 2021. Included in the operating lease commitments above are total expected minimum obligations under the lease agreement of $68.2 million, which exclude approximately $16.0 million of expected tenant improvement reimbursements and incentives from the landlord and variable operating expenses. We have also excluded a $2.5 million security deposit, which may be increased to $5.0 million, that is expected to be paid in advance of occupancy. At our option, we may deposit cash or provide an unconditional letter of credit, which would reduce the borrowing capacity under our revolving credit facility.
We are contractually obligated for our current corporate headquarters through May 2021, and unless we transfer our contractual obligation, we will continue to include the committed lease payments for our current corporate headquarters in the table above.
Off-Balance Sheet Arrangements
At December 31, 2018, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities, which would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.
Critical Accounting Policies and Estimates
Our financial statements are prepared in accordance with U.S. GAAP. The preparation of these financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. Our actual results could differ from these estimates.
The critical accounting estimates, assumptions and judgments that we believe have the most significant impact on our consolidated financial statements are described below.
Revenue Recognition
We early adopted ASC 606 on January 1, 2017 using the modified retrospective method and applying the guidance to all contracts as of January 1, 2017.

54

Table of Contents

The core principle of ASC 606 is that revenue should be recognized to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services. To achieve the core principle of ASC 606, we apply the following steps:
Identify the contract with a customer
Identify the performance obligations in the contract
Determine the transaction price
Allocate the transaction price to the performance obligations in the contract
Recognize revenue when or as performance obligations are satisfied
We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services and other revenue.
Subscription Revenue
Our subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud solutions, including ongoing software updates and the ability to identify the latest cybersecurity vulnerabilities. Revenue is recognized ratably over the subscription term given the critical utility provided by the ongoing updates that are released throughout the contract period.
Perpetual License and Maintenance Revenue
Our perpetual licenses are generally sold with one or more years of maintenance, which include ongoing software updates and the ongoing ability to identify the latest cybersecurity vulnerabilities. Given the critical utility provided by the ongoing software updates and updated ability to identify network vulnerabilities included in maintenance, we combine the perpetual license and the maintenance into a single performance obligation. Perpetual license arrangements generally contain a material right related to the customer’s ability to renew maintenance at a price that is less than the initial license fee. We apply a practical alternative to allocating a portion of the transaction price to the material right performance obligation and estimate a hypothetical transaction price which includes fees for expected maintenance renewals based on the estimated economic life of the perpetual license contracts. We allocate the transaction price between the cybersecurity subscription provided in the initial contract and the material right related to expected contract renewals based on the hypothetical transaction price. We recognize the amount allocated to the combined license and maintenance performance obligation over the initial contractual period, which is generally one year. We recognize the amount allocated to the material right over the expected maintenance renewal period, which begins at the end of the initial contractual term and is generally four years. We have estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of the our technology and other factors. While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could materially impact our reported financial results.
Professional Services and Other Revenue
Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services are performed.
Contracts with Multiple Performance Obligations
In cases where our contracts with customers contain multiple performance obligations, the contract transaction price is allocated on a relative standalone selling price basis. We typically determine standalone selling price based on observable selling prices of our products and services.
Variable Consideration
We record revenue from sales at the net sales price, which is the transaction price, including estimates of variable consideration when applicable. Certain of our customers may be entitled to receive credits and in certain circumstances,

55

Table of Contents

refunds, if service level commitments are not met. We have not historically experienced significant incidents affecting the ability to meet these service level commitments and any estimated refunds related to these agreements have not been material.
Sales through our channel partner network of distributors and resellers are generally discounted as compared to the price that we would sell to an end user. Revenue for sales through our channel network, which is fixed, is recorded net of any distributor or reseller margin.
Legacy Revenue Accounting Policies
For periods prior to January 1, 2017, we recognized revenue when all the following criteria were met: (1) persuasive evidence of an arrangement exists, (2) delivery has occurred, (3) the fee is fixed or determinable and (4) collectability is reasonably assured.
We recognized subscription revenue ratably over the term of the subscription period in accordance with ASC 605, Revenue Recognition. When subscription arrangements involved multiple elements that qualified as separate units of accounting, we allocated arrangement consideration at the inception of the arrangement to all deliverables based on the relative selling price method in accordance with the selling price hierarchy, which included (i) vendor-specific objective evidence, or VSOE, if available, (ii) third-party evidence, or TPE, if VSOE was not available, and (iii) best estimate of selling price, or BESP, if neither VSOE nor TPE were available. When VSOE could not be established for deliverables within subscription arrangements, we utilized BESP in our allocation of arrangement consideration, as it generally could not establish TPE. BESP was determined by considering multiple factors including, but not limited to, prices charged for similar offerings, market conditions, competitive landscape and pricing practices.
We recognized perpetual license revenue upon delivery of the license in accordance with ASC 985-605, Software-Revenue Recognition. We established VSOE of fair value for substantially all products and services with the exception of new subscription agreements and perpetual licenses. VSOE was established for maintenance and support based upon actual renewals and historical pricing when sold separately. Revenue from maintenance agreements was deferred and recognized ratably over the term of the maintenance period. The VSOE of fair value for professional services was based on the price for these same services when they were sold separately.
Other services revenue was recognized as the services were performed.
Deferred Commissions
Sales commissions, including related incremental fringe benefit costs, are considered to be incremental costs of obtaining a contract, and therefore are deferred over an estimated period of benefit, which ranges between three and four years for subscription arrangements and five years for perpetual license arrangements. We have estimated the period of benefit based on the expected contract term including renewal periods, the lifecycle of our technology and other factors. Sales commissions on contract renewals are capitalized and amortized ratably over the contract term, with the exception of contracts with renewal periods that are one year or less, in which case the incremental costs are expensed as incurred. While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could materially impact our reported financial results.
Prior to January 1, 2017, we capitalized sales commissions for subscriptions and recognized the expense over the corresponding period in which the related revenue was recognized. Commissions on perpetual license sales were recognized upon the delivery of the license.
Stock-Based Compensation
Stock-based compensation expense related to our stock options, restricted stock, restricted stock units, or RSUs, and purchase rights issued under our 2018 Employee Stock Purchase Plan, or the 2018 ESPP, is calculated based on the fair value of the awards granted and is recognized on a straight-line basis over the requisite service period, which is generally two to four years, with the exception of RSUs that include performance-based vesting conditions and are expensed using the accelerated attribution method. The fair value of stock options and 2018 ESPP purchase rights is estimated on the

56

Table of Contents

grant date using the Black-Scholes option pricing model, which requires us to make assumptions and judgments, including the expected term, expected volatility, and risk-free interest rates.
Prior to January 1, 2017, we recognized stock-based compensation expense net of estimated forfeitures. Beginning on January 1, 2017, we made an accounting policy election to account for forfeitures as they occur. This election was applied on a modified retrospective basis, resulting in a cumulative-effect adjustment to increase accumulated deficit by $0.1 million.
Beginning on January 1, 2017, we recorded excess tax benefits and tax deficiencies in the income statement when the awards vest or are settled. On January 1, 2017, we recorded a $1.9 million deferred tax asset attributable to excess tax benefits from stock-based compensation, which had not been previously recognized, with a corresponding increase to the valuation allowance.
Estimating the fair value of stock options and purchase rights under the 2018 ESPP using the Black-Scholes option-pricing model requires assumptions as to the fair value of our underlying common stock, the estimated term of the option, the risk free interest rates, the expected volatility of the price of our common stock and the expected dividend yield. The assumptions used to estimate the fair value of the option awards reflect our best estimates. If any of the assumptions change significantly, stock-based compensation for future awards may differ significantly compared with the awards granted previously.
The assumptions and estimates are as follows:
Fair Value of Common Stock. See “Common Stock Valuations” discussion below.
Expected Term. This is the period of time that the options granted are expected to remain unexercised. We employ the simplified method to calculate the average expected term.
Volatility. This is a measure of the amount by which a financial variable, such as a share price, has fluctuated (historical volatility) or is expected to fluctuate (expected volatility) during a period. As we do not yet have sufficient history of our own volatility, we have identified several public entities of similar size, complexity and stage of development and estimate volatility based on the volatility of these companies.
Risk-Free Interest Rate. This is the U.S. Treasury rate, having a term that most closely resembles the expected life of the stock option.
Dividend Yield. We have not and do not expect to pay dividends on our common stock.
Common Stock Valuations
Following our IPO, we use the market price of our common stock at the date of grant as the fair value. Prior to our IPO, the lack of an active public market for our common stock required our board of directors to exercise reasonable judgment and consider a number of factors in order to make the best estimate of fair value of our common stock, in accordance with the technical practice-aid issued by the American Institute of Certified Public Accountants Practice Aid entitled Valuation of Privately-Held Company Equity Securities Issued as Compensation. Factors considered in connection with estimating the fair value of our common stock underlying our award of restricted stock and stock option awards when performing the fair value calculations with the Black Scholes option-pricing model included:
The results of independent third-party valuations of our common stock
Recent arm’s length transactions involving the sale or transfer of our common stock
The rights, preferences and privileges of our Series A and Series B redeemable convertible preferred stock relative to those of our common stock
Our historical financial results and future financial projections
The market value of equity interests in substantially similar businesses, which equity interests can be valued through nondiscretionary, objective means
The lack of marketability of our common stock
The likelihood of achieving a liquidity event, such as an IPO given prevailing market conditions
Industry outlook

57

Table of Contents

General economic outlook including economic growth, inflation and unemployment, interest rate environment and global economic trends
As described above, the exercise price of our stock option awards was determined by our board of directors, with input from management, taking into account the factors described above, using a combination of valuation methodologies with varying weighting applied to each methodology as of the grant date.
Application of these approaches involved the use of estimates, judgment and assumptions that were highly complex and subjective, such as those regarding our expected future revenue, expenses and future cash flows, discount rates, market multiples, the selection of comparable companies and the probability of possible future events. Changes in any or all of these estimates and assumptions or the relationships between those assumptions would have impacted our valuations as of each valuation date and may have had a material impact on the valuation of our common stock.
The fair value of each stock option was estimated on the grant date based on the following assumptions:
 
Year Ended December 31,
 
2018
 
2017
 
2016
Expected term (in years)
6.3
 
6.3
 
6.3
Expected volatility
41.3% — 43.3%
 
45.2% — 47.0%
 
50.0% — 50.1%
Risk-free interest rate
2.7% — 2.9%
 
1.9% — 2.4%
 
1.1% — 1.5%
Expected dividend yield
 
 
Expected forfeiture rate
 
 
1.4% — 5.8%
The fair value of each 2018 ESPP purchase right was estimated on the grant date based on the following assumptions:
 
Year Ended December 31, 2018
Expected term (in years)
0.6 — 2.1
Expected volatility
31.9% — 33.5%
Risk-free interest rate
2.3% — 2.7%
Expected dividend yield
Income Taxes
We are subject to federal, state and local taxes in the United States as well as numerous international jurisdictions. These foreign jurisdictions have different statutory tax rates than the United States. Earnings generated by our international entities are related to transfer pricing requirements as applicable under local jurisdiction tax laws.
We record a provision for income taxes under the asset and liability method, which requires recognition of deferred tax assets and liabilities for the expected future tax consequences of temporary differences between the financial statement carrying amounts and the tax basis of existing assets and liabilities, net operating loss carryforwards and tax credit carryforwards. Deferred tax assets and liabilities are measured using the tax rates that are expected to apply to taxable income for the years in which those tax assets and liabilities are expected to be realized or settled. A valuation allowance is provided if it is more likely than not that some or all of the deferred tax assets will not be realized. We have valuation allowances in all jurisdictions against deferred tax assets net of deferred tax liabilities that will reverse and provide a source of taxable income. Our evaluation of valuation allowances could change in the future and the impact could have a material impact on our financial statements.
We recognize tax benefits from an uncertain tax position if it is more likely than not to be sustained upon audit by the relevant taxing authority. Interest and penalties associated with such uncertain tax positions are classified as a component of income tax expense.

58

Table of Contents

The Tax Cuts and Jobs Act, or the 2017 Tax Act, was enacted into law, which contains several significant changes to how corporations are taxed in the United States, including the reduction of the corporate income tax rate from 35% to 21% effective January 1, 2018. The new legislation also includes a variety of other changes, such as a one-time repatriation tax on accumulated foreign earnings, or transition tax, acceleration of business asset expensing and reduction in the amount of executive pay that could qualify as a tax deduction.
The 2017 Tax Act also included international tax provisions that will affect the Company, including the favorable tax regime for taxing foreign derived intangible income. Additional international provisions include the global intangible low taxed income, or GILTI, regime and the base erosion anti-abuse tax.
Depending on the jurisdiction, distributions of earnings could be subject to withholding taxes at rates applicable to the distributing jurisdiction. As we intend to continue to reinvest the earnings of foreign subsidiaries indefinitely, we have not provided for a U.S. income tax liability and foreign withholding taxes on undistributed foreign earnings of foreign subsidiaries.
Recently Issued Accounting Pronouncements
Refer to Note 1 to our consolidated financial statements contained in this Form 10-K for more information regarding recently issued accounting pronouncements.
Emerging Growth Company Status
We are an emerging growth company, as defined in the Jumpstart Our Business Startups Act of 2012, or the JOBS Act. Under the JOBS Act, emerging growth companies can delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have irrevocably elected not to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.
Item 7A.    Quantitative and Qualitative Disclosures about Market Risk
We are exposed to market risks in the ordinary course of our business, including interest rate, foreign currency exchange and inflation risks.
Interest Rate Risk
At December 31, 2018, we had cash and cash equivalents of $165.1 million, consisting of cash deposits and money market funds. We also had short-term investments of $118.1 million, consisting of commercial paper, U.S. Treasury securities and corporate bonds. Our investments are carried at their fair market value with cumulative unrealized gains or losses recorded as a component of accumulated other comprehensive loss within stockholders' equity. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash and investments. We do not enter into investments for trading or speculative purposes. Interest-earning instruments carry a degree of interest rate risk; however, a hypothetical 10% change in interest rates during any of the periods presented would not have had a material impact on our financial statements.
We have not had any amounts outstanding under the revolving credit facility since it was established in May 2017. Any borrowings under the revolving credit facility would bear interest at a variable rate tied to the prime rate or the LIBOR rate. We do not have any other long-term debt or financial liabilities with floating interest rates that would subject us to interest rate fluctuations.
Foreign Currency Exchange Risk
Substantially all of our sales contracts are denominated in U.S. dollars, with a limited number of contracts denominated in foreign currencies, including foreign denominated leases. A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, British Pound and Australian dollar. Additionally,

59

Table of Contents

fluctuations in foreign currency exchange rates may cause us to recognize remeasurement and transaction gains (losses) in our consolidated statements of operations and comprehensive loss. As the impact of foreign currency exchange rates has not been material to our historical operating results, we have not entered into derivative or hedging transactions, but we may do so in the future if our exposure to foreign currency becomes more significant.
Inflation Risk
We do not believe that inflation has had a material effect on our business, results of operations, or financial condition. Nonetheless, if our costs were to become subject to significant inflationary pressures, we may not be able to fully offset such higher costs. Our inability or failure to do so could harm our business, results of operations, or financial condition.

60

Table of Contents

Item 8.        Financial Statements and Supplementary Data
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
 
Page
 
 
 


61

Table of Contents

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Stockholders and Board of Directors of Tenable Holdings, Inc.
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of Tenable Holdings, Inc. (the Company) as of December 31, 2018 and 2017, the related consolidated statements of operations and comprehensive loss, redeemable convertible preferred stock and stockholders' equity (deficit) and cash flows for each of the three years in the period ended December 31, 2018, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2018 and 2017, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2018, in conformity with U.S. generally accepted accounting principles.
Adoption of ASU No. 2014-09
As discussed in Note 1 to the consolidated financial statements, the Company changed its method for recognizing revenue in 2017 due to the adoption of Accounting Standards Update (ASU) No. 2014-09, Revenue from Contracts with Customers (Topic 606), and the related amendments.
Adoption of ASU No. 2016-02
As discussed in Note 1 to the consolidated financial statements, the Company changed its method of accounting for leases in 2018 due to the adoption of Accounting Standards Update (ASU) No. 2016-02, Leases (Topic 842), and the related amendments.
Basis for Opinion
These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company's internal control over financial reporting. Accordingly, we express no such opinion.
Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
/s/ Ernst & Young LLP
We have served as the Company’s auditor since 2014.
Tysons, Virginia
March 1, 2019

62

Table of Contents

TENABLE HOLDINGS, INC.
CONSOLIDATED BALANCE SHEETS
 
December 31,
(in thousands, except per share data)
2018
 
2017
Assets
 
 
 
Current assets:
 
 
 
Cash and cash equivalents
$
165,116

 
$
27,210

Short-term investments
118,119

 

Accounts receivable (net of allowance for doubtful accounts of $188 and $160 at December 31, 2018 and 2017, respectively)
68,261

 
50,881

Deferred commissions
23,272

 
17,170

Prepaid expenses and other current assets
22,020

 
15,994

Total current assets
396,788

 
111,255

Property and equipment, net
11,348

 
10,754

Construction in progress

 
2,252

Deferred commissions (net of current portion)
36,162

 
33,006

Operating lease right-of-use assets
8,504

 

Other assets
7,810

 
7,070

Total assets
$
460,612

 
$
164,337

Liabilities, Redeemable Convertible Preferred Stock and Stockholders’ Equity (Deficit)
 
 
 
Current liabilities:
 
 
 
Accounts payable
$
171

 
$
338

Accrued expenses
5,554

 
4,878

Accrued compensation
29,594

 
18,482

Deferred revenue
213,644

 
154,898

Operating lease liabilities
4,262

 

Other current liabilities
1,079

 
1,750

Total current liabilities
254,304

 
180,346

Deferred revenue (net of current portion)
76,259

 
70,920

Operating lease liabilities (net of current portion)
6,055

 

Financing obligation

 
1,802

Other liabilities
2,231

 
5,199

Total liabilities
338,849

 
258,267

 

 

Redeemable convertible Series A preferred stock (par value: $0.01; no shares, authorized, issued and outstanding at December 31, 2018; 15,848 shares authorized, issued and outstanding with a liquidation preference of $50,000 at December 31, 2017)

 
49,935

Redeemable convertible Series B preferred stock (par value: $0.01; no shares authorized, issued and outstanding at December 31, 2018; 42,000 shares authorized, 39,538 shares issued and outstanding with liquidation preference of $230,008 at December 31, 2017)

 
227,800

Stockholders’ equity (deficit):
 
 
 
Common stock (par value: $0.01; 500,000 and 93,855 shares authorized, 93,126 and 24,472 shares issued and outstanding at December 31, 2018 and 2017, respectively)
931

 
246

Additional paid-in capital
586,940

 
20,676

Accumulated deficit
(466,108
)
 
(392,587
)
Total stockholders’ equity (deficit)
121,763

 
(371,665
)
Total liabilities, redeemable convertible preferred stock and stockholders’ equity (deficit)
$
460,612

 
$
164,337

The accompanying notes are an integral part of these consolidated financial statements.

63

Table of Contents

TENABLE HOLDINGS, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS AND COMPREHENSIVE LOSS
 
Year Ended December 31,
(in thousands, except per share data)
2018
 
2017
 
2016
Revenue
$
267,360

 
$
187,727

 
$
124,371

Cost of revenue
43,167

 
25,588

 
14,219

Gross profit
224,193

 
162,139

 
110,152

Operating expenses:
 
 
 
 
 
Sales and marketing
173,344

 
116,299

 
85,736

Research and development
76,698

 
57,673

 
40,085

General and administrative
46,732

 
28,927

 
20,164

Total operating expenses
296,774

 
202,899

 
145,985

Loss from operations
(72,581
)
 
(40,760
)
 
(35,833
)
Other income (expense), net
1,424

 
(91
)
 
(532
)
Loss before income taxes
(71,157
)
 
(40,851
)
 
(36,365
)
Provision for income taxes
2,364

 
171

 
843

Net loss and comprehensive loss
(73,521
)
 
(41,022
)
 
(37,208
)
Accretion of Series A and B redeemable convertible preferred stock
(434
)
 
(763
)
 
(763
)
Net loss attributable to common stockholders
$
(73,955
)
 
$
(41,785
)
 
$
(37,971
)
 
 
 
 
 
 
Net loss per share attributable to common stockholders, basic and diluted
$
(1.38
)
 
$
(1.88
)
 
$
(1.81
)
Weighted-average shares used to compute net loss per share attributable to common stockholders, basic and diluted
53,669

 
22,211

 
20,974

The accompanying notes are an integral part of these consolidated financial statements.

64

Table of Contents

TENABLE HOLDINGS, INC.
CONSOLIDATED STATEMENTS OF REDEEMABLE CONVERTIBLE
PREFERRED STOCK AND STOCKHOLDERS' EQUITY (DEFICIT)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Total
 
Redeemable Convertible Preferred Stock
 
 
 
 
 
 
Additional
 
 
 
Stockholders'
 
Series A
 
Series B
 
 
Common Stock
 
Paid-in
 
Accumulated
 
Equity
(in thousands)
Shares
 
Amount
 
Shares
 
Amount
 
 
Shares
 
Amount
 
Capital
 
Deficit
 
(Deficit)
Balance at December 31, 2015
15,848
 
$
49,891

 
39,538
 
$
226,318

 
 
20,670
 
$
207

 
$
8,870

 
$
(275,939
)
 
$
(266,862
)
Accretion of Series A and B redeemable convertible preferred stock

 
22

 

 
741

 
 

 

 
(763
)
 

 
(763
)
Exercise of stock options

 

 

 

 
 
495

 
5

 
490

 

 
495

Stock-based compensation

 

 

 

 
 

 

 
2,447

 

 
2,447

Income tax benefit from stock options

 

 

 

 
 

 

 
(27
)
 

 
(27
)
Net loss

 

 

 

 
 

 

 

 
(37,208
)
 
(37,208
)
Balance at December 31, 2016
15,848
 
49,913


39,538

227,059



21,165

212


11,017

 
(313,147
)

(301,918
)
Cumulative effect of adoptions of new accounting standards

 

 

 

 
 

 

 
61

 
(38,418
)
 
(38,357
)
Accretion of Series A and B redeemable convertible preferred stock

 
22

 

 
741

 
 

 

 
(763
)
 

 
(763
)
Issuance of restricted stock award

 

 

 

 
 
1,583

 
16

 
(16
)
 

 

Exercise of stock options

 

 

 

 
 
1,870

 
19

 
3,001

 

 
3,020

Repurchase of common stock

 

 

 

 
 
(146
)
 
(1
)
 
(384
)
 

 
(385
)
Stock-based compensation

 

 

 

 
 

 

 
7,760

 

 
7,760

Net loss

 

 

 

 
 

 

 

 
(41,022
)
 
(41,022
)
Balance at December 31, 2017
15,848
 
49,935


39,538

227,800

 
 
24,472

246


20,676

 
(392,587
)
 
(371,665
)
Accretion of Series A and B redeemable convertible preferred stock

 
13

 

 
421

 
 

 

 
(434
)
 

 
(434
)
Exercise of stock options

 

 

 

 
 
740

 
7

 
1,661

 

 
1,668

Repurchase of common stock

 

 

 

 
 
(7
)
 
(1
)
 
(74
)
 

 
(75
)
Stock-based compensation

 

 

 

 
 

 

 
23,022

 

 
23,022

Issuance of common stock in connection with initial public offering, net of underwriting discounts and commissions and other offering expenses

 

 

 

 
 
12,535

 
125

 
264,474

 

 
264,599

Conversion of redeemable convertible preferred stock to common stock upon initial public offering
(15,848
)
 
(49,948
)
 
(39,538
)
 
(228,221
)
 
 
55,386

 
554

 
277,615

 

 
278,169

Net loss

 

 

 

 
 

 

 

 
(73,521
)
 
(73,521
)
Balance at December 31, 2018

 
$

 

 
$

 
 
93,126

 
$
931

 
$
586,940

 
$
(466,108
)
 
$
121,763

The accompanying notes are an integral part of these consolidated financial statements.

65

Table of Contents

TENABLE HOLDINGS, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Cash flows from operating activities:
 
 
 
 
 
Net loss
$
(73,521
)
 
$
(41,022
)
 
$
(37,208
)
Adjustments to reconcile net loss to net cash used in operating activities:
 
 
 
 
 
Depreciation and amortization
6,192

 
4,692

 
3,060

Stock-based compensation
22,875

 
7,760

 
2,532

Other
533

 
(748
)
 
953

Changes in operating assets and liabilities:
 
 
 
 
 
Accounts receivable
(17,408
)
 
(14,769
)
 
(13,560
)
Prepaid expenses and other current assets
(6,105
)
 
(8,345
)
 
(605
)
Deferred commissions
(9,258
)
 
(20,058
)
 
(9,777
)
Other assets
(1,876
)
 
(3,267
)
 
(1,856
)
Accounts payable and accrued expenses
294

 
1,922

 
825

Accrued compensation
11,112

 
4,298

 
10,957

Deferred revenue
64,085

 
63,404

 
44,228

Other current liabilities
408

 
421

 
(1,749
)
Other liabilities
110

 
(554
)
 
(585
)
Net cash used in operating activities
(2,559
)
 
(6,266
)
 
(2,785
)
 
 
 
 
 
 
Cash flows from investing activities:
 
 
 
 
 
Purchases of property and equipment
(5,733
)
 
(2,755
)
 
(5,776
)
Purchases of short-term investments
(117,488
)
 

 

Business combination

 

 
(2,075
)
Net cash used in investing activities
(123,221
)
 
(2,755
)
 
(7,851
)
 
 
 
 
 
 
Cash flows from financing activities:
 
 
 
 
 
Proceeds from initial public offering, net of underwriting discounts and commissions
268,531

 

 

Payments of costs related to initial public offering
(3,932
)
 

 

Principal payments under finance lease obligations
(1,443
)
 
(306
)
 
(47
)
Proceeds from grant agreement

 

 
1,000

Credit facility issuance costs

 
(238
)
 

Proceeds from the exercise of stock options
1,668

 
3,020

 
495

Repurchases of common stock
(75
)
 
(385
)
 
(85
)
Net cash provided by financing activities
264,749

 
2,091

 
1,363

Effect of exchange rate changes on cash and cash equivalents and restricted cash
(1,063
)
 
(68
)
 

Net increase (decrease) in cash and cash equivalents and restricted cash
137,906

 
(6,998
)
 
(9,273
)
Cash and cash equivalents and restricted cash at beginning of year
27,472

 
34,470

 
43,743

Cash and cash equivalents and restricted cash at end of year
$
165,378

 
$
27,472

 
$
34,470

 
 
 
 
 
 
Supplemental disclosure of cash flow information:
 
 
 
 
 
Cash paid for interest
$
111

 
$
79

 
$
6

Cash paid for income taxes
$
1,207

 
$
642

 
$
307

Supplemental disclosure of non-cash investing and financing activities:
 
 
 
 
 
Assets acquired under finance leases
$
15

 
$
1,311

 
$
527

Asset retirement obligations
$
58

 
$
764

 
$

The accompanying notes are an integral part of these consolidated financial statements.

66

Table of Contents

TENABLE HOLDINGS, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
1. Business and Summary of Significant Accounting Policies
Business Description
Tenable Holdings, Inc. (the “Company,” “we,” "us," or “our”) is a provider of Cyber Exposure solutions, which is a discipline for managing and measuring cybersecurity risk in the digital era. Our enterprise software platform enables broad visibility into an organization’s cyber exposure across the modern attack surface and deep insights that help organizations translate technical data into business insights to understand and reduce their cybersecurity risk.
Basis of Presentation
The accompanying consolidated financial statements include the accounts of Tenable Holdings, Inc. and our wholly owned subsidiaries and have been prepared in conformity with United States generally accepted accounting principles (“GAAP”). All intercompany accounts and transactions have been eliminated in consolidation.
Initial Public Offering
On July 30, 2018, we completed our initial public offering ("IPO"), in which we issued and sold 12,535,000 shares of common stock at a price to the public of $23.00 per share, including 1,635,000 shares of common stock purchased by our underwriters from the full exercise of their over-allotment option. All of the shares sold in the IPO were sold by the Company. We received net proceeds of $264.6 million after deducting underwriting discounts and commissions and other offering expenses.
Upon the completion of our IPO, all 15,847,500 shares of our Series A Redeemable Convertible Preferred Stock ("Series A") and 39,538,354 shares of our Series B Redeemable Convertible Preferred Stock ("Series B") automatically converted into an aggregate of 55,385,854 shares of our common stock. Our newly adopted Amended and Restated Certificate of Incorporation authorizes a total of 500,000,000 shares of common stock and 10,000,000 shares of preferred stock.
Use of Estimates
The preparation of consolidated financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. These estimates include, but are not limited to, the determination of the estimated economic life of perpetual licenses for revenue recognition, the estimated period of benefit for deferred commissions, useful lives of long-lived assets, the valuation of stock-based compensation, including the estimated underlying fair value of our common stock prior to our IPO, the incremental borrowing rate for operating leases, and the valuation of deferred tax assets. We base these estimates on historical experience and on various other assumptions that we believe to be reasonable. Actual results could differ significantly from these estimates.
Foreign Currency
The functional currency for all of our foreign subsidiaries is the U.S. dollar. Assets and liabilities denominated in other currencies are remeasured into U.S. dollars at current exchange rates for monetary assets and liabilities and at historical exchange rates for non-monetary assets and liabilities. We bill our customers in U.S. dollars. Expenses incurred in non U.S. dollar currencies are remeasured into U.S. dollars when incurred. Remeasurement losses in currencies other than the functional currency were $1.0 million, $0.1 million and $0.5 million in 2018, 2017 and 2016, respectively, and are included as a component of other income (expense), net in the consolidated statements of operations and comprehensive loss.

67

Table of Contents

Revenue Recognition
We early adopted Accounting Standards Codification (“ASC”) Topic 606, Revenue From Contracts With Customers (“ASC 606”), on January 1, 2017 using the modified retrospective method and applying the guidance to all contracts as of January 1, 2017. The most significant impact of adopting ASC 606 was the deferral of perpetual license revenue over an estimated economic life, including estimated maintenance renewal periods, whereas under the previous guidance we recognized perpetual license revenue upon delivery of the perpetual license. Additionally, the incremental costs of obtaining a contract with a customer are deferred, and will be amortized over a longer estimated period of benefit, whereas under previous guidance we amortized such costs over the contract term.
The adoption of ASC 606 resulted in a cumulative adjustment to increase our accumulated deficit by $38.4 million at January 1, 2017, which included a $55.0 million increase to deferred revenue, primarily related to the deferral of perpetual license revenue, offset by a $16.6 million increase to deferred commissions related to the longer estimated period of benefit compared to our historical practice. Of the $55.0 million increase to deferred revenue at January 1, 2017, $19.0 million was recognized as revenue in 2017, and $16.7 million was recognized as revenue in 2018, and $11.8 million, $5.6 million and $1.9 million will be recognized as revenue in 2019, 2020 and 2021, respectively. The impact to revenue in 2017 was a net increase of $3.5 million after giving effect to the recognition of perpetual license revenue from prior year sales and the deferral of perpetual license revenue from 2017 sales.
The core principle of ASC 606 is that revenue should be recognized to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services. To achieve the core principle of ASC 606, we apply the following steps:
Identify the contract with a customer
Identify the performance obligations in the contract
Determine the transaction price
Allocate the transaction price to the performance obligations in the contract
Recognize revenue when or as performance obligations are satisfied
We generate revenue from subscription arrangements for software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses, and professional services and other revenue. We begin to recognize revenue when control of our software or services is transferred to the customer, which for sales made through distributors is concurrent with the transfer to the end user.
The following table presents a summary of revenue:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Subscription revenue
$
205,827

 
$
132,873

 
$
80,399

Perpetual license and maintenance revenue
54,622

 
50,337

 
40,328

Professional services and other revenue
6,911

 
4,517

 
3,644

Revenue
$
267,360

 
$
187,727

 
$
124,371


Subscription Revenue
Subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud solutions, including ongoing software updates and the ability to identify the latest cybersecurity vulnerabilities. Revenue is recognized ratably over the subscription term given the critical utility provided by the ongoing updates that are released throughout the contract period.
Perpetual License and Maintenance Revenue
Our perpetual licenses are generally sold with one or more years of maintenance, which include ongoing software updates and the ongoing ability to identify the latest cybersecurity vulnerabilities. Given the critical utility provided by the

68

Table of Contents

ongoing software updates and updated ability to identify network vulnerabilities included in maintenance, we combine the perpetual license and the maintenance into a single performance obligation. Perpetual license arrangements generally contain a material right related to the customer’s ability to renew maintenance at a price that is less than the initial license fee. We apply a practical alternative to allocating a portion of the transaction price to the material right performance obligation and estimate a hypothetical transaction price which includes fees for expected maintenance renewals based on the estimated economic life of the perpetual license contracts. We allocate the transaction price between the cybersecurity subscription provided in the initial contract and the material right related to expected contract renewals based on the hypothetical transaction price. We recognize the amount allocated to the combined license and maintenance performance obligation over the initial contractual period, which is generally one year. We recognize the amount allocated to the material right over the expected maintenance renewal period, which begins at the end of the initial contractual term and is generally four years. We have estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of the our technology and other factors. While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could materially impact our reported financial results.
Professional Services and Other Revenue
Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services are performed.
Contracts with Multiple Performance Obligations
In cases where our contracts with customers contain multiple performance obligations, the contract transaction price is allocated on a relative standalone selling price basis. We typically determine standalone selling price based on observable selling prices of our products and services.
Variable Consideration
We record revenue from sales at the net sales price, which is the transaction price, including estimates of variable consideration when applicable. Certain of our customers may be entitled to receive credits and in certain circumstances, refunds, if service level commitments are not met. We have not historically experienced significant incidents affecting the ability to meet these service level commitments and any estimated refunds related to these agreements have not been material.
Sales through our channel network of distributors and resellers are generally discounted as compared to the price that we would sell to an end user. Revenue for sales through our channel network is recorded net of any distributor or reseller margin.
Concentrations
We sell our products and services through a channel network of distributors and resellers, along with our own sales teams. We derived 88%, 83% and 80% of revenue through our channel network in 2018, 2017 and 2016, respectively. One of our distributors accounted for 46%, 45% and 42% of revenue in 2018, 2017 and 2016, respectively. That same distributor accounted for 46% and 51% of accounts receivable at December 31, 2018 and 2017, respectively.
Contract Balances
We generally bill our customers in advance and accounts receivable are recorded when we have the right to invoice the customer. Contract liabilities consist of deferred revenue and include customer billings and payments received in advance of performance under the contract. In 2018 and 2017, we recognized revenue of $154.9 million and $106.8 million, respectively, that was included in the deferred revenue balance at the beginning of each of the respective periods.

69

Table of Contents

Remaining Performance Obligations
At December 31, 2018, the future estimated revenue related to unsatisfied performance obligations was $293.2 million, with 73% expected to be recognized as revenue over the succeeding twelve months, and the remainder expected to be recognized over the four years thereafter.
Legacy Revenue Accounting Policies
For periods prior to January 1, 2017, we recognized revenue when all the following criteria were met: (1) persuasive evidence of an arrangement exists, (2) delivery has occurred, (3) the fee is fixed or determinable and (4) collectability is reasonably assured.
We recognized subscription revenue ratably over the term of the subscription period in accordance with ASC 605, Revenue Recognition. When subscription arrangements involved multiple elements that qualified as separate units of accounting, we allocated arrangement consideration at the inception of the arrangement to all deliverables based on the relative selling price method in accordance with the selling price hierarchy, which included (i) vendor-specific objective evidence (VSOE) if available, (ii) third-party evidence (TPE) if VSOE was not available, and (iii) best estimate of selling price (BESP) if neither VSOE nor TPE were available. When VSOE could not be established for deliverables within subscription arrangements, we utilized BESP in our allocation of arrangement consideration, as we generally could not establish TPE. BESP was determined by considering multiple factors including, but not limited to, prices charged for similar offerings, market conditions, competitive landscape, and pricing practices.
We recognized perpetual license revenue upon delivery of the license in accordance with ASC 985-605, Software—Revenue Recognition. We established VSOE of fair value for substantially all products and services with the exception of new subscription agreements and perpetual licenses. VSOE was established for maintenance and support based upon actual renewals and historical pricing when sold separately. Revenue from maintenance agreements was deferred and recognized ratably over the term of the maintenance period. The VSOE of fair value for professional services was based on the price for these same services when they were sold separately.
Other services revenue was recognized as the services were performed.
Cash and Cash Equivalents
We consider all highly liquid financial instruments with an original maturity of three months or less when purchased to be cash equivalents.
As of December 31, 2018 and 2017, cash and cash equivalents excluded $0.3 million of restricted cash, which is related to an account established as collateral for a lease arrangement and was included in other assets on the consolidated balance sheets.
Fair Value of Financial Instruments
Fair value is defined as the price that would be received from selling an asset, or paid to transfer a liability, in an orderly transaction between market participants at the measurement date. We apply fair value accounting for all financial assets and liabilities that are recognized or disclosed at fair value in the financial statements on a recurring basis. We measure cash and cash equivalents and short-term investments at fair value using a fair value hierarchy of inputs. We approximate fair value by using the carrying amounts for accounts receivable, accounts payable and accrued expenses due to their short-term nature.
Investments
We currently invest in commercial paper, corporate bonds, and U.S. treasury and agency obligations. Our investments are classified as available-for-sale and recorded at fair value, with unrealized gains and losses reported in accumulated other comprehensive loss within stockholders’ equity (deficit). We review our investment portfolio to determine whether investments have indicators of possible impairment.

70

Table of Contents

Accounts Receivable
Accounts receivable are recorded at the invoiced amount, less an allowance for doubtful accounts, and do not bear interest. We maintain an allowance for doubtful accounts at an amount estimated to be sufficient to cover the risk of collecting less than full payment of the receivables. At each balance sheet date, we evaluate our receivables and assess the allowance for doubtful accounts based on specific customer collection issues and historical write-off trends.
Deferred Commissions
Sales commissions, including related incremental fringe benefit costs, are considered to be incremental costs of obtaining a contract. Sales commissions on initial sales are not commensurate with sales commissions on contract renewals and therefore are recognized over an estimated period of benefit, which ranges between three and four years for subscription arrangements and five years for perpetual license arrangements. We estimated the period of benefit based on the expected contract term including renewal periods, the lifecycle of our technology, and other factors. Sales commissions on contract renewals are capitalized and amortized ratably over the contract term, with the exception of contracts with renewal periods that are one year or less, in which case the incremental costs are expensed as incurred.
The following summarizes the activity of deferred incremental costs of obtaining a contract:
 
Year Ended December 31,
(in thousands)
2018
 
2017
Beginning balance
$
50,176

 
$
30,118

Capitalization of contract acquisition costs
29,075

 
34,632

Amortization of deferred contract acquisition costs
(19,817
)
 
(14,574
)
Ending balance
$
59,434

 
$
50,176


Amortization of deferred contract acquisition costs is included in sales and marketing expense in the consolidated statements of operations and comprehensive loss.
Prior to January 1, 2017, we capitalized sales commissions and recognized the expense over the corresponding period in which the related revenue was recognized. Commissions on perpetual license sales were recognized upon the delivery of the license.
Property and Equipment, net
Property and equipment, net is stated at historical cost less accumulated depreciation. Depreciation is computed using the straight-line method over the estimated useful lives of the assets: three years for computer software and equipment and five years for furniture and fixtures. Leasehold improvements are amortized using the straight-line method over the shorter of the estimated useful lives of the assets or the terms of the respective leases. Property and equipment, net includes right-of-use assets acquired under finance leases. Amortization of assets acquired under finance leases is included in depreciation expense. Repairs and maintenance costs are expensed as incurred.
Leases
In October 2017, we entered into a lease of approximately six of the twelve floors of a building currently being constructed by the landlord in Columbia Maryland for our new corporate headquarters. Under accounting guidance in effect in 2017 for build-to-suit lease arrangements, we concluded that we were the deemed owner of the building during the construction period. Accordingly, we recorded a construction-in-progress asset of $2.3 million for which there was a corresponding construction financing obligation of $1.8 million, net of a $0.5 million deposit, recorded in the consolidated balance sheet at December 31, 2017.
In December 2018 we early adopted ASC Topic 842, Leases ("ASC 842"), as of January 1, 2018 using the modified retrospective method applying the transition provisions at the beginning of the period of adoption, rather than at the beginning of the earliest comparative period presented in these financial statements. We elected the package of practical

71

Table of Contents

expedients as permitted under the transition guidance, which allowed us to not reassess whether arrangements contain leases, not reassess lease classification, and not reassess initial direct costs.
The most significant impact of adopting ASC 842 was the recognition of right-of-use ("ROU") assets and lease liabilities for operating leases of $10.1 million and $12.3 million, respectively on January 1, 2018, which included reclassifying prepaid rent and deferred rent as a component of the ROU asset. Additionally, we concluded that we do not control the building under construction for our new corporate headquarters, and upon adoption, derecognized $2.3 million of construction-in-progress and a $1.8 million construction financing obligation on January 1, 2018 and recognized a $0.5 million deposit. Our accounting for finance leases (formerly referred to as capital leases prior to the adoption of ASC 842) remained substantially unchanged.
The impact of the adoption of ASC 842 on previously reported interim financial statements included the recognition of ROU assets and lease liabilities, as well as the derecognition of the construction-in-progress and construction financing obligation and the recognition of the deposit referred to above. There was no material impact to previously reported results of operations for any interim period.
We determine if an arrangement contains a lease and the classification of that lease, if applicable, at inception. We have elected to not recognize a lease liability or ROU asset for short-term leases (leases with a term of twelve months or less). For contracts with lease and non-lease components, we have elected to not allocate the contract consideration, and account for the lease and non-lease components as a single lease component. Additionally, we enter into arrangements to use shared office spaces and other facilities, and have determined that these arrangements do not contain leases as we do not have the right to use an identified asset. Operating leases are included in operating lease ROU assets, operating lease liabilities and operating lease liabilities (net of current portion) in our consolidated balance sheets. Finance leases are included in property and equipment, other current liabilities and other liabilities in our consolidated balance sheets.
ROU assets represent our right to use an underlying asset for the lease term and lease liabilities represent our obligation to make lease payments under the lease. Operating lease ROU assets and liabilities are recognized at the lease commencement date based on the present value of lease payments over the lease term. The implicit rate within our operating leases are generally not determinable and we use our incremental borrowing rate at the lease commencement date to determine the present value of lease payments. The determination of our incremental borrowing rate requires judgment. We determine our incremental borrowing rate for each lease using our current borrowing rate, adjusted for various factors including level of collateralization, term and currency to align with the terms of the lease. The operating lease ROU asset also includes any lease prepayments, offset by lease incentives. Certain of our leases include options to extend or terminate the lease. An option to extend the lease is considered in connection with determining the ROU asset and lease liability when it is reasonably certain we will exercise that option. An option to terminate is considered unless it is reasonably certain we will not exercise the option.
Lease expense for lease payments is recognized on a straight-line basis over the term of the lease.
Impairment of Long-Lived Assets
We evaluate our long-lived assets for impairment whenever events or changes in circumstance indicate that the carrying amount may not be fully recoverable. Recoverability of the long-lived assets is measured by a comparison of the carrying amount of the assets to future undiscounted net cash flows expected to be generated by the assets. If such assets are considered to be impaired, the impairment to be recognized is measured as the excess of the carrying amount over the fair value. There was no impairment of long-lived assets in 2018, 2017 and 2016.
Business Combinations
We account for business combinations by recognizing the fair value of acquired assets and liabilities. The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill. Acquisition-related transaction costs are expensed as incurred.
When determining the fair value of assets acquired and liabilities assumed, we make estimates and assumptions, especially with respect to intangible assets. Estimates in valuing certain identifiable assets include, but are not limited to,

72

Table of Contents

expected long-term market growth, future expected operating expenses, costs of capital, and appropriate discount rates. Our estimate of fair value is based upon assumptions we believe to be reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates.
In September 2016, we purchased the technology and related assets of a company whose software performs vulnerability and malware detection, along with continuous monitoring, for containers. The purchase consideration was $2.1 million in cash, which included $1.8 million of purchased technology and $0.3 million of goodwill, and is included in other assets on the consolidated balance sheets. No tangible assets were acquired. Acquisition-related costs were not material.
Intangible Assets, Net
Intangible assets consisted of $1.8 million of purchased technology, which is amortized over a three-year period. Accumulated amortization was $1.4 million and $0.8 million at December 31, 2018 and 2017, respectively.
Amortization of intangible assets was $0.6 million, $0.6 million and $0.2 million in 2018, 2017 and 2016, respectively. At December 31, 2018, estimated future amortization of intangible assets was $0.4 million in 2019.
Advertising
Advertising costs are expensed as they are incurred. We incurred advertising costs of $3.3 million, $3.2 million and $1.1 million in 2018, 2017 and 2016, respectively, which was included in sales and marketing expense in the consolidated statements of operations and comprehensive loss.
Software Development Costs
Research and development costs to develop software to be sold, leased or marketed are expensed as incurred up to the point of technological feasibility for the related software product. We have not capitalized development costs for software to be sold, leased or marketed to date, as the software development process is essentially completed concurrent with the establishment of technological feasibility. As such, these costs are expensed as incurred and recognized in research and development costs in the consolidated statements of operations and comprehensive loss.
Software developed for internal use, with no substantive plans to market such software at the time of development, are capitalized and included in property and equipment, net in the consolidated balance sheets. Costs incurred during the preliminary planning and evaluation and post implementation stages of the project are expensed as incurred. Costs incurred during the application development stage of the project are capitalized. In 2018, we capitalized $2.4 million of development costs related to internal use software. In 2017 and 2016, capitalized costs related to software developed for internal use were immaterial.
Stock-Based Compensation
Stock-based compensation expense related to our stock options, restricted stock, restricted stock units ("RSUs") and purchase rights issued under our 2018 Employee Stock Purchase Plan ("2018 ESPP") is calculated based on the fair value of the awards granted and is recognized on a straight-line basis over the requisite service period, which is generally two to four years, with the exception of RSUs that include performance-based vesting conditions and are expensed using the accelerated attribution method. The fair value of stock options and 2018 ESPP purchase rights is estimated on the grant date using the Black-Scholes option pricing model, which requires us to make assumptions and judgments, including the expected term, expected volatility, and risk-free interest rates.
Prior to our IPO, we estimated the fair value of our common stock at the date of grant. Following our IPO, we use the market price of our common stock at the date of grant.
We adopted Accounting Standards Update (“ASU”) No. 2016-09 - Compensation-Stock Compensation (Topic 718) (“ASU 2016-09”) on January 1, 2017 and made an accounting policy election to account for forfeitures as they occur. This election was applied on a modified retrospective basis. ASU 2016-09 also requires excess tax benefits and tax

73

Table of Contents

deficiencies to be recorded in the income statement as opposed to additional paid-in capital when the awards vest or are settled, and we applied this on a prospective basis beginning on January 1, 2017. In addition, ASU 2016-09 eliminated the requirement that excess tax benefits be realized before they can be recorded.
Net Loss per Share
We calculate basic and diluted net loss per share attributable to common stockholders in conformity with the two-class method required for participating securities. Under the two-class method, the net loss attributable to common stockholders is not allocated to the redeemable convertible preferred stock as the holders of our redeemable convertible preferred stock do not have a contractual obligation to share in losses.
Under the two-class method, basic net loss per share attributable to common stockholders is computed by dividing the net loss attributable to common stockholders by the weighted-average number of shares of common stock outstanding during the period. Net loss attributable to common stockholders is calculated by adjusting net loss by the current period accretion of redeemable convertible preferred stock.
Upon the completion of our IPO, all of our Series A and Series B redeemable convertible preferred stock automatically converted into shares of our common stock.
Diluted earnings per share attributable to common stockholders is computed by giving effect to all potentially dilutive common stock equivalents in the period, including stock options, unvested restricted shares, redeemable convertible preferred stock and shares to be issued under our 2018 ESPP. As we have reported losses for all periods presented, all potentially dilutive securities have been excluded from the calculation of diluted net loss per share attributable to common stockholders as their effect would be antidilutive.
Segment Information
We operate as one operating segment as our chief executive officer, who is our chief operating decision maker, reviews financial information on a consolidated basis for purposes of making operating decisions, allocating resources, and evaluating financial performance.
Income Taxes
Income taxes are accounted for under the asset and liability method. This method requires recognition of deferred tax assets and liabilities for the expected future tax consequences of temporary differences between the financial statement carrying amounts and the tax basis of existing assets and liabilities, net operating loss carryforwards, and tax credit carryforwards. A valuation allowance is provided if it is more likely than not that some or all of the deferred tax assets will not be realized.
We recognize tax benefits from an uncertain tax position if it is more likely than not to be sustained upon audit by the relevant taxing authority. Interest and penalties associated with such uncertain tax positions are classified as a component of income tax expense.
Recently Issued Accounting Pronouncements Not Yet Adopted
In June 2016, the Financial Accounting Standards Board ("FASB") issued ASU No. 2016-13 - Financial Instruments-Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments. This ASU amends guidance on reporting credit losses for assets held at amortized cost basis and available-for-sale debt securities to require that credit losses on available-for-sale debt securities be presented as an allowance rather than as a write-down. The measurement of credit losses for newly recognized financial assets and subsequent changes in the allowance for credit losses are recorded in the statements of operations. This guidance will be effective for us beginning January 1, 2020, with early adoption permitted. We are currently evaluating the potential impact of this standard on our consolidated financial statements.

74

Table of Contents

2. Fair Value Measurements
We measure certain financial instruments at fair value using a fair value hierarchy. In the hierarchy, assets are classified based on the lowest level inputs used in valuation into the following categories:
Level 1 — Quoted prices in active markets for identical assets and liabilities;
Level 2 — Observable inputs including quoted market prices for similar assets and liabilities in active markets, quoted prices for identical assets and liabilities in inactive markets, or inputs that are corroborated by observable market data; and
Level 3 — Unobservable inputs.
The following table summarizes assets that are measured at fair value on a recurring basis at December 31, 2018:
(in thousands)
Level 1
 
Level 2
 
Level 3
 
Total
Cash and cash equivalents
 
 
 
 
 
 
 
Money market funds
$
38,022

 
$

 
$

 
$
38,022

 
 
 
 
 
 
 
 
Short-term investments
 
 
 
 
 
 
 
Commercial paper
$

 
$
79,634

 
$

 
$
79,634

Corporate bonds
$

 
$
16,119

 
$

 
$
16,119

U.S. Treasury and agency obligations
$

 
$
22,366

 
$

 
$
22,366


We did not have any liabilities measured and recorded at fair value at December 31, 2018, and we did not have any assets or liabilities measured at fair value at December 31, 2017.
3. Property and Equipment, Net
Property and equipment, net consisted of the following:
 
December 31,
(in thousands)
2018
 
2017
Computer software and equipment
$
13,038

 
$
9,089

Furniture and fixtures
2,376

 
2,102

Leasehold improvements
7,266

 
6,452

Right-of-use assets under finance leases
1,854

 
1,839

Total
24,534

 
19,482

Less: accumulated depreciation and amortization
(13,186
)
 
(8,728
)
Property and equipment, net
$
11,348

 
$
10,754


Depreciation and amortization related to property and equipment was $5.6 million, $4.1 million and $2.9 million in 2018, 2017 and 2016, respectively.
4. Debt
On May 4, 2017, we entered into a $25.0 million revolving credit facility (“Credit Facility”) with Silicon Valley Bank, which is available for use until May 4, 2020. The Credit Facility is intended to be used to fund working capital and to provide increased liquidity and financial flexibility and bears interest at either LIBOR plus 2%, or the lender's prime rate plus 1%. In addition, we pay quarterly in arrears 0.25% of the average unused portion. The Credit Facility is secured by a first priority security interest in all of our assets, with a negative pledge on our Intellectual Property, as defined in the credit agreement.

75

Table of Contents

The Credit Facility contains certain restrictive covenants customary for facilities of this type including restrictions on indebtedness, liens, acquisitions and investments, restricted payments and dispositions. If, as of the last day of any quarter, the outstanding balance of the Credit Facility exceeds $5.0 million, there are financial covenants that require us to maintain a minimum level of earnings before income taxes, interest, depreciation and amortization (“EBITDA”) adjusted to add changes in deferred revenue in the period, and a minimum current ratio level. There were no borrowings or letters of credit issued under the Credit Facility in 2018 or 2017.
5. Leases
We have operating leases for office facilities and finance leases for computer and office equipment. Our leases have remaining terms of less than one year to 8.5 years, some of which include one or more options to renew, with renewal terms up to five years and some of which include options to terminate the leases within the next three years. The ROU assets and liabilities as of December 31, 2018 assume the option to early terminate one of our leases in 2021.
The components of lease expense were as follows:
(in thousands)
Year Ended December 31, 2018
Operating lease cost
$
3,694

 
 
Finance lease cost:
 
Amortization of ROU assets
$
614

Interest on lease liabilities
35

Total finance lease cost
$
649

Rent expense for short-term leases in 2018 was not material.
Supplemental balance sheet information related to lease liabilities was as follows:
(in thousands, except lease term and discount rate)
December 31, 2018
Operating leases
 
Operating ROU assets
$
8,504

 
 
Operating lease liabilities (current)
$
4,262

Operating lease liabilities (net of current portion)
6,055

Total operating lease liabilities
$
10,317

 
 
Weighted average remaining lease term
3.1 years
Weighted average discount rate
7.1%
 
 
Finance leases
 
Property and equipment
$
1,854

Accumulated depreciation
(1,004
)
Property and equipment, net
$
850

 
 
Other current liabilities
$
14

Other liabilities
39

Total finance lease liabilities
$
53



76

Table of Contents

Supplemental cash flow information related to leases was as follows:
(in thousands)
Year Ended December 31, 2018
Cash paid for amounts included in the measurement of lease liabilities:
 
Operating cash flows from operating leases
$
4,313

Operating cash flows from finance leases
35

Financing cash flows from finance leases
1,443

 
 
ROU assets obtained in exchange for lease obligations:
 
Operating leases
1,525

Finance leases
15


Maturities of operating lease liabilities at December 31, 2018 were as follows:
(in thousands)
 
Year ending December 31,
 
2019
$
4,429

2020
3,736

2021
1,747

2022
465

2023
301

Thereafter
1,052

Total lease payments
11,730

Less imputed interest
(1,413
)
Total
$
10,317


As of December 31, 2018, the operating lease for our future headquarters had not commenced and we did not have control of the space to be leased. We plan to take possession of the leased office space in mid-2019, at which time we will record a right-of-use asset and corresponding lease liability, and begin to record rent expense. Future lease payments related to this lease are $68.2 million and the lease payments are expected to commence in the first quarter of 2021.
Rent expense related to operating leases for office facilities was $3.6 million and $2.5 million in 2017 and 2016, respectively.
Total obligations for finance leases, formerly referred to as capital leases prior to the adoption of ASC 842 on January 1, 2018, were $1.5 million at December 31, 2017.
6. Redeemable Convertible Preferred Stock and Common Stock
Redeemable Convertible Preferred Stock
In October 2012, Tenable, Inc. (now a wholly owned subsidiary of Tenable Holdings, Inc.) issued 15,847,500 shares of Series A redeemable convertible preferred stock. In December 2015, we issued 15,847,500 shares, par value of $0.01, of Series A redeemable convertible preferred stock ("Series A") in exchange for Series A redeemable convertible preferred stock of Tenable, Inc. in connection with a recapitalization. This exchange was made on a one for one basis. In addition, we authorized 42,000,000 shares and issued 39,538,354 shares, par value of $0.01, of Series B redeemable convertible preferred stock ("Series B"). Upon completion of our IPO, Series A and Series B (together, the “Redeemable Convertible Preferred Stock”) automatically converted into an aggregate of 55,385,854 shares of our common stock.
We accreted the Redeemable Convertible Preferred Stock to the redemption price at the redemption date using the effective interest method. Upon completion of our IPO, the accretion rights of the Redeemable Convertible Preferred Stock were terminated.

77

Table of Contents

Upon the completion of our IPO, we filed an Amended and Restated Certificate of Incorporation, authorizing a total of 500,000,000 shares of common stock and 10,000,000 shares of preferred stock. At December 31, 2018, no shares of preferred stock were issued or outstanding.
Common Stock
The voting, dividend, and liquidation rights of common stockholders are subject to, and qualified by, the rights of preferred stockholders. The common stockholders are entitled to receive dividends when, as and if, declared by the Board of Directors, subject to preferential dividend rights of preferred stockholders. Upon dissolution or liquidation, our common stockholders will be entitled to receive all assets available for distribution to stockholders, subject to any preferential rights of preferred stockholders.
7. Stock-Based Compensation
We have various stock incentive plans under which we have issued stock-based awards. Stock options granted under our stock incentive plans have a maximum term of ten years, generally vest over a period of three to four years, and the exercise price cannot be less than the fair market value on the date of grant. RSUs granted under our stock incentive plans generally vest over a period of two to four years.
In 2018, our board of directors adopted, and our stockholders approved, our 2018 Equity Incentive Plan ("2018 Plan"), which reserved 9.9 million shares of our common stock that may be issued as stock-based awards. The 2018 Plan became effective upon the execution of the underwriting agreement related to our IPO, at which point no further grants were made under our 2016 Stock Incentive Plan ("2016 Plan"). Any shares subject to stock options or other stock awards granted under our 2016 Plan, 2012 Stock Incentive Plan or 2002 Stock Incentive Plan that would have otherwise returned to such plan (such as upon the expiration or termination of a stock award prior to vesting) were added to, and are available for issuance under, our 2018 Plan. In addition, the number of shares of our common stock reserved for issuance under our 2018 Plan will automatically increase on January 1 of each year, beginning on January 1, 2019 and continuing through and including January 1, 2028, by 5% of the total number of shares of our capital stock outstanding on December 31 of the preceding calendar year, or a lesser number of shares determined by our board of directors. There were 10,908,158 shares available for grant under the 2018 Plan at December 31, 2018.
Stock-based compensation expense included in the consolidated statements of operations and comprehensive loss was as follows:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Cost of revenue
$
1,707

 
$
281

 
$
223

Sales and marketing
6,911

 
1,579

 
969

Research and development
5,804

 
1,782

 
602

General and administrative
8,453

 
4,118

 
738

Total stock-based compensation expense
$
22,875


$
7,760


$
2,532


At December 31, 2018, the total unrecognized stock-based compensation expense related to outstanding stock options was $47.9 million, which is expected to be recognized over an estimated remaining weighted average period of 3.0 years.
At December 31, 2018, the unrecognized stock-based compensation expense related to unvested awards of restricted stock was $3.4 million, which is expected to be recognized over an estimated remaining period of 2.0 years.
At December 31, 2018, the unrecognized stock-based compensation expense related to unvested RSUs was $15.7 million, which is expected to be recognized over an estimated remaining period of 2.3 years.

78

Table of Contents

Stock Options
A summary of our stock option activity for the periods presented is below:
(in thousands, except for per share data and years)
Number
of Shares
 
Weighted
Average
Exercise Price
 
Weighted-Average Remaining Contractual Term (in years)
 

Aggregate Intrinsic Value
Outstanding at December 31, 2015
7,616
 
$
2.15

 
7.4
 
$
17,237

Granted
2,800
 
4.15

 
 
 
 
Exercised
(495)
 
1.00

 
 
 
1,567

Forfeited/canceled
(585)
 
2.84

 
 
 
 
Outstanding at December 31, 2016
9,336
 
2.77

 
7.2
 
15,374

Granted
9,022
 
5.22

 
 
 
 
Exercised
(1,870)
 
1.62

 
 
 
7,667

Forfeited/canceled
(1,915)
 
3.21

 
 
 
 
Outstanding at December 31, 2017
14,573
 
4.38

 
8.2
 
77,020

Granted
6,108
 
15.17

 

 


Exercised
(740)
 
2.26

 

 
9,902

Forfeited/canceled
(722)
 
7.23

 

 


Outstanding at December 31, 2018
19,219
 
7.78

 
8.0
 
277,114

Exercisable at December 31, 2018
6,758
 
3.75

 
6.6
 
124,629


At December 31, 2018, there were 19.2 million stock options outstanding that were vested and expected to vest.
In 2018, 2017 and 2016, we granted stock options to employees that vest over three to four years and had a per share weighted average grant date fair value of $6.84, $2.48 and $2.03, respectively. Estimating the fair value of stock options using the Black-Scholes option-pricing model requires assumptions as to the estimated term of the option, the risk-free interest rate, the expected volatility of the price of our common stock, the expected dividend yield, and the fair value of our underlying common stock prior to our IPO.
Fair Value of Common Stock. Following our IPO, we use the market price of our common stock at the date of grant. Prior to our IPO, the lack of an active public market for our common stock requires an estimate of the fair value of the common stock for granting stock options and restricted shares, and for determining stock-based compensation expense. Contemporaneous third-party valuations were obtained to assist in determining the fair value of our common stock. The contemporaneous valuations were performed in accordance with applicable methodologies, approaches and assumptions of the technical practice-aid issued by the American Institute of Certified Public Accountants Practice Aid entitled Valuation of Privately-Held Company Equity Securities Issued as Compensation. 
Expected Term. This is the period of time that the options granted are expected to remain unexercised. We employ the simplified method to calculate the average expected term.
Expected Volatility. Volatility is a measure of the amount by which a financial variable, such as a share price, has fluctuated (historical volatility) or is expected to fluctuate (expected volatility) during a period. As we do not yet have sufficient history of our own volatility, we have identified several public entities of similar size, complexity, and stage of development and estimate volatility based on the volatility of these companies.
Risk-Free Interest Rate. This is the U.S. Treasury rate, having a term that most closely resembles the expected life of the stock option.
Expected Dividend Yield. We have never declared or paid dividends and have no plans to do so in the foreseeable future.

79

Table of Contents

The fair value of each stock option was estimated on the grant date based on the following assumptions:
 
Year Ended December 31,
 
2018
 
2017
 
2016
Expected term (in years)
6.3
 
6.3
 
6.3
Expected volatility
41.3% — 43.3%
 
45.2% — 47.0%
 
50.0% — 50.1%
Risk-free interest rate
2.7% — 2.9%
 
1.9% — 2.4%
 
1.1% — 1.5%
Expected dividend yield
 
 
Expected forfeiture rate
 
 
1.4% — 5.8%

Restricted Stock and Restricted Stock Units
A summary of our restricted stock and RSU activity is presented below:
 
Restricted Stock
 
Restricted Stock Units
(in thousands, except for per share data and years)
Number
of Shares
 
Weighted
Average
Grant Date Fair Value
 
Number
of Shares
 
Weighted
Average
Grant Date Fair Value
Unvested balance at December 31, 2016

 
$

 

 
$

Granted
1,583

 
4.25

 

 

Vested

 

 

 

Forfeited

 

 

 

Unvested balance at December 31, 2017
1,583

 
4.25

 

 

Granted

 

 
1,200

 
18.75

Vested
(693)

 
4.25

 

 

Forfeited

 

 
(71)

 
16.27

Unvested balance at December 31, 2018
890

 
4.25

 
1,129

 
18.90


The grant date fair value was based on the estimated fair value of our common stock on the date of grant. RSUs granted before July 30, 2018 vest upon the satisfaction of both service-based and performance-based vesting conditions. The performance-based condition was satisfied upon the completion of our IPO. RSUs granted after July 30, 2018 vest upon the satisfaction of a service-based vesting condition.
Compensation expense for restricted stock and RSUs is recognized on a straight-line basis over the requisite service period, with the exception of RSUs that include performance-based vesting conditions, which are expensed using the accelerated attribution method. The performance-based condition for RSUs granted before July 30, 2018 was satisfied upon the completion of our IPO.
2018 Employee Stock Purchase Plan
In 2018, our board of directors adopted, and our stockholders approved, our 2018 ESPP, which became effective upon the execution of the underwriting agreement related our IPO. Our 2018 ESPP initially reserved 4,000,000 shares of our common stock to be issued and the number of shares of our common stock reserved for issuance under our 2018 ESPP will automatically increase on January 1 of each year, beginning on January 1, 2019 and continuing through and including January 1, 2028, by the lesser of (1) 1.5% of the total number of shares of our common stock outstanding on December 31 of the preceding calendar year, (2) 8,000,000 shares of our common stock or (3) such lesser number of shares of common stock as determined by our board of directors.
Under our 2018 ESPP, employees may set aside up to 15% of their gross earnings, on an after-tax basis, to purchase our common stock at a discounted price, which is calculated at 85% of the lower of the fair market value of our common stock on the first day of an offering or on the date of purchase. The 2018 ESPP permits offerings up to 27 months in

80

Table of Contents

duration, with one or more purchase periods in each offering. The initial offering period began on July 25, 2018 and is scheduled to end on September 1, 2020, with purchase periods ending on March 1, 2019, September 1, 2019, March 1, 2020 and September 1, 2020.
At December 31, 2018, there was $6.3 million of employee contributions to the 2018 ESPP included in accrued compensation, and no shares of our common stock have been purchased. The unrecognized stock-based compensation expense related to our 2018 ESPP was $8.2 million, which is expected to be recognized over the remaining offering period of 1.7 years.
The fair value of the 2018 ESPP purchase rights was estimated on the grant date using a Black-Scholes option-pricing model and the following assumptions:
 
Year Ended December 31, 2018
Expected term (in years)
0.6 — 2.1
Expected volatility
31.9% — 33.5%
Risk-free interest rate
2.3% — 2.7%
Expected dividend yield

8. Net Loss Per Share Attributable to Common Stockholders
The following table sets forth the computation of basic and diluted net loss per share attributable to common stockholders:
 
Year Ended December 31,
(in thousands, except per share data)
2018
 
2017
 
2016
Net loss attributable to common stockholders
$
(73,955
)
 
$
(41,785
)
 
$
(37,971
)
 
 
 
 
 
 
Weighted-average shares used to compute net loss per share attributable to common stockholders, basic and diluted
53,669

 
22,211

 
20,974

 
 
 
 
 
 
Net loss per share attributable to common stockholders, basic and diluted
$
(1.38
)
 
$
(1.88
)
 
$
(1.81
)

The following potentially dilutive securities have been excluded from the diluted per share calculations because they would have been antidilutive:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Stock options
19,219

 
14,573

 
9,336

Restricted stock units
1,129

 

 

Restricted shares
890

 
1,583

 

Shares to be issued under ESPP
320

 

 

Redeemable convertible preferred stock

 
55,386

 
55,386

Total
21,558

 
71,542

 
64,722



81

Table of Contents

9. Income Taxes
U.S. and international components of loss before income taxes were as follows:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
U.S. income (loss)
$
1,429

 
$
(29,357
)
 
$
(40,330
)
Foreign (loss) income
(72,586
)
 
(11,494
)
 
3,965

Total loss before income taxes
$
(71,157
)
 
$
(40,851
)
 
$
(36,365
)

The components of the provision for income taxes were as follows: 
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Current
 
 
 
 
 
Federal
$

 
$
140

 
$
(71
)
State
58

 
6

 
(80
)
Foreign
2,306

 
898

 
359

Total current tax expense
2,364

 
1,044

 
208

Deferred
 
 
 
 
 
Foreign

 
(873
)
 
635

Total deferred tax expense (benefit)

 
(873
)
 
635

Total provision for income taxes
$
2,364

 
$
171

 
$
843


The items accounting for the difference between income taxes computed at the federal statutory rate and our effective tax rate were as follows:
 
Year Ended December 31,

2018
 
2017
 
2016
U.S. federal statutory tax rate
21.0
 %
 
34.0
 %
 
34.0
 %
State and local taxes
(1.5
)
 
2.4

 
4.9

Research and development tax credit
1.9

 
3.0

 
2.2

Uncertain tax positions
(1.0
)
 
(0.2
)
 
0.5

Foreign tax rate differential
(9.4
)
 
(4.0
)
 
1.4

Transition tax

 
(2.7
)
 

Revaluation of U.S. deferred income taxes

 
(34.5
)
 

Change in valuation allowance
(12.6
)
 
2.7

 
(43.3
)
Other
(1.7
)
 
(1.1
)
 
(2.0
)
Effective tax rate
(3.3
)%
 
(0.4
)%
 
(2.3
)%

We maintain a valuation allowance on U.S. federal, state and foreign net deferred tax assets as the realization of our deferred tax assets is dependent upon future earnings, if any, the timing and amount of which are uncertain.

82

Table of Contents

The components of the deferred tax assets and liabilities were as follows: 
 
December 31,
(in thousands)
2018
 
2017
Deferred tax assets:
 
 
 
Net operating losses
$
32,745

 
$
29,227

Deferred revenue
16,488

 
14,327

Stock-based compensation
5,581

 
663

Tax credits
5,320

 
4,112

Leases
2,436

 
567

Accrued compensation
697

 
415

Other
68

 
37

Total deferred tax assets
63,335

 
49,348

Valuation allowance
(47,266
)
 
(36,403
)
Net deferred tax assets
16,069

 
12,945

Deferred tax liabilities:
 
 
 
Deferred commissions
(13,273
)
 
(12,306
)
Property and equipment
(2,166
)
 
(367
)
Intangible assets
(353
)
 

Other
(277
)
 
(272
)
Total deferred tax liabilities
(16,069
)
 
(12,945
)
Net deferred tax liabilities
$

 
$


At December 31, 2018, we had net operating loss (“NOL”) carryforwards for federal, state and foreign tax purposes of $85.9 million, $24.1 million, and $102.3 million, respectively, which will begin to expire in 2030, as well as $6.8 million of federal, state and foreign research and development tax credits, foreign tax credits, minimum tax credits and certain states’ job creation tax credits. The federal research and development and foreign tax credits will begin to expire in 2032 and the state job creation tax credits will begin to expire in 2019.
In 2018, we recorded a deferred tax asset of $1.7 million related to our operating lease liability and recorded a deferred tax liability of $1.7 million related to our operating lease right-of-use asset due to the adoption of ASU 842. In connection with our IPO, we recorded a $1.9 million increase in our valuation allowance related to certain transaction costs.
In 2017, we recorded deferred tax assets of $21.0 million related to deferred revenue previously recognized for tax purposes, deferred tax liabilities of $6.3 million related to capitalizing commission and fringe benefit costs previously expensed for tax purposes, and a corresponding valuation allowance of $14.7 million from adopting ASC 606.
We are currently subject to the annual limitation under Sections 382 and 383 of the Internal Revenue Code. We will not be precluded from realizing the NOL carryforward and tax credits but may be limited in the amount we could utilize in any given tax year in the event that the federal and state taxable income will exceed the limitation imposed by Section 382. The amount of the annual limitation is determined based on our value immediately prior to the ownership change. Subsequent ownership changes may further affect the limitation in future years.
At December 31, 2018 and 2017, the total amount of gross unrecognized tax benefits was $4.8 million and $1.2 million, respectively, which, if recognized, would impact our effective tax rate by less than $0.1 million in each year. Interest and penalties associated with uncertain tax positions recognized as a component of income tax expense were immaterial in 2018, 2017 and 2016.

83

Table of Contents

The change in gross unrecognized tax benefits, excluding accrued interest, were as follows: 
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Unrecognized tax benefits at the beginning of the period
$
1,199

 
$
736

 
$
663

Additions for tax positions in the current year
3,571

 
446

 
233

Increase in prior year positions
102

 
30

 

Decrease in prior year positions
(58
)
 
(13
)
 
(160
)
Unrecognized tax benefits at the end of the period
$
4,814

 
$
1,199

 
$
736


We file income tax returns in the United States, including various state jurisdictions. Our subsidiaries file income tax returns in various foreign jurisdictions. The tax years 2014 to 2018 remain open to examination by the major taxing jurisdictions in which we are subject to tax. At December 31, 2018, we were not under examination by the Internal Revenue Service or any state or foreign tax jurisdiction.
U.S. 2017 Tax Cuts and Jobs Act
On December 22, 2017, the Tax Cuts and Jobs Act (the “2017 Tax Act”) was enacted into law, and contains several significant changes, including the reduction of the corporate income tax rate from 35% to 21% effective January 1, 2018. As a result, we re-measured our U.S. federal and state deferred tax assets and liabilities to reflect the reduction to the federal tax rate. The re-measurement resulted in a reduction of $14.1 million to the U.S. federal and state deferred tax assets and a corresponding change in our valuation allowance.
The new legislation also includes a variety of other changes, such as a one-time repatriation tax on accumulated foreign earnings (“transition tax”), acceleration of business asset expensing and reduction in the amount of executive pay that could qualify as a tax deduction.
The 2017 Tax Act also included international tax provisions that will affect us, including the favorable tax regime for taxing foreign derived intangible income. Additional international provisions include the global intangible low taxed income (“GILTI”) regime and the base erosion anti-abuse tax (“BEAT”). As of December 31, 2018, we are not subject to US tax on Global Intangible Low-taxed Income (“GILTI”) and have concluded it will not have a material impact on our financial statements. Under US GAAP, we can make an accounting policy election to either treat taxes due on the GILTI inclusion as a current period expense or factor such amounts into our measurement of deferred taxes. We will make our accounting policy election in the period we become subject to GILTI, or in which a GILTI deferred item would need to be recorded, if earlier.
The 2017 Tax Act includes a mandatory one-time tax on accumulated earnings of foreign subsidiaries, and as a result, all previously unremitted earnings are no longer subject to U.S. tax after 2017. We did not incur any cash taxes related to the one-time transition tax on the mandatory deemed repatriation of foreign earnings due to current period tax loss that the U.S. group generated. In determining the U.S. group taxable loss, we included the one-time deemed repatriation income of $1.8 million. At December 31, 2018, we have completed the accounting for the tax effects of the enactment of the 2017 Tax Act and no changes were made to the provisional amounts that were recorded in 2017.
Depending on the jurisdiction, distributions of earnings could be subject to withholding taxes at rates applicable to the distributing jurisdiction. As we intend to continue to reinvest the earnings of foreign subsidiaries indefinitely, we did not provide for a U.S. income tax liability and foreign withholding taxes on undistributed foreign earnings of foreign subsidiaries. Our share of undistributed earnings of foreign subsidiaries that could be subject to foreign withholding taxes was immaterial at December 31, 2018 and 2017. As a result of the 2017 Tax Act, companies are no longer required to pay U.S. tax on dividends from foreign subsidiaries. While federal income tax expense has been recognized as a result of the 2017 Tax Act, we have not provided any additional deferred taxes with respect to items such as foreign withholding taxes, state income taxes, or foreign exchange gain or loss. It is not practicable for us to determine the amount of unrecognized tax expense on these reinvested international earnings.

84

Table of Contents

10. Geographic Information
We operate as one operating segment. Our chief executive officer, who is our chief operating decision maker, reviews financial information on a consolidated basis for purposes of making operating decisions, allocating resources, and evaluating financial performance.
Revenue by region, based on the address of the end user as specified in our subscription, license or service agreements, was as follows:
 
Year Ended December 31,
(in thousands)
2018
 
2017
 
2016
Americas
$
191,204

 
$
138,876

 
$
92,377

Europe, Middle East and Africa
53,839

 
34,121

 
22,211

Asia Pacific
22,317

 
14,730

 
9,783

Revenue
$
267,360

 
$
187,727

 
$
124,371


Customers located in the United States accounted for 67%, 69% and 69% of revenue in 2018, 2017 and 2016, respectively. No other country accounted for 10% or more of revenue in the periods presented.
Our property and equipment, net by geographic area is summarized as follows:
 
December 31,
(in thousands)
2018
 
2017
United States
$
6,487

 
$
6,581

International
4,861

 
4,173

Property and equipment, net
$
11,348

 
$
10,754


11. Benefit Plans
We maintain a contributory defined contribution 401(k) plan for our U.S. employees. We adopted a Safe Harbor Plan effective January 1, 2016, and as a result, company-matched contributions are fully vested. Additional contributory plans are in effect internationally. Our contribution expense for such plans was $4.8 million, $3.3 million and $2.7 million in 2018, 2017 and 2016, respectively.
12. Quarterly Results (unaudited)
The following tables summarize our unaudited quarterly consolidated statements of operations data for each of the eight quarters through the period ended December 31, 2018. The information for each of these quarters has been prepared on the same basis as our audited annual consolidated financial statements and reflect, in the opinion of management, all adjustments of a normal, recurring nature that are necessary for the fair presentation of the results of operations for these periods. This data should be read in conjunction with our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. Historical results are not necessarily indicative of the results that may be expected in the future, and the quarterly results are not necessarily indicative of the results that may be expected for the full year or any other period.

85

Table of Contents

 
Three Months Ended
(in thousands, except per share amounts)
March 31,
2018
 
June 30,
2018
 
September 30,
2018
 
December 31,
2018
Revenue
$
59,107

 
$
63,592

 
$
69,440

 
$
75,221

Cost of revenue
8,728

 
9,879

 
12,161

 
12,399

Gross profit
50,379

 
53,713

 
57,279


62,822

Operating expenses:
 
 
 
 
 
 
 
Sales and marketing
39,588

 
41,826

 
44,550

 
47,380

Research and development
17,185

 
17,791

 
20,553

 
21,169

General and administrative
9,055

 
10,541

 
13,272

 
13,864

Total operating expenses
65,828

 
70,158

 
78,375


82,413

Loss from operations
(15,449
)
 
(16,445
)
 
(21,096
)

(19,591
)
Other (expense) income, net
(8
)
 
(461
)
 
709

 
1,184

Loss before income taxes
(15,457
)
 
(16,906
)
 
(20,387
)

(18,407
)
Provision for income taxes
431

 
244

 
482

 
1,207

Net loss and comprehensive loss
(15,888
)
 
(17,150
)
 
(20,869
)

(19,614
)
Accretion of Series A and B redeemable convertible preferred stock
(188
)
 
(191
)
 
(55
)
 

Net loss attributable to common stockholders
$
(16,076
)
 
$
(17,341
)
 
$
(20,924
)

$
(19,614
)
Net loss per share attributable to common stockholders, basic and diluted
$
(0.68
)
 
$
(0.73
)
 
$
(0.28
)
 
$
(0.21
)
 
Three Months Ended
(in thousands, except per share amounts)
March 31,
2017
 
June 30,
2017
 
September 30,
2017
 
December 31,
2017
Revenue
$
40,481

 
$
44,149

 
$
48,980

 
$
54,117

Cost of revenue
4,438

 
5,348

 
7,424

 
8,378

Gross profit
36,043

 
38,801

 
41,556


45,739

Operating expenses:
 
 
 
 
 
 
 
Sales and marketing
26,168

 
27,773

 
29,574

 
32,784

Research and development
12,458

 
13,713

 
15,869

 
15,633

General and administrative
6,163

 
6,544

 
7,275

 
8,945

Total operating expenses
44,789

 
48,030

 
52,718


57,362

Loss from operations
(8,746
)
 
(9,229
)
 
(11,162
)

(11,623
)
Other (expense) income, net
(29
)
 
56

 
(92
)
 
(26
)
Loss before income taxes
(8,775
)
 
(9,173
)
 
(11,254
)

(11,649
)
Provision for income taxes
51

 
41

 
59

 
20

Net loss and comprehensive loss
(8,826
)
 
(9,214
)
 
(11,313
)

(11,669
)
Accretion of Series A and B redeemable convertible preferred stock
(187
)
 
(191
)
 
(192
)
 
(193
)
Net loss attributable to common stockholders
$
(9,013
)
 
$
(9,405
)
 
$
(11,505
)

$
(11,862
)
Net loss per share attributable to common stockholders, basic and diluted
$
(0.42
)
 
$
(0.43
)
 
$
(0.51
)
 
$
(0.52
)


86

Table of Contents

Item 9.        Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
None.
Item 9A.    Controls and Procedures
Evaluation of Disclosure Controls and Procedures
We maintain “disclosure controls and procedures,” as defined in Rule 13a-15(e) and Rule 15d-15(e) under the Exchange Act, that are designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is accumulated and communicated to our management, including our principal executive and principal financial officers, as appropriate to allow timely decisions regarding required disclosure.
Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, has evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act ), as of the end of the period covered by this Form 10-K. Based on such evaluation, our Chief Executive Officer and Chief Financial Officer have concluded that as of December 31, 2018, our disclosure controls and procedures were effective to provide reasonable assurance that the information required to be disclosed by us in this Form 10-K was (a) reported within the time periods specified by SEC rules and regulations and (b) communicated to our management, including our Chief Executive Officer and Chief Financial Officer, to allow timely decisions regarding any required disclosure.
Management's Report on Internal Control Over Financial Reporting
This Form 10-K does not include a report of management's assessment regarding internal control over financial reporting or an attestation report of our independent registered public accounting firm as allowed by the SEC during the transition period for newly public companies.
Changes in Internal Control Over Financial Reporting
There were no changes in our internal control over financial reporting identified in management’s evaluation pursuant to Rules 13a-15(d) or 15d-15(d) of the Exchange Act during the period covered by this Form 10-K that materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
Inherent Limitations on Effectiveness of Internal Controls
In designing and evaluating the disclosure controls and procedures, management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable, not absolute, assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures must reflect the fact that there are resource constraints and that management is required to apply judgment in evaluating the benefits of possible controls and procedures relative to their costs. Our management, including our Chief Executive Officer and Chief Financial Officer, believes that our disclosure controls and procedures and internal control over financial reporting are designed to provide reasonable assurance of achieving their objectives and are effective at the reasonable assurance level. However, our management does not expect that our disclosure controls and procedures or our internal control over financial reporting will prevent all errors and all fraud. 
Item 9B.    Other Information
None.

87

Table of Contents

PART III
Item 10.    Directors, Executive Officers and Corporate Governance
Executive Officers and Directors
The information required by this item will be contained in our definitive proxy statement to be filed with the SEC in connection with our 2019 annual meeting of stockholders, or the Proxy Statement, which is expected to be filed not later than 120 days after the end of our fiscal year ended December 31, 2018, and is incorporated in this report by reference.
Item 11.    Executive Compensation
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
Item 12.    Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
Item 13.    Certain Relationships and Related Transactions and Director Independence
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
Item 14.    Principal Accountant Fees and Services
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.

88

Table of Contents

PART IV
Item 15.    Exhibits, Financial Statement Schedules
(a)(1) Financial Statements
See the Index to Consolidated Financial Statements in Item 8 of this Annual Report on Form 10-K.
(a)(2) Financial Statement Schedules
All financial statement schedules have been omitted as they are not required, not applicable, or the required information is included in the financial statements or notes to the financial statements.
(a)(3) Exhibits
The following is a list of Exhibits filed as part of this Annual Report on Form 10-K:
Exhibit Number
 
Description
 
Location
 
 
 
 
 
3.1
 
 
Previously filed as Exhibit 3.1 to the Company's Current Report on Form 8-K (File No. 001-38600) on July 30, 2018
3.2
 
 
Previously filed as Exhibit 3.4 to the Company's Registration Statement on Form S-1 (File No. 333-226002) on June 29, 2018
4.1
 
 
Previously filed as Exhibit 4.1 to the Company's Registration Statement on Form S-1 (File No. 333-226002) on July 16, 2018
4.2
 
 
Previously filed as Exhibit 4.2 to the Company's Registration Statement on Form S-1 (File No. 333-226002) on July 16, 2018
10.1+
 
 
Previously filed as Exhibit 10.1 to the Company's Registration Statement on Form S-8 (File No. 333-226347) on July 26, 2018
10.2+
 
 
Previously filed as Exhibit 10.2 to the Company's Registration Statement on Form S-8 (File No. 333-226347) on July 26, 2018
10.3+
 
 
Previously filed as Exhibit 10.3 to the Company's Registration Statement on Form S-8 (File No. 333-226347) on July 26, 2018
10.4+
 
 
Previously filed as Exhibit 10.4 to the Company's Registration Statement on Form S-8 (File No. 333-226347) on July 26, 2018
10.5+
 
 
Previously filed as Exhibit 10.5 to the Company's Registration Statement on Form S-8 (File No. 333-226347) on July 26, 2018
10.6+
 
 
Previously filed as Exhibit 10.6 to the Company's Registration Statement on Form S-1 (File No. 333-226002) on July 16, 2018
10.7+
 
 
Previously filed as Exhibit 10.1 to the Company's Current Report on Form 8-K (File No. 001-38600) on February 22, 2019
10.8+
 
 
Previously filed as Exhibit 10.2 to the Company's Current Report on Form 8-K (File No. 001-38600) on February 22, 2019
10.9+
 
 
Previously filed as Exhibit 10.4 to the Company's Current Report on Form 8-K (File No. 001-38600) on February 22, 2019

89

Table of Contents

10.10+
 
 
Previously filed as Exhibit 10.3 to the Company's Current Report on Form 8-K (File No. 001-38600) on February 22, 2019
10.11
 
 
Previously filed as Exhibit 10.11 to the Company's Registration Statement on Form S-1 (File No. 333-226002) on July 16, 2018
10.12#
 
 
Previously filed as Exhibit 10.12 to the Company's Registration Statement on Form S-1 (File No. 333-226002) on July 16, 2018
21.1
 
 
Previously filed as Exhibit 21.1 to the Company's Registration Statement on Form S-1 (File No. 333-226002) on July 16, 2018
23.1*
 
 
Filed herewith
31.1
 
 
Filed herewith
31.2
 
 
Filed herewith
32.1*
 
 
Filed herewith
101.SCH
 
XBRL Taxonomy Extension Schema Document.
 
 
101.CAL
 
XBRL Taxonomy Extension Calculation Linkbase Document.
 
 
101.DEF
 
XBRL Taxonomy Extension Definition Linkbase Document.
 
 
101.LAB
 
XBRL Taxonomy Extension Label Linkbase Document.
 
 
101.PRE
 
XBRL Taxonomy Extension Presentation Linkbase Document.
 
 
________________
(*)    This certification is deemed not filed for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or otherwise subject to the liability of that section, nor shall it be deemed incorporated by reference into any filing under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended.
(+)    Indicates management contract or compensatory plan.
(#)    Confidential treatment has been granted as to certain portions, indicated by asterisks, which portions have been omitted and filed separately with the Securities and Exchange Commission.
Item 16.    Form 10-K Summary
None.

90

Table of Contents

SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.
 
 
TENABLE HOLDINGS, INC.
 
 
 
Date:
March 1, 2019
By:
/s/ Amit Yoran
 
 
 
Amit Yoran
 
 
 
President, Chief Executive Officer and Chairman
 
 
 
 
Date:
March 1, 2019
By:
/s/ Stephen A. Vintz
 
 
 
Stephen A. Vintz
 
 
 
Chief Financial Officer

91

Table of Contents

KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Amit Yoran, Stephen A. Vintz and Stephen A. Riddick, jointly and severally, as his or her true and lawful attorneys-in-fact and agents, with full power of substitution and resubstitution, for him or her and in his or her name, place and stead, in any and all capacities, to sign this Annual Report on Form 10-K of Tenable Holdings, Inc., and any or all amendments thereto, and to file the same, with all exhibits thereto, and other documents in connection therewith, with the Securities and Exchange Commission, granting unto said attorneys-in-fact and agents full power and authority to do and perform each and every act and thing requisite or necessary to be done in and about the premises hereby ratifying and confirming all that said attorneys-in-fact and agents, or his, her or their substitute or substitutes, may lawfully do or cause to be done by virtue hereof. Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities and on the dates indicated.
Signature
 
Title
 
Date
 
 
 
 
 
/s/ Amit Yoran
 
President, Chief Executive Officer and Chairman
 
March 1, 2019
Amit Yoran
 
(Principal Executive Officer)
 
 
 
 
 
 
 
/s/ Stephen A. Vintz
 
Chief Financial Officer
 
March 1, 2019
Stephen A. Vintz
 
(Principal Financial Officer and Principal Accounting Officer)
 
 
 
 
 
 
 
/s/ Arthur W. Coviello, Jr.
 
Director
 
March 1, 2019
Arthur W. Coviello, Jr.
 
 
 
 
 
 
 
 
 
/s/ Kimberly L. Hammonds
 
Director
 
March 1, 2019
Kimberly L. Hammonds
 
 
 
 
 
 
 
 
 
/s/ John C. Huffard, Jr.
 
Director
 
March 1, 2019
John C. Huffard, Jr.
 
 
 
 
 
 
 
 
 
/s/ Jerry M. Kennelly
 
Director
 
March 1, 2019
Jerry M. Kennelly
 
 
 
 
 
 
 
 
 
/s/ Ping Li
 
Director
 
March 1, 2019
Ping Li
 
 
 
 
 
 
 
 
 
/s/ A. Brooke Seawell
 
Director
 
March 1, 2019
A. Brooke Seawell
 
 
 
 
 
 
 
 
 
/s/ Richard M. Wells
 
Director
 
March 1, 2019
Richard M. Wells
 
 
 
 

92
Exhibit
Exhibit 23.1

CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
We consent to the incorporation by reference in the Registration Statement (Form S-8 No. 333-226347) pertaining to the Tenable Holdings, Inc. 2002 Stock Incentive Plan, as amended and restated; the Tenable Holdings, Inc. 2012 Stock Incentive Plan as amended and restated; the Tenable Holdings, Inc. 2016 Stock Incentive Plan, as amended and restated; the Tenable Holdings, Inc. 2018 Equity Incentive Plan; and the Tenable Holdings, Inc. 2018 Employee Stock Purchase Plan of our report dated March 1, 2019, with respect to the consolidated financial statements of Tenable Holdings, Inc. included in this Annual Report (Form 10-K) for the year ended December 31, 2018.
/s/ Ernst & Young LLP
Tysons, Virginia
March 1, 2019



Exhibit
Exhibit 31.1

CERTIFICATION OF PRINCIPAL EXECUTIVE OFFICER
PURSUANT TO EXCHANGE ACT RULES 13a-14(a) AND 15d-14(a)
AS ADOPTED PURSUANT TO SECTION 302 OF THE SARBANES-OXLEY ACT OF 2002

I, Amit Yoran, certify that:
1.
I have reviewed this Annual Report on Form 10-K of Tenable Holdings, Inc.;
2.
Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3.
Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4.
The registrant's other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) for the registrant and have:
(a)
Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
(b)
Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
(c)
Disclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and
5.
The registrant's other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions):
(a)
All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and
(b)
Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting.
Date:
March 1, 2019
By:
/s/ Amit Yoran
 
 
 
Amit Yoran
 
 
 
President, Chief Executive Officer and Chairman
 
 
 
(Principal Executive Officer)



Exhibit
Exhibit 31.2

CERTIFICATION OF PRINCIPAL FINANCIAL OFFICER
PURSUANT TO EXCHANGE ACT RULES 13a-14(a) AND 15d-14(a)
AS ADOPTED PURSUANT TO SECTION 302 OF THE SARBANES-OXLEY ACT OF 2002

I, Stephen A. Vintz, certify that:
1.
I have reviewed this Annual Report on Form 10-K of Tenable Holdings, Inc.;
2.
Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3.
Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4.
The registrant's other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) for the registrant and have:
(a)
Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
(b)
Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
(c)
Disclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and
5.
The registrant's other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions):
(a)
All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and
(b)
Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting.
Date:
March 1, 2019
By:
/s/ Stephen A. Vintz
 
 
 
Stephen A. Vintz
 
 
 
Chief Financial Officer
 
 
 
(Principal Financial Officer and Principal Accounting Officer)


Exhibit
Exhibit 32.1

CERTIFICATIONS OF PRINCIPAL EXECUTIVE OFFICER AND PRINCIPAL FINANCIAL OFFICER
PURSUANT TO
18 U.S.C. SECTION 1350,
AS ADOPTED PURSUANT TO
SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002

Each of the undersigned hereby certifies, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual Report on Form 10-K of Tenable Holdings, Inc. for the fiscal year ended December 31, 2018 fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934 and that information contained in such Annual Report on Form 10-K fairly presents, in all material respects, the financial condition and results of operations of Tenable Holdings, Inc.
Date:
March 1, 2019
By:
/s/ Amit Yoran
 
 
 
Amit Yoran
 
 
 
President, Chief Executive Officer and Chairman
 
 
 
(Principal Executive Officer)
 
 
 
 
Date:
March 1, 2019
By:
/s/ Stephen A. Vintz
 
 
 
Stephen A. Vintz
 
 
 
Chief Financial Officer
 
 
 
(Principal Financial Officer and Principal Accounting Officer)