Forward-Looking Statements
In addition to historical information, this Annual Report on Form 10-K contains “forward-looking” statements within the meaning of the federal securities laws, which statements involve substantial risks and uncertainties. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, it is possible to identify forward-looking statements because they contain words such as “anticipates,” “believes,” “contemplates,” “continue,” “could,” “estimates,” “expects,” “future,” “intends,” “likely,” “may,” “plans,” “potential,” “predicts,” “projects,” “seek,” “should,” “target” or “will,” or the negative of these words or other similar terms or expressions that concern our expectations, strategy, plans or intentions. Forward-looking statements contained in this Annual Report on 10-K include, but are not limited to, statements about:
We have based the forward-looking statements contained in this Annual Report on Form 10-K primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, results of operations and prospects. The outcome of the events described in this forward-looking statements is subject to risks, uncertainties, assumptions, and other factors including those described in Part I, Item 1A (Risk Factors) of this Annual Report. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements used herein. We cannot provide assurance that the results, events, and circumstances reflected in the forward-looking statements will be achieved or occur, and actual results, events or circumstances could differ materially from those described in the forward-looking statements.
You should not rely on forward-looking statements as predictions of future events. Except as required by law, neither we nor any other person assumes responsibility for the accuracy and completeness of the forward-looking statements, and we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements.
Qualys, the Qualys logo and QualysGuard, and other trademarks and service marks of Qualys appearing in this Annual Report on Form 10-K are the property of Qualys. This Annual Report on Form 10-K also contains trademarks and trade names of other businesses that are the property of their respective holders. We have omitted the ® and ™ designations, as applicable, for the trademarks used in this Annual Report on Form 10-K.
Overview
We are a pioneer and leading provider of cloud security and compliance solutions that enable organizations to identify security risks to their IT infrastructures, help protect their IT systems and applications from ever-evolving cyber attacks and achieve compliance with internal policies and external regulations. Our cloud solutions address the growing security and compliance complexities and risks that are amplified by the dissolving boundaries between internal and external IT infrastructures and web environments, the rapid adoption of cloud computing and the proliferation of geographically dispersed IT assets. Our integrated suite of security and compliance solutions delivered on our QualysGuard Cloud Platform enable our customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities, recommend remediation actions and verify the implementation of such actions. Organizations use our integrated suite of solutions delivered on our QualysGuard Cloud Platform to cost-effectively obtain a unified view of their security and compliance posture across globally-distributed IT infrastructures.
IT infrastructures are more complex and globally-distributed today than ever before, as organizations of all sizes increasingly rely upon myriad interconnected information systems and related IT assets, such as servers, databases, web applications, routers, switches, desktops, laptops, other physical and virtual infrastructure, and numerous external networks and cloud services. In this environment, new and evolving technologies intended to improve organizations’ operations can also increase vulnerability to cyber attacks, which can expose sensitive data, damage IT and physical infrastructures, and result in serious financial or reputational consequences. In addition, the rapidly increasing amount of data and devices in IT environments makes it more difficult to identify and remediate vulnerabilities in a timely manner. The predominant approach to IT security has been to implement multiple disparate security products that can be costly and difficult to deploy, integrate and manage and may not adequately protect organizations. As a result, we believe there is a large and growing opportunity for comprehensive cloud security and compliance solutions.
We designed our QualysGuard Cloud Platform to transform the way organizations secure and protect their IT infrastructures and applications. Our cloud platform offers an integrated suite of solutions that automates the lifecycle of asset discovery, security assessments, and compliance management for an organization’s IT infrastructure and assets, whether they reside inside the organization, on their network perimeter or in the cloud. Since inception, our solutions have been designed to be delivered through the cloud and to be easily and rapidly deployed on a global scale across a broad range of industries, enabling faster implementation and lower total cost of ownership than traditional on-premise enterprise software products. Our customers, ranging from some of the largest organizations to small businesses, are all served from our globally-distributed cloud platform, enabling us to rapidly deliver new solutions, enhancements and security updates.
We were founded and incorporated in December 1999 with a vision of transforming the way organizations secure and protect their IT infrastructure and applications and initially launched our first cloud solution, QualysGuard Vulnerability Management, in 2000. This solution has provided the substantial majority of our revenues to date, representing 87%, 90% and 92% of total revenues in 2012, 2011 and 2010, respectively. As this solution gained acceptance, we introduced new solutions to help customers manage increasing IT security and compliance requirements. In 2006, we added our PCI Compliance solution, and in 2008, we added our Policy Compliance solution. In 2009, we broadened the scope of our cloud services by adding Web Application Scanning. We continued our expansion in 2010, launching Malware Detection Service and Qualys SECURE Seal for automated protection of websites. On September 28, 2012, our common stock commenced trading on the NASDAQ Stock Market under the trading symbol “QLYS,” and on October 3, 2012 we closed our initial public offering.
We provide our solutions through a software-as-a-service model, primarily with renewable annual subscriptions. These subscriptions require customers to pay a fee in order to access our cloud solutions. We invoice our customers for the entire subscription amount at the start of the subscription term, and the invoiced amounts are treated as deferred revenues and are recognized ratably over the term of each subscription. Historically, we have experienced significant revenue growth from existing customers as they renew and purchase additional subscriptions. Revenues from customers existing at or prior to December 31, 2011 grew $7.8 million to $84.0 million during 2012. We expect this trend to continue.
Our QualysGuard Cloud Platform is currently used by over 6,150 organizations in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Our revenues increased from $65.4 million in 2010 to $76.2 million in 2011, and reached $91.4 million in 2012. We generated net income of $0.8 million in 2010, $2.0 million in 2011, and $2.3 million in 2012. Total assets as of December 31, 2012 and 2011 were $170.3 million and $68.8 million, respectively.
Our Growth Strategy
We intend to leverage our innovation and extensive expertise to strengthen our leadership position as a trusted provider of cloud security and compliance solutions. The key elements of our growth strategy are: