Amendment: SEC Form 10-K/A filed by Blackbaud Inc.
$BLKB
Computer Software: Prepackaged Software
Technology
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
Amendment No. 1 to
FORM 10-K/A
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | |||||
For the fiscal year ended | |||||
or
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | |||||
For the transition period from to . | |||||
Commission file number: 000-50600
 | ||||||||
(Exact name of registrant as specified in its charter)
| (State or other jurisdiction of incorporation or organization) | (I.R.S. Employer Identification No.) | ||||
(Address of principal executive offices, including zip code)
(843 ) 216-6200
(Registrant's telephone number, including area code)
| Securities Registered Pursuant to Section 12(b) of the Act: | ||||||||
| Title of Each Class | Trading Symbol(s) | Name of Each Exchange on which Registered | ||||||
Securities Registered Pursuant to Section 12(g) of the Act: None | ||||||||
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☑ No ☐
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☑
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☑ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (Section 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☑ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and "emerging growth company" in Rule 12b-2 of the Exchange Act.
| ☑ | Accelerated filer | ☐ | ||||||||||||
| Non-accelerated filer | ☐ | Smaller reporting company | ||||||||||||
| Emerging growth company | ||||||||||||||
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☑
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☑
The aggregate market value of the registrant's common stock held by non-affiliates of the registrant on June 28, 2024 (based on the closing sale price of $76.17 on that date) was approximately $2,269,744,966 . Common stock held by each officer and director and by each person known to the registrant who owned 10% or more of the outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.
The number of shares of the registrant’s common stock outstanding as of February 18, 2025 was 49,236,495 .
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant's definitive Proxy Statement for the 2025 Annual Meeting of Stockholders currently scheduled to be held June 11, 2025 are incorporated by reference into Part III hereof. Such definitive Proxy Statement will be filed with the U.S. Securities and Exchange Commission no later than 120 days after the conclusion of the registrant's fiscal year ended December 31, 2024.
EXPLANATORY NOTE
On February 21, 2025, Blackbaud, Inc. (the "Company") filed its Annual Report on Form 10-K for the fiscal year ended December 31, 2024 (the “Original Filing”), with the Securities and Exchange Commission (“SEC”). The Original Filing inadvertently omitted iXBRL (Inline eXtensible Business Reporting Language) tagging (1) in Part I, Item 1C. Cybersecurity and (2) Part III, Item 10 related to the Company’s Insider Trading Policy. This Amendment No. 1 on Form 10-K/A (“Amendment No. 1”) is being filed to include the omitted iXBRL tagging referenced above in accordance with applicable SEC rules.
In addition, the Company has included a current-dated Exhibit 31.1, 31.2, 32.1 and 32.2 certifications with this Amendment No. 1.
Amendment No. 1 speaks as of the filing date of the Original Filing and does not reflect events that may have occurred subsequent to the filing date of the Original Filing. Except as described above, no other changes have been made to the Original Filing. Amendment No. 1 should be read in conjunction with the Original Filing and the Company’s other filings with the SEC. The filing of this Amendment No. 1 is not an admission that the Original Filing, when filed, included any untrue statement of a material fact or omitted to state a material fact necessary to make a statement not misleading.
TABLE OF CONTENTS
Blackbaud, Inc.
 | CAUTIONARY STATEMENT REGARDING FORWARD-LOOKING STATEMENTS | |||||||
This Annual Report on Form 10-K, including the documents incorporated herein by reference, contains forward-looking statements that anticipate results based on our estimates, assumptions and plans that are subject to uncertainty. These "forward-looking statements" are made subject to the safe-harbor provisions of the Private Securities Litigation Reform Act of 1995, Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Forward-looking statements consist of, among other things, trend analyses, statements regarding future events, future financial performance, our anticipated growth, the effect of general economic and market conditions, our business strategy and our plan to build and grow our business, our operating results, our ability to successfully integrate developed and acquired businesses and technologies, including generative artificial intelligence ("AI"), the effect of our stock repurchase program, the effect of foreign currency exchange rate and interest rate fluctuations on our financial results, the impact of expensing stock-based compensation, the sufficiency of our capital resources, our ability to meet our ongoing debt and obligations as they become due, cybersecurity and data protection risks and related liabilities, and current or potential legal proceedings involving us, all of which are based on current expectations, estimates, and forecasts, and the beliefs and assumptions of our management. Words such as “believes,” “seeks,” “expects,” “may,” “might,” “should,” “intends,” “could,” “would,” “likely,” “will,” “targets,” “plans,” “anticipates,” “aims,” “projects,” “estimates,” or any variations of such words and similar expressions are also intended to identify such forward-looking statements. These forward-looking statements are subject to risks, uncertainties and assumptions that are difficult to predict. Accordingly, they should not be viewed as assurances of future performance, and actual results may differ materially and adversely from those expressed in any forward-looking statements.
Important factors that could cause actual results to differ materially from our expectations expressed in forward-looking statements include, but are not limited to, those summarized under “Item 1A. Risk factors” and elsewhere in this report and in our other SEC filings. Forward-looking statements represent our management's beliefs and assumptions only as of the date of this Annual Report on Form 10-K. We undertake no obligation to update or revise any forward-looking statements, or to update the reasons actual results could differ materially from those anticipated in any forward-looking statements, whether as a result of new information, future events or otherwise.
2024 Form 10-K | | 1 | ||||||
Blackbaud, Inc.
| PART I. | |||||||
ITEM 1C. CYBERSECURITY
| Risk Management and Strategy | ||
Overview of Processes for Assessing, Identifying and Managing Material Cyber Risks
Because technology, data and information security is a top priority at Blackbaud, we maintain and continuously assess and strengthen our cybersecurity program. Comprehensive cybersecurity risk management, including identification, analysis and response to risks affecting our business and its customers, provides the foundation for our program. Our cybersecurity program has been and will continue to be further enhanced by our compliance with the settlement of governmental investigations relating to the Security Incident. See Note 11 to the consolidated audited financial statements contained in this report for additional information regarding the Security Incident.
We utilize a four-prong strategy for assessing, identifying and managing material risks from cybersecurity threats:
1.Operational security: We leverage the industry standard CIA Triad Model in conjunction with comprehensive industry control frameworks, compliance regulations, privacy requirements and best practices, including: the National Institute of Standards and Technology ("NIST") Cybersecurity Framework, PCI DSS, System and Organization Controls ("SOC") 1, SOC 2, GDPR, HIPAA, the Trans-Atlantic Data Privacy Framework and Cloud Security Alliance.
2.Product security: Our development teams take part in regular training and use industry best practices to build security into our solutions.
3.Incident response: We monitor the threat landscape 24/7 in coordination with a third-party firm, routinely test our incident response capabilities and preparedness and maintain proactive relationships with law enforcement.
4.Ongoing landscape analysis: We continually evaluate upcoming and changing data privacy regulations and provide thought leadership for our customers on the operational impacts of these regulations and compliance requirements.
We believe that information and technology security is a shared responsibility and, therefore, incorporate data and privacy protection education into the customer experience through ongoing resources such as best practices content, one-on-one consultations with customer success managers and bbcon® sessions. We also participate in global communities and conference platforms to share information and present on best practices to improve the industry’s security awareness posture. In addition, Blackbaud employees are all engaged in on-going security and privacy awareness training campaigns to ensure they are empowered to protect both Blackbaud’s and our customers’ data.
Integration into Overall Risk Management System or Processes
Consistent with our prioritization of information and technology protection, cybersecurity risk management has been and remains a key aspect of our overall business strategy, financial planning and capital allocation and a point of ongoing emphasis at all levels of our Company. Our enterprise risk management ("ERM") framework integrates our information technology and data management systems and related policies and practices into the larger framework to help guide and prioritize our cybersecurity and information technology-related investments, activities and risk management strategy. At least annually, we review cybersecurity risk as part of our ERM processes and integrate those findings into our overall strategy. Additionally, our cybersecurity program is further integrated with our overall risk management program through our Chief Information Security Officer's ("CISO") participation in such governance structures as our Risk Steering Committee and our Disclosure Committee, both of which are described in detail below.
We regularly engage outside consultants and experts to assist us regarding our cybersecurity program. Engagements include an annual NIST Cybersecurity Framework assessment to ensure a reasonable cybersecurity program and retained leading external cybersecurity Incident Response (IR) experts.
2 | | 2024 Form 10-K | ||||||
Blackbaud, Inc.
Blackbaud also maintains a defined program and dedicated team that provides security oversight of its third-party service providers. This program assesses and manages risk at the onboarding phase of engagement with third-party vendors and partners as well as oversight throughout the lifecycle of the vendor relationship.
Risks from Cybersecurity Threats; Actual and Potential Material Impact
In addition, we continuously learn from and leverage experience gained from previous cybersecurity incidents that we, like many other companies, have experienced. As previously disclosed, we have been and remain subject to risks and uncertainties as a result of a ransomware attack against us in May 2020 in which a cybercriminal removed a copy of a subset of data from our self-hosted environment. As a result of the Security Incident, we are currently subject to certain legal proceedings and claims and could be the subject of additional legal proceedings, claims, inquiries and investigations in the future that might result in adverse judgments, settlements, fines, penalties or other resolution. See Note 11 to the consolidated audited financial statements contained in this report for additional information regarding the Security Incident and its past and potential impact on the Company.
Notwithstanding our strong commitment to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. See Item 1A. "Risk Factors" for a discussion of our cybersecurity risks.
| Governance | ||
Management's Assessment and Management of Cybersecurity Threats
Our multi-level cybersecurity governance and risk management structure begins with our Operational Risk Compliance and Security (“ORCAS”) Committee consisting of cross-functional management representatives throughout our Company. The ORCAS Committee receives detailed cybersecurity information from key security personnel and reports at least quarterly up through our Risk Steering Committee, which is made up of executives and senior management from various Blackbaud departments: Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Technology Officer, General Counsel, Chief Privacy Officer and CISO, who has extensive information technology and program management experience. Our CISO has served in various roles of increasing responsibility in information technology and information security for more than 25 years, including serving in various cybersecurity leadership roles within public and private companies. He holds two undergraduate degrees—one in business administration and the other in computer information systems, a graduate degree in information systems and maintains two cybersecurity industry recognized certifications: Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP), both from the International Information System Security Certification Consortium. Cybersecurity leaders reporting to our CISO also have significant information technology and information security experience and industry recognized certifications.
Additionally, our cybersecurity Incident Response plan timely informs our Cybersecurity Incident Subcommittee on active cybersecurity incidents that are potentially material. The Cybersecurity Subcommittee determines cybersecurity materiality and is made up of our General Counsel, CISO, Chief Accounting Officer and Director of SEC Reporting. Our Cybersecurity Incident Subcommittee is part of our Disclosure Committee, which is appointed by Chief Executive Officer and Chief Financial Officer to assist our executives in their responsibility for oversight of the accuracy and timeliness of the disclosures made by Blackbaud.
Board Oversight
2024 Form 10-K | | 3 | ||||||
Blackbaud, Inc.
| PART III. | |||||||
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE
The information required by Item 10 with respect to Directors and Executive Officers is incorporated by reference from the information under the captions “Election of Directors,” “Information Regarding Meetings of the Board and Committees,” “Delinquent Section 16(a) Reports,” “Code of Business Conduct and Ethics and Code of Ethics” and "Insider Trading Arrangements and Policies" contained in Blackbaud’s Proxy Statement for the 2025 Annual Meeting of Stockholders expected to be held on June 11, 2025, except for "Information About Our Executive Officers" which is set forth in Part I of this report.
Insider Trading Arrangements and Policies
As part of our commitment to high standards of ethical business conduct and compliance with applicable laws, rules and regulations, we have adopted our Insider Trading Policy and Guidelines for Certain Securities Transactions governing the purchase, sale and other dispositions of our securities by our directors, officers and employees, which we believe is reasonably designed to promote compliance with insider trading laws, rules and regulations, and the Nasdaq’s company listing standards applicable to us. A copy of this policy, including any amendments thereto, was filed as Exhibit 19.1 to our Company's Annual Report on Form 10-K for the fiscal year ended December 31, 2024, filed with the SEC on February 21, 2025. In addition, regarding the Company’s trading in our own securities, it is our policy to comply with applicable federal securities laws and Nasdaq listing requirements.
4 | | 2024 Form 10-K | ||||||
Blackbaud, Inc.
| PART IV. | |||||||
ITEM 15. EXHIBITS AND FINANCIAL STATEMENT SCHEDULES
(a) The following documents are included as part of this report:
3.Exhibits
The exhibits listed below are filed or incorporated by reference as part of this report:
| Filed In | ||||||||||||||||||||||||||||||||
| Exhibit Number | Description of Document | Registrant’s Form | Dated | Exhibit Number | Filed Herewith | |||||||||||||||||||||||||||
| X | ||||||||||||||||||||||||||||||||
| X | ||||||||||||||||||||||||||||||||
| X | ||||||||||||||||||||||||||||||||
| X | ||||||||||||||||||||||||||||||||
| 101.INS | Inline XBRL Instance Document - the Instance Document does not appear in the interactive data file because its XBRL tags are embedded within the Inline XBRL Document. | X | ||||||||||||||||||||||||||||||
| 101.SCH | Inline XBRL Taxonomy Extension Schema Document | X | ||||||||||||||||||||||||||||||
| 101.CAL | Inline XBRL Taxonomy Extension Calculation Linkbase Document | X | ||||||||||||||||||||||||||||||
| 101.DEF | Inline XBRL Taxonomy Extension Definition Linkbase Document | X | ||||||||||||||||||||||||||||||
| 101.LAB | Inline XBRL Taxonomy Extension Label Linkbase Document | X | ||||||||||||||||||||||||||||||
| 101.PRE | Inline XBRL Taxonomy Extension Presentation Linkbase Document | X | ||||||||||||||||||||||||||||||
| 104 | Cover Page Interactive Data File (formatted as Inline XBRL and contained in Exhibit 101). | X | ||||||||||||||||||||||||||||||
2024 Form 10-K | | 5 | ||||||
Blackbaud, Inc.
| SIGNATURES | |||||||
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this Form 10-K/A to be signed on its behalf by the undersigned, thereunto duly authorized.
| Blackbaud, Inc. | ||||||||
| Signed: | May 27, 2025 | /S/ MICHAEL P. GIANONI | ||||||
| Chief Executive Officer, President and Vice Chairman of the Board | ||||||||
| (Principal Executive Officer) | ||||||||
Pursuant to the requirements of the Securities Exchange Act of 1934, this Form 10-K/A has been signed below by the following persons on behalf of the Registrant and on the dates indicated.
| /S/ | MICHAEL P. GIANONI | Chief Executive Officer, President and Vice Chairman of the Board (Principal Executive Officer) | Date: | May 27, 2025 | ||||||||||||||||||||||
| Michael P. Gianoni | ||||||||||||||||||||||||||
| /S/ | CHAD M. ANDERSON | Executive Vice President and Chief Financial Officer (Principal Financial and Accounting Officer) | Date: | May 27, 2025 | ||||||||||||||||||||||
| Chad M. Anderson | ||||||||||||||||||||||||||
6 | | 2024 Form 10-K | ||||||