rbrk-2024043000019438961/312025Q1FALSEP1YP1MP3MP6Mxbrli:sharesiso4217:USDiso4217:USDxbrli:sharesxbrli:purerbrk:financial_institutionrbrk:segmentrbrk:classrbrk:voterbrk:trancherbrk:installmentrbrk:purchasing_period00019438962024-02-012024-04-300001943896us-gaap:CommonClassAMember2024-05-310001943896us-gaap:CommonClassBMember2024-05-3100019438962024-04-3000019438962024-01-310001943896us-gaap:CommonStockMember2024-01-310001943896us-gaap:CommonClassAMember2024-04-300001943896us-gaap:CommonClassBMember2024-04-300001943896us-gaap:SubscriptionAndCirculationMember2024-02-012024-04-300001943896us-gaap:SubscriptionAndCirculationMember2023-02-012023-04-300001943896us-gaap:MaintenanceMember2024-02-012024-04-300001943896us-gaap:MaintenanceMember2023-02-012023-04-300001943896us-gaap:ProductAndServiceOtherMember2024-02-012024-04-300001943896us-gaap:ProductAndServiceOtherMember2023-02-012023-04-3000019438962023-02-012023-04-300001943896us-gaap:CommonStockMember2024-01-310001943896us-gaap:AdditionalPaidInCapitalMember2024-01-310001943896us-gaap:AccumulatedOtherComprehensiveIncomeMember2024-01-310001943896us-gaap:RetainedEarningsMember2024-01-310001943896us-gaap:CommonStockMember2024-02-012024-04-300001943896us-gaap:AdditionalPaidInCapitalMember2024-02-012024-04-300001943896us-gaap:AccumulatedOtherComprehensiveIncomeMember2024-02-012024-04-300001943896us-gaap:RetainedEarningsMember2024-02-012024-04-300001943896us-gaap:CommonStockMember2024-04-300001943896us-gaap:AdditionalPaidInCapitalMember2024-04-300001943896us-gaap:AccumulatedOtherComprehensiveIncomeMember2024-04-300001943896us-gaap:RetainedEarningsMember2024-04-3000019438962023-01-310001943896us-gaap:CommonStockMember2023-01-310001943896us-gaap:AdditionalPaidInCapitalMember2023-01-310001943896us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-01-310001943896us-gaap:RetainedEarningsMember2023-01-310001943896us-gaap:CommonStockMember2023-02-012023-04-300001943896us-gaap:AdditionalPaidInCapitalMember2023-02-012023-04-300001943896us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-02-012023-04-300001943896us-gaap:RetainedEarningsMember2023-02-012023-04-3000019438962023-04-300001943896us-gaap:CommonStockMember2023-04-300001943896us-gaap:AdditionalPaidInCapitalMember2023-04-300001943896us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-04-300001943896us-gaap:RetainedEarningsMember2023-04-300001943896us-gaap:IPOMember2024-04-012024-04-300001943896us-gaap:IPOMember2024-04-3000019438962024-04-292024-04-2900019438962024-04-012024-04-300001943896srt:MinimumMember2024-02-012024-04-300001943896srt:MaximumMember2024-02-012024-04-300001943896us-gaap:SubscriptionAndCirculationMemberus-gaap:TransferredOverTimeMember2024-02-012024-04-300001943896us-gaap:SubscriptionAndCirculationMemberus-gaap:TransferredOverTimeMember2023-02-012023-04-300001943896us-gaap:SubscriptionAndCirculationMemberus-gaap:TransferredAtPointInTimeMember2024-02-012024-04-300001943896us-gaap:SubscriptionAndCirculationMemberus-gaap:TransferredAtPointInTimeMember2023-02-012023-04-300001943896us-gaap:MaintenanceMemberus-gaap:TransferredOverTimeMember2024-02-012024-04-300001943896us-gaap:MaintenanceMemberus-gaap:TransferredOverTimeMember2023-02-012023-04-300001943896us-gaap:ProductAndServiceOtherMemberus-gaap:TransferredOverTimeMember2024-02-012024-04-300001943896us-gaap:ProductAndServiceOtherMemberus-gaap:TransferredOverTimeMember2023-02-012023-04-300001943896us-gaap:ProductAndServiceOtherMemberus-gaap:TransferredAtPointInTimeMember2024-02-012024-04-300001943896us-gaap:ProductAndServiceOtherMemberus-gaap:TransferredAtPointInTimeMember2023-02-012023-04-3000019438962024-05-012024-04-300001943896us-gaap:RevenueFromContractWithCustomerMemberrbrk:PartnerAMemberus-gaap:CustomerConcentrationRiskMember2024-02-012024-04-300001943896us-gaap:RevenueFromContractWithCustomerMemberrbrk:PartnerAMemberus-gaap:CustomerConcentrationRiskMember2023-02-012023-04-300001943896us-gaap:AccountsReceivableMemberrbrk:PartnerAMemberus-gaap:CustomerConcentrationRiskMember2024-02-012024-04-300001943896us-gaap:AccountsReceivableMemberrbrk:PartnerAMemberus-gaap:CustomerConcentrationRiskMember2023-02-012024-01-310001943896us-gaap:RevenueFromContractWithCustomerMemberrbrk:PartnerBMemberus-gaap:CustomerConcentrationRiskMember2024-02-012024-04-300001943896us-gaap:RevenueFromContractWithCustomerMemberrbrk:PartnerBMemberus-gaap:CustomerConcentrationRiskMember2023-02-012023-04-300001943896us-gaap:AccountsReceivableMemberrbrk:PartnerBMemberus-gaap:CustomerConcentrationRiskMember2024-02-012024-04-300001943896us-gaap:AccountsReceivableMemberrbrk:PartnerBMemberus-gaap:CustomerConcentrationRiskMember2023-02-012024-01-310001943896us-gaap:RevenueFromContractWithCustomerMemberus-gaap:CustomerConcentrationRiskMemberrbrk:PartnerCMember2024-02-012024-04-300001943896us-gaap:RevenueFromContractWithCustomerMemberus-gaap:CustomerConcentrationRiskMemberrbrk:PartnerCMember2023-02-012023-04-300001943896us-gaap:AccountsReceivableMemberus-gaap:CustomerConcentrationRiskMemberrbrk:PartnerCMember2024-02-012024-04-300001943896us-gaap:AccountsReceivableMemberus-gaap:CustomerConcentrationRiskMemberrbrk:PartnerCMember2023-02-012024-01-310001943896srt:AmericasMember2024-02-012024-04-300001943896srt:AmericasMember2023-02-012023-04-300001943896us-gaap:EMEAMember2024-02-012024-04-300001943896us-gaap:EMEAMember2023-02-012023-04-300001943896srt:AsiaPacificMember2024-02-012024-04-300001943896srt:AsiaPacificMember2023-02-012023-04-300001943896country:US2024-02-012024-04-300001943896country:US2023-02-012023-04-300001943896us-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMembercountry:US2024-02-012024-04-300001943896us-gaap:RevenueFromContractWithCustomerMemberus-gaap:GeographicConcentrationRiskMembercountry:US2023-02-012023-04-300001943896rbrk:LaminarTechnologiesInc.Member2023-08-012023-08-310001943896us-gaap:DevelopedTechnologyRightsMemberrbrk:LaminarTechnologiesInc.Member2023-08-310001943896us-gaap:DevelopedTechnologyRightsMemberrbrk:LaminarTechnologiesInc.Member2023-08-012023-08-310001943896rbrk:LaminarTechnologiesInc.Member2023-08-310001943896rbrk:LaminarTechnologiesInc.Member2024-02-012024-04-300001943896rbrk:LaminarTechnologiesInc.Member2023-02-012023-04-300001943896us-gaap:CashMember2024-04-300001943896us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMember2024-04-300001943896us-gaap:FairValueInputsLevel1Memberus-gaap:USTreasurySecuritiesMember2024-04-300001943896us-gaap:FairValueInputsLevel1Member2024-04-300001943896us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel2Member2024-04-300001943896us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueInputsLevel2Member2024-04-300001943896us-gaap:FairValueInputsLevel2Memberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2024-04-300001943896us-gaap:FairValueInputsLevel2Member2024-04-300001943896us-gaap:CashMember2024-01-310001943896us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMember2024-01-310001943896us-gaap:FairValueInputsLevel1Memberus-gaap:USTreasurySecuritiesMember2024-01-310001943896us-gaap:FairValueInputsLevel1Member2024-01-310001943896us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel2Member2024-01-310001943896us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueInputsLevel2Member2024-01-310001943896us-gaap:FairValueInputsLevel2Memberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2024-01-310001943896us-gaap:FairValueInputsLevel2Member2024-01-310001943896us-gaap:EquipmentMember2024-04-300001943896us-gaap:EquipmentMember2024-01-310001943896us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2024-04-300001943896us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2024-01-310001943896us-gaap:LeaseholdImprovementsMember2024-04-300001943896us-gaap:LeaseholdImprovementsMember2024-01-310001943896us-gaap:FurnitureAndFixturesMember2024-04-300001943896us-gaap:FurnitureAndFixturesMember2024-01-310001943896us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2024-02-012024-04-300001943896us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2023-02-012023-04-300001943896us-gaap:LineOfCreditMemberus-gaap:RevolvingCreditFacilityMemberrbrk:PriorCreditFacilityMember2022-06-100001943896rbrk:TermLoanMemberus-gaap:LineOfCreditMemberrbrk:PriorCreditFacilityMember2022-06-100001943896us-gaap:LineOfCreditMemberrbrk:PriorCreditFacilityMemberus-gaap:DelayedDrawTermLoanMember2022-06-100001943896rbrk:TermLoanMemberus-gaap:LineOfCreditMemberrbrk:PriorCreditFacilityMember2022-06-102022-06-100001943896us-gaap:LineOfCreditMemberrbrk:AlternateBaseRateLoansMemberrbrk:PriorCreditFacilityMemberrbrk:AlternateBaseRateMember2022-06-102022-06-100001943896us-gaap:LineOfCreditMemberrbrk:AlternateBaseRateLoansMemberrbrk:PriorCreditFacilityMemberus-gaap:FederalFundsEffectiveSwapRateMember2022-06-102022-06-100001943896us-gaap:LineOfCreditMemberrbrk:AlternateBaseRateLoansMemberus-gaap:SecuredOvernightFinancingRateSofrMemberrbrk:PriorCreditFacilityMember2022-06-102022-06-100001943896us-gaap:LineOfCreditMemberus-gaap:SecuredOvernightFinancingRateSofrMemberrbrk:PriorCreditFacilityMemberrbrk:TermSecuredOvernightFinancingRateLoansMember2022-06-102022-06-100001943896us-gaap:LineOfCreditMemberrbrk:PriorCreditFacilityMemberrbrk:TermSecuredOvernightFinancingRateLoansMember2022-06-100001943896rbrk:AmendedCreditFacilityMemberus-gaap:LineOfCreditMemberus-gaap:RevolvingCreditFacilityMember2023-08-170001943896rbrk:AmendedCreditFacilityMemberrbrk:TermLoanMemberus-gaap:LineOfCreditMember2023-08-170001943896rbrk:AmendedCreditFacilityMemberus-gaap:LineOfCreditMemberus-gaap:DelayedDrawTermLoanMember2023-08-170001943896us-gaap:LineOfCreditMemberus-gaap:RevolvingCreditFacilityMemberrbrk:PriorCreditFacilityMember2023-07-310001943896rbrk:TermLoanMemberus-gaap:LineOfCreditMemberrbrk:PriorCreditFacilityMember2023-07-310001943896rbrk:AmendedCreditFacilityMemberrbrk:TermLoanMemberus-gaap:LineOfCreditMember2023-08-172023-08-170001943896rbrk:AmendedCreditFacilityMemberus-gaap:LineOfCreditMemberus-gaap:DelayedDrawTermLoanMember2023-08-172023-08-170001943896rbrk:AmendedCreditFacilityMemberus-gaap:LineOfCreditMemberrbrk:AlternateBaseRateLoansMemberrbrk:AlternateBaseRateMember2023-08-172023-08-170001943896rbrk:AmendedCreditFacilityMemberus-gaap:LineOfCreditMemberus-gaap:SecuredOvernightFinancingRateSofrMemberrbrk:TermSecuredOvernightFinancingRateLoansMember2023-08-172023-08-170001943896rbrk:AmendedCreditFacilityMemberus-gaap:LineOfCreditMemberus-gaap:RevolvingCreditFacilityMember2023-08-172023-08-170001943896rbrk:AmendedCreditFacilityMemberus-gaap:LineOfCreditMembersrt:ScenarioForecastMemberus-gaap:RevolvingCreditFacilityMember2026-08-012026-08-310001943896us-gaap:LineOfCreditMemberus-gaap:DelayedDrawTermLoanMember2024-04-300001943896srt:MinimumMemberus-gaap:LineOfCreditMemberus-gaap:DelayedDrawTermLoanMember2024-04-300001943896us-gaap:LineOfCreditMemberus-gaap:DelayedDrawTermLoanMembersrt:MaximumMember2024-04-300001943896us-gaap:LineOfCreditMemberus-gaap:RevolvingCreditFacilityMemberrbrk:PriorCreditFacilityMember2022-06-102022-06-100001943896rbrk:AmendedCreditFacilityMemberus-gaap:LineOfCreditMember2023-08-170001943896us-gaap:LineOfCreditMemberus-gaap:DelayedDrawTermLoanMember2024-02-012024-04-300001943896us-gaap:LineOfCreditMemberus-gaap:DelayedDrawTermLoanMember2023-02-012023-04-300001943896us-gaap:SeniorNotesMemberrbrk:BridgeNotesMember2024-04-250001943896us-gaap:SeniorNotesMemberrbrk:BridgeNotesMember2024-04-252024-04-290001943896srt:MaximumMember2024-04-300001943896srt:MinimumMember2024-04-300001943896rbrk:A2014StockPlanMemberus-gaap:CommonClassBMember2024-04-300001943896us-gaap:CommonClassAMemberrbrk:A2024StockPlanMember2024-04-300001943896rbrk:A2024StockPlanMember2024-04-300001943896us-gaap:EmployeeStockMember2024-04-300001943896us-gaap:EmployeeStockOptionMember2024-02-012024-04-300001943896us-gaap:ShareBasedCompensationAwardTrancheOneMemberus-gaap:EmployeeStockOptionMember2024-02-012024-04-3000019438962023-02-012024-01-310001943896rbrk:EmployeeStockOptionServiceBasedVestingConditionMember2024-02-012024-04-300001943896rbrk:EmployeeStockOptionServiceBasedVestingConditionMember2023-02-012023-04-300001943896srt:ChiefExecutiveOfficerMember2024-02-012024-04-300001943896us-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMember2024-04-240001943896us-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMember2024-04-242024-04-240001943896us-gaap:ShareBasedCompensationAwardTrancheOneMemberus-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896us-gaap:ShareBasedCompensationAwardTrancheTwoMemberus-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896us-gaap:ShareBasedCompensationAwardTrancheThreeMemberus-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896us-gaap:EmployeeStockOptionMemberrbrk:ShareBasedPaymentArrangementTrancheFourMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896us-gaap:EmployeeStockOptionMemberrbrk:ShareBasedPaymentArrangementTrancheFiveMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896us-gaap:EmployeeStockOptionMemberrbrk:ShareBasedPaymentArrangementTrancheSixMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896rbrk:ShareBasedPaymentArrangementTrancheSevenMemberus-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896us-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMemberrbrk:ShareBasedPaymentArrangementTrancheEightMember2024-04-300001943896rbrk:ShareBasedPaymentArrangementTrancheNineMemberus-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896us-gaap:EmployeeStockOptionMemberrbrk:ShareBasedPaymentArrangementTrancheTenMembersrt:ChiefExecutiveOfficerMember2024-04-300001943896srt:MinimumMemberus-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMember2024-04-242024-04-240001943896us-gaap:EmployeeStockOptionMembersrt:ChiefExecutiveOfficerMembersrt:MaximumMember2024-04-242024-04-240001943896us-gaap:RestrictedStockUnitsRSUMember2024-02-012024-04-300001943896us-gaap:RestrictedStockUnitsRSUMember2024-01-310001943896us-gaap:RestrictedStockUnitsRSUMember2024-04-300001943896rbrk:RestrictedStockUnitsRSUsModifiedMember2024-02-012024-02-290001943896rbrk:RestrictedStockUnitsRSUsModifiedMember2024-02-290001943896rbrk:RestrictedStockUnitsRSUsModifiedMember2024-02-012024-04-300001943896us-gaap:RestrictedStockUnitsRSUMember2023-02-012023-04-300001943896us-gaap:EmployeeStockMember2024-02-012024-04-300001943896us-gaap:CommonClassAMember2024-04-240001943896rbrk:CostOfSalesSubscriptionMember2024-02-012024-04-300001943896rbrk:CostOfSalesSubscriptionMember2023-02-012023-04-300001943896rbrk:CostOfSalesMaintenanceMember2024-02-012024-04-300001943896rbrk:CostOfSalesMaintenanceMember2023-02-012023-04-300001943896rbrk:CostOfSalesOtherMember2024-02-012024-04-300001943896rbrk:CostOfSalesOtherMember2023-02-012023-04-300001943896us-gaap:ResearchAndDevelopmentExpenseMember2024-02-012024-04-300001943896us-gaap:ResearchAndDevelopmentExpenseMember2023-02-012023-04-300001943896us-gaap:SellingAndMarketingExpenseMember2024-02-012024-04-300001943896us-gaap:SellingAndMarketingExpenseMember2023-02-012023-04-300001943896us-gaap:GeneralAndAdministrativeExpenseMember2024-02-012024-04-300001943896us-gaap:GeneralAndAdministrativeExpenseMember2023-02-012023-04-300001943896us-gaap:CommonClassAMember2024-02-012024-04-300001943896us-gaap:CommonClassBMember2024-02-012024-04-300001943896us-gaap:CommonClassBMember2023-02-012023-04-300001943896rbrk:CommonStockBFoundersStockMember2023-02-012023-04-300001943896us-gaap:ConvertiblePreferredStockMember2024-02-012024-04-300001943896us-gaap:ConvertiblePreferredStockMember2023-02-012023-04-300001943896us-gaap:EmployeeStockOptionMember2024-02-012024-04-300001943896us-gaap:EmployeeStockOptionMember2023-02-012023-04-300001943896us-gaap:RestrictedStockUnitsRSUMember2024-02-012024-04-300001943896us-gaap:RestrictedStockUnitsRSUMember2023-02-012023-04-300001943896us-gaap:SubsequentEventMemberus-gaap:CommonClassAMemberus-gaap:OverAllotmentOptionMember2024-05-012024-05-310001943896us-gaap:SubsequentEventMemberus-gaap:OverAllotmentOptionMember2024-05-310001943896us-gaap:SubsequentEventMemberus-gaap:OverAllotmentOptionMember2024-05-012024-05-31
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 10-Q
| | | | | |
(Mark One) | |
x | QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the quarterly period ended April 30, 2024 |
or |
o | TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the transition period from_________to ________ |
Commission File Number: 001-42028 |
_________________________
RUBRIK, INC.
(Exact name of registrant as specified in its charter)
_________________________
| | | | | | | | |
Delaware (State or other jurisdiction of incorporation or organization) | | 46-4560494 (I.R.S. Employer Identification No.) |
| | |
3495 Deer Creek Road, Palo Alto, California 94304 |
(Address of principal executive offices and zip code) |
(844) 478-2745 |
(Registrant's telephone number, including area code) |
_________________________
Securities registered pursuant to Section 12(b) of the Act:
| | | | | | | | |
Title of each class | Trading Symbol(s) | Name of each exchange on which registered |
Class A Common Stock, $0.000025 par value | RBRK | New York Stock Exchange |
Indicate by checkmark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15 (d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days. Yes o No x
Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes x No o
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and "emerging growth company" in Rule 12b-2 of the Exchange Act.
| | | | | | | | | | | | | | |
Large accelerated filer | o | | Accelerated filer | o |
Non-accelerated filer | x | | Smaller reporting company | o |
| | | Emerging growth company | x |
If an emerging growth company, indicate by check mark if the Registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes o No x
As of May 31, 2024, Rubrik Inc. had 55,572,220 shares of Class A common stock outstanding, and 124,492,434 shares of Class B common stock outstanding.
Rubrik, Inc.
FORM 10-Q
For the Fiscal Quarter Ended April 30, 2024
TABLE OF CONTENTS
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 2 | |
| | | | |
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Quarterly Report on Form 10-Q contains forward-looking statements about us and our industry that involve substantial risks and uncertainties. All statements other than statements of historical facts contained in this Quarterly Report on Form 10-Q, including statements regarding our future financial condition or results of operations, business strategy and plans, and objectives of management for future operations are forward-looking statements. In some cases, you can identify forward-looking statements because they contain words such as “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “plan,” “potential,” “predict,” “project,” “should,” “target,” “toward,” “will,” “would,” or the negative of these words or other similar terms or expressions. These forward-looking statements include, but are not limited to, statements concerning the following:
•our expectations regarding our revenue, cost of revenue, gross profit or gross margin, operating expenses, and other results of operations, including our key metrics;
•the growth rate of the market in which we compete;
•our business plan and our ability to effectively manage our growth and associated investments;
•anticipated trends, growth rates, and challenges in our business and in the markets in which we operate;
•our ability to achieve or sustain our profitability;
•future investments in our business, our anticipated capital expenditures, and our estimates regarding our capital requirements;
•the costs and success of our marketing efforts and our ability to promote our brand;
•our ability to increase sales of our products;
•our ability to acquire new customers and successfully retain and expand platform usage with existing customers;
•our ability and expectations to continue to innovate and enhance our platform;
•our ability to operate our business under evolving macroeconomic conditions, such as high inflation, bank failures and related uncertainties, or recessionary or uncertain environments;
•our ability to compete effectively with existing competitors and new market entrants; and
•our ability to introduce new products on top of our platform.
We caution you that the foregoing list may not contain all of the forward-looking statements made in this Quarterly Report on Form 10-Q.
You should not rely on forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this Quarterly Report on Form 10-Q primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, and results of operations. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, and other factors described in the section titled “Risk Factors” and elsewhere in this Quarterly Report on Form 10-Q. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this Quarterly Report on Form 10-Q. The results, events, and circumstances reflected in the forward-looking statements may not be achieved or occur, and actual results, events, or circumstances could differ materially from those described in the forward-looking statements.
In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based on information available to us as of the date of this Quarterly Report on Form 10-Q. While we believe such information provides a reasonable basis for these statements, such information may be limited or incomplete. Our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all relevant information. These statements are inherently uncertain, and investors are cautioned not to unduly rely on these statements.
The forward-looking statements made in this Quarterly Report on Form 10-Q relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Quarterly Report on Form 10-Q to reflect events or circumstances after the date of this Quarterly Report on Form 10-Q or to reflect new information, actual results, revised expectations, or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures, or investments.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 3 | |
| | | | |
RISK FACTORS SUMMARY
Below is a summary of the principal factors that make an investment in our Class A common stock speculative or risky:
•Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects.
•If the market for data security solutions does not grow, our ability to grow our business and our results of operations may be adversely affected.
•We have a limited operating history, particularly with respect to our offering of RSC, which makes it difficult to forecast our future results of operations.
•If we are unable to attract new customers, our future results of operations could be harmed.
•We have a history of operating losses and may not achieve or sustain profitability in the future.
•If our customers do not renew their subscriptions for our data security solutions or expand their subscriptions to increase the amount of data secured, secure new applications, or include new features or capabilities, our results of operations could be harmed.
•If our data security solutions fail or do not perform as intended or are perceived to have defects, errors, or vulnerabilities, our brand and reputation will be harmed, which would adversely affect our business and results of operations.
•Our information technology systems or data, or those of third parties upon which we rely, have in the past been, and may in the future be, compromised, which may cause us to experience significant adverse consequences, including but not limited to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, loss of revenue or profits, loss of customers or sales, and other adverse consequences. As a data security company, we have been and may in the future be specifically targeted by various threat actors who try to compromise our information technology systems or data.
•Our use of generative artificial intelligence tools may pose risks to our proprietary software and systems and subject us to legal liability.
•We expect our revenue mix and certain business factors to impact the amount of revenue recognized period to period, which could make period-to-period revenue comparisons not meaningful and make revenue difficult to predict.
•We rely upon third-party cloud providers to host our data security solutions, and any disruption of, or interference with, our use of third-party cloud products would adversely affect our business, financial condition, and results of operations.
•We may not be able to successfully manage our growth, and if we are not able to grow efficiently, our business, financial condition, and results of operations could be harmed.
•The markets in which we participate are competitive, and if we do not compete effectively, our business, financial condition, and results of operations could be harmed.
•The estimates of market opportunity, forecasts of market growth, and potential return on investment may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
•The dual class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with the holders of our Class B common stock, including our executive officers, employees, and directors and their affiliates, and limiting your ability to influence corporate matters, which could adversely affect the trading price of our Class A common stock.
WHERE YOU CAN FIND MORE INFORMATION
Investors and others should note that we may announce material business and financial information to our investors using our Investor Relations website (ir.rubrik.com), our filings with the Securities and Exchange Commission (“SEC”), webcasts, press releases, public conference calls, and blogs published on our website. We use these mediums, as well as social media, including certain X (formerly Twitter) (@rubrikInc and @bipulsinha) and LinkedIn (www.linkedin.com/company/rubrik-inc and www.linkedin.com/in/bipulsinha) accounts, to communicate with investors and the general public about our company, our products, and other issues. It is possible that the information that we make available in these locations may be deemed to be material information. We therefore encourage investors and others interested in our company to review the information that we make available in these locations.
The information we post through these channels is not a part of this Quarterly Report on Form 10-Q. Any updates to the list of disclosure channels through which we will announce information will be posted on the investor relations page on our website.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 4 | |
| | | | |
PART I. FINANCIAL INFORMATION
Item 1. Financial Statements (unaudited)
Rubrik, Inc.
CONDENSED CONSOLIDATED BALANCE SHEETS
(in thousands, except share and par value amounts)
(unaudited)
| | | | | | | | | | | |
| April 30, | | January 31, |
| 2024 | | 2024 |
Assets |
Current assets | | | |
Cash and cash equivalents | $ | 502,614 | | | $ | 130,031 | |
Short-term investments | 103,706 | | | 149,220 | |
Accounts receivable, net of allowances of $529 and $247 | 97,369 | | | 133,544 | |
Deferred commissions | 74,529 | | | 72,057 | |
Prepaid expenses and other current assets | 74,724 | | | 63,861 | |
Total current assets | 852,942 | | | 548,713 | |
Property and equipment, net | 45,983 | | | 47,873 | |
Deferred commissions, noncurrent | 114,166 | | | 113,814 | |
Goodwill | 100,343 | | | 100,343 | |
Other assets, noncurrent | 52,938 | | | 62,867 | |
Total assets | $ | 1,166,372 | | | $ | 873,610 | |
Liabilities, redeemable convertible preferred stock and stockholders’ deficit |
Current liabilities | | | |
Accounts payable | $ | 8,552 | | | $ | 6,867 | |
Accrued expenses and other current liabilities | 160,334 | | | 122,934 | |
Deferred revenue | 569,159 | | | 526,480 | |
Total current liabilities | 738,045 | | | 656,281 | |
Deferred revenue, noncurrent | 590,595 | | | 579,781 | |
Other liabilities, noncurrent | 55,226 | | | 55,050 | |
Debt, noncurrent | 297,104 | | | 287,042 | |
Total liabilities | 1,680,970 | | | 1,578,154 | |
Commitments and contingencies (Note 8) | | | |
Redeemable convertible preferred stock, $0.000025 par value – zero and 74,182,559 shares authorized as of April 30, 2024 and January 31, 2024, respectively; zero and 74,182,559 shares issued and outstanding as of April 30, 2024 and January 31, 2024, respectively; liquidation preference of zero and $715,100 as of April 30, 2024 and January 31, 2024, respectively | — | | | 714,713 | |
Stockholders’ deficit | | | |
Preferred stock, $0.000025 par value – 20,000,000 and zero shares authorized as of April 30, 2024 and January 31, 2024, respectively; zero shares issued and outstanding as of April 30, 2024 and January 31, 2024, respectively | — | | | — | |
Common stock, $0.000025 par value – zero and 203,935,682 shares authorized as of April 30, 2024 and January 31, 2024, respectively; zero and 55,862,729 shares issued and outstanding as of April 30, 2024 and January 31, 2024, respectively | — | | | 1 | |
Convertible founders stock, $0.000125 par value – zero and 5,400,000 shares authorized as of April 30, 2024 and January 31, 2024, respectively; zero and 5,400,000 shares issued and outstanding as of April 30, 2024 and January 31, 2024, respectively | — | | | — | |
Class A common stock, $0.000025 par value – 1,070,000,000 and zero shares authorized as of April 30, 2024 and January 31, 2024, respectively; 52,097,112 and zero shares issued and outstanding as of April 30, 2024 and January 31, 2024, respectively | 1 | | | — | |
Class B common stock, $0.000025 par value – 210,000,000 and zero shares authorized as of April 30, 2024 and January 31, 2024, respectively; 124,492,434 and zero shares issued and outstanding as of April 30, 2024 and January 31, 2024, respectively | 3 | | | — | |
Additional paid-in capital | 1,902,906 | | | 265,494 | |
Accumulated other comprehensive loss | (2,904) | | | (2,239) | |
Accumulated deficit | (2,414,604) | | | (1,682,513) | |
Total stockholders’ deficit | (514,598) | | | (1,419,257) | |
Total liabilities, redeemable convertible preferred stock and stockholders’ deficit | $ | 1,166,372 | | | $ | 873,610 | |
The accompanying notes are an integral part of these condensed consolidated financial statements.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 5 | |
| | | | |
Rubrik, Inc.
CONDENSED CONSOLIDATED STATEMENTS OF OPERATIONS
(in thousands, except per share amounts)
(unaudited)
| | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | |
| 2024 | | 2023 | | | | |
Revenue | | | | | | | |
Subscription | $ | 172,195 | | | $ | 108,398 | | | | | |
Maintenance | 5,667 | | | 12,288 | | | | | |
Other | 9,453 | | | 15,054 | | | | | |
Total revenue | 187,315 | | | 135,740 | | | | | |
| | | | | | | |
Cost of revenue | | | | | | | |
Subscription | 73,725 | | | 21,637 | | | | | |
Maintenance | 3,609 | | | 2,271 | | | | | |
Other | 18,645 | | | 11,983 | | | | | |
Total cost of revenue | 95,979 | | | 35,891 | | | | | |
| | | | | | | |
Gross profit | 91,336 | | | 99,849 | | | | | |
Operating expenses | | | | | | | |
Research and development | 285,379 | | | 46,266 | | | | | |
Sales and marketing | 379,329 | | | 115,362 | | | | | |
General and administrative | 151,465 | | | 22,817 | | | | | |
Total operating expenses | 816,173 | | | 184,445 | | | | | |
| | | | | | | |
Loss from operations | (724,837) | | | (84,596) | | | | | |
Interest income | 2,942 | | | 2,617 | | | | | |
Interest expense | (10,624) | | | (5,532) | | | | | |
Other income (expense), net | (623) | | | (554) | | | | | |
Loss before income taxes | (733,142) | | | (88,065) | | | | | |
Income tax expense (benefit) | (1,051) | | | 1,208 | | | | | |
Net loss | $ | (732,091) | | | $ | (89,273) | | | | | |
Net loss per share attributable to common shareholders, basic and diluted | $ | (11.48) | | | $ | (1.49) | | | | | |
Weighted-average shares used in computing net loss per share attributable to common shareholders, basic and diluted | 63,794 | | | 59,940 | | | | | |
The accompanying notes are an integral part of these condensed consolidated financial statements.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 6 | |
| | | | |
Rubrik, Inc.
CONDENSED CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS
(in thousands)
(unaudited)
| | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | |
| 2024 | | 2023 | | | | |
Net loss | $ | (732,091) | | | $ | (89,273) | | | | | |
Foreign currency translation adjustment, net of tax | (489) | | | 513 | | | | | |
Unrealized gain (loss) on available-for-sale securities, net of tax | (176) | | | 106 | | | | | |
Total other comprehensive income (loss), net of tax | (665) | | | 619 | | | | | |
Comprehensive loss | $ | (732,756) | | | $ | (88,654) | | | | | |
The accompanying notes are an integral part of these condensed consolidated financial statements.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 7 | |
| | | | |
Rubrik, Inc.
CONDENSED CONSOLIDATED STATEMENTS OF REDEEMABLE CONVERTIBLE PREFERRED STOCK AND STOCKHOLDERS' DEFICIT
(in thousands, except share amounts)
(unaudited)
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, 2024 |
| Redeemable convertible preferred stock | | | Common stock | | Additional paid-in capital | | Accumulated other comprehensive income (loss) | | Accumulated deficit | | Total stockholders' deficit |
| Shares | | Amount | | | Shares | | Amount | | | | |
Balances as of January 31, 2024 | 74,182,559 | | | $ | 714,713 | | | | 61,262,729 | | | $ | 1 | | | $ | 265,494 | | | $ | (2,239) | | | $ | (1,682,513) | | | $ | (1,419,257) | |
Conversion of redeemable convertible preferred stock and founder stock to common stock upon initial public offering | (74,182,559) | | | (714,713) | | | | 74,182,559 | | | 2 | | | 714,711 | | | — | | | — | | | 714,713 | |
Issuance of common stock upon initial public offering, net of underwriting discounts and commissions, and offering costs | — | | | — | | | | 23,500,000 | | | 1 | | | 700,010 | | | — | | | — | | | 700,011 | |
Issuance of common stock upon exercise of stock options | — | | | — | | | | 641,537 | | | — | | | 3,618 | | | — | | | — | | | 3,618 | |
Issuance of common stock for net settlement of restricted stock awards and restricted stock units | — | | | — | | | | 17,002,721 | | | — | | | (411,518) | | | — | | | — | | | (411,518) | |
Stock-based compensation | — | | | — | | | | — | | | — | | | 630,591 | | | — | | | — | | | 630,591 | |
Other comprehensive income (loss) | — | | | — | | | | — | | | — | | | — | | | (665) | | | — | | | (665) | |
Net loss | — | | | — | | | | — | | | — | | | — | | | — | | | (732,091) | | | (732,091) | |
Balances as of April 30, 2024 | — | | | $ | — | | | | 176,589,546 | | | $ | 4 | | | $ | 1,902,906 | | | $ | (2,904) | | | $ | (2,414,604) | | | $ | (514,598) | |
| | | | | | | | | | | | | | | | |
| Three Months Ended April 30, 2023 |
| Redeemable convertible preferred stock | | | Common stock | | Additional paid-in capital | | Accumulated other comprehensive income (loss) | | Accumulated deficit | | Total stockholders' deficit |
| Shares | | Amount | | | Shares | | Amount | | | | |
Balances as of January 31, 2023 | 74,182,559 | | | $ | 714,713 | | | | 59,878,717 | | | $ | 1 | | | $ | 242,326 | | | $ | (1,301) | | | $ | (1,328,355) | | | $ | (1,087,329) | |
Issuance of common stock upon exercise of stock options | — | | | — | | | | 343,569 | | | — | | | 974 | | | — | | | — | | | 974 | |
| | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | |
Stock-based compensation | — | | | — | | | | — | | | — | | | 428 | | | — | | | — | | | 428 | |
Other comprehensive income (loss) | — | | | — | | | | — | | | — | | | — | | | 619 | | | — | | | 619 | |
Net loss | — | | | — | | | | — | | | — | | | — | | | — | | | (89,273) | | | (89,273) | |
Balances as of April 30, 2023 | 74,182,559 | | | $ | 714,713 | | | | 60,222,286 | | | $ | 1 | | | $ | 243,728 | | | $ | (682) | | | $ | (1,417,628) | | | $ | (1,174,581) | |
The accompanying notes are an integral part of these condensed consolidated financial statements.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 8 | |
| | | | |
Rubrik, Inc.
CONDENSED CONSOLIDATED STATEMENTS OF CASH FLOWS
(in thousands)
(unaudited)
| | | | | | | | | | | |
| Three Months Ended April 30, |
| 2024 | | 2023 |
Cash flows from operating activities: | | | |
Net loss | $ | (732,091) | | | $ | (89,273) | |
Adjustments to reconcile net loss to net cash used in operating activities: | | | |
Depreciation and amortization | 7,190 | | | 5,572 | |
Stock-based compensation | 630,330 | | | 428 | |
Amortization of deferred commissions | 20,377 | | | 16,445 | |
Non-cash interest | 9,700 | | | — | |
Deferred income taxes | (990) | | | 387 | |
Other | 863 | | | 35 | |
Changes in operating assets and liabilities: | | | |
Accounts receivable | 36,175 | | | 22,161 | |
Deferred commissions | (23,201) | | | (19,917) | |
Prepaid expenses and other assets | (13,920) | | | 12,477 | |
Accounts payable | 2,748 | | | 441 | |
Accrued expenses and other liabilities | (22,055) | | | (38,168) | |
Deferred revenue | 53,493 | | | 71,955 | |
Net cash used in operating activities | (31,381) | | | (17,457) | |
Cash flows from investing activities: | | | |
Purchases of property and equipment | (3,639) | | | (3,373) | |
Capitalized internal-use software | (2,103) | | | (2,416) | |
Purchases of investments | (42,688) | | | (72,204) | |
Sale of investments | 27,978 | | | 7,503 | |
Maturities of investments | 61,189 | | | 75,536 | |
Net cash provided by investing activities | 40,737 | | | 5,046 | |
Cash flows from financing activities: | | | |
Proceeds from initial public offering, net of underwriting discounts and commissions | 710,264 | | | — | |
Taxes paid related to net share settlement of equity awards | (350,444) | | | — | |
Proceeds from exercise of stock options | 3,618 | | | 974 | |
Payments for deferred offering costs, net | (775) | | | (415) | |
Payments for debt discount costs | (475) | | | — | |
Payments for debt issuance costs | (6) | | | — | |
Net cash provided by financing activities | 362,182 | | | 559 | |
Effect of exchange rate on cash, cash equivalents, and restricted cash | (489) | | | 513 | |
Net increase (decrease) in cash, cash equivalents, and restricted cash | 371,049 | | | (11,339) | |
Cash, cash equivalents, and restricted cash, beginning of year | 137,059 | | | 140,606 | |
Cash, cash equivalents, and restricted cash, end of year | $ | 508,108 | | | $ | 129,267 | |
Supplemental cash flow information: | | | |
Cash paid for income taxes, net of refunds | $ | 1,781 | | | $ | 1,272 | |
Cash paid for interest | 247 | | | — | |
Non-cash investing and financing activities: | | | |
Transfers of inventory to property and equipment | 42 | | | 61 | |
Property and equipment received, included in payables and accrued but not paid | 559 | | | 2,097 | |
Stock-based compensation capitalized in internal-use software | 261 | | | — | |
Deferred offering costs accrued but not paid | 3,019 | | | 457 | |
The accompanying notes are an integral part of these condensed consolidated financial statements.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 9 | |
| | | | |
Rubrik, Inc.
NOTES TO CONDENSED CONSOLIDATED FINANCIAL STATEMENTS
(unaudited)
Note 1 – Description of Business
Rubrik, Inc. (“Rubrik” or the “Company”) is on a mission to secure the world’s data. Rubrik offers data security solutions to organizations ranging from the largest companies worldwide to mid-sized smaller customers. The Company was incorporated in December 2013 as ScaleData, Inc., a Delaware corporation, and changed its name to Rubrik, Inc. in October 2014. The Company is headquartered in Palo Alto, California.
Initial Public Offering
In April 2024, the Company completed its initial public offering ("IPO") in which it issued and sold 23,500,000 shares of its Class A common stock at the public offering price of $32.00 per share (the "IPO Price"). The Company received net proceeds of approximately $700.0 million after deducting underwriting discounts and commissions, as well as offering costs.
Immediately prior to the completion of the IPO, all 74,182,559 shares of the Company’s then-outstanding redeemable convertible preferred stock automatically converted into an equal number of shares of Class B common stock, and all 5,400,000 shares of the Company’s then-outstanding convertible founder stock automatically converted into an equal number of shares of Class B common stock.
Prior to the IPO, deferred offering costs, which consist of direct incremental legal, accounting, and other fees relating to the IPO, were capitalized in other assets, noncurrent on the condensed consolidated balance sheets. Upon the consummation of the IPO, $10.3 million of deferred offering costs, net of reimbursement received from the underwriters, were reclassified into stockholders’ equity as an offset against the IPO proceeds.
Prior to the IPO, the Company granted restricted stock units (“RSUs”) with both service-based and liquidity event-related performance-based vesting conditions ("IPO Vesting RSUs"). Upon the consummation of the IPO, the Company recognized stock-based compensation expense for those IPO Vesting RSUs that had met or partially met the service-based vesting condition as the performance-based vesting condition was satisfied. To meet the related tax withholding requirements related to these IPO Vesting RSUs, the Company withheld 12,859,902 shares of Class A common stock subject to the vesting of the IPO Vesting RSUs with a value of $411.5 million to remit to the relevant tax authorities in cash to satisfy such tax obligations as well as any income tax withholding obligations arising as a result of settlement of such shares.
Note 2 – Basis of Presentation and Summary of Significant Accounting Policies
Fiscal Year
The Company's fiscal year ends on January 31. For example, references to fiscal 2025 and 2024 refer to the fiscal year ending January 31, 2025 and January 31, 2024, respectively.
Basis of Presentation and Principles of Consolidation
The accompanying unaudited condensed consolidated financial statements have been prepared in conformity with accounting principles generally accepted in the United States (“U.S. GAAP”) and applicable rules and regulations of the U.S. Securities and Exchange Commission (the SEC) regarding interim financial reporting. Accordingly, they do not include all disclosures normally required in annual consolidated financial statements prepared in accordance with U.S. GAAP. Therefore, these unaudited condensed consolidated financial statements should be read in conjunction with the audited consolidated financial statements and notes included in the Company’s final prospectus dated April 24, 2024 and filed with the SEC pursuant to Rule 424(b)(4) on April 26, 2024 ("Final Prospectus").
In management’s opinion, the unaudited condensed consolidated financial statements have been prepared on a basis consistent with the annual consolidated financial statements and reflect all adjustments, which include only normal recurring adjustments necessary for the fair statement of the Company’s financial position as of April 30, 2024 and the results of operations and cash flows for the three months ended April 30, 2024 and 2023. The results of operations for the three months ended April 30, 2024 are not necessarily indicative of the results to be expected for the full fiscal year or any other future interim or annual period.
The condensed consolidated financial statements include the accounts of Rubrik, Inc. and its wholly owned subsidiaries. All intercompany accounts and transactions have been eliminated in consolidation.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 10 | |
| | | | |
Use of Estimates
The preparation of condensed consolidated financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. Such management estimates include, but are not limited to, the estimation of standalone selling prices for performance obligations, the estimates for material rights, the application of a portfolio approach for capitalization of deferred commissions, the determination of the period of benefit for deferred commissions, the determination of fair value of the Company’s common stock prior to the completion of the IPO, the determination of the grant date fair value of our CEO Performance Award, the valuation and assessment of recoverability of intangible assets and their estimated useful lives, the assessment of goodwill impairment, the incremental borrowing rate used to value operating lease liabilities, the valuation of deferred income tax assets and uncertain tax positions, and contingencies. Management evaluates these estimates and assumptions on an ongoing basis using historical experience and other factors and makes adjustments when facts and circumstances dictate. Actual results could differ materially from these estimates.
Revenue Recognition
The Company generates revenue primarily from the sale of subscriptions and typically invoices customers at the inception of the contract. The Company’s contracts with customers have a typical stated duration ranging from one to five years, with the majority of contracts having a stated duration of three years. The Company’s contracts with customers are generally non-cancelable and non-refundable. The Company primarily sells products and services to end users through distributors and resellers (“Channel Partners”). Channel Partners are the Company’s customers. The Company offers rebates to its Channel Partners calculated as a fixed percentage of the total selling price of a revenue contract. The Company accounts for rebates as consideration payable to a customer and records the amounts as a reduction to revenue.
The Company determines revenue recognition through the following steps:
•Identification of the contract, or contracts, with a customer;
•Identification of the performance obligations in the contract;
•Determination of the transaction price;
•Allocation of the transaction price to the performance obligations in the contract; and
•Recognition of revenue when, or as, the Company satisfies a performance obligation.
Payment terms of the Company’s contracts range from 30 days to 60 days after fulfillment or service commencement date, except for certain contracts, which are billed in installments over the contract term.
The Company determines its transaction price based on the expected amount it is entitled to receive in exchange for transferring promised products and services to the customer.
The Company’s contracts with customers can include multiple products and services. The Company determines performance obligations in a customer contract by assessing whether products and services are capable of being distinct and distinct in the context of the contract, including customer options that are determined to be material rights. The transaction price is allocated to the separate performance obligations based on the relative standalone selling price basis. The standalone selling price is determined based on the price at which the performance obligation either is sold separately or, if not observable through past transactions, is estimated taking into account available information such as market conditions and internally approved pricing guidelines related to the performance obligations. For performance obligations that are not sold separately, standalone selling price is determined based on observable inputs, overall pricing trends, market conditions and other factors, such as the price charged by the Company’s competitors for similar products and services with any necessary or appropriate adjustments.
Subscription revenue
Subscription revenue consists of software-as-a-service (“SaaS”) subscriptions and subscription term-based licenses with related support services.
SaaS subscriptions include standalone sales of SaaS subscription products as well as sales of Rubrik Security Cloud (“RSC”). RSC is a fully-hosted subscription in the case of protection of cloud, SaaS, and unstructured data applications. When RSC is securing enterprise applications, it is a hybrid cloud subscription which includes software hosted from the cloud (as a service) and on-premise software licenses. RSC is accounted for as a single performance obligation because the software hosted from the cloud (as a service) and the on-premise software licenses are not separately identifiable and serve together to fulfill the Company’s promise to RSC customers, which is to provide a single, unified data security solution. The Company’s subscription capabilities are primarily sold as editions which bundle multiple products and include the Foundation Edition, Business Edition, and Enterprise Edition. Subscription revenue related to SaaS is recognized ratably over the subscription period.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 11 | |
| | | | |
Subscription term-based licenses provide customers with a right to use the software for a fixed term commencing upon delivery of the license to the customers. Support services are bundled with each subscription term-based license for the term of the subscription. Subscription revenue related to subscription term-based licenses includes upfront revenue recognized at the later of the start date of the subscription term-based license and the date when the subscription term-based license is delivered. The remainder of the revenue is recognized ratably over the subscription period for support services, commencing on the date the service is made available to customers. The Company does not recognize software revenue related to the renewal of subscription term-based licenses earlier than the beginning of the related renewal period. The Company also sells Rubrik-branded commodity servers ("Rubrik-branded Appliances") support which is recognized ratably over the support period.
Maintenance revenue
Maintenance revenue represents fees earned from software updates on a when-and-if-available basis, telephone support, integrated web-based support, and Rubrik-branded Appliance support relating to the Company’s perpetual licenses. Maintenance revenue is recognized ratably over the term of the service period.
Other revenue
Other revenue represents fees earned from the sale of Rubrik-branded Appliances and professional services.
The Company has determined the Rubrik-branded Appliances and software licenses are separate performance obligations because the Rubrik-branded Appliances and software licenses are not highly interdependent or interrelated and the customer can benefit from the Rubrik-branded Appliances and software licenses separately. The Company does not customize its software licenses and installation services are not required for the software to function.
Rubrik-branded Appliance revenue is recognized when shipped to the customer. The Company’s shipping term is free on board shipping point, which means the control of the Rubrik-branded Appliance is transferred to customers upon shipment. When the Company sells software licenses with Rubrik-branded Appliances, revenue related to both the Rubrik-branded Appliances and software licenses are recognized at the same time.
Revenue related to professional services is typically recognized as the services are performed.
Amounts billed to customers for shipping and handling costs are classified as other revenue, and the Company’s shipping and handling costs are classified as cost of revenue.
Judgments
The Company identifies performance obligations in a customer contract by assessing whether products and services are capable of being distinct and distinct in the context of the contract. The determination of the performance obligations for RSC when offered as a hybrid cloud subscription requires significant judgment due to the ongoing interaction between the software hosted from the cloud (as a service) and the on-premise software licenses. The Company has concluded that the software hosted from the cloud (as a service) and software licenses are not distinct from each other in the context of the contract such that revenue from the combined offering should be recognized ratably over the subscription period for which the software hosted from the cloud (as a service) is provided. In reaching this conclusion, the Company considered the nature of its promise to customers with a RSC hybrid cloud subscription, which is to provide a single, unified data security solution that operates seamlessly across multiple data sources and teams, and to give customers the ability to manage all their data sources consistently and/or in a manner they dictate. The Company only fulfills this multi-faceted promise by providing access to an integrated solution comprised of both cloud-based and on-premise software. The cloud-based software and on-premise software work together to provide features and functionalities necessary to fulfill that promise, which neither the software hosted from the cloud (as a service) nor the software licenses could provide on their own or together with third-party resources.
The Company had offered subscription credits for RSC to qualified customers with Refresh Rights (as defined below) in exchange for relinquishing their existing rights to next-generation Rubrik-branded Appliances at no cost (“Refresh Rights”). These are customer options that are accounted for as material rights.
The Company’s contracts with customers may include customer options that are material rights. The determination of the likelihood of customers exercising their options requires significant judgment. Management estimates the likelihood of customers exercising their options by taking into account available information such as the number and timing of options exercised or forfeited, and considers other factors such as customer churn that may impact the options that have yet to be exercised or forfeited. Depending on the type of customer option exercised, the amount of consideration allocated to the material rights will be recognized into revenue at a point in time or over time beginning on the date the customer accepts the option. Deferred revenue associated with customer options that are subsequently forfeited will be released into revenue at the time the options are forfeited.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 12 | |
| | | | |
Timing of revenue recognition (in thousands)
| | | | | | | | | | | | | | | |
| | | Three Months Ended April 30, |
| | | | | 2024 | | 2023 |
Subscription revenue | | | | | | | |
Products and services transferred over time | | | | | $ | 158,020 | | | $ | 81,649 | |
Products and services transferred at a point in time | | | | | 14,175 | | | 26,749 | |
Maintenance revenue | | | | | | | |
Products and services transferred over time | | | | | 5,667 | | | 12,288 | |
Other revenue | | | | | | | |
Products and services transferred over time | | | | | 7,400 | | | 7,697 | |
Products and services transferred at a point in time | | | | | 2,053 | | | 7,357 | |
Total revenue | | | | | $ | 187,315 | | | $ | 135,740 | |
Contract assets
The Company invoices its customers in accordance with contractual billing terms established in each contract. As the Company performs under customer contracts, its right to consideration that is unconditional is classified as accounts receivable. If the Company’s right to consideration for such performance is contingent upon a future event or satisfaction of additional performance obligations, the amount of revenue the Company has recognized in excess of the amount it has billed to the customer is classified as a contract asset. Contract assets are included in prepaid expenses and other current assets and other assets, noncurrent in the consolidated balance sheets. There were $8.8 million and $9.0 million of contract assets as of April 30, 2024 and January 31, 2024, respectively. The decrease is due to a decrease in certain contracts with customers where the timing of revenue recognition differs from the timing of invoicing to the customers. The current and noncurrent contract assets balances as of April 30, 2024 were $5.9 million and $2.9 million, respectively, and as of January 31, 2024 were $6.4 million and $2.6 million, respectively.
Deferred revenue
Deferred revenue, which are contract liabilities, are amounts received or due from customers in advance of the Company’s performance. The current portion of deferred revenue represents the amount that is expected to be recognized as revenue within one year of the consolidated balance sheet date. The Company invoices customers upfront for the majority of contracts, and the increase in the Company’s deferred revenue corresponds to an increase in revenue contracts that include SaaS and support in which the Company satisfies its performance obligations typically over the contractual service period. During the three months ended April 30, 2024 and 2023, the Company recognized revenue of approximately $150.0 million and $93.1 million, respectively, pertaining to amounts deferred at the beginning of each respective period.
Transaction price allocated to the remaining performance obligations
Transaction price allocated to the remaining performance obligations represents contracted revenue that has not yet been recognized, which includes deferred revenue for contracts that have been invoiced and will be recognized as revenue in future periods.
As of April 30, 2024, total remaining non-cancellable performance obligations under the Company’s contracts with customers was approximately $1,378.1 million. The Company expects to recognize 47% of this amount as revenue over the next 12 months, with the remaining balance to be recognized as revenue thereafter.
Concentration of Risk
Credit risk
The Company’s financial instruments that are exposed to concentrations of credit risk consist primarily of cash and cash equivalents, restricted cash, short-term investments, and accounts receivable. Cash and cash equivalents and short-term investments are primarily held in two financial institutions and, at times, may exceed federally insured limits. The Company grants credit to customers in a wide variety of industries worldwide and generally does not require collateral. The Company has not experienced any credit losses as of April 30, 2024.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 13 | |
| | | | |
Concentration of revenue and accounts receivable
The following customers individually accounted for 10% or more of total revenues and 10% or more of accounts receivable, net:
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | Revenue | | Accounts Receivable, Net |
| | | Three Months Ended April 30, | | April 30, | | January 31, |
| | | | | 2024 | | 2023 | | 2024 | | 2024 |
Partner A | | | | | 30% | | 29% | | 30% | | 44% |
Partner B | | | | | 35% | | 34% | | 30% | | 25% |
Partner C | | | | | 10% | | 12% | | 19% | | 9% |
| | | | | | | | | | | |
| | | | | | | | | | | |
Vendor risk
The Company uses third-party vendors for delivering its SaaS. While these services are highly available and designed to be resilient to failure of infrastructure, the Company’s services could be significantly impacted if the third-party vendors’ services experience certain types of interruptions.
The Company relies on a limited number of suppliers for its contract manufacturing and certain raw material components. In instances where suppliers fail to perform their obligations, the Company may be unable to find alternative suppliers or satisfactorily deliver its products to its customers on time.
Recently Announced Accounting Pronouncements Not Yet Adopted
In November 2023, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) 2023-07, Improvements to Reportable Segment Disclosures, which updates reportable segment disclosure requirements primarily through enhanced disclosures about significant segment expenses. ASU 2023-07 is effective for annual periods beginning after December 15, 2024, with early adoption permitted. ASU 2023-07 should be applied retrospectively to all prior periods presented in the financial statements. The Company is assessing the timing and impact of adopting this standard.
In December 2023, the FASB issued ASU 2023-09, Improvements to Income Tax Disclosures, which requires entities to provide consistent categories and greater disaggregation of information in the rate reconciliation as well as income tax paid disaggregated by jurisdiction to improve the transparency of income tax disclosures. ASU 2023-09 is effective for annual periods beginning after December 15, 2024, on a prospective basis, with early adoption permitted. The Company is assessing the timing and impact of adopting this standard.
Note 3 – Revenue by Geography
The geographic regions are the Americas, EMEA (Europe, the Middle East, and Africa) and APAC (Asia Pacific). The Company operates as one segment. The following table sets forth revenue by geographic area based on ship to address (in thousands):
| | | | | | | | | | | |
| Three Months Ended April 30, |
| 2024 | | 2023 |
Americas | $ | 134,523 | | | $ | 91,685 | |
EMEA | 45,457 | | | 38,522 | |
APAC | 7,335 | | | 5,533 | |
Total revenue | $ | 187,315 | | | $ | 135,740 | |
For the three months ended April 30, 2024 and 2023, United States accounted for $129.2 million and $88.8 million, respectively, or 69% and 65%, respectively, of consolidated total revenues.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 14 | |
| | | | |
Note 4 – Business Combinations
In August 2023, the Company acquired all outstanding stock of Laminar Technologies, Inc. (“Laminar”), a data security posture management platform. The Company accounted for this transaction as a business combination. The acquisition date fair value of the purchase consideration was $104.9 million, of which $90.8 million was paid in cash and the remainder in common stock. The cash consideration of $90.8 million excludes $23.8 million held back by the Company, which is subject to service-based vesting and will be recorded as expense over the period the services are provided. The acquisition of Laminar is to support Rubrik’s leadership position as a data security platform provider and help accelerate the Company’s cyber posture offerings. The Company recorded $11.0 million as an acquired developed technology intangible asset with an estimated useful life of three years and $96.1 million of goodwill which is primarily attributed to assembled workforce as well as the integration of Laminar’s technology with the Company’s technology. The goodwill is not deductible for tax purposes. The remaining assets acquired and liabilities assumed on the acquisition date were not material.
Pro forma results of operations for the business combination have not been presented, as they were not material to the consolidated statements of operations. Acquisition-related costs for the business combination were expensed as incurred within general and administrative expense in the consolidated statement of operations and were not material.
The Company recognized $0.9 million and no amortization expense in acquired intangible assets for the three months ended April 30, 2024 and 2023, respectively.
Note 5 – Financial Instruments
The Company classifies its financial instruments within the fair value hierarchy based on the lowest level of input that is significant to the fair value measurement. Three levels of input may be used to measure fair value:
•Level 1 – Observable inputs are unadjusted quoted prices in active markets for identical assets or liabilities.
•Level 2 – Observable inputs are quoted for similar assets and liabilities in active markets or inputs other than quoted prices which are observable for the assets or liabilities, either directly or indirectly through market corroboration, for substantially the full term of the financial instruments.
•Level 3 – Unobservable inputs that are supported by little or no market activity and are significant to the fair value of the assets or liabilities. These inputs will be based on the Company’s own assumptions and will require significant management judgement or estimation.
The Company did not have any level 3 investments as of April 30, 2024 and January 31, 2024. The following table summarizes the Company’s cash and available-for-sale marketable securities’ amortized cost, gross unrealized gains, gross unrealized losses, and estimated fair value by significant investment category reported as cash and cash equivalents or short-term investments (in thousands):
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | Reported as |
April 30, 2024 | | Amortized Cost | | Gross Unrealized Gains | | Gross Unrealized Losses | | Estimated Fair Value | | Cash and Cash Equivalents | | Short-Term Investments |
Cash: | | $ | 147,062 | | | $ | — | | | $ | — | | | $ | 147,062 | | | $ | 147,062 | | | $ | — | |
Level 1: | | | | | | | | | | | | |
Money market funds | | 352,389 | | | — | | | — | | | 352,389 | | | 352,389 | | | — | |
U.S. Treasuries | | 47,379 | | | — | | | (48) | | | 47,331 | | | — | | | 47,331 | |
Subtotal | | 399,768 | | | — | | | (48) | | | 399,720 | | | 352,389 | | | 47,331 | |
Level 2: | | | | | | | | | | | | |
Commercial paper | | 29,368 | | | — | | | (8) | | | 29,360 | | | — | | | 29,360 | |
Corporate bonds | | 18,128 | | | 2 | | | (14) | | | 18,116 | | | 3,163 | | | 14,953 | |
U.S. government agencies | | $ | 12,069 | | | $ | — | | | $ | (7) | | | $ | 12,062 | | | $ | — | | | $ | 12,062 | |
Subtotal | | $ | 59,565 | | | $ | 2 | | | $ | (29) | | | $ | 59,538 | | | $ | 3,163 | | | $ | 56,375 | |
Total | | $ | 606,395 | | | $ | 2 | | | $ | (77) | | | $ | 606,320 | | | $ | 502,614 | | | $ | 103,706 | |
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 15 | |
| | | | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | Reported as |
January 31, 2024 | | Amortized Cost | | Gross Unrealized Gains | | Gross Unrealized Losses | | Estimated Fair Value | | Cash and Cash Equivalents | | Short-Term Investments |
Cash: | | $ | 72,420 | | | $ | — | | | $ | — | | | $ | 72,420 | | | $ | 72,420 | | | $ | — | |
Level 1: | | | | | | | | | | | | |
Money market funds | | 47,696 | | | — | | | — | | | 47,696 | | | 47,696 | | | — | |
U.S. Treasuries | | 86,429 | | | 70 | | | (13) | | | 86,486 | | | — | | | 86,486 | |
Subtotal | | 134,125 | | | 70 | | | (13) | | | 134,182 | | | 47,696 | | | 86,486 | |
Level 2: | | | | | | | | | | | | |
Commercial paper | | 33,019 | | | 3 | | | (3) | | | 33,019 | | | 9,915 | | | 23,104 | |
Corporate bonds | | 17,883 | | | 30 | | | (3) | | | 17,910 | | | — | | | 17,910 | |
U.S. government agencies | | $ | 21,703 | | | $ | 27 | | | $ | (10) | | | $ | 21,720 | | | $ | — | | | $ | 21,720 | |
Subtotal | | $ | 72,605 | | | $ | 60 | | | $ | (16) | | | $ | 72,649 | | | $ | 9,915 | | | $ | 62,734 | |
Total | | $ | 279,150 | | | $ | 130 | | | $ | (29) | | | $ | 279,251 | | | $ | 130,031 | | | $ | 149,220 | |
The following table summarizes the estimated fair value of the Company’s investments by their remaining contractual maturity dates (in thousands): | | | | | |
| April 30, 2024 |
Due within one year | $ | 101,729 | |
Due between one to two years | 1,977 | |
Total | $ | 103,706 | |
For available-for-sale debt securities that have unrealized losses, the Company evaluates whether (i) the Company has the intention to sell any of these investments, (ii) it is not more likely than not that the Company will be required to sell any of these available-for-sale debt securities before recovery of the entire amortized cost basis, and (iii) the decline in the fair value of the investment is due to credit or non-credit related factors. Based on this evaluation, the Company determined that for its short-term investments there were no material credit or non-credit related impairments as of April 30, 2024 and January 31, 2024.
Note 6 – Balance Sheet Components
Prepaid Expenses and Other Current Assets
Prepaid expenses and other current assets consisted of the following (in thousands):
| | | | | | | | | | | | |
| | April 30, | | January 31, |
| | 2024 | | 2024 |
Prepaid expenses | | $ | 57,024 | | | $ | 44,721 | |
Inventory, net | | 4,446 | | | 4,807 | |
Contract assets, current | | 5,876 | | | 6,356 | |
Other current assets | | 7,378 | | | 7,977 | |
Total prepaid expenses and other current assets | | $ | 74,724 | | | $ | 63,861 | |
Property and Equipment, Net
Property and equipment, net consisted of the following (in thousands):
| | | | | | | | | | | | | |
| | | April 30, | | January 31, |
| | | 2024 | | 2024 |
Equipment | | | $ | 68,799 | | | $ | 91,645 | |
Capitalized internal-use software | | | 23,555 | | | 21,191 | |
Leasehold improvements | | | 12,264 | | | 12,350 | |
Furniture and fixtures | | | 4,245 | | | 4,150 | |
Total property and equipment, gross | | | 108,863 | | | 129,336 | |
Less: accumulated depreciation and amortization | | | (62,880) | | | (81,463) | |
Total property and equipment, net | | | $ | 45,983 | | | $ | 47,873 | |
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 16 | |
| | | | |
Depreciation expense related to the Company’s property and equipment, which did not include amortization expense related to capitalized internal-use software, was $4.5 million and $4.0 million for the three months ended April 30, 2024 and 2023, respectively.
Amortization expense relating to capitalized internal-use software was $1.8 million and $1.6 million for the three months ended April 30, 2024 and 2023, respectively.
Accrued Expenses and Other Current Liabilities
Accrued expenses and other current liabilities consisted of the following (in thousands):
| | | | | | | | | | | | | |
| | | April 30, | | January 31, |
| | | 2024 | | 2024 |
Accrued expenses | | | $ | 41,308 | | $ | 41,773 |
Accrued bonuses | | | 12,647 | | 31,212 |
Accrued sales commissions | | | 12,595 | | 18,859 |
Accrued payroll-related expenses, taxes, and benefits | | | 82,611 | | 20,197 |
Operating lease liabilities | | | 10,440 | | 10,461 |
Other | | | 733 | | 432 |
Total accrued expenses and other current liabilities | | | $ | 160,334 | | | $ | 122,934 | |
Note 7 – Debt
Term Loan
In June 2022, the Company entered into a credit agreement with a consortium of lenders for a total $195.0 million revolving credit facility (the “Prior Credit Facility”) consisting of a $175.0 million term loan (the “Prior Closing Date Term Loan”) and $20.0 million in committed delayed-draw term loans (the “Prior Delayed Draw Term Loans”) with a maturity date of June 10, 2027. The proceeds of the Prior Delayed Draw Term Loans were to be used to pay accrued interest relating to the Prior Credit Facility. The Company also had the option to request incremental Delayed Draw Term Loan commitments (the “Prior Supplemental Delayed Draw Term Loans” and, together with the Prior Delayed Draw Term Loans and the Prior Closing Date Term Loan, collectively, the “Prior Loans”). The terms of the Prior Supplemental Delayed Draw Term Loans were identical to the Prior Delayed Draw Term Loans. The Company borrowed the full $175.0 million Prior Closing Date Term Loan with a closing date of June 10, 2022 and incurred $4.3 million debt discount and issuance costs.
Under the Prior Credit Facility, interest accrued on the Prior Loans, at the Company’s election made at the time of borrowing, at either the Alternate Base Rate (“ABR”) or Secured Overnight Financing Rate (“SOFR”). The Company also had the option to convert all or a portion of the outstanding principal amount to/from a SOFR-based loan to/from an ABR-based loan after the initial election. ABR loans had an annual interest rate equal to ABR plus 5.5%. ABR is a fluctuating interest rate per annum equal to the highest of: (i) prime rate, (ii) federal funds rate plus 0.5%, or (iii) Term SOFR for one month plus 1.0%. SOFR loans had an annual interest rate equal to Term SOFR plus 6.5%. Term SOFR is a rate per annum equal to the greater of: (i) the floor of 1.0% or (ii) the sum of Term SOFR Reference Rate plus Term SOFR Adjustment applicable to the comparable Interest Period (as defined in the June 2022 credit agreement). The Company had the option to elect an Interest Period of one, three, or six months on the SOFR loans as long as the election did not extend beyond the maturity date of June 10, 2027. The annual interest rate was subject to a 0.5% increase and separately, a 0.5% decrease depending on certain actions by the Company.
Interest on ABR loans was payable quarterly in arrears. Interest on SOFR loans was payable on the last day of each Interest Period, but if the interest period was more than three months, interest was payable on the last day of each three-month interval after the first day of such Interest Period.
In August 2023, the Company executed an amended and restated credit agreement with a consortium of lenders for a total $330.0 million revolving credit facility (the “Amended Credit Facility”) consisting of a $289.5 million term loan (the “Amended Term Loan”) and $40.5 million in committed delayed draw term loan (the “Amended Delayed Draw Term Loan”) with a maturity date of August 17, 2028. The Amended Credit Facility replaced the Prior Credit Facility. Immediately prior to the closing date of the Amended Credit Facility, the Company had an outstanding balance under the Prior Credit Facility of $193.6 million which consisted of $189.5 million of the Prior Loans and $4.1 million of unpaid interest under the Prior Credit Facility. The Company borrowed the full $289.5 million Amended Term Loan and used a portion to replace and refinance the full $189.5 million of the Prior Loans. The Company borrowed $4.1 million under the Amended Delayed Draw Term Loan to fund the unpaid interest under the Prior Credit Facility. The Company incurred $3.5 million debt discount costs in relation to the Amended Credit Facility.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 17 | |
| | | | |
The interest terms under the Amended Credit Facility are identical to the interest terms under the Prior Credit Facility except the ABR loan has an annual interest rate equal to ABR plus 6.0%, the SOFR loan has an annual interest rate equal to Term SOFR plus 7.0%, and the maturity date is August 17, 2028.
Under the Amended Credit Facility, the prepayment starts at 1.5% and reduces to zero beginning on the third anniversary from the closing date. Any amounts drawn and repaid or prepaid under the Amended Credit Facility may not be reborrowed.
The Company will have the option to fund up to 100.0% of cash interest with the proceeds of the Amended Delayed Draw Term Loan, subject to a 0.5% increase in the annual interest rate effective from the date of funding for 90 days, or 180 days if the Interest Period for such Amended Delayed Draw Term Loan is six months from the date of funding (the “Amended DDTL Utilization Interest Increase”).
Under the Amended Credit Facility, the annual interest rate on all outstanding principal amounts will be reduced by 0.5% if the Company’s Annualized Subscription Recurring Revenue (as defined in the amended credit agreement, "ASRR") is at least $500.0 million and the Company delivers a compliance certificate in accordance with the amended credit agreement (the “Amended ASRR Interest Decrease”).
The amended credit agreement contains certain covenants that require the Company, among other things, to maintain a specified minimum liquidity amount and minimum ASRR amount. Failure to comply with these covenants, along with other non-financial covenants, could result in an event of default, which may lead to acceleration of the amounts owed and/or the enforcement of other remedies by the lenders.
The Company had $6.9 million of debt discount and issuance costs on the $293.6 million Amended Term Loan and Amended Delayed Draw Term Loan as of August 17, 2023. The debt discount and issuance costs were recorded as a direct deduction from the long-term debt liability and are amortized into interest expense over the contractual term of the Amended Credit Facility.
For the three months ended April 30, 2024 and April 30, 2023, the Company borrowed $9.7 million and zero under the Amended Delayed Draw Term Loan.
As of April 30, 2024 and January 31, 2024, the Company was in compliance with all of its debt covenants.
Bridge Notes
In April 2024, the Company entered into a purchase agreement with Goldman Sachs & Co. LLC and Barclays Capital Inc. (collectively, the “Purchasers”) for the Company to issue senior notes (the “Bridge Notes”) to the Purchasers for up to $450.0 million. The Company issued the Bridge Notes and received the funding from the Purchasers on April 25, 2024 (the “Funding Date”) in an aggregate amount of $321.4 million to fund a portion of the tax withholding and remittance obligations related to the settlement of RSUs in connection with the IPO. The Bridge Notes matured on April 29, 2024 (the “IPO Settlement Date”) and carried an annual interest rate of 7.0% starting from the Funding Date up to but excluding the date of repayment.
The Company incurred $0.6 million of discount and issuance costs in connection with the issuance of Bridge Notes and recorded it as a direct deduction from the Bridge Notes liability on the date of issuance.
On April 29, 2024, the Company repaid the outstanding principal amount of the Bridge Notes, including $0.2 million of accrued and unpaid interest which was recorded as interest expense. The aggregate unamortized amount of discount and issuance costs was fully amortized into interest expense for the three months ended April 30, 2024.
Note 8 – Commitments and Contingencies
Purchase Commitments
As of April 30, 2024, there were no significant changes outside the ordinary course of business to the Company's commitments and purchase obligations since January 31, 2024.
Litigation
From time to time, the Company receives inquiries and/or claims or is involved in legal disputes and/or matters. In the opinion of management, any liabilities resulting from these claims will not have a material adverse effect on the Company’s consolidated balance sheets, consolidated statements of operations, or consolidated statements of cash flows.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 18 | |
| | | | |
Warranties and Indemnifications
The Company provides to qualifying customers a services warranty program for recovery of certain expenses related to data recovery and restoration in the event that data backed up using the Company’s solutions cannot be recovered following a ransomware attack. To date, costs relating to the warranty program have not been material.
The Company typically provides indemnification to customers for certain losses suffered or expenses incurred as a result of third-party claims arising from the Company’s infringement of a third-party’s intellectual property. Certain of these indemnification provisions survive termination or the expiration of the applicable agreement. The Company has not incurred a material liability relating to these indemnification provisions, and therefore, has not recorded a liability during any period for these indemnification provisions.
Note 9 – Redeemable Convertible Preferred Stock
Immediately prior to the closing of the IPO, all 74,182,559 shares of the Company's redeemable convertible preferred stock outstanding were automatically converted into an equivalent number of shares of Class B common stock on a one-to-one basis, and their carrying value of $714.7 million was reclassified into stockholders' equity. As of April 30, 2024, there were no shares of redeemable convertible preferred stock issued and outstanding.
Note 10 – Stockholders’ Deficit
Preferred Stock
In connection with the IPO, the Company’s amended and restated certificate of incorporation became effective, which authorized the issuance of 20,000,000 shares of undesignated preferred stock with a par value of $0.000025 per share with rights and preferences, including voting rights, designated from time to time by the board of directors.
Common Stock
The Company has two classes of common stock – Class A common stock and Class B common stock. In connection with the IPO, the Company’s amended and restated certificate of incorporation authorized the issuance of 1,070,000,000 shares of Class A common stock and 210,000,000 shares of Class B common stock. The shares of Class A common stock and Class B common stock are identical, except with respect to voting, conversion, and transfer rights. Each share of Class A common stock is entitled to one vote. Each share of Class B common stock is entitled to 20 votes. Class A and Class B common stock have a par value of $0.000025 per share, and are referred to collectively as common stock throughout the notes to the condensed consolidated financial statements, unless otherwise noted. Holders of common stock are entitled to receive any dividends as may be declared from time to time by the board of directors.
Each share of Class B common stock is convertible at any time at the option of the holder into one share of Class A common stock. Any holder’s shares of Class B common stock will convert automatically to Class A common stock, on a one-to-one basis, upon the earliest to occur following the Company's IPO: (i) sale or transfer of such share of Class B common stock, except for permitted transfers as described in the amended and restated certificate of incorporation; (ii) the death or incapacity of the Class B common stockholder (or 180 days following the date of the death or incapacity if the stockholder is one of the Company’s founders); and (iii) on the final conversion date, defined as the earliest of (a) the date fixed by the Company's board of directors that is no less than 61 days and no more than 180 days following the date on which the outstanding shares of Class B common stock represent less than 5% of the then outstanding shares of Class A and Class B common stock; (b) the last trading day of the fiscal year following the tenth anniversary of the effectiveness of the registration statement in connection with the Company’s IPO; (c) the date fixed by the Company’s board of directors that is no less than 61 days and no more than 180 days following the date that Bipul Sinha is no longer providing services to the Company as an officer, employee, or director; (d) the date fixed by the board of directors that is no less than 61 days and no more than 180 days following the death or incapacity of Mr. Sinha; or (e) the date specified by a vote of the holders of a majority of the outstanding shares of Class B common stock.
Immediately prior to the closing of the IPO, all 5,400,000 shares of the Company’s convertible founder stock outstanding were automatically converted into an equal number of shares of Class B common stock. As of April 30, 2024, there were no shares of convertible founder stock issued and outstanding.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 19 | |
| | | | |
Equity Incentive Plan
In January 2014, the Company adopted the 2014 Stock Option and Grant Plan, as amended (the “2014 Plan”). The 2014 Plan permits the grant of incentive stock options, non-qualified stock options, restricted stock awards, unrestricted stock awards, or RSU awards based on, or related to, shares of the Company’s common stock. The 2014 Plan was terminated in April 2024 in connection with the IPO, but continues to govern the terms of outstanding awards that were granted prior to the termination of the 2014 Plan. No further equity awards will be granted under the 2014 Plan. With the establishment of the 2024 Equity Incentive Plan (the “2024 Plan”), upon the expiration, forfeiture, cancellation, or reacquisition of any shares of Class B common stock underlying outstanding equity awards granted under the 2014 Plan, an equal number of shares of Class A common stock will become available for grant under the 2024 Plan. As of April 30, 2024, 39,649,074 shares of Class B common stock granted under the 2014 Plan remain outstanding.
In March 2024, the Company's board of directors adopted, and in April 2024, the Company's stockholders approved, the 2024 Plan, which became effective in connection with the Company’s IPO. The 2024 Plan provides for the grant of incentive stock options, nonqualified stock options, stock appreciation rights, restricted stock awards, RSU awards, performance-based awards, and other forms of awards to employees, non-employee directors and consultants, and employees and consultants of the Company's affiliates. A total of 46,073,027 shares of the Company’s Class A common stock have been reserved for future issuance under the 2024 Plan in addition to (i) shares underlying outstanding equity awards granted under the 2014 Plan that expire, or are forfeited, cancelled, or reacquired, as described above, and (ii) any automatic increases in the number of shares of Class A common stock reserved for future issuance under this plan. As of April 30, 2024, 59,066,798 shares were available for future issuance under the 2024 Plan.
In March 2024, the board of directors adopted, and in April 2024, the stockholders approved, the 2024 Employee Stock Purchase Plan (the “2024 ESPP” or the "ESPP"), which became effective in connection with the Company’s IPO. The 2024 ESPP authorizes the issuance of shares of Class A common stock pursuant to purchase rights granted to employees. A total of 4,607,303 shares of the Company’s Class A common stock have been reserved for future issuance under the 2024 ESPP, in addition to any automatic increases in the number of shares of Class A common stock reserved for future issuance under this plan.
Stock Options
Options issued under the Company's 2014 Plan and 2024 Plan generally are exercisable for periods not to exceed 10 years and generally vest over four years with 25% vesting after one year and the remainder vesting monthly thereafter in equal installments.
A summary of the stock option activity and related information is as follows:
| | | | | | | | | | | | | | | | | | | | | | | |
| Number of Options | | Weighted- Average Exercise Price | | Weighted- Average Remaining Contractual Term (years) | | Aggregate Intrinsic Value (in thousands) |
Outstanding as of January 31, 2024 | 3,185,020 | | | $ | 6.23 | | | 4.2 | | $ | 71,347 | |
Granted | 8,000,000 | | | 32.00 | | | | | |
Exercised | (641,537) | | | 5.64 | | | | | 16,455 | |
Cancelled | (1,500) | | | 7.99 | | | | | |
Outstanding as of April 30, 2024 | 10,541,983 | | | 25.82 | | | 8.5 | | 65,344 | |
Vested and exercisable as of April 30, 2024 | 2,429,487 | | | $ | 5.76 | | | 3.8 | | $ | 63,805 | |
There were no options with only a service-based vesting condition granted during the three months ended April 30, 2024 and 2023.
The intrinsic value of the options exercised represents the difference between the estimated fair market value of the Company’s common stock on the date of exercise and the exercise price of each option. The aggregate intrinsic value of options exercised was $16.5 million and $6.5 million for the three months ended April 30, 2024 and 2023, respectively.
As of April 30, 2024, there was approximately $139.6 million of unrecognized stock-based compensation expense related to outstanding stock options, which is expected to be recognized over a weighted-average period of 2.9 years.
CEO Performance Award
In June 2022, the Company’s board of directors approved the grant of a stock option under the 2014 Plan to the Company's CEO, Mr. Sinha, to purchase up to 8,000,000 of Class B common stock, contingent and effective upon a listing event, which includes the Company's IPO (the “CEO Performance Award” or "the Award"). The CEO Performance Award was granted upon the Company's IPO in April 2024.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 20 | |
| | | | |
The CEO Performance Award consists of 10 tranches that may be earned as specified in the table below, subject to both 1) a service-based condition and 2) the achievement of Target Stock Value prior to the applicable Option Valuation Expiration Date. Stock price measurement will not commence until the expiration of any lock-up period. Target Stock Value with respect to the Award is based on the percentage of the IPO Price and will be achieved on the date when the volume-weighted average price of the Company's Class A common stock over a period of 90 consecutive days equals or exceeds the applicable Target Stock Value. The exercise price per share of the Award is the IPO Price. Each tranche of the Award will vest on the first date following satisfaction of both the service-based condition and the Target Stock Value subject to Mr. Sinha's continued service with the Company. The shares underlying each tranche will satisfy the service-based condition in 20 equal quarterly installments beginning in January 2022 and will expire in 10 years after the grant date.
| | | | | | | | | | | | | | | | | | | | |
Tranche | | Target Stock Value | | Number of Stock Options Eligible to Vest | | Option Valuation Expiration Date |
1 | | $42.88 | | 666,667 | | Fifth anniversary of the Company's IPO |
2 | | $53.76 | | 666,667 | |
3 | | $64.64 | | 666,667 | |
4 | | $75.52 | | 666,667 | |
5 | | $86.40 | | 666,667 | | Seventh anniversary of the Company's IPO |
6 | | $96.96 | | 666,667 | |
7 | | $107.84 | | 666,667 | |
8 | | $118.72 | | 666,667 | |
9 | | $161.92 | | 1,333,332 | |
10 | | $242.88 | | 1,333,332 | |
The Company calculated the grant date fair value of the CEO Performance Award based on multiple stock price paths developed through the use of a Monte Carlo simulation model. A Monte Carlo simulation model also calculates a derived service period for each of the 10 vesting tranches, which is the measure of the expected time to achieve each Target Stock value under the scenarios where the Target Stock Value is in fact achieved prior to the Option Valuation Expiration Date. A Monte Carlo simulation model requires the use of various assumptions, including the underlying stock price, volatility, and the risk-free interest rate as of the valuation date, corresponding to the time to expiration of the options, and expected dividend yield. The weighted-average grant date fair value of the CEO Performance Award was $17.37 per share. The Company will recognize total stock-based compensation expense of $139.0 million over the derived service period of each tranche, which is between 1.2 to 4.5 years, using the accelerated attribution method as long as the CEO satisfies the service-based vesting condition. If the Target Stock Value is met sooner than the derived service period, the Company will adjust its stock-based compensation to reflect the cumulative expense associated with the vested awards. Provided that Mr. Sinha continues to be the Company's CEO, the Company will recognize stock-based compensation expense over the requisite service period, regardless of whether the Target Stock Values are achieved.
Restricted Stock Units
The Company grants service-based condition RSUs, service- and performance-based conditions RSUs, and service-, market-, and performance-based conditions RSUs. RSUs issued under the 2014 Plan typically have an expiry period of seven years from the grant date.
A summary of the RSU activity and related information is as follows:
| | | | | | | | | | | |
| Number of RSUs | | Weighted-Average Grant Date Fair Value |
Outstanding as of January 31, 2024 | 50,191,670 | | | $ | 16.09 | |
Granted | 9,383,173 | | | 30.64 | |
Vested | (29,862,673) | | | 13.25 | |
Forfeited | (605,129) | | | 21.38 | |
Unvested as of April 30, 2024 | 29,107,041 | | | $ | 23.89 | |
Vested and not yet released | 50 | | | 10.10 | |
Outstanding as of April 30, 2024 | 29,107,091 | | | $ | 23.89 | |
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 21 | |
| | | | |
In February 2024, we modified an existing service- performance-, and market-based condition equity award of 1,158,082 RSUs by extending the expiration date from May 2, 2025 to May 2, 2028. The performance-based condition related to the occurrence of a qualifying event was satisfied at the completion of the Company's IPO. The total incremental fair value resulting from the modification was $24.1 million and the total stock-based compensation expense of the equity award of $30.4 million is recorded over the requisite service period. For the three months ended April 30, 2024, the Company recognized $9.9 million of stock-based compensation expense for this equity award.
For the three months ended April 30, 2024 and 2023, the total fair value of vested RSUs was $395.7 million and zero, respectively. For the three months ended April 30, 2024 and 2023, the Company recognized $629.5 million and zero, respectively, of stock-based compensation expense attributable to RSUs. The unrecognized stock-based compensation expense relating to RSUs was approximately $475.6 million and is expected to be recognized over a weighted-average period of 1.9 years as of April 30, 2024.
2024 Employee Stock Purchase Plan
In April 2024, the Company's 2024 ESPP became effective. A total of 4,607,303 shares of Class A common stock were initially reserved for issuance under the ESPP. The number of shares of Class A common stock reserved for issuance under the 2024 ESPP will automatically increase on February 1 of each fiscal year, beginning on February 1, 2025 and ending on and including February 1, 2034, by the lesser of (1) one percent (1%) of the aggregate number of shares of common stock of all classes issued and outstanding on January 31 of the preceding fiscal year, (2) 9,214,605 shares, or (3) a lesser number of shares determined by the Company's board of directors.
The 2024 ESPP allows eligible employees to purchase shares of Class A common stock at a discount through payroll deductions of up to 15% of their eligible compensation, subject to any plan limitations. Except for the initial offering period, the 2024 ESPP provides for 24-month offering periods beginning March 20 and September 20 of each year, and each offering period will consist of four six-month purchase periods. The initial offering period began April 24, 2024, and will end on March 19, 2026.
On each purchase date, eligible employees will purchase Class A common stock at a price per share equal to 85% of the lesser of (1) the fair market value of the Class A common stock on the offering date, or (2) the fair market value of the Class A common stock on the purchase date. For the first offering period, which began on April 24, 2024, the fair market value of the Class A common stock on the offering date was $32.00, the price at which the Company's common stock was first sold to the public in the IPO, as specified in the final prospectus filed with the SEC on April 26, 2024, pursuant to Rule 424(b). As of April 30, 2024, no shares of the Company's Class A common stock have been purchased under the ESPP.
Stock-Based Compensation Expense
Total stock-based compensation expense included in the Company’s consolidated statements of operations was as follows (in thousands):
| | | | | | | | | | | |
| Three Months Ended April 30, |
| 2024 | | 2023 |
Cost of revenue | | | |
Subscription | $ | 35,193 | | | $ | 2 | |
Maintenance | 2,459 | | | — | |
Other | 11,247 | | | 3 | |
Research and development | 224,149 | | | 167 | |
Sales and marketing | 239,888 | | | 199 | |
General and administrative | 117,394 | | | 57 | |
Total stock-based compensation expense | $ | 630,330 | | | $ | 428 | |
Note 11 – Net Loss Per Share
The Company computes net loss per share of common stock in conformity with the two-class method required for participating securities and multiple classes of common stock. Prior to the automatic conversion of all of the Company's redeemable convertible preferred stock outstanding into Class B common stock upon the completion of the IPO, the Company considered all series of its redeemable convertible preferred stock to be participating securities as the holders of the redeemable convertible preferred stock were entitled to receive a non-cumulative dividend on a pari passu basis in the event that a dividend is paid on the common stock. Under the two-class method, the net loss attributable to common stockholders was not allocated to the redeemable convertible preferred stock as the preferred stockholders did not have a contractual obligation to share in the Company’s losses.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 22 | |
| | | | |
Basic net loss per share attributable to common stockholders is computed by dividing the net loss attributable to common stockholders by the weighted-average number of shares of common stock outstanding during the period. Diluted net loss per share is computed by giving effect to all potential shares of common stock, including redeemable convertible preferred stock, issued and outstanding common stock options, unvested RSUs issued and outstanding, and ESPP, to the extent they are dilutive.
The rights, including the liquidation and dividend rights, of the holders of Class A and Class B common stock are identical, except with respect to voting, conversion, and transfer rights. As the liquidation and dividend rights are identical, the undistributed earnings are allocated on a proportionate basis to each class of common stock and the resulting basic and diluted net loss per share attributable to common stockholders are, therefore, the same for both Class A and Class B common stock on both individual and combined basis.
The following table presents the calculation of basic and diluted net loss per share (in thousands, except per share amounts):
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, |
| 2024 | | 2023 |
| Class A | | Class B | | Class A | | Class B |
Numerator: | | | | | | | |
Net loss | $ | (21,139) | | | $ | (710,952) | | | $ | — | | | $ | (89,273) | |
Denominator: | | | | | | | |
Weighted-average common stock shares used in computing net loss per share, basic and diluted | 1,842 | | | 61,952 | | | — | | | 54,540 | |
Weighted-average founders stock shares used in computing net loss per share, basic and diluted | — | | | — | | | — | | | 5,400 | |
Net loss per common stock share, basic and diluted | $ | (11.48) | | | $ | (11.48) | | | $ | — | | | $ | (1.49) | |
Net loss per founders stock share, basic and diluted | $ | — | | | $ | — | | | $ | — | | | $ | (1.49) | |
The following outstanding potentially dilutive securities were excluded from the computation of diluted net loss per share for the periods presented because the impact of including them would have been antidilutive (in thousands):
| | | | | | | | | | | |
| Three Months Ended April 30, |
| 2024 | | 2023 |
Redeemable convertible preferred stock | — | | | 74,183 | |
Issued and outstanding common stock options | 10,542 | | | 3,748 | |
Unvested RSUs issued and outstanding | 29,107 | | | 47,574 | |
| | | |
Total | 39,649 | | | 125,505 | |
Note 12 – Income Taxes
For the three months ended April 30, 2024 and 2023, the Company recorded a tax expense (benefit) of $(1.1) million and $1.2 million, respectively.
For the three months ended April 30, 2024, the income tax provision consisted of a U.S. federal & state tax benefit as a result of several of the Company's foreign subsidiaries making an election in the current year to be treated as U.S. branches for federal income tax purposes effective in fiscal year ended January 31, 2024, partially offset by taxes on the income of the Company’s foreign subsidiaries, foreign withholding taxes, and U.S. state taxes. For the three months ended April 30, 2023, the income tax provision consisted of taxes on the income of the Company's foreign subsidiaries, foreign withholding taxes, and U.S. state taxes.
As of April 30, 2024, the Company maintained a full valuation allowance on its U.S. federal and state net deferred tax assets as it was more likely than not that those deferred tax assets will not be realized.
Note 13 – Subsequent Events
In May 2024, the underwriters exercised their option to purchase an additional 3,472,252 shares of Class A common stock at the IPO Price of $32.00 per share. The Company received net proceeds of approximately $104.9 million after deducting underwriters’ discounts and commissions.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 23 | |
| | | | |
Item 2. Management’s Discussion and Analysis of Financial Condition and Results of Operations
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our unaudited condensed consolidated financial statements and related notes appearing elsewhere in this Quarterly Report on Form 10-Q and our audited consolidated financial statements and the related notes and the discussion under the heading "Management's Discussion and Analysis of Financial Condition and Results of Operations" for the fiscal year ended January 31, 2024 included in the final prospectus for our initial public offering (IPO) dated as of April 24, 2024 and filed with the Securities and Exchange Commission (SEC), pursuant to Rule 424(b)(4) on April 26, 2024 ("Final Prospectus"). Some of the information contained in this discussion and analysis, including information with respect to our planned investments in our research and development, sales and marketing, and general and administrative functions, includes forward-looking statements that involve risks and uncertainties as described under the heading “Special Note About Forward-Looking Statements” in this Quarterly Report on Form 10-Q. You should review the disclosure under the heading “Risk Factors” in this Quarterly Report on Form 10-Q for a discussion of important factors that could cause our actual results to differ materially from those anticipated in these forward-looking statements.
Unless the context otherwise requires, all references in this Quarterly Report on Form 10-Q to “we,” “us,” “our,” “our company,” and “Rubrik” refer to Rubrik, Inc. and its consolidated subsidiaries. Unless otherwise indicated, references to our “common stock” include our Class A common stock and Class B common stock.
Overview
We are on a mission to secure the world’s data.
Cyberattacks are inevitable. Realizing that cyberattacks ultimately target data, we created Zero Trust Data Security to deliver cyber resilience so that organizations can secure their data across the cloud and recover from cyberattacks. We believe that the future of cybersecurity is data security—if your data is secure, your business is resilient.
We built Rubrik Security Cloud ("RSC") with Zero Trust design principles to secure data across enterprise, cloud, and SaaS applications. RSC delivers a cloud native SaaS platform that detects, analyzes, and remediates data security risks and unauthorized user activities. Our platform is architected to help organizations achieve cyber resilience, which encompasses cyber posture and cyber recovery. We enable organizations to confidently accelerate digital transformation and leverage the cloud to realize business agility.
We launched our first enterprise software product, Converged Data Management, in fiscal 2016, which combined data and metadata together into a single layer of software to offer Zero Trust data protection, and sold it as a perpetual license along with associated maintenance contracts. In fiscal 2019, we extended data protection to cloud native applications and rebranded Converged Data Management to Cloud Data Management ("CDM"). Data protection for cloud native applications are sold as a SaaS subscription product. In addition, we began offering new SaaS subscription products, Anomaly Detection and Sensitive Data Monitoring. In fiscal 2020, we continued our business evolution to a subscription pricing model by offering our CDM platform as a subscription term-based license with associated support. Included in this subscription term-based license was the right to next generation Rubrik-branded commodity servers ("Rubrik-branded Appliances") at no cost for qualified customers ("Refresh Rights"). As of February 1, 2022, we stopped offering CDM as a perpetual license.
In fiscal 2023, to meet customer demands for data security and a single, unified cloud-based control plane, we launched RSC, a comprehensive Zero Trust Data Security platform. RSC culminates our early vision of providing one point of control to secure data across enterprise, cloud, and SaaS applications. RSC is primarily adopted by our customers as a cloud-native, fully managed SaaS solution. It is also available as an enterprise-ready, self-managed version ("RSC-Private"), for a few select customers that are subject to stringent data control policies. For U.S. public sector organizations, we also offer a specialized cloud-native fully managed SaaS solution called RSC-Government.
We began transitioning customers from our legacy CDM capabilities to RSC in fiscal 2023, all of which are subscription-based offerings. As part of this business transition, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers and stopped offering the Refresh Rights as part of our subscription offerings. In lieu of the outstanding Refresh Rights, upon qualification, we offer Subscription Credits, with an associated expiration date, which, if utilized, will offset against Subscription ARR and revenue. As of the end of fiscal 2024, RSC represented a majority of our total revenue.
We recognize revenue from the sales of our RSC platform (excluding RSC-Private) ratably over the term of the subscription. We recognize a portion of revenue from sales of RSC-Private upon delivery and the remainder ratably over the term of the subscription. The majority of sales of our subscriptions are for three-year terms with upfront payment, and renewals are typically for one-year terms.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 24 | |
| | | | |
We expect new and existing customers to increasingly adopt RSC. Our new customers have generally been rapidly adopting the RSC platform. We are actively migrating our existing customers from our legacy CDM capabilities to RSC. As part of this migration, we expect certain existing customers to consume our platform and products through a mix of RSC and a transitional CDM license ("CDM-T"), during which time we expect to continue recognizing a portion of the associated revenue from these customers upfront at the time we transfer control of the license to the customer. We cannot predict how long these customers will use this mix before they complete their transition. Our revenue will fluctuate when qualified customers choose to exercise or forfeit their Subscription Credits upon expiry date which are customer options that are accounted for as material rights.
Our Go-to-Market Strategy
We utilize a land and expand approach, acquiring new customers and expanding with existing customers. We sell our products through subscription editions and can land in four distinct ways by securing private cloud (which we refer to as enterprise), enterprise Network-Attached Storage ("enterprise NAS" or what we refer to as unstructured data), cloud, and SaaS applications. After the initial purchase, our customers often expand the adoption of our platform within their organization. Expansion happens along three vectors: the growth of data from applications already secured by Rubrik, new applications secured, and additional data security products. This expansion is driven by a natural flywheel effect in which the value of our platform increases as our customers’ data grows across various applications. As organizations manage more data with RSC and adopt additional data security products, they gain deeper insights into their data, strengthen their overall security posture, and reduce compliance risk, thereby increasing their overall affinity with Rubrik and driving further adoption.
Key Factors Affecting Our Performance
Evolution of the Market and Adoption of Our Solutions
Our future success depends in part on the market adoption of our approach to Zero Trust Data Security. Many organizations have focused on preventing cyberattacks instead of protecting their data and having a plan to recover it in case of a cyberattack. We believe that the existing security ecosystem lacks a data security platform that will secure a customer’s data, wherever it lives, across enterprise, cloud, and SaaS applications. RSC is our Zero Trust Data Security platform that addresses the growing demand from organizations of virtually any size, across a wide range of industries, to address data security and cyberattack risks. As the data security market continues to evolve, we expect to continuously innovate our platform and product functionality to keep us in a strong position to capture the large opportunity ahead.
New Customer Acquisition
Our business model relies on rapidly and efficiently engaging with new customers. Our ability to attract new customers will depend on a number of factors, including our ability to innovate upon our product breadth and capabilities, our success in recruiting and scaling our sales and marketing organization, our ability to accelerate ramp time of our sales force, our ability to develop and maintain strong partnerships, the impact of marketing efforts to enhance our brand, and competitive dynamics in our target markets.
Retaining and Expanding Within Our Existing Customer Base
Our ability to retain customers and expand within existing customers is integral to our growth and future success. Our growing base of customers represents a significant opportunity for further expansion across our platform. Our customers typically start with securing data in one or more applications on our platform, and then expand by securing additional applications and increasing the amount of data secured. They further extend their use of our platform through adoption of additional security products. Several of our largest customers have deployed our platform to protect enterprise, unstructured data, cloud, and SaaS applications, securing large amounts of their data. Our ability to expand and extend within our customer base will depend on a number of factors, including platform performance, our customers’ satisfaction with our platform, competitive offerings, pricing, overall changes in our customers’ spending levels, and the effectiveness of our efforts to help our customers realize the benefits of our platform.
Key Business Metrics
We monitor the following key business metrics to help us evaluate our business.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 25 | |
| | | | |
Subscription ARR
Subscription ARR is calculated as the annualized value of our active subscription contracts as of the measurement date, assuming any contract that expires during the next 12 months is renewed on existing terms. Subscription contracts include offerings for our RSC platform and related SaaS products, term-based licenses for our RSC-Private platform and related products, prior sales of CDM sold as a subscription term-based license with associated support and related SaaS products, and standalone sales of our SaaS subscription products like Anomaly Detection and Sensitive Data Monitoring. We believe Subscription ARR illustrates our success in acquiring new subscription customers and maintaining and expanding our relationships with existing subscription customers.
The following table sets forth our Subscription ARR as of the dates presented (in thousands, except percentages):
| | | | | | | | | | | | | | | |
| April 30, | | |
| 2024 | | 2023 | | | | |
Subscription ARR | $ | 856,051 | | | $ | 587,454 | | | | | |
% growth | 46 | % | | 86 | % | | | | |
Subscription ARR does not include any maintenance revenue associated with perpetual licenses, which we generally no longer offer. Of the 46% and 86% growth, approximately three percentage points and 13 percentage points of growth for three months ended April 30, 2024 and 2023, respectively, were a result of transitioning our existing maintenance customers to our subscription editions.
Cloud Annual Recurring Revenue, or Cloud ARR
Cloud ARR is calculated as the annualized value of our active cloud-based subscription contracts as of the measurement date, based on our customers’ total contract value and, assuming any contract that expires during the next 12 months is renewed on existing terms. Our cloud-based subscription contracts include RSC and RSC-Government (excluding RSC-Private) and SaaS subscription products like Anomaly Detection and Sensitive Data Monitoring. Cloud ARR also includes SaaS subscription products Anomaly Detection and Sensitive Data Monitoring sold standalone or with prior sales of term-based license offerings of CDM. We believe that Cloud ARR provides important information on new and existing customers purchasing new RSC subscription offerings and existing subscription term-based license customers renewing with RSC subscription offerings.
The following table sets forth our Cloud ARR as of the dates presented (in thousands, except percentages):
| | | | | | | | | | | | | | | |
| April 30, | | |
| 2024 | | 2023 | | | | |
Cloud ARR | $ | 605,574 | | | $ | 296,917 | | | | | |
% growth | 104 | % | | 214 | % | | | | |
Average Subscription Dollar-Based Net Retention Rate
Our average subscription dollar-based net retention rate compares our Subscription ARR from the same set of subscription customers across comparable periods. We calculate our average subscription dollar-based net retention rate by first identifying subscription customers (the "Prior Period Subscription Customers"), which were subscription customers at the end of a particular quarter (the "Prior Period"). We then calculate the Subscription ARR from these Prior Period Subscription Customers at the end of the same quarter of the subsequent year (the "Current Period"). This calculation captures upsells, contraction, and attrition since the Prior Period. We then divide total Current Period Subscription ARR by the total Prior Period Subscription ARR for Prior Period Subscription Customers. Our average subscription dollar-based net retention rate in a particular quarter is obtained by averaging the result from that particular quarter with the corresponding results from each of the prior three quarters. We believe that our average subscription dollar-based net retention rate provides useful information about the evolution of our existing customers as they expand through the increase of data from applications we already secure, new applications for us to secure, additional data security products, and conversion of our recurring revenue related to maintenance contracts into subscription revenue.
Our historical average subscription dollar-based net retention rate does not include any maintenance revenue associated with perpetual licenses, which we no longer offer. Like Subscription ARR, our historical average subscription dollar-based net retention rate benefits from the transition of our existing maintenance customers to our subscription editions.
The following table sets forth our average subscription dollar-based net retention rate as of the dates presented:
| | | | | | | | | | | | | | | |
| April 30, | | |
| 2024 | | 2023 | | | | |
Average subscription dollar-based net retention rate | over 120 | % | | over 140 | % | | | | |
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 26 | |
| | | | |
Customers with $100,000 or More in Subscription ARR
We believe that customers with $100,000 or more in Subscription ARR is a helpful metric in measuring our ability to scale with our customers and the success of our ability to acquire large customers. Additionally, we believe that our ability to increase the number of customers with $100,000 or more in Subscription ARR is a useful indicator of our market penetration and demand for our platform.
The following table sets forth the number of customers with $100,000 or more in Subscription ARR as of the dates presented:
| | | | | | | | | | | | | | | |
| April 30, | | |
| 2024 | | 2023 | | | | |
Customers with $100,000 or more in Subscription ARR | 1,859 | | | 1,314 | | | | | |
% growth | 41 | % | | 80 | % | | | | |
Non-GAAP Financial Measures
We believe that non-GAAP financial measures, when taken collectively, may be helpful to investors because they provide consistency and comparability with past financial performance. However, non-GAAP financial measures are presented for supplemental informational purposes only, have limitations as an analytical tool, and should not be considered in isolation or as a substitute for financial information presented in accordance with GAAP. Other companies, including companies in our industry, may calculate similarly titled non-GAAP financial measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP financial measures as tools for comparison. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures, and not to rely on any single financial measure to evaluate our business.
Free Cash Flow
Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by (used in) operating activities less cash used for purchases of property and equipment and capitalized internal-use software. We believe that free cash flow is a helpful indicator of liquidity that provides information to management and investors about the amount of cash generated or used by our operations that, after the investments in property and equipment and capitalized internal-use software, can be used for strategic initiatives, including investing in our business and strengthening our financial position. The limitation of free cash flow is that it does not reflect our future contractual commitments and may fluctuate due to the timing of cash payments received from our customers and payments relative to expenses, including discretionary cash payments of our debt interest expense pursuant to the terms of our Amended Credit Facility and prepayments of other spend. Additionally, free cash flow is not a substitute for cash used in operating activities, and the utility of free cash flow as a measure of our liquidity is further limited as it does not represent the total increase or decrease in our cash balance for a given period.
Free cash flow was $(37.1) million and $(23.2) million for the three months ended April 30, 2024 and April 30, 2023, respectively. Free cash flow for the three months ended April 30, 2024 includes a cash outlay of $20.6 million for employer payroll taxes due to the vesting of certain equity awards in conjunction with the initial public offering. Adjusting for employer payroll taxes, the improvement in free cash flow was primarily due to higher sales and an increased number of payments before the due date for some of our distributors.
In the longer term, we view continued Subscription ARR growth and our multi-year cash collection as primary drivers of free cash flow. While we continue to see the majority of our customers pay us for new multi-year commitments upfront, we have experienced an increase in annual and consumption payments due to the growth in our SaaS products and the uncertain macroeconomic environment. See the risk factor titled “We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price and the value of your investment could decline” in the section titled “Risk Factors.” This trend, when combined with changes in new business growth, may result in free cash flow volatility across periods.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 27 | |
| | | | |
The following table presents a reconciliation of free cash flow to net cash used in operating activities for the periods presented:
| | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | |
| 2024 | | 2023 | | | | |
Net cash used in operating activities | $ | (31,381) | | $ | (17,457) | | | | |
Less: purchase of property and equipment | (3,639) | | (3,373) | | | | |
Less: capitalized internal-use software | (2,103) | | (2,416) | | | | |
Free cash flow | $ | (37,123) | | $ | (23,246) | | | | |
Net cash provided by investing activities | $ | 40,737 | | $ | 5,046 | | | | |
Net cash provided by financing activities | $ | 362,182 | | $ | 559 | | | | |
Subscription ARR Contribution Margin
We define Subscription ARR Contribution Margin as the Subscription ARR Contribution (as defined below) divided by Subscription ARR at the end of the period. We define Subscription ARR Contribution as Subscription ARR at the end of the period less: (i) our non-GAAP subscription cost of revenue and (ii) our non-GAAP operating expenses for the prior 12-month period ending on that date. In fiscal 2023, we began transitioning customers from our legacy CDM capabilities to our subscription-based RSC offerings. As a result of differing revenue recognition treatment between CDM and RSC, this business transition causes fluctuations to our total revenue growth and limits the comparability of our revenue with past performance. As a result, we measure the performance of our business on the basis of Subscription ARR. We believe that Subscription ARR Contribution Margin is a helpful indicator of operating leverage during this business transition. One limitation of Subscription ARR Contribution Margin is that the factors that impact Subscription ARR will vary from those that impact subscription revenue and, as such, may not provide an accurate indication of our actual or future GAAP results. Additionally, the historical expenses in this calculation may not accurately reflect the costs associated with future commitments.
Subscription ARR Contribution Margin was (11)%, and (32)% for the 12 months ended April 30, 2024 and April 30, 2023, respectively. For the 12 months ended April 30, 2024, the non-GAAP operating expense includes the recognition of $22.8 million for employer payroll taxes due to the vesting of certain equity awards in conjunction with the initial public offering. Adjusting for this, the Subscription ARR Contribution Margin was (8%) for the 12 months ended April 30, 2024. The increase in Subscription ARR Contribution Margin was primarily driven by the strong year-over-year growth in Subscription ARR, compared to year-over-year growth in non-GAAP subscription costs of sales and non-GAAP operating expenses. We believe that this increase in Subscription ARR Contribution Margin reflects increased operating leverage in our business.
The following table presents the calculation of Subscription ARR Contribution Margin for the periods presented as well as a reconciliation of (i) non-GAAP subscription cost of revenue to cost of revenue and (ii) non-GAAP operating expenses to operating expenses.
| | | | | | | | | | | | | | | |
| | | Twelve Months Ended April 30, |
| | | 2024 | | 2023 |
| | (in thousands, except percentages) |
Subscription cost of revenue | | | $ | 150,015 | | | $ | 72,267 | |
Amortization of acquired intangibles | | | (2,579) | | | (592) | |
Stock-based compensation expense | | | (35,236) | | | (23) | |
Stock-based compensation from amortization of capitalized internal-use software | | | (106) | | | (281) | |
Non-GAAP subscription cost of revenue | | | $ | 112,094 | | | $ | 71,371 | |
| | | | | |
Operating expenses | | | $ | 1,421,164 | | | $ | 706,870 | |
Stock-based compensation expense | | | (586,660) | | | (3,767) | |
Non-GAAP operating expenses | | | $ | 834,504 | | | $ | 703,103 | |
| | | | | |
Subscription ARR | | | $ | 856,051 | | | $ | 587,454 | |
Non-GAAP subscription cost of revenue | | | (112,094) | | | (71,371) | |
Non-GAAP operating expenses | | | (834,504) | | | (703,103) | |
Subscription ARR Contribution | | | $ | (90,547) | | | $ | (187,020) | |
Subscription ARR Contribution Margin | | | (11) | % | | (32) | % |
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 28 | |
| | | | |
Components of Results of Operations
Revenue
We generate revenue primarily from sales of subscriptions and typically invoice our customers at the inception of the contract. Revenue is recognized ratably over the term of the subscription for these sales of RSC subscriptions.
Our revenue will fluctuate based on the timing for transitioning our existing customers to RSC and when qualified customers choose to exercise or forfeit their customer options that are accounted for as material rights. These expected trends, when combined with the transition of the sale of Rubrik-branded Appliances from us to our contract manufacturers, will limit and cause fluctuations to our revenue growth through fiscal 2027. We primarily measure our business on the basis of Subscription ARR, as we believe it best reflects our actual growth and our growth prospects.
Subscription Revenue
Our subscription revenue consists of SaaS subscriptions and subscription term-based licenses with related support services.
SaaS includes SaaS subscription products like Anomaly Detection and Sensitive Data Monitoring sold standalone or with prior sales of term-based license offerings of CDM prior to the launch of the RSC platform as well as sales of RSC. RSC is offered as a fully-hosted subscription or a hybrid cloud subscription. RSC is a fully-hosted subscription in the case of protection of cloud, SaaS, and unstructured data applications. When RSC is securing enterprise applications, it is a hybrid cloud subscription which includes software hosted from the cloud (as a service) and an on-premise license for securing enterprise applications. The hybrid cloud subscription is accounted for as a single performance obligation because the software hosted from the cloud (as a service) and the on-premise software licenses are not separately identifiable and serve together to fulfill our promise to the customer, which is to provide a single, unified data security solution. Our subscription capabilities are primarily sold as editions which bundle multiple products and include the Foundation Edition, Business Edition, and Enterprise Edition. Subscription revenue related to SaaS is recognized ratably over the subscription period.
Subscription term-based licenses provide our customer with a right to use the software for a fixed term commencing upon delivery of the license to our customer. Support services are bundled with each subscription term-based license for the term of the subscription. Subscription revenue related to subscription term-based licenses includes upfront revenue recognized at the later of the start date of the subscription term-based license and the date when the subscription term-based license is delivered. The remainder of the revenue is recognized ratably over the subscription period for support services, commencing with the date the service is made available to customers.
As customers continue to adopt or transition to RSC, we expect the ratable portion of our subscription revenue to increase. We expect certain customers to consume our platform and products through a mix of RSC and CDM-T as they complete the migration, which will result in a recognition of a portion of the associated revenue for these customers upfront. Furthermore, our subscription revenue will also fluctuate when qualified customers choose to exercise or forfeit their customer options that are accounted for as material rights. The combination of both of these factors will limit and cause fluctuations in our subscription revenue growth through fiscal 2027, depending in part on the timing of our existing customers’ transition to RSC.
Maintenance Revenue
Maintenance revenue represents fees earned from software updates on a when-and-if-available basis, telephone support, integrated web-based support, and Rubrik-branded Appliance maintenance relating to our perpetual licenses. Maintenance revenue is recognized ratably over the term of the service period. We expect our maintenance revenue to decrease as we drive adoption of RSC for existing maintenance customers.
Other Revenue
Other revenue represents fees earned from sales of Rubrik-branded Appliances and professional services. We recognize revenue for the amount allocated to the perpetual software license at the later of the license term start date or the date the license is delivered. Revenue for Rubrik-branded Appliances is recognized when shipped to the customer. When we sell our software license with our Rubrik-branded Appliances, revenue for both the Rubrik-branded Appliances and software licenses are recognized at the same time. Revenue related to professional services is typically recognized as the services are performed. In the third quarter of fiscal 2023, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers. We expect other revenue as a percentage of total revenue to decrease over time as we continue this transition.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 29 | |
| | | | |
Cost of Revenue
Cost of revenue primarily includes employee compensation and related expenses associated with customer support, certain hosting costs, amortization of capitalized internal-use software, and cost of Rubrik-branded Appliances. We expect our cost of revenue, exclusive of stock-based compensation expense, as a percentage of revenue to generally decrease over the long term as we increasingly transition the sale of Rubrik-branded Appliances from us to our contract manufacturers.
Cost of Subscription Revenue
Cost of subscription revenue primarily includes employee compensation and related expenses associated with customer support for our subscription offerings, certain hosting costs, and amortization of capitalized internal-use software. We expect our cost of subscription revenue to increase as our subscription revenue increases.
Cost of Maintenance Revenue
Cost of maintenance revenue primarily includes employee compensation and related expenses associated with customer support from our perpetual licenses. Over the long-term, we expect our cost of maintenance revenue to decrease as our maintenance revenue decreases.
Cost of Other Revenue
Cost of other revenue primarily includes the cost of Rubrik-branded Appliances and professional services. We expect cost of other revenue as a percentage of total cost of revenue to decrease due to the sales of Rubrik-branded Appliances transitioning from us to our contract manufacturers.
Gross Profit and Margin
Gross profit is revenue less cost of revenue.
Gross margin is gross profit expressed as a percentage of revenue. Our gross margin has been, and will continue to be, affected by a number of factors, including the mix of subscription term-based licenses, SaaS subscriptions, and other products, when qualified customers choose to exercise or forfeit their customer options that are accounted for as material rights, the timing and extent of our investments in our global customer support organization, certain hosting costs, the amortization of capitalized internal-use software, and stock-based compensation expense. Over time, we expect our gross margin to fluctuate due to the factors described above.
Subscription Gross Margin
With increased adoption of RSC, we expect SaaS revenue to increase as a percentage of total revenue, which we expect will result in an increase in associated hosting costs. As customers adopt RSC, we expect our subscription gross margin to fluctuate through fiscal 2027. This is due to the revenue being recognized ratably over the subscription term rather than a portion being recognized upfront from subscription term-based licenses and associated increases in hosting costs for our SaaS solutions.
Maintenance Gross Margin
We expect maintenance revenue to decrease as a percentage of total revenue, which we expect will result in a decrease in maintenance costs. We expect our maintenance margin to fluctuate until the end of fiscal 2026 as maintenance revenue and related costs decline as customers adopt RSC.
Other Gross Margin
We expect sales of Rubrik-branded Appliances to decrease as we transition the sale from us to contract manufacturers, which will result in a decrease in associated Rubrik-branded Appliance costs. We expect our other gross margin to fluctuate through fiscal 2025 as we are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers.
Operating Expenses
Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs are the most significant component of operating expenses. We also incur other non-personnel costs such as colocation and certain hosting costs, office space costs, fees for third-party professional services, and costs associated with software and subscription services. We expect our operating expenses, exclusive of stock-based compensation expense, to generally decrease as a percentage of revenue over the long term.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 30 | |
| | | | |
Research and Development
Research and development expenses consist primarily of employee compensation and related expenses, net of capitalized amounts, and colocation and certain hosting costs. To capture share in the ever-growing data security market, we expect to continuously innovate our platform and product functionality and will continue to invest in research and development. We expect our research and development expenses will continue to increase as our business grows. We also expect our research and development expenses, exclusive of stock-based compensation, as a percentage of revenue to generally decrease over the long term.
Sales and Marketing
Sales and marketing expenses consist primarily of employee compensation and related expenses including sales commissions, marketing programs, and travel-related costs. We expect our sales and marketing expenses will increase over time and continue to be our largest operating expense for the foreseeable future as we expand our sales force, increase our marketing efforts, and expand into new markets. We also expect our sales and marketing expenses, exclusive of stock-based compensation, as a percentage of revenue to generally decrease over the long term.
General and Administrative
General and administrative expenses consist primarily of employee compensation and related expenses for administrative functions, including finance, legal, human resources, information technology, and fees for third-party professional services. We expect to incur additional general and administrative expenses as a result of operating as a public company, including costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations, and increased expenses for investor relations and third-party professional services. We expect that our general and administrative expenses will also increase as our business grows, although we expect our general and administrative expenses, exclusive of stock-based compensation, as a percentage of revenue to generally decrease over the long term.
Other Non-Operating Income (Expense)
Other non-operating income (expense) consists primarily of interest income, interest expense, and foreign exchange gains and losses.
Income Tax Expense (Benefit)
Income tax expense (benefit) consists primarily of income taxes in certain foreign jurisdictions in which we conduct business, as well as federal and state income taxes in the United States. We have recorded U.S. federal and state net deferred tax assets for which we provide a full valuation allowance, which includes net operating loss carryforwards and tax credits. We expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 31 | |
| | | | |
Results of Operations
The following tables summarize our consolidated statements of operations data for the periods presented. The period-to-period comparison of results is not necessarily indicative of results for future periods.
| | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | |
| 2024 | | 2023 | | | | |
| (in thousands) |
Revenue | | | | | | | |
Subscription | $ | 172,195 | | | $ | 108,398 | | | | | |
Maintenance | 5,667 | | | 12,288 | | | | | |
Other | 9,453 | | | 15,054 | | | | | |
Total revenue | 187,315 | | | 135,740 | | | | | |
Cost of revenue | | | | | | | |
Subscription | 73,725 | | | 21,637 | | | | | |
Maintenance | 3,609 | | | 2,271 | | | | | |
Other | 18,645 | | | 11,983 | | | | | |
Total cost of revenue | 95,979 | | | 35,891 | | | | | |
Gross profit | 91,336 | | | 99,849 | | | | | |
Operating expenses | | | | | | | |
Research and development(1) | 285,379 | | | 46,266 | | | | | |
Sales and marketing(1) | 379,329 | | | 115,362 | | | | | |
General and administrative(1) | 151,465 | | | 22,817 | | | | | |
Total operating expenses | 816,173 | | | 184,445 | | | | | |
Loss from operations | (724,837) | | | (84,596) | | | | | |
Interest income | 2,942 | | | 2,617 | | | | | |
Interest expense | (10,624) | | | (5,532) | | | | | |
Other income (expense), net | (623) | | | (554) | | | | | |
Loss before income taxes | (733,142) | | | (88,065) | | | | | |
Income tax expense (benefit) | (1,051) | | | 1,208 | | | | | |
Net loss | $ | (732,091) | | | $ | (89,273) | | | | | |
Net loss per share attributable to common shareholders, basic and diluted | $ | (11.48) | | | $ | (1.49) | | | | | |
Weighted-average shares used in computing net loss per share attributable to common shareholders, basic and diluted | 63,794 | | | 59,940 | | | | | |
(1) Includes stock-based compensation expense as follows (in thousands):
| | | | | | | | | | | |
| Three Months Ended April 30, |
| 2024 | | 2023 |
Cost of revenue | | | |
Subscription | $ | 35,193 | | | $ | 2 | |
Maintenance | 2,459 | | | — | |
Other | 11,247 | | | 3 | |
Research and development | 224,149 | | | 167 | |
Sales and marketing | 239,888 | | | 199 | |
General and administrative | 117,394 | | | 57 | |
Total stock-based compensation expense | $ | 630,330 | | | $ | 428 | |
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 32 | |
| | | | |
The following table sets forth our consolidated statements of operations data expressed as a percentage of revenue for the periods indicated:
| | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | |
| 2024 | | 2023 | | | | |
Revenue | | | | | | | |
Subscription | 92 | % | | 80 | % | | | | |
Maintenance | 3 | | | 9 | | | | | |
Other | 5 | | | 11 | | | | | |
Total revenue | 100 | | | 100 | | | | | |
Cost of revenue | | | | | | | |
Subscription | 39 | | | 15 | | | | | |
Maintenance | 2 | | | 2 | | | | | |
Other | 10 | | | 9 | | | | | |
Total cost of revenue | 51 | | | 26 | | | | | |
Gross profit | 49 | | | 74 | | | | | |
Operating expenses | | | | | | | |
Research and development | 152 | | | 34 | | | | | |
Sales and marketing | 203 | | | 85 | | | | | |
General and administrative | 81 | | | 17 | | | | | |
Total operating expenses | 436 | | | 136 | | | | | |
Loss from operations | (387) | | | (62) | | | | | |
Interest income | 2 | | | 1 | | | | | |
Interest expense | (6) | | | (4) | | | | | |
Other income (expense), net | — | | | — | | | | | |
Loss before income taxes | (391) | | | (65) | | | | | |
Income tax expense (benefit) | — | | | 1 | | | | | |
Net loss | (391) | % | | (66) | % | | | | |
Comparison of the Three Months Ended April 30, 2024 and 2023
Revenue
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | | | | | |
| 2024 | | 2023 | | $ Change | | % Change | | | | |
| (dollars in thousands) | | | | | | |
Revenue | | | | | | | | | | | |
Subscription | $ | 172,195 | | | $ | 108,398 | | | $ | 63,797 | | | 59 | % | | | | |
Maintenance | 5,667 | | | 12,288 | | | (6,621) | | | (54) | % | | | | |
Other | 9,453 | | | 15,054 | | | (5,601) | | | (37) | % | | | | |
Total revenue | $ | 187,315 | | | $ | 135,740 | | | $ | 51,575 | | | 38 | % | | | | |
Subscription revenue increased $63.8 million for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023, representing a 59% increase. Growth in subscription revenue benefited from a moderate headwind from the transition to RSC relative to the year ago period. Our Subscription ARR grew from $587.5 million as of April 30, 2023 to $856.1 million as of April 30, 2024, representing a 46% increase. Of the increase in Subscription ARR, approximately three percentage points are a result of transitioning our existing maintenance customers to our subscription editions. A further indication of our ability to expand revenue from existing customers is through our average subscription dollar-based net retention rate which was over 120% as of April 30, 2024. We had 1,859 customers with $100,000 or more in Subscription ARR as of April 30, 2024, increasing from 1,314 as of April 30, 2023.
Maintenance revenue associated with sales of perpetual licenses of our legacy CDM product decreased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023. Maintenance revenue represented 3% and 9% of total revenue for the three months ended April 30, 2024 and 2023, respectively. We expect the transition of existing maintenance customers adopting RSC subscription offerings to be largely completed by the end of fiscal 2026.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 33 | |
| | | | |
Other revenue, which consists primarily of sales of Rubrik-branded Appliances and professional services, decreased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023. Sales of Rubrik-branded Appliances decreased by $5.1 million as we are transitioning sales of our Rubrik-branded Appliances from us to our contract manufacturers and no longer offer new perpetual licenses. We expect our other revenue as a percentage of total revenue to continue to decrease.
Cost of Revenue
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | | | | | |
| 2024 | | 2023 | | $ Change | | % Change | | | | |
| (dollars in thousands) | | | | | | |
Cost of revenue | | | | | | | | | | | |
Subscription | $ | 73,725 | | | $ | 21,637 | | | $ | 52,088 | | | 241 | % | | | | |
Maintenance | 3,609 | | | 2,271 | | | 1,338 | | | 59 | % | | | | |
Other | 18,645 | | | 11,983 | | | 6,662 | | | 56 | % | | | | |
Total cost of revenue | $ | 95,979 | | | $ | 35,891 | | | $ | 60,088 | | | 167 | % | | | | |
Cost of subscription revenue increased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023, primarily due to $35.2 million in stock-based compensation expense we recognized as a result of the completion of our IPO, an increase in $11.1 million in hosting costs due to the development and launch of more SaaS products, and an increase of $4.4 million from growth in our customer support organization.
Cost of maintenance revenue increased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023, primarily due to $2.5 million in stock-based compensation expense we recognized as a result of the completion of our IPO, partially offset by a decrease in our customer support organization costs relating to maintenance revenue as we no longer offer new perpetual licenses and as existing maintenance customers adopt RSC subscription offerings.
Cost of other revenue increased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023, primarily due to $11.2 million in stock-based compensation expense we recognized as a result of the completion of our IPO, partially offset by a decrease in Rubrik-branded Appliances costs as we are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers.
Gross Profit and Gross Margin
| | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | | | |
| 2024 | | 2023 | | $ Change | | % Change |
| (dollars in thousands) | | |
Gross profit | | | | | | | |
Subscription | $ | 98,470 | | | $ | 86,761 | | | $ | 11,709 | | | 13 | % |
Maintenance | 2,058 | | | 10,017 | | | (7,959) | | | (79) | % |
Other | (9,192) | | | 3,071 | | | (12,263) | | | (399) | % |
Total gross profit | $ | 91,336 | | | $ | 99,849 | | | $ | (8,513) | | | (9) | % |
| | | | | | | | | | | |
| Three Months Ended April 30, |
| 2024 | | 2023 |
Gross margin | | | |
Subscription | 57 | % | | 80 | % |
Maintenance | 36 | % | | 82 | % |
Other | (97) | % | | 20 | % |
Total gross margin | 49 | % | | 74 | % |
Subscription gross margin decreased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023, due to the stock-based compensation expense we recognized as a result of the completion of our IPO and an increase in hosting costs associated with our development and launch of more SaaS products.
Maintenance gross margin decreased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023 due to the stock-based compensation expense we recognized as a result of the completion of our IPO.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 34 | |
| | | | |
Other gross margin decreased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023 due to the stock-based compensation expenses we recognized as a result of the completion of our IPO.
Operating Expenses
Research and Development
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | | | | | |
| 2024 | | 2023 | | $ Change | | % Change | | | | |
| (dollars in thousands) | | | | | | |
Research and development | $ | 285,379 | | | $ | 46,266 | | | $ | 239,113 | | | 517 | % | | | | |
Research and development expenses increased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023. Employee compensation and related expenses increased by $237.4 million due to $224.0 million of stock-based compensation expense we recognized as a result of the completion of our IPO and increases in headcount as we continued to develop new products and enhance the functionalities of our existing products.
Sales and Marketing
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | | | | | |
| 2024 | | 2023 | | $ Change | | % Change | | | | |
| (dollars in thousands) | | | | | | |
Sales and marketing | $ | 379,329 | | | $ | 115,362 | | | $ | 263,967 | | | 229 | % | | | | |
Sales and marketing expenses increased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023. Employee compensation and related expenses increased by $260.1 million due to $239.7 million of stock-based compensation expenses we recognized as a result of the completion of our IPO and increases in headcount.
General and Administrative
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | | | | | |
| 2024 | | 2023 | | $ Change | | % Change | | | | |
| (dollars in thousands) | | | | | | |
General and administrative | $ | 151,465 | | | $ | 22,817 | | | $ | 128,648 | | | 564 | % | | | | |
General and administrative expenses increased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023. Employee compensation and related expenses increased by $124.0 million due to $117.3 million of stock-based compensation expenses we recognized as a result of the completion of our IPO and increases in headcount.
Other Non-Operating Income (Expense)
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | | | | | |
| 2024 | | 2023 | | $ Change | | % Change | | | | |
| (dollars in thousands) | | | | | | |
Interest income | $ | 2,942 | | | $ | 2,617 | | | $ | 325 | | | 12 | % | | | | |
Interest expense | (10,624) | | | (5,532) | | | (5,092) | | | 92 | % | | | | |
Other income (expense), net | (623) | | | (554) | | | (69) | | | 12 | % | | | | |
Interest income increased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023 due to higher cash, cash equivalents, and investment balances and higher interest rates.
Interest expense increased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023 primarily due to our Prior Credit Facility and Amended Credit Facility (each as defined below).
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 35 | |
| | | | |
Income Tax Expense (Benefit)
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
| Three Months Ended April 30, | | | | | | |
| 2024 | | 2023 | | $ Change | | % Change | | | | |
| (dollars in thousands) | | | | | | |
Income tax expense (benefit) | $ | (1,051) | | | $ | 1,208 | | | $ | (2,259) | | | (187) | % | | | | |
Our income tax expense decreased for the three months ended April 30, 2024 as compared to the three months ended April 30, 2023, primarily due to several of our foreign subsidiaries making an election in the current year to be treated as U.S. branches for federal income tax purposes effective in fiscal 2024. Our effective tax rate may fluctuate significantly on a quarterly basis and could be adversely affected to the extent that earnings are lower than anticipated in countries that have lower statutory tax rates and higher than anticipated in countries that have higher statutory tax rates. In addition, tax authorities may challenge our transfer pricing policies, resulting in a higher effective tax rate.
Liquidity and Capital Resources
To date, we have financed our operations principally through private placements of our redeemable convertible preferred stock, our term loan credit facility, and payments received from customers.
In June 2022, we entered into a $195.0 million credit facility (the "Prior Credit Facility"), consisting of initial term loans in an aggregate principal amount of $175.0 million and delayed draw term loan commitments in an aggregate principal amount of $20.0 million. The Prior Credit Facility was scheduled to mature in June 2027. We borrowed the full amount of the initial term loans in June 2022, the proceeds of which were used for general corporate purposes, and subsequently drew approximately $14.5 million of delayed draw term loans to pay accrued quarterly interest payments under the Prior Credit Facility.
In August 2023, we amended and restated the Prior Credit Facility (the "Amended Credit Facility"), to increase the total borrowing capacity thereunder to $330.0 million, consisting of initial term loans in an aggregate principal amount of approximately $289.5 million and delayed draw term loan commitments in an aggregate principal amount of approximately $40.5 million. The Amended Credit Facility will mature in August 2028. We borrowed the full amount of the initial term loans and approximately $4.1 million of delayed draw term loans under the Amended Credit Facility on the closing date of the Amended Credit Facility in order to (i) refinance and replace in full the outstanding term loans under the Prior Credit Facility, (ii) finance the consideration for the acquisition of Laminar, and (iii) pay the accrued quarterly interest under the Prior Credit Facility then due. Borrowings under the Amended Credit Facility will bear interest, at our option, at a rate per annum equal to (i) (x) a base rate equal to the highest of (A) the prime rate as published by The Wall Street Journal, (B) the federal funds rate plus 0.5%, and (C) an adjusted SOFR rate for a one-month interest period plus 1.0% plus (y) a margin of 6.0%, or (ii) an adjusted SOFR rate for a selected interest period plus a margin of 7.0%. We have the option to elect to fund up to 100.0% of the interest payments under the Amended Credit Facility with the incurrence of additional delayed draw term loans, subject to a temporary increase of 0.5% in the annual interest rate due on outstanding term loans for a period of 90 to 180 days from the latest date of incurrence of such additional delayed draw term loans. The annual interest rate on outstanding term loans under the Amended Credit Facility can also decrease by 0.5% if we achieve certain financial targets. In connection with each of the Prior Credit Facility and the Amended Credit Facility, we were also required to pay customary fees for a credit facility of this size and type, including an upfront fee. We have the option to prepay the loans under the Amended Credit Facility at any time subject to a prepayment premium of (i) 1.5% in the first year following the closing of the Amended Credit Facility, (ii) 0.5% in the second year following the closing of the Amended Credit Facility, and (iii) 0.0% thereafter.
In August 2023, we acquired all of the outstanding stock of Laminar, a data security posture management ("DSPM") platform. We accounted for this transaction as a business combination. The acquisition date fair value of the purchase consideration was $104.9 million, of which $90.8 million was paid in cash and the remainder in common stock. The cash consideration of $90.8 million excludes $23.8 million we held back, which is subject to service-based vesting and will be recorded as expense over the period the services are provided. The acquisition of Laminar is intended to support our leadership position as a data security platform provider and help accelerate our cyber posture offerings.
In April 2024, we completed our IPO which resulted in proceeds of approximately $710.3 million, net of underwriting discounts and commissions.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 36 | |
| | | | |
Our billings grow with new business growth. The majority of our billings are driven by invoicing our customers for multi-year commitments. However, this may evolve as customers have opted to, and may continue to opt to, pay us on an annual basis based on products purchased due to the growth in our SaaS product offerings and the uncertain macroeconomic environment. In addition, our billings are subject to seasonality, with billings in the fourth quarter being substantially higher than in the other three quarters. As of April 30, 2024, we had cash, cash equivalents, and short-term investments of $606.3 million. Our cash equivalents and investments primarily consist of money market funds, U.S. treasuries, commercial paper, corporate bonds, and U.S. government agencies securities. We have generated significant operating losses from our operations as reflected in our accumulated deficit of $(2,414.6) million as of April 30, 2024. We expect to continue to incur operating losses, and our operating cash flows may fluctuate between positive and negative amounts for the foreseeable future due to the investments we intend to make as described above. As a result, we may require additional capital resources to execute strategic initiatives to grow our business.
Our principal contractual and other commitments consist of our operating leases for office space that we occupy and data centers, purchase obligations relating primarily to hosting and software and subscription services, and debt, including the quarterly interest payments. There were no significant changes outside the ordinary course of business to our commitments and purchase obligations disclosed in our Final Prospectus for the fiscal year ended January 31, 2024. Refer to Note 7 to our condensed consolidated financial statements included elsewhere in this Quarterly Report on Form 10-Q for a discussion of our debt.
We believe that our existing cash and cash equivalents will be sufficient to fund our operating and capital needs for at least the next 12 months.
Our longer-term future capital requirements will depend on many factors, including our subscription growth rate, subscription renewal activity, including the timing and the amount of cash received from customers, the expansion of sales and marketing activities, the timing and extent of spending to support development efforts, the introduction of new and enhanced products, and the continuing market adoption of our platform. We may in the future enter into arrangements to acquire or invest in complementary businesses, services, and technologies, including intellectual property rights. We continue to assess our capital structure and evaluate the merits of deploying available cash. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, financial condition, and operating results would be adversely affected.
The following table summarizes our cash flows for the periods presented (in thousands):
| | | | | | | | | | | |
| Three Months Ended April 30, |
| 2024 | | 2023 |
| |
Net cash used in operating activities | $ | (31,381) | | | $ | (17,457) | |
Net cash provided by investing activities | $ | 40,737 | | | $ | 5,046 | |
Net cash provided by financing activities | $ | 362,182 | | | $ | 559 | |
Operating Activities
Our largest source of operating cash is payments received from our customers. We typically invoice our customers in advance for multi-year contracts. Therefore, a substantial source of our cash is from such prepayments, which are included on our consolidated balance sheets in deferred revenue. We generally experience seasonality based on when we enter into agreements with our customers. Given the seasonality in our business, the operating cash flow benefit from increased collections from our customers generally occurs in the subsequent quarter after billing. We expect seasonality, timing of billings, and collections from our customers to have a material impact on our cash flow from operating activities from period to period. Our primary uses of cash from operating activities are for employee compensation and related expenses, sales commissions, fees for third-party professional services, colocation and hosting costs, marketing programs, and discretionary cash payments of our debt interest expense pursuant to the terms of our Amended Credit Facility and prepayments of other spend. Our cash flow from operating activities may fluctuate due to the timing of cash payments received from our customers and payments relative to expenses.
For the three months ended April 30, 2024, net cash used in operating activities of $31.4 million resulted primarily from a net loss of $732.1 million, partially offset by $630.3 million of stock-based compensation, $20.4 million of amortization of deferred commissions, $9.7 million for non-cash interest related to debt, $7.2 million for depreciation and amortization, and $33.2 million of net cash inflow from changes in operating assets and liabilities. The net cash inflow from changes in operating assets and liabilities was primarily the result of a $53.5 million increase in deferred revenue from increased billings and a $36.2 million decrease in accounts receivable. The cash inflow was partially offset by a $23.2 million increase in deferred commissions, a $22.1 million increase in accrued expenses and other liabilities, and a $13.9 million decrease in prepaid expenses and other assets.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 37 | |
| | | | |
For the three months ended April 30, 2023, net cash used in operating activities of $17.5 million resulted primarily from a net loss of $89.3 million, partially offset by $16.4 million of amortization of deferred commissions and $5.6 million for depreciation and amortization, and $49.0 million of net cash inflow from changes in operating assets and liabilities. The net cash inflow from changes in operating assets and liabilities was primarily the result of a $72.0 million increase in deferred revenue from increased billings, a $22.2 million decrease in accounts receivables, and a $12.5 million decrease in prepaid expense and other assets. The cash inflow was partially offset by a $19.9 million increase in deferred commissions and $38.2 million increase in prepaid expenses and other assets.
Investing Activities
For the three months ended April 30, 2024, net cash provided by investing activities of $40.7 million resulted from $89.1 million in proceeds from maturities and sales of investments, offset by $42.7 million in purchases of investments, $3.6 million in purchases of property and equipment, and $2.1 million in capitalized internal-use software.
For the three months ended April 30, 2023, net cash provided by investing activities of $5.0 million resulted from $83.0 million in proceeds from maturities and sales of investments, offset by $72.2 million in purchases of investments, $3.4 million in purchases of property and equipment, and $2.4 million in capitalized internal-use software.
Financing Activities
For the three months ended April 30, 2024, net cash provided by financing activities of $362.2 million resulted primarily from $710.3 million in proceeds from our IPO, net of underwriting discounts and commissions, and $3.6 million from the exercise of stock options, partially offset by $350.4 million in taxes paid related to the net share settlement of equity awards that vested upon our IPO, and $0.8 million for payment of deferred offering costs.
For the three months ended April 30, 2023, net cash provided by financing activities of $0.6 million resulted from $1.0 million from the exercise of stock options, partially offset by $0.4 million for payment of deferred offering costs.
Critical Accounting Policies and Estimates
Our condensed consolidated financial statements and related notes thereto included elsewhere in this Quarterly Report on Form 10-Q are prepared in accordance with GAAP. The preparation of these condensed consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, and expenses as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. Our actual results could differ from these estimates.
There have been no material changes to our critical accounting policies and estimates as compared to those described in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” set forth in our Final Prospectus other than what is described below.
Stock-Based Compensation
CEO Performance Award
In June 2022, our board of directors approved a stock option grant to our CEO, Mr. Sinha to purchase up to 8,000,000 shares of Class B common stock. The CEO Performance Award was granted upon our IPO and vests upon the satisfaction of a service-based condition and the achievement of certain stock price goals. We estimated the grant date fair value of the award using the Monte Carlo simulation method which incorporates multiple stock price paths as well as the possibility that the stock price goals may not be satisfied. One of the judgmental assumptions in the Monte Carlo simulation method is the expected volatility of our common stock price. Since we do not have sufficient trading history of our common stock, we estimated the expected volatility at the grant date by using the historical volatility of a group of comparable publicly traded companies over a period equal to the time to expiration of the options. Changes to the volatility may have a material impact on the valuation of CEO Performance Award given the size of the equity award.
Recently Issued Accounting Pronouncements
See Note 2, Basis of Presentation and Summary of Significant Accounting Policies, in the notes to our condensed consolidated financial statements included in Part I, Item I of this Quarterly Report on Form 10-Q for a discussion of recent accounting pronouncements.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 38 | |
| | | | |
JOBS Act Accounting Election
We are an emerging growth company, as defined in the JOBS Act. The JOBS Act provides that an emerging growth company can take advantage of an extended transition period for complying with new or revised accounting standards. This provision allows an emerging growth company to delay the adoption of some accounting standards until those standards would otherwise apply to private companies. We have elected to use the extended transition period under the JOBS Act for the adoption of certain accounting standards until the earlier of the date we (i) are no longer an emerging growth company or (ii) affirmatively and irrevocably opt out of the extended transition period provided in the JOBS Act. As a result, our financial statements may not be comparable to companies that comply with new or revised accounting pronouncements as of public company effective dates.
Item 3. Quantitative and Qualitative Disclosures About Market Risk
We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business.
Interest Rate Risk
As of April 30, 2024, we had cash, cash equivalents, and short-term investments of $606.3 million and restricted cash of $5.5 million. Our cash, cash equivalents, and short-term investments are held for working capital purposes. We do not enter into investments for trading or speculative purposes. Our investments are exposed to market risk due to fluctuations in interest rates, which may affect our interest income. A hypothetical 10% increase or decrease in interest rates would not have a material effect on the fair market value of our portfolio.
Currency Risk
Our reporting currency is the U.S. dollar and the functional currency for all of our foreign subsidiaries are the respective local currencies. All of our sales contracts are denominated in U.S. dollars. A portion of our operating expenses are incurred outside of the United States, denominated in foreign currencies, and subject to fluctuations due to changes in foreign currency exchange rates. Our consolidated results of operations and cash flows are, therefore, subject to fluctuations due to changes in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign exchange rates. To date, we have not entered into any hedging arrangements with respect to foreign currency risk or other derivative financial instruments, although we may choose to do so in the future. We do not believe a 10% increase or decrease in the relative value of the U.S. dollar would have a material impact on our results of operations.
Item 4. Controls and Procedures
Evaluation of Disclosure Controls and Procedures
Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, has evaluated the effectiveness of our disclosure controls and procedures as of the end of the period covered by this Quarterly Report on Form 10-Q. The term “disclosure controls and procedures,” as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended (the Exchange Act), means controls and other procedures of a company that are designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the SEC’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to provide reasonable assurance that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is accumulated and communicated to the company’s management, including its principal executive and principal financial officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure. Based on such evaluation, our Chief Executive Officer and Chief Financial Officer concluded that, as of the end of the period covered by this Quarterly Report on Form 10-Q, our disclosure controls and procedures were effective at the reasonable assurance level.
Changes in Internal Control over Financial Reporting
There were no changes in our internal control over financial reporting identified in connection with the evaluation required by Rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the period covered by this Quarterly Report on Form 10-Q that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 39 | |
| | | | |
Inherent Limitations on Effectiveness of Controls
Our management, including our Chief Executive Officer and Chief Financial Officer, believes that our disclosure controls and procedures and internal control over financial reporting are designed to provide reasonable assurance of achieving their objectives and are effective at the reasonable assurance level. However, management does not expect that our disclosure controls and procedures or our internal control over financial reporting will prevent or detect all errors and all fraud. A control system, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues and instances of fraud, if any, within the company have been detected. The design of any system of controls also is based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions. Over time, controls may become inadequate because of changes in conditions, or the degree of compliance with the policies or procedures may deteriorate. Because of the inherent limitations in a cost-effective control system, misstatements due to error or fraud may occur and not be detected.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 40 | |
| | | | |
PART II. OTHER INFORMATION
Item 1. Legal Proceedings
From time to time, we are involved in various legal proceedings arising from activities in the normal course of business. We are not presently a party to any litigation the outcome of which, we believe, if determined adversely to us, would individually or taken together have a material adverse effect on our business, financial condition, results of operations, and cash flows. Defending any legal proceedings is costly and can impose a significant burden on management and employees. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources, and other factors.
Item 1A. Risk Factors
Investing in our Class A common stock involves various risks, including those described below. You should consider and read carefully all of the risks and uncertainties described below, together with all of the other information contained in this Quarterly Report on Form 10-Q, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our unaudited condensed consolidated financial statements and related notes, before making an investment decision. The risks described below are not the only ones we face. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition, or results of operations. In such case, the trading price of our Class A common stock could decline, and you may lose some or all of your original investment.
Risks Related to Our Business
Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects.
Our revenue was $187.3 million and $135.7 million for the three months ended April 30, 2024 and 2023, respectively. You should not rely on the revenue growth of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, we expect that our revenue growth rate will fluctuate in the future as a result of a variety of factors, including our transition for new and existing customers to sales of Rubrik Security Cloud ("RSC"), for which an increasing amount of our software revenue will be recognized ratably.
Overall growth of our revenue also depends on a number of factors, including our ability to:
•expand the features and functionality of our data security products as well as increase the amount of data sources protected across enterprise, cloud, and SaaS applications;
•extend our product leadership to expand our addressable market;
•differentiate our data security products from products offered by others;
•successfully develop a substantial sales pipeline for our products;
•hire sufficient sales personnel to support our growth and reduce the time for such personnel to achieve desired productivity levels;
•attract new customers and expand sales to our existing customers, including by effectively marketing and pricing our data security products and successfully transitioning existing customers to RSC;
•increase awareness of our brand on a global basis as a data security company to successfully compete with other companies;
•provide our customers with support that meets their needs;
•effectively leverage and expand our partner ecosystem;
•protect against security incidents;
•successfully protect our intellectual property in the United States and other jurisdictions; and
•expand to new international markets and grow within existing markets.
We may not successfully accomplish any of these objectives, and as a result, it is difficult for us to forecast our future results of operations. If the assumptions that we use to plan our business are incorrect or if we are unable to maintain consistent revenue or revenue growth, our stock price could be volatile and we may not be able to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 41 | |
| | | | |
In addition, we expect to continue to expend substantial financial and other resources on:
•expansion and enablement of our sales, services, and marketing organizations to increase brand awareness and drive adoption of our solutions;
•product development, including investments in our product development team and the development of new products, new features, and functionality for our platform and products;
•our cloud infrastructure technology, including systems architecture, scalability, availability, performance, and security;
•our partner ecosystem;
•international expansion;
•acquisitions or strategic investments;
•our information security program; and
•general administration, including increased legal, human resources, and accounting expenses associated with being a public company.
These investments may not result in increased revenue for our business. If we are unable to maintain or increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial condition, and results of operations will be harmed, and we may not be able to achieve or maintain profitability. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays, decreased revenue growth associated with general macroeconomic and market conditions, volatility, or disruptions (including the effect of those events on our customers) and other unknown factors that may result in losses in future periods. If our revenue does not meet our expectations in future periods, our business, financial condition, and results of operations may be harmed.
If the market for data security solutions does not grow, our ability to grow our business and our results of operations may be adversely affected.
We believe our future success will depend in large part on the growth, if any, in the market for data security solutions. Traditionally, the cybersecurity industry has been focused on securing information technology infrastructure to prevent, detect, and investigate cyberattacks. Our platform brings a new approach to cybersecurity, which involves protecting our customers’ data across enterprise, cloud, and SaaS applications, observing the data itself to proactively identify emergent threats, remediating data security threats, and recovering protected data following a cybersecurity event. The market for data security solutions, such as our platform and data security products, is at an early stage and rapidly evolving. As such, it is difficult to predict this market’s potential growth, if any, customer adoption and retention rates, customer demand for data security platforms, or the success of competitive products. In the past, customer adoption of our platform and data security products has been driven by the need for data resilience due to increasing ransomware activity. We do not know whether the trends of increasing ransomware activity, or of increasing adoption of our platform and data security products such as ours that we have experienced in the past, will continue in the future. Any expansion in this market depends on a number of factors, including the cost, performance, and perceived value associated with our platform and data security products and similar solutions of our competitors, including preference to manage security with existing infrastructure security tools alone, rather than investing in a platform based data security solution. The markets for some of our solutions are new, unproven, and evolving, and our future success depends on growth and expansion of these markets. If our platform and data security products do not achieve widespread adoption or there is a reduction in demand for our platform and data security products due to a lack of customer acceptance, technological challenges, competing products or solutions, privacy concerns, decreases in corporate spending, weakening economic conditions, or otherwise, it could result in early terminations, reduced customer retention rates, or decreased revenue, any of which would adversely affect our business, financial condition, and results of operations. You should consider our business and growth prospects in light of the risks and difficulties we encounter in this new and evolving market.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 42 | |
| | | | |
We have a limited operating history, particularly with respect to our offering of RSC, which makes it difficult to forecast our future results of operations.
Although we were founded in December 2013, we only began offering our products and services in the fiscal year ended January 31, 2016, and we began offering RSC as a cloud native SaaS solution in fiscal 2023. As a result of our limited operating history, our ability to accurately forecast our future results of operations is limited and subject to a number of uncertainties, including our ability to plan for and forecast future growth. Our historical revenue growth should not be considered indicative of our future performance. Further, in future periods, we expect our revenue growth to fluctuate, slow, and possibly decline for a number of reasons, including mix shifts in our platform and data security products, as well as the impact on our revenue recognition resulting from our transition from selling our products primarily on the basis of subscription term-based licenses to SaaS subscriptions. The timing for this transition and related implications on our revenue recognition and trends will depend on our ability to transition existing customers to RSC in a timely manner. We are implementing certain initiatives to accelerate our existing customers’ migration to RSC as part of our business transition to SaaS, which include enforcement of migration deadlines. These initiatives may be perceived negatively by our customers. For example, these initiatives may require customers to prioritize preparation for their migration over other organizational needs, potentially resulting in diversion of resources. For certain existing customers, the perceived benefits from undertaking the migration may be outweighed by the anticipated time and effort required to prepare for and execute the migration, resulting in potential delays in customers’ transition to RSC. We expect these customers may consume our platform and products through a mix of RSC and a transitional license for Cloud Data Management ("CDM-T"), for an extended period of time, resulting in the continued recognition of a portion of the associated revenue for some of these customers upfront at the time we transfer control of the license to the customer. Conversely, if some or all of these customers complete their transition to RSC sooner than we expect, less revenue would be recognized upfront during this period, which could cause our revenue to be lower than our estimates or forecasts or even result in a decrease in our revenue growth rates. Any of these factors could result in continued fluctuations in our revenue growth and adversely impact our ability to accurately predict our future revenue.
In addition, we operate in a new market for data security solutions, and as such we have encountered, and will continue to encounter, risks and uncertainties frequently experienced by growing companies in new and rapidly changing markets, such as the risks and uncertainties described throughout this section.
Moreover, in future periods, our revenue growth could slow or decline due to slowing demand for our platform or data security products, increasing competition, decreased productivity of our sales and marketing organization, failure to retain existing customers or expand existing subscriptions, changing technology, a decrease in the growth of our overall market, evolving macroeconomic conditions, such as high inflation and recessionary environments, or our failure, for any reason, to continue to take advantage of growth opportunities. If our assumptions regarding these risks and uncertainties and our future revenue growth are incorrect or change, or if we do not address these risks successfully, our financial condition and results of operations could differ materially from our expectations, and our business could suffer.
If we are unable to attract new customers, our future results of operations could be harmed.
To expand our customer base, we need to convince organizations to allocate a portion of their discretionary budgets to purchase our platform and data security products. Our sales efforts often involve educating organizations about the uses and benefits of our data security solutions. We may have difficulty convincing organizations of the value of adopting our data security solutions. Even if we are successful in convincing organizations that a platform like ours is critical to secure their data, they may not decide to purchase our data security solutions for a variety of reasons, some of which are out of our control. For example, any deterioration in general economic conditions has in the past caused, and may in the future cause, our current and prospective customers to delay or cut their overall security and IT operations spending. Macroeconomic concerns, customer financial difficulties, and constrained spending on security and IT operations may result in decreased revenue and adversely affect our financial condition and results of operations. Additionally, if the incidence of cyberattacks were to decline, or enterprises or governments perceive that the general level of cyberattacks has declined, our ability to attract new customers could be adversely affected. We may face additional difficulties in attracting organizations that use legacy data management products to purchase our data security products if they believe that these legacy products are more cost-effective or provide a level of IT security that is sufficient to meet their needs. Furthermore, the use of our data security products to manage data security, movement, and restoration across data centers is relatively new, and if we are unable to convince organizations of the benefits of our data security products, then our business, financial condition, and results of operations could be adversely impacted.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 43 | |
| | | | |
We have a history of operating losses and may not achieve or sustain profitability in the future.
We have experienced net losses in each period since inception. We generated net losses of $(732.1) million and $(89.3) million for three months ended April 30, 2024 and 2023, respectively. As of April 30, 2024 and January 31, 2024, we had an accumulated deficit of $(2,414.6) million and $(1,682.5) million, respectively. While we have experienced rapid revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales to achieve or maintain profitability in the future. In particular, as we expand the availability of our platform, increase our ability to secure data across multiple different sources, and extend our capabilities across data resilience, data observability, and data remediation, our ability to achieve and maintain profitability will be highly dependent on our ability to successfully market our platform and data security products to new and existing customers. We also expect our costs and expenses to increase in future periods, which could negatively affect our future results of operations if our revenue does not increase. In particular, we intend to continue to expend significant funds to further develop our data security products, including by introducing new features and functionality and securing additional applications, and to expand our sales, marketing, and services teams to drive new customer adoption, expand the use of our data security products by existing customers, support international expansion, and implement additional systems and processes to effectively scale operations. We will also face increased compliance costs associated with growth, the planned expansion of our customer base and pipeline, international expansion, and being a public company. In addition, our data security solutions operate on a public cloud infrastructure provided by third-party vendors, including Google Cloud ("GCP"), Microsoft Azure ("Azure"), and Amazon Web Services ("AWS"), and our costs and gross margins are significantly influenced by the prices we are able to negotiate with these public cloud providers. To the extent we are able to drive adoption of our platform and data security products, we may incur increased costs related to our public cloud contracts, which would negatively impact our gross margins. Our efforts to grow our business may be costlier than we expect, or the rate of our growth in revenue may be slower than we expect, and we may not be able to increase our revenue enough to offset our increased operating expenses. In addition, our efforts and investments to implement systems and processes to scale operations may not be sufficient or may not be appropriately executed. As a result, we may incur significant losses in the future for a number of reasons, including the other risks described herein, unforeseen expenses, difficulties, complications, or delays, and other unknown events. If we are unable to achieve and sustain profitability, the value of our business and Class A common stock may significantly decrease.
Furthermore, we have historically sold our products to customers as perpetual licenses with associated maintenance contracts or as subscription term-based licenses with associated support, and with respect to the latter, we recognized a portion of the revenue upfront at the time we transferred control of the subscription term-based license to the customer and deferred the remainder. Moving forward, we expect that substantially all of our new and existing customers will continue to adopt RSC primarily on a SaaS subscription basis. As of the end of fiscal 2024, RSC represented a majority of our total revenue. In addition, we have historically sold Rubrik-branded Appliances to help our customers secure their enterprise data. In the third quarter of fiscal 2023, we began transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers, and as a result, the amount of revenue we recognize from sales of Rubrik-branded Appliances has and will continue to decline over time. We expect these transitions to adversely affect our revenue as well as our profitability through the fiscal year ending January 31, 2027. However, this timing will depend in part on when a substantial portion of our existing customers complete their transition to RSC.
In addition, following the completion of our IPO, the stock-based compensation expense related to our RSUs will result in significant increases in our expenses in future periods, which may negatively impact our ability to achieve profitability.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 44 | |
| | | | |
If our customers do not renew their subscriptions for our platform and data security products or expand their subscriptions to increase the amount of data secured, secure new applications, or include new features or capabilities, our results of operations could be harmed.
In order for us to maintain or improve our results of operations, it is important that our customers renew their subscriptions for our data security solutions, add data security products, and increase the volume of their data protected by our data security solutions. We expand our commercial purchase relationships with our existing customers as they increase the volume of their data protected by our data security solutions and secure additional applications and workloads. Our customers have no obligation to renew their subscription for our data security solutions after the expiration of their contractual subscription period, which is generally three years, and in the normal course of business, some customers have elected not to renew their subscriptions. In addition, customers may elect to shorten the term of their subscription, select a lower subscription edition, or purchase less capacity. Our customer retention and expansion may also decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our data security solutions, our pricing, customer prioritization of security, our customers’ spending levels, our customers’ ability to procure Rubrik-branded Appliances or other compatible third-party commodity servers to implement our data security products, mergers and acquisitions involving our customers, industry developments, competition, changing regulatory environments, and general economic conditions. Our strategies and initiatives to accelerate the transition of our existing customers to RSC, even if executed properly by our sales and support teams, may result in customer dissatisfaction, the loss of customers, or reduced usage of our platform, any of which would harm our business, financial condition, and results of operations. Moreover, customers tend to expand their usage of our data security solutions over time as the amount of data they need to protect grows. As a result, strong customer retention over time generally leads to a higher degree of usage of our data security solutions. Therefore, a decline in customer retention may have a significant impact on our results of operations, including a decline in our average subscription dollar-based net retention rate, which could cause the price of our Class A common stock to decline or fluctuate. If our efforts to maintain and expand our relationships with our existing customers are not successful, our business, financial condition, and results of operations may suffer.
If our data security solutions fail or do not perform as intended or are perceived to have defects, errors, or vulnerabilities, our brand and reputation will be harmed, which would adversely affect our business and results of operations.
Our data security solutions are complex and, like all software, may contain undetected defects, errors, or vulnerabilities. Real or perceived defects, errors, or vulnerabilities in our data security solutions, the failure of our data security solutions to secure, observe, and restore our customers’ data, misconfiguration of our data security solutions, or the failure of customers to deploy our data security solutions in combination with industry best practices could harm our reputation, result in a loss of, or delay in, market acceptance of our data security solutions, result in a loss of existing or potential customers, and adversely affect our business, financial condition, and results of operations. We are continuing to evolve the features and functionality of our data security products through updates and enhancements, and as we do so, we may introduce defects, errors, or vulnerabilities that may not be detected until after deployment by our customers. In addition, implementation or use of our data security solutions that is not correct or as intended may result in inadequate performance and disruptions in service. Moreover, if we acquire companies or technologies developed by third parties, difficulties integrating such acquired technologies may result in product flaws or software vulnerabilities.
Additionally, we cannot assure you that our data security solutions will prevent all data loss or other types of data security incidents, especially in light of the rapidly changing security threat landscape that our data security solutions seek to address. Due to a variety of both internal and external factors, our data security solutions could become vulnerable to security incidents (both from intentional attacks and accidental causes) that could cause them to fail to adequately secure or observe data or to restore data in the event of a security incident, such as a ransomware event or disaster.
Moreover, as our data security solutions are adopted by an increasing number of organizations worldwide, it is possible that such solutions may be subject to continued, persistent research and reconnaissance by threat actors in order to discover weaknesses in our technology that can be exploited. If our data security solutions are compromised, a significant number or, in some instances, all, of our customers and their data could be adversely affected. The potential liability and associated consequences we could suffer as a result of such a large-scale event could be catastrophic and result in irreparable harm. Since our business is focused on providing data security services to our customers, an actual or perceived security incident affecting our internal systems, networks, or data would be especially detrimental to our reputation and our business.
Because we can access customer data in certain limited circumstances, such as when providing customer support, and such customer data in some cases may contain personal data or confidential information, a security compromise, or an accidental or intentional misconfiguration or malfunction of our platform, could result in personal data and other confidential information being compromised. If a high-profile ransomware attack occurs with respect to our or another cloud-based security platform or a third-party cloud provider, organizations may lose trust in SaaS platforms and associated products such as ours.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 45 | |
| | | | |
Organizations are increasingly subject to a wide variety of cyberattacks on their networks, systems, and data. If any of our customers experience a ransomware attack while using our data security solutions and are unable to secure, observe, or restore their data, such customers could discontinue use of our data security solutions, regardless of whether our data security solutions were adequately deployed, configured, or used to protect the data in the customer’s environment. Real or perceived security incidents involving our customers' networks could cause disruption or damage to their networks or other negative consequences and could result in negative publicity to us, damage to our reputation, and other customer relations issues, any of which may adversely affect our revenue and results of operations.
In addition, errors in our data security solutions could cause system failures, loss of data, or other adverse effects for our customers, which may result in the assertion of warranty and other claims for substantial damages against us. The potential liability and associated consequences we could suffer as a result of such an incident could be catastrophic and cause irreparable harm to our reputation and results of operations. Although our agreements with our customers typically contain provisions that are intended to limit our exposure to such claims, it is possible that these provisions may not be effective or enforceable under the laws of some jurisdictions. While we seek to insure against these types of claims, our insurance policies may not adequately limit our exposure. These claims, even if unsuccessful, could be costly and time consuming to defend and could harm our business, financial condition, results of operations, and cash flows.
Our information technology systems or data, or those of third parties upon which we rely, have in the past been, and may in the future be, compromised, which may cause us to experience significant adverse consequences, including but not limited to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, loss of revenue or profits, loss of customers or sales, and other adverse consequences. As a data security company, we have been and may in the future be specifically targeted by various threat actors who try to compromise our information technology systems or data.
As a SaaS provider, the reliability and continuous availability of our platform is critical to our success. In the ordinary course of our business, we or the third parties upon which we rely, may collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, share, or otherwise process proprietary, confidential, and other sensitive data, including customer data which may include data about individuals, including various data categories and elements associated with an individual, intellectual property, and trade secrets (collectively, Sensitive Information). We collect such information from individuals located both in the United States and abroad and may store or process such information outside the country in which it was collected.
Organizations, particularly organizations like ours that provide data security solutions, are subject to a wide variety of attacks on their networks, systems, and endpoints, and techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently. For example, in March 2023, we announced that a malicious third party gained unauthorized access to a limited amount of information in one of our non-production information technology testing environments. The unauthorized access did not include access to data that we secure on behalf of customers or access to any other sensitive data, and there was no disruption to our business or financial systems or to other operations. However, there can be no guarantee that any attack in the future will have a similarly minimal impact, should one occur.
Cyberattacks, malicious internet-based activity, online and offline fraud, and other similar activities threaten the confidentiality, integrity, and availability of our Sensitive Information and information technology systems, and those of the third parties upon which we rely. Such threats are prevalent, continuing to rise, increasingly difficult to detect, and come from a variety of sources, including traditional computer "hackers," threat actors, "hacktivists," organized criminal threat actors, personnel (such as through theft, misuse, or accidental disclosure), sophisticated nation states, and nation-state-supported actors. Some actors now engage in and are expected to continue to engage in cyberattacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we and the third parties upon which we rely may be vulnerable to a heightened risk of these attacks, including retaliatory cyberattacks, that could materially disrupt our systems and operations, supply chain, and ability to produce, sell, and distribute our data security solutions. We and the third parties upon which we rely may be subject to a variety of evolving threats, including but not limited to social-engineering attacks (including through phishing attacks), malicious code (such as viruses and worms), computer generated or altered fraudulent content (i.e., “deep fakes,” which may be increasingly difficult to identify), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks (such as credential stuffing), personnel misconduct or error, other inadvertent compromises of our systems and data (including those arising from process, coding, or human error), ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or commodity appliance failures, loss of data or other information technology assets, adware, telecommunications failures, attacks enhanced or facilitated by artificial intelligence ("AI"), and other similar threats.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 46 | |
| | | | |
In particular, severe ransomware attacks are becoming increasingly prevalent and can lead to significant interruptions in our operations, loss of sensitive data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. Given our data security solutions’ capabilities and marketing and promotional programs related to ransomware recovery, we face heightened risk of being targeted by bad actors.
Moreover, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be increasingly difficult to integrate companies into our information technology environment and security program.
We rely on third parties to provide and/or operate critical business systems, process sensitive information, and to help us deliver services to our customers and their end-users. These third parties process customer information in a variety of contexts, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, employee email, content delivery to customers, and other functions. For example, our data security solutions are built to be available on the infrastructure of third-party public cloud providers such as GCP, Azure, and AWS. We may also rely on other third-party service providers, contract manufacturers, and original equipment manufacturers (OEMs), or collectively with contract manufacturers, Manufacturers, to provide other products or services, or otherwise to assist us with operating our business. While we conduct diligence on these third parties, our ability to monitor these third parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties’ infrastructure in our supply chain or our third-party partners’ supply chains have not been or will not be compromised.
We take steps designed to detect, mitigate, and remediate vulnerabilities in our information systems (such as our hardware and/or software, including that of third parties upon which we rely). However, we have and may be unable to detect and remediate all such vulnerabilities in our information systems (including our platform and data security products) on a timely basis. Further, we may experience delays in developing and deploying remedial measures and patches designed to address identified vulnerabilities that could be exploited and, ultimately, result in a security incident.
Any of the previously identified vulnerabilities or cybersecurity threats could cause a security incident or other interruption that could result in unauthorized, unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, disclosure of, or access to our Sensitive Information or our information technology systems, or those of the third parties upon whom we rely. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our platform. Additionally, our business depends upon the appropriate and successful implementation of our platform by our customers. If our customers fail to use our platform according to our specifications or are unwilling or unable to deploy such patches we make available for vulnerabilities effectively or in a timely manner, our customers may suffer a security incident or other interruptions on their own systems or other adverse consequences. Even if such an incident is unrelated to our security practices, it could result in our incurring significant economic and operational costs in investigating, remediating, and implementing additional measures to further protect our customers from their own security issues or vulnerabilities and could result in reputational harm.
Certain data privacy and security obligations may require us to implement and maintain specific industry standard, reasonable security measures to protect our information technology systems and customer information. Additionally, applicable data privacy and security obligations may require us to notify relevant stakeholders, including affected individuals, customers, regulators, and investors, of security incidents, or to implement other requirements, such as providing credit monitoring. Such disclosures, and compliance with such requirements, are costly, and the disclosure or the failure to comply with such requirements could lead to adverse consequences. Though we have expended, and anticipate continuing to expend, significant resources to try to protect against security incidents by implementing technical, administrative, and physical measures designed to protect the privacy and security of data running through our, and our third parties’, systems, it is virtually impossible for us to entirely eliminate the risk of such security incidents or interruptions.
If we (or a third-party upon whom we rely) experience a security incident or are perceived to have experienced a security incident, we may experience adverse consequences such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing data (including data about individuals); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions in our operations (including availability of data); financial loss; and other similar harms. Security incidents and attendant consequences may cause customers to stop purchasing our data security solutions, deter new customers from purchasing our data security solutions, and negatively impact our ability to grow and operate our business. As a data security company, we could be exposed to additional reputational risks should a security incident occur.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 47 | |
| | | | |
Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to security incidents, vulnerabilities, or our data privacy and security obligations. We cannot be sure that our insurance coverage will be adequate or sufficient to protect us from or to mitigate liabilities arising out of our privacy and security practices, that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.
Our use of generative artificial intelligence tools may pose risks to our proprietary software and systems and subject us to legal liability.
We use generative AI tools in our business, and we expect to use generative AI tools in the future, including to generate code and other materials incorporated into our products, proprietary software, and systems, and for other internal and external uses. Generative AI refers to deep-learning models that can generate new data, such as text, images, and other content, by analyzing and emulating existing data. Advanced generative AI tools, which may produce content indistinguishable from that generated by humans, are a relatively novel development, with benefits, risks, and liabilities still unknown. Recent decisions of governmental entities and courts (such as the U.S. Copyright Office, U.S. Patent and Trademark Office, and U.S. Court of Appeals for the Federal Circuit) interpret U.S. copyright and patent law as limited to protecting works and inventions created by human authors and inventors, respectively. We are therefore unlikely to be able to obtain U.S. copyright or patent protection for works or inventions wholly created by a generative AI tool, and our ability to obtain U.S. copyright and patent protection for source code, text, images, inventions, or other materials, which are developed with some use of generative AI tools, may be limited, if available at all. Likewise, the availability of such IP protections in other countries is unclear. In addition, we may have little or no insight into and no control over the content and materials used by vendors to train these generative AI tools. There is ongoing litigation over whether the use of copyrighted materials to train the AI models used in these tools is lawful, and the impact of decisions in such litigation on our use of generative AI tools is unknown. Additionally, our use of third-party generative AI tools to develop source code, text, images, inventions, or other materials may expose us to greater risks than utilizing contracted human developers, as third-party generative AI vendors typically do not provide warranties or indemnities with respect to the output generated by such generative AI tools, and generative AI tools may also hallucinate, providing output that appears correct but is erroneous. Furthermore, some generative AI tools may be offered under terms that do not protect the confidentiality of the prompts or inputs that users submit to such tools and may use prompts or inputs to train shared AI models, potentially resulting in third-party users receiving outputs containing information from prompts or inputs (including confidential, competitive, proprietary, or personal data) that we submitted to the tool. The disclosure and use of personal data in AI technologies is also subject to various privacy laws and other privacy obligations. Prior to implementing a generative AI tool, our AI Governance Committee (including leaders from our Engineering, Product, Legal, and Information Security teams) performs an analysis and review of the tool, including evaluation of potential legal, security, and business risks and steps that can be taken to mitigate any such risks. The selection criteria and analysis include consideration of how use of the generative AI tool could raise issues relating to confidential information, personal data and privacy, customer data and contractual obligations, open source software, copyright and other intellectual property rights, transparency, output accuracy and reliability, and security. Additionally, while we employ practices designed to evaluate, track, and mitigate risk around our use of third-party generative AI tools, our use of such tools may inadvertently violate a third party’s rights, be non-compliant with the applicable terms of use or our other legal obligations, or result in a security or privacy risk or data leakage. Our use of this technology could result in additional compliance costs, regulatory investigations and actions, and lawsuits. For example, we may face claims from third parties claiming infringement of their intellectual property rights or mandatory compliance with open-source software or other license terms with respect to software or other materials or content we believed to be available for use and not subject to license terms or other third-party proprietary rights. Any of these claims could result in legal proceedings and could require us to purchase costly licenses, comply with the requirements of third-party licenses, or limit or cease using the implicated software or other materials or content, unless and until we can re-engineer such software, materials, or content to avoid infringement or change the use of, or remove, the implicated third-party materials, which could reduce or eliminate the value of our technologies and services. Our use of generative AI tools to generate code may also present additional security risks because the generated source code may contain security vulnerabilities. Additionally, the vendors of these generative AI tools may fail to comply with their contractual obligations to us regarding the confidentiality or security of any data or other inputs provided to such vendor or outputs generated by their generative AI tools. Our sensitive information or that of our customers could be leaked, disclosed, or revealed as a result of or in connection with our employees’, personnel’s, or vendors’ use of third-party generative AI technologies.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 48 | |
| | | | |
We may also market our own products as generative AI tools ("Generative AI Products"). Some of our customers, especially those in highly regulated industries, may be reluctant or unwilling to adopt Generative AI Products. Accordingly, adoption of generative AI features in our products and marketing our products as Generative AI Products could reduce or delay customer adoption. Because generative AI models can hallucinate and provide erroneous output, offering Generative AI Products could result in customer dissatisfaction or potentially claims against us arising out of customer reliance on erroneous output to their detriment. Our Generative AI Products may require us to train or fine-tune AI models using datasets collected by us or from third-party vendors. While we have processes and practices designed to ensure that we and any vendors that we use to source training data have the necessary rights to use such datasets for training our Generative AI Products, we may not in every instance be able to confirm that all of the information contained in such datasets has been obtained with the necessary permissions for us to use for purposes of our Generative AI Products. For example, we may use publicly available data to train our Generative AI Products that contains information that was unlawfully acquired from third parties without our knowledge. While we have employed processes designed to help us avoid using any personal data to train or fine-tune our Generative AI Products, it may be difficult for us to avoid or identify all instances where a user might nonetheless submit personal data to our Generative AI Products. Furthermore, if we were to receive claims from third parties asserting rights against our use of certain datasets used to train our Generative AI Products, it may be difficult or impossible for us to disentangle our trained models from the subject matter of the claims.
Any of these risks could be difficult to eliminate or manage, and, if not addressed, could adversely affect our business, financial condition, results of operations, and growth prospects.
We expect our revenue mix and certain business factors to impact the amount of revenue recognized period to period, which could make period-to-period revenue comparisons not meaningful and difficult to predict.
We expect our revenue mix to vary over time due to a number of factors, including the timing of when customers adopt RSC and the mix of our subscriptions for different data security products. Our subscription revenue includes revenue from sales of subscription term-based licenses, a portion of which is recognized upfront when we transfer control of the subscription term-based license to the customer, and revenue from sales of SaaS subscriptions and support, which is recognized ratably over the contract period. Due to the proportion of our contracts trending from subscription term-based licenses to SaaS subscriptions, the timing of the migration of our existing customers from Cloud Data Management to RSC, as well as the estimates and assumptions used to account for certain customers’ Subscription Credits (as defined below) related to their Refresh Rights (as defined below), our revenue may fluctuate and period-to-period revenue comparisons may not be meaningful, and our past results may not be indicative of future performance. We cannot be certain how long these factors may persist. For example, as our existing customers prepare to migrate to RSC, we expect certain of them to consume our solutions through a mix of RSC and CDM-T during which time we will continue recognizing a portion of the associated revenue upfront. These factors make it challenging to forecast our revenue as the mix of solutions and services, the timing of our customers’ RSC transition, as well as the size of contracts, are difficult to predict.
We rely upon third-party cloud providers to host our data security solutions, and any disruption of, or interference with, our use of third-party cloud products would adversely affect our business, financial condition, and results of operations.
Customers of RSC and our other cloud services need to be able to access our data security solutions at any time, without interruption or degradation of performance, and we provide them with service-level commitments with respect to uptime. We leverage third-party cloud providers for substantially all of the infrastructure that supports our data security solutions. Our cloud services depend on the cloud infrastructure hosted by these third-party providers to support our configuration, architecture, features, and interconnection specifications, as well as secure the information stored in these virtual data centers, which is transmitted through third-party internet service providers. Any limitation on the capacity of our third-party hosting providers, including due to technical failures, shifts in product capabilities or licensing models, natural disasters, fraud, or security attacks, could impede our ability to fulfill our current contractual commitments, onboard new customers, or expand the usage of our existing customers, which could adversely affect our business, financial condition, and results of operations.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 49 | |
| | | | |
In addition, third-party cloud providers run their own platforms that we access, and we are, therefore, vulnerable to their service interruptions. We may experience interruptions, delays, and outages in service and availability from time to time as a result of problems with our third-party cloud providers’ infrastructure. Lack of availability of this infrastructure could be due to a number of potential causes that we cannot predict or prevent, including technical failures, natural disasters, fraud, or cyber security attacks. Such outages could lead to the triggering of our service-level commitments and extensions of affected services at no charge to our customers, which may impact our business, financial condition, and results of operations. In addition, if our security, or that of any of these third-party cloud providers, is compromised, our software is unavailable, or our customers are unable to use our software within a reasonable amount of time or at all, our business, financial condition, and results of operations could be adversely affected. In some instances, we may not be able to identify the cause or causes of these performance problems within a period of time acceptable to our customers. It is possible that our customers and potential customers would hold us accountable for any breach of security affecting a third-party cloud provider’s infrastructure, and we may incur significant liability from those customers and from third parties with respect to any breach affecting these systems. We may not be able to recover a material portion of our liabilities to our customers and third parties from a third-party cloud provider. It may also become increasingly difficult to maintain and improve our performance, especially during peak usage times, as our software becomes more complex and the usage of our software increases. Any of the above circumstances or events may harm our business, financial condition, and results of operations.
We may not be able to successfully manage our growth, and if we are not able to grow efficiently, our business, financial condition, and results of operations could be harmed.
As usage and adoption of our platform and data security products grow, we will need to devote additional resources to improving our capabilities, features, and functionality. In addition, we will need to appropriately scale our internal business operations and our services organization to serve our growing customer base. Any failure of or delay in these efforts could result in impaired product performance and reduced customer satisfaction, resulting in decreased sales to new customers, lower average subscription dollar-based net retention rates, or the issuance of service credits or requested refunds, which would hurt our revenue growth and our reputation. Further, any failure in optimizing the costs associated with use of third-party cloud services as we scale could negatively impact our margins. Our expansion efforts will be expensive and complex and will require the dedication of significant management time and attention. We could also face inefficiencies, vulnerabilities, or service disruptions as a result of our efforts to scale our internal infrastructure, which may result in extended outages, loss of customer trust, and harm to our reputation. We cannot be sure that the expansion of and improvements to our internal infrastructure will be effectively implemented on a timely basis, if at all, and such failures could harm our business, financial condition, and results of operations.
The markets in which we participate are competitive, and if we do not compete effectively, our business, financial condition, and results of operations could be harmed.
The data security market is new and intensely competitive, characterized by rapidly changing technology and evolving standards, changing customer requirements, and frequent new product introductions. Our main competitors fall into the following categories:
•Data management and protection vendors, such as Dell-EMC, IBM, Commvault, Veeam, and Cohesity (Cohesity recently announced its proposed acquisition of Veritas' data protection business);
•Cloud and SaaS data management vendors with products that compete in some of our markets; and
•Vendors that provide cyber/ransomware detection and investigation, security posture management, insider threat detection, data classification, and other data security or data governance technologies.
The principal competitive factors in our industry include product functionality, product integration, platform coverage, ability to scale, price, worldwide sales infrastructure, global technical support, labor and development costs, name recognition, and reputation. The ability to converge data security and data management in a cloud architecture is also a significant competitive factor in our industry. If we are unable to address these factors, our competitive position could weaken, and we could experience a decline in revenue that could adversely affect our business.
Many of our current and potential competitors have longer operating histories and have substantially greater financial, technical, sales, marketing, and other resources than we do, as well as larger installed customer bases, greater name recognition, lower labor and development costs, and broader product solutions, including servers. Some of these competitors can devote greater resources to the development, promotion, sale, and support of their data security products than we can. As a result, these competitors may be able to respond more quickly to new or emerging technologies and changes in customer requirements. For example, many of our competitors are investing in AI technology to improve their data security products, which could enable them to respond more quickly to new or emerging threats and changes in customer requirements.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 50 | |
| | | | |
It is also costly and time-consuming to change data management systems. Most of our new or potential customers have already installed data management systems, which gives an incumbent competitor an advantage in retaining a customer due to significant risk to data continuity from switching vendors. The incumbent competitor already understands the data, applications, network infrastructure, user demands, and information technology needs of the customer, such that some customers are reluctant to invest the time, money, and resources necessary to implement configuration, integration, training, and other operational complexities that arise from another vendor. In addition, for any of our existing customers that have not yet transitioned to RSC, any perceived negative impacts or incremental costs associated with the transition to RSC, or a more rapid transition than planned by the customer, may result in customer dissatisfaction and give our competitors an opportunity to acquire these customers.
Our current and potential competitors may establish cooperative relationships among themselves or with third parties or may merge with each other. If so, new competitors, alliances, or merged entities that include our competitors may emerge that could acquire significant market share. In addition, large operating systems, applications, and cloud vendors have introduced products or functionality that include some of the same functions offered by our data security solutions. In the future, further development by these vendors could cause our data security solutions to become redundant, which could seriously harm our business, financial condition, and results of operations.
In addition, we expect to encounter new competitors, including public cloud providers and SaaS companies that build native data security and management solutions, as we expand in current markets or enter new markets. Furthermore, many of our existing competitors are broadening their operating systems platform coverage. We expect that competition will increase as a result of future software industry consolidation. Increased competition could harm our business by causing, among other things, price reductions of our data security solutions, reduced profitability, and loss of market share.
Our estimates of market opportunity, forecasts of market growth, and potential return on investment may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
Market opportunity estimates and growth forecasts, whether obtained from third-party sources or developed internally, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. The data security market is at an early stage and is rapidly evolving. As we are working to create a market for data security from other existing markets that focused on other elements of cybersecurity, our market is at an early stage and rapidly evolving. As a result, the size and future growth of this market are difficult to accurately estimate and subject to change. In addition, third-party estimates of the addressable market for the security and data management sectors reflect the opportunity available from all participants and potential participants, and we cannot predict with precision our ability to address this demand or the extent of market adoption of our platform and data security products. Moreover, the market segments we are targeting may grow at different rates. The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of addressable businesses covered by our market opportunity estimates will purchase our data security solutions or generate any particular level of revenue for us. Any expansion in our market opportunity depends on a number of factors, including the cost, performance, and perceived value associated with our data security solutions and the products of our competitors. Even if the areas in which we compete achieve the forecasted growth, our business could fail to grow at similar rates, if at all.
There are a limited number of contract manufacturers and original equipment manufacturers of commodity servers that are compatible with our data security solutions, and failure to accurately forecast demand for these commodity servers or successfully manage the relationship with such manufacturers could negatively impact the ability to sell our offerings.
A limited number of Manufacturers produce commodity servers that are compatible with our data security solutions. We do not own or operate any manufacturing facilities and rely on these Manufacturers for such products. These Manufacturers manage the supply chain for these products and, alone or together with us or our distributors and resellers ("Channel Partners"), negotiate component costs. Our reliance on Manufacturers and Channel Partners reduces our control over the assembly process, quality assurance, production costs, and product supply. If the relationships with Manufacturers are not properly managed or if Manufacturers experience delays, interruptions, or supply-chain disruptions, including due to international conflicts and geopolitical tensions (such as the imposition of new trade restrictions and tariffs due to escalating tensions, hostilities, or trade disputes), health epidemics or pandemics, new trade laws and regulations, capacity constraints, or quality control problems in their operations, the ability for customers to procure compatible commodity servers could be impaired. If we or our Channel Partners are required to change or qualify a new Manufacturer for any reason, including financial considerations, reduction of manufacturing output made available to us, or the termination of our or our Channel Partners’ contract with the Manufacturers, we may lose revenue, incur increased costs, and our customer relationships may be damaged. In addition, our contract manufacturers may terminate the agreement with us or our Channel Partners with prior notice for reasons such as failure to perform a material contractual obligation.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 51 | |
| | | | |
A large majority of the customer enterprise data we secure relies upon Rubrik-branded Appliances, which are currently built on servers supplied and designed by Super Micro Computer, Inc. ("Supermicro"). If we are unable to manage our relationship with Supermicro effectively, or if Supermicro suffers delays or disruptions for any reason, experiences increased manufacturing lead-times, capacity constraints, or quality control problems in its manufacturing operations, or fails to meet our requirements for timely delivery, or if Supermicro no longer produces the servers for our Rubrik-branded Appliances, our end-customer’s ability to procure Rubrik-branded Appliances in a timely manner would be impaired. While customers would have the ability to purchase compatible third-party commodity servers from other OEMs, and we have the ability to qualify new commodity servers for Rubrik-branded Appliances, this may create increased costs or delays for our customers and impact their customer experience, which could negatively impact our sales and our business. See the section titled “Business—Manufacturing” for additional information regarding our contractual relationship with Supermicro.
Certain of our OEMs carry products that compete with our data security solutions and may not continue producing or supporting compatible commodity servers for our customers in the future. We or our Channel Partners provide forecasts and purchase orders to Manufacturers for compatible commodity servers, and these orders may only be rescheduled or canceled under certain limited conditions. If we inaccurately forecast demand for our data security solutions and need for compatible commodity servers, our Manufacturers may have excess or inadequate inventory, and we may incur cancellation charges or penalties, which could adversely impact our operating results. If we experience increased demand for compatible commodity servers, then we, our Channel Partners, or Manufacturers may need to increase component purchases, contract manufacturing capacity, or internal test and quality functions. Our customers’ orders may represent a relatively small percentage of the overall orders received by Manufacturers from their customers. As a result, fulfilling our customers’ orders may not be considered a priority in the event Manufacturers are constrained in their ability to fulfill all of their customer obligations in a timely manner. Although we are transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers, if Manufacturers are unable to provide adequate supplies of high-quality products, or if we, our Channel Partners, or Manufacturers are unable to obtain adequate quantities of components, or control the costs of components, it could cause a delay in the fulfillment of our customers’ orders, in which case our business, financial condition, and results of operations could be adversely affected.
If customers have not utilized their Subscription Credits before they expire, this could result in customer dissatisfaction and our future results of operations could be harmed.
The customer enterprise data we secure relies upon compatible hardware. Historically, we sold Rubrik-branded Appliances produced by contract manufacturers to our customers. We started transitioning the sale of Rubrik-branded Appliances from us to our contract manufacturers in fiscal 2023 and offered limited-time incentives ("Subscription Credits"), upon qualification, to certain existing customers in exchange for historically offered rights to next generation Rubrik-branded Appliances at no cost, which we refer to as Refresh Rights. If customers have not utilized their Subscription Credits before they expire, this could result in customer dissatisfaction or a decision not to purchase our data security solutions, which would have an adverse impact on our results of operations.
We rely on the performance of highly skilled personnel, including senior management and engineering, services, sales, and technology professionals. If we are unable to retain or motivate key personnel or hire, retain, and motivate qualified personnel, our business will be harmed.
We believe our success has depended, and continues to depend, on the efforts and talents of our senior management team, particularly Bipul Sinha, our Chairman of our board of directors, Chief Executive Officer, and co-founder, and Arvind Nithrakashyap, our Chief Technology Officer and co-founder, as well as our other key employees in the areas of research and development and sales and marketing.
From time to time, there may be changes in our senior management team or other key employees resulting from the hiring or departure of these personnel. Our executive officers and certain other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. The loss of one or more of our executive officers, or the failure by our executive team to effectively work with our employees and lead our company, could harm our business. We also are dependent on the continued service of our existing software engineers because of the complexity of our data security solutions. In addition, a significant portion of our software engineers are located in Palo Alto, California and Bangalore, India. These locations offer access to a deep pool of highly skilled professionals, which is crucial for the development and maintenance of our complex data security solutions. However, this concentration also exposes us to potential continuity risk if these specific locations are negatively impacted by unforeseen events, such as natural disasters, political unrest, or disruptions in critical infrastructure.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 52 | |
| | | | |
In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially for engineers experienced in designing and developing cloud-based infrastructure products, for experienced sales professionals, and for cybersecurity professionals. If we are unable to attract such personnel at appropriate locations, we may need to hire in new regions, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. As has occurred in the past, if we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached certain legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, experiences significant volatility, or increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and growth prospects would be harmed.
We derive substantially all of our revenue from our data security platform. Failure of our platform to satisfy customer demands or achieve continued market acceptance over competitors would harm our business, financial condition, results of operations, and growth prospects.
We derive substantially all of our revenue from our platform, and we have directed, and intend to continue to direct, a significant portion of our financial and operating resources to developing more features and functionality for our platform.
Our growth will depend in large part on our ability to attract new customers and expand sales to existing customers, expand the features and functionality of our platform, hire sufficient sales personnel to support our growth, and decrease the ramp time for our sales personnel. In addition, the success of our business is substantially dependent on the actual and perceived viability, benefits, and advantages of our platform as a preferred provider for data security. As such, market adoption of our platform and data security products is critical to our continued success. Demand for our platform and data security products is affected by a number of factors, including increased market acceptance by new and existing customers, increased activity by or prevalence of cybersecurity bad actors, including the use of ransomware, effectiveness of our sales and marketing strategy, the extension of our platform to new applications and use cases, the timing of development and release of new capabilities by us and our competitors, technological change, and growth or contraction of the market in which we compete. Failure to successfully address or account for these factors, satisfy customer demands, achieve continued market acceptance over competitors, and achieve growth in sales of our data security products would harm our business, financial condition, results of operations, and growth prospects.
We expect fluctuations in our financial results, making it difficult to project future results, and if we fail to meet the expectations of securities analysts or investors with respect to our results of operations, our stock price and the value of your investment could decline.
Our results of operations have fluctuated in the past and are expected to fluctuate in the future due to a variety of factors, many of which are outside of our control. As a result, our past results may not be indicative of our future performance. In addition to the other risks described herein, factors that may affect our results of operations include:
•changes in our revenue mix;
•changes in actual and anticipated growth rates of our revenue, customers, and key operating metrics;
•fluctuations in demand for or pricing of our data security solutions;
•our ability to attract new customers;
•the level of awareness and prevalence of cybersecurity threats, particularly advanced cyberattacks and ransomware attacks;
•timing of our existing customers’ transition to RSC, including the impact on our revenue recognition and customer retention and expansion;
•our ability to retain our existing customers, particularly large customers, and secure renewals of subscriptions, as well as the timing of customer renewals or non-renewals;
•the pricing and quantity of subscriptions renewed, as well as our ability to accurately forecast customer expansions and renewals;
•downgrades in customer subscriptions;
•customers and potential customers opting for alternative data security solutions, including developing their own in-house solutions;
•timing and amount of our investments to expand the capacity of our third-party cloud service providers;
•seasonality in sales, results of operations, and remaining performance obligations;
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 53 | |
| | | | |
•investments in new data security products, including protection of new enterprise, cloud and SaaS applications, new features, and functionality;
•fluctuations or delays in development, release, or adoption of new features and functionality for our data security solutions;
•delays in closing sales, including the timing of renewals, which may result in revenue being pushed into the next fiscal quarter, particularly because a large portion of our sales occur toward the end of each fiscal quarter;
•fluctuations or delays in purchasing decisions in anticipation of new data security products or enhancements by us or our competitors;
•changes in customers’ budgets, the timing of their budget cycles and purchasing decisions, and payment schedules;
•our customers’ ability to procure Rubrik-branded Appliances or compatible commodity servers from Manufacturers;
•the number of qualified customers that elect to utilize their Subscription Credits before they expire;
•our ability to control costs, including hosting costs and our operating expenses;
•the amount and timing of payment for operating expenses, particularly research and development and sales and marketing expenses, including commissions;
•timing of hiring personnel for our research and development and sales and marketing organizations;
•the amount and timing of non-cash expenses, including stock-based compensation expense and other non-cash charges;
•the amount and timing of costs associated with recruiting, educating, and integrating new employees and retaining and motivating existing employees;
•the effects of acquisitions and their integration;
•general economic conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers participate;
•fluctuations in foreign currency exchange rates;
•the impact of new accounting pronouncements;
•changes in regulatory or legal environments that may cause us to incur, among other things, expenses associated with compliance;
•the impact of changes in tax laws or judicial or regulatory interpretations of tax laws, which are recorded in the period such laws are enacted or interpretations are issued and may significantly affect the effective tax rate of that period and following periods;
•health epidemics or pandemics;
•changes in the competitive dynamics of our market, including consolidation among competitors or customers; and
•significant security incidents related to, technical difficulties with, or interruptions to, the delivery and use of our data security solutions.
Any of these and other factors, or the cumulative effect of some of these factors, may cause our results of operations to vary significantly. If our quarterly results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock could decline substantially, and we could face costly lawsuits, including securities class action suits.
In addition, while we recognize our SaaS subscription revenue ratably over the term of the subscription, our customers typically pay us for new multi-year subscriptions upfront and then annually upon one-year renewals. Recently, due to the growth in our SaaS product offerings, changes in our customer mix, and the uncertain macroeconomic environment, we have experienced an increase in customers electing annual or consumption payments instead of multi-year upfront payments, which has caused and may continue to cause volatility in our period over period cash flow and may have an adverse effect on our business and results of operations.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 54 | |
| | | | |
Our ability to introduce new data security products and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively, and our business and results of operations may be harmed.
To remain competitive, we must continue to offer new data security products and enhancements to our platform and existing solutions. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop solutions internally due to certain constraints, such as high employee turnover, lack of management ability, or a lack of other research and development resources, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may be acquired by larger companies that would allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors, and our business, financial condition, and results of operations could be adversely affected. Moreover, there is no assurance that our research and development or acquisition efforts will successfully anticipate market needs and result in significant new marketable solutions or enhancements to our solutions, design improvements, cost savings, revenues, or other expected benefits. If we are unable to generate an adequate return on such investments, we may not be able to compete effectively, and our business and results of operations may be adversely affected.
We depend and rely on SaaS technologies from third parties to operate our business, and interruptions or performance problems with these technologies may adversely affect our business and results of operations.
We rely on hosted SaaS applications from third parties in order to operate critical functions of our business, including enterprise resource planning, order management, billing, project management, human resources, technical support, accounting, and other operational activities. If these services become unavailable due to extended outages, interruptions, or because they are no longer available on commercially reasonable terms, our expenses could increase, our ability to manage finances could be interrupted, and our processes for managing sales of our data security solutions and supporting our customers could be impaired until equivalent services, if available, are identified, obtained, and implemented, all of which could adversely affect our business and results of operations.
If we are unable to maintain successful relationships with our Channel Partners and technology alliance partners, or if our Channel Partners or technology alliance partners fail to perform, our ability to market, sell, and distribute our data security solutions will be limited, and our business, financial condition, and results of operations will be harmed.
In addition to our sales force, we rely on our Channel Partners, which include our distributors and resellers, to sell and support our data security solutions. A vast majority of sales of our data security solutions flow through our Channel Partners with the support of our sales force. Our three largest Channel Partners, Arrow Enterprise Computing Solutions, Exclusive Networks, and Ingram Micro Inc., and their respective affiliates collectively generated approximately 79% and 76% of our revenue for fiscal 2023 and fiscal 2024, respectively. Our agreements with our Channel Partners, including our agreements with our three largest Channel Partners, are non-exclusive, renew automatically in one-year term increments, and may be terminated by either party at any time. Further, our Channel Partners fulfill our sales on a purchase order basis and do not impose minimum purchase requirements or related terms on sales. Our Channel Partners enable us to extend our reach, in particular with smaller customers and in geographies where we have less sales presence. Additionally, we have entered, and intend to continue to enter, into technology alliance partnerships with third parties to support our future growth plans. For example, through our alliance with Microsoft Corporation, and along with our mutual go-to-market obligations, we have committed to spend $220 million over the course of up to 10 years for the use of Azure for our data security solutions and preferentially offer public cloud functionality for Azure to our customers.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 55 | |
| | | | |
We derive a substantial amount of our revenue from sales through Channel Partners, and we expect to continue to derive a substantial amount of our revenue from Channel Partners in future periods. Our agreements with our Channel Partners are generally non-exclusive and do not prohibit them from working with our competitors or offering competing products, and many of our Channel Partners may have more established relationships with our competitors. If our Channel Partners choose to place greater emphasis on solutions other than our own, fail to effectively market and sell our data security solutions, or fail to meet the needs of our customers, then our ability to grow our business and sell our data security solutions may be adversely affected. In addition, the loss of one or more of our larger Channel Partners or technology alliance partners, who may cease marketing our data security solutions with limited or no notice, and any inability to replace them, could adversely affect our business, financial condition, and results of operations. Moreover, our ability to expand our distribution channels depends in part on our ability to maintain successful relationships with our Channel Partners and educate and train our current and future Channel Partners about our data security solutions, which can be complex. If we fail to effectively manage our existing sales channels, or if our Channel Partners are unsuccessful in fulfilling the orders for our data security solutions, or if we are unable to enter into arrangements with, and retain a sufficient number of, high quality Channel Partners in each of the regions in which we sell data security solutions and keep them motivated to sell our data security solutions, our business, financial condition, and results of operations will be harmed. Even if we are successful, these relationships may not result in greater customer usage of our data security products or increased revenue. Our ability to influence, or have visibility into, the actions or efforts of our Channel Partners may be limited. If our partners, including our Channel Partners, fail to comply with applicable law, including anti-corruption, antitrust, or competition laws, or engage in activities that result in or may result in liability, we may also be adversely affected through reputational harm, as well as other negative consequences, including litigation, government investigations and penalties.
In addition, the financial health of our Channel Partners and our continuing relationships with them are important to our success. Some of these Channel Partners may be unable to withstand adverse changes in economic conditions, including the current macroeconomic uncertainty, which could result in insolvency or the inability of such Channel Partners to obtain credit to finance purchases of our data security solutions and services. In addition, weakness in the end-user market could negatively affect the cash flows of our Channel Partners who could, in turn, delay paying their obligations to us, which would increase our credit risk exposure. Our business could be harmed if the financial condition of some of these Channel Partners substantially weakened, and we were unable to timely secure replacement Channel Partners.
If we do not effectively expand and train our sales force, we may be unable to add new customers or retain and increase sales to our existing customers, and our business will be adversely affected.
We depend on our sales force to obtain new customers and retain and increase sales with existing customers. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training, and retaining sufficient numbers of sales personnel. We have expanded our sales organization significantly in recent periods and expect to continue to add additional sales capabilities in the near term. There is significant competition for sales personnel with the skills and technical knowledge that we require. New hires require significant training and may take significant time before they achieve full productivity, and this delay is accentuated by our long sales cycles. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do or plan to do business. In addition, a large percentage of our sales force is new to our company and selling our data security solutions, and therefore, this group may be less effective than our more seasoned sales personnel. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We may also incur additional compensation and training costs for our sales force, including as part of sales incentive realignment, as we work to migrate existing customers to RSC while ensuring retention and expansion. These additional costs may be higher than we expect depending on timing to complete the transition to RSC and any unforeseen challenges that arise, including due to additional costs faced by customers. Moreover, we could face challenges in our ability to retain sales personnel if the migration to RSC results in the loss of existing customers. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. If we are unable to hire and train a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or retaining and increasing sales to our existing customer base, our business, financial condition, and results of operations will be adversely affected.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 56 | |
| | | | |
Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.
Our revenue may fluctuate because of the length and unpredictability of the sales cycle for our data security solutions, particularly with respect to large organizations and government entities. For example, in light of current macroeconomic conditions, we have observed a lengthening of our sales cycles, which may be attributed to higher cost-consciousness around information technology budgets. Customers often view the subscription to our platform as a significant strategic decision and, as a result, frequently require considerable time to evaluate, test, and qualify our platform, including from a security and privacy perspective, prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens our sales cycle. Additionally, RSC and other SaaS solutions may elongate our sales cycles as a result of additional customer security and privacy evaluations.
Our sales team develops relationships with our customers and works with our Channel Partners on account penetration, account coordination, sales, and overall market development. We spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Data security product purchases are frequently subject to budget constraints, multiple approvals, and unanticipated administrative, processing, and other delays. As a result, it is difficult to predict whether and when a sale will be completed.
If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, or to changing customer needs, requirements, or preferences, our data security solutions may become less competitive.
Our ability to attract new users and customers and increase revenue from existing customers depends in large part on our ability to enhance, improve, and differentiate our existing offering, increase adoption and usage of our data security solutions, and introduce new data security products and capabilities. The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. Because the market for our data security solutions is relatively new, it is difficult to predict customer adoption, increased customer usage and demand for our data security solutions, the size and growth rate of this market, the entry of competitive products, or the success of existing competitive products. If we are unable to enhance our data security solutions and keep pace with rapid technological change, or if new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely than our data security solutions, our business, financial condition, and results of operations could be adversely affected.
To remain competitive, we need to continuously modify and enhance our data security solutions to adapt to changes and innovation in existing and new technologies. We expect that we will need to continue to differentiate our data management and data security capabilities, as well as expand and enhance our data security solutions to support a variety of use cases. This development effort will require significant engineering, sales, and marketing resources. Any failure to effectively offer data security solutions for these adjacent use cases could reduce customer demand for our platform. Further, our data security solutions must also integrate with a variety of network, commodity appliance, mobile, cloud, and software platforms and technologies, and we need to continuously modify and enhance our data security solutions to adapt to changes and innovation in these technologies. This development effort may require significant investment in engineering, support, marketing, and sales resources, all of which would affect our business and results of operations. Any failure of our data security solutions to operate effectively with widely adopted data infrastructure platforms, applications, and technologies would reduce the demand for our data security solutions. If we are unable to respond to customer demand in a cost-effective manner, our data security solutions may become less marketable and less competitive or obsolete, and our business, financial condition, and results of operations could be adversely affected.
The competitive position of our data security solutions depends in part on their ability to operate with third-party products and services, including those of our technology alliance partners, and if we are not successful in maintaining and expanding the compatibility of our data security solutions with such products and services, our business may be harmed.
The competitive position of our data security solutions depends in part on their ability to operate with products and services of third parties, including software companies, software services, and infrastructure, and our data security solutions must be continuously modified and enhanced to adapt to changes in commodity appliance, software, networking, browser, and database technologies. In the future, one or more technology companies, whether our technology alliance partners or otherwise, may choose not to support the operation of their software, software services, and infrastructure with our data security solutions, or our data security solutions may not support the capabilities needed to integrate with such software, software services, and infrastructure. In addition, to the extent that a third party were to develop software or services that compete with ours, that provider may choose not to support our offering. We intend to facilitate the compatibility of our platform with various third-party software, software services, and infrastructure offerings by maintaining and expanding our business and technical relationships. If we are not successful in achieving this goal, our business, financial condition, and results of operations may be harmed.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 57 | |
| | | | |
Incorrect or improper implementation or use of our data security solutions could result in customer dissatisfaction and harm our business, financial condition, and results of operations.
Our data security solutions are deployed in a wide variety of IT infrastructures, including large-scale, complex technology environments, and we believe our future success will depend, at least in part, on our ability to support such deployments. Implementations of our data security solutions may be technically complicated, and it may not be easy to maximize the value of our data security solutions without proper implementation, training, and support. Some of our customers have experienced difficulties implementing our data security solutions in the past and may experience implementation difficulties in the future. If we or our customers are unable to implement our data security solutions successfully, customer perceptions of our data security solutions may be impaired, our reputation and brand may suffer, or customers may choose not to renew their subscriptions or purchase additional data security products from us.
Any failure by customers to appropriately implement our data security solutions or any failure of our data security solutions to effectively integrate and operate within our customers’ data management infrastructure could result in customer dissatisfaction, impact the perceived reliability of our data security solutions, result in negative press coverage, negatively affect our reputation, and harm our business, financial condition, and results of operations.
We use third-party open-source software in our data security solutions, which could negatively affect our ability to sell our data security solutions or subject us to litigation or other actions.
Our data security solutions include third-party open-source software, and we intend to continue to incorporate third-party open-source software in our data security solutions in the future. There is a risk that the use of third-party open-source software in our software could impose conditions or restrictions on our ability to monetize our software or require making available the source code of all or part of our software that include, incorporate or rely upon such open-source software. Although we have internal policies in place designed to monitor the incorporation of open-source software into our data security solutions to avoid such restrictions, we cannot be certain that we have not incorporated open-source software in our data security solutions in a manner that is inconsistent with our licensing model or the licensing terms of any such open-source software. Certain open-source projects also incorporate other open-source software and there is a risk that those dependent open-source libraries may be subject to inconsistent licensing terms that affect our ability to use the software. This could create further uncertainties as to the governing terms for the open-source software we incorporate.
In addition, the terms of certain open-source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open-source software licenses could be construed in a manner that imposes unanticipated restrictions or conditions on our use of such software. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the software or derivative works that we developed using such open-source software, which could include proprietary portions of our source code, or otherwise seeking to enforce the terms of the open-source licenses. These claims could result in litigation and could require us to make those proprietary portions of our source code freely available, purchase a costly license or cease offering the implicated software or services unless and until we can re-engineer them to avoid infringement. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully.
In addition to risks related to license requirements, use of third-party open-source software can lead to greater risks than use of third-party commercial software, as open-source licensors generally do not provide warranties. Use of open-source software may also introduce security risks as it may contain security vulnerabilities, and hackers and other third parties may exploit the public availability of such open-source software to determine how to compromise our data security solutions.
In addition, licensors of open-source software included in our data security solutions may, from time to time, modify the terms of their license agreements applicable to any updates in such a manner that those license terms may include restrictions that make the use of such software incompatible with our business, and thus could, among other consequences, prevent us from using or incorporating new updates of such software that are subject to the modified license.
In addition, any source code that we contribute to open-source projects becomes publicly available, subject to the relevant open source license. As a result, our ability to protect some of our intellectual property rights in such source code may be limited or lost entirely, and we would be unable to prevent our competitors or others from using such contributed source code in accordance with the relevant open source license.
Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, financial condition, and results of operations.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 58 | |
| | | | |
Our success depends, in part, on the integrity and scalability of our systems and infrastructures. System interruption or delays from third-party data center hosting facilities and the lack of integration, redundancy, and scalability in our systems and infrastructures could impair the delivery of our data security solutions and harm our business.
Our success depends, in part, on our ability to maintain the integrity of our systems and infrastructure, including websites, information, and related systems. System interruption and the lack of integration and sufficient redundancy in our information systems and infrastructures may harm our ability to operate websites, respond to customer inquiries, and generally maintain cost-efficient operations. We may experience occasional system interruptions that make some or all systems or data unavailable or prevent us from efficiently providing data security solutions.
We currently utilize third-party data center hosting facilities located in the United States and internationally. Any damage to, or failure of, the data facilities generally could result in interruptions in our data security solutions. As we continue to add data center hosting facilities and add capacity in our existing data facilities, we may move or transfer our data and our customers’ data. Despite precautions taken during this process, any unsuccessful data transfers may impair the delivery of our data security solutions. We also rely on affiliate and third-party computer systems, broadband, and other communications systems and service providers in connection with the provision of services generally, as well as to facilitate, process, and fulfill transactions. Interruptions in our data security solutions may reduce our revenue, cause us to issue credits or pay penalties, cause customers to terminate their subscriptions or data security solutions contracts, or harm our renewal rates or our ability to attract new customers. Our business will also be harmed if our customers and potential customers believe our data security solutions are unreliable.
Fire, flood, power loss, telecommunications failure, hurricanes, tornadoes, earthquakes, acts of war or terrorism, acts of God, and similar events or disruptions may damage or interrupt computer, broadband, or other communications systems and infrastructures at any time. Any of these events could cause system interruption, delays, and loss of critical data, and could prevent us from providing our data security solutions. While we have backup systems for certain aspects of our operations, disaster recovery planning by its nature cannot be sufficient for all eventualities. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. As we continue to expand the number of our customers and data security solutions products available to our customers, we may not be able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in data security solutions. If any of these events were to occur, it could harm our business, financial condition, and results of operations.
We rely on software licensed from other parties. Defects in or the loss of software from third parties could increase our costs and harm the quality of our data security solutions.
Components of our data security solutions include or rely upon software licensed from third parties. Our business could be disrupted if any of the software we license from others and functional equivalents thereof were either no longer available to us or no longer offered on commercially reasonable terms. In either case, we may be required to either redesign our data security solutions to function with software available from other parties or develop these components ourselves, which would result in increased costs and could result in delays in the release of new data security solutions. Furthermore, we might be forced to limit the features available in our current or future data security solutions. If we fail to maintain or renegotiate any of these software licenses, we could face significant delays and diversion of resources in attempting to license and integrate functional equivalents. While we believe that in most cases there are commercially reasonable alternatives to the third-party software we currently license, this may not always be the case, or it may be time consuming or expensive to replace existing third-party software or find a replacement third-party provider. Our use of additional or alternative third-party software or third-party providers would require us to enter into license agreements with third parties, and we may not be able to enter into such agreements on advantageous terms.
We are subject to governmental export and import controls and economic sanctions laws and regulations that could impair our ability to compete in international markets or subject us to liability and reputational harm if we violate the controls.
Our data security solutions are subject to U.S. export controls, including the Export Administration Regulations, and we incorporate encryption technology into our data security solutions. Our data security solutions and the underlying technology may be exported outside of the United States only in compliance with the required export authorizations, including by license, applicability of a license exception, or other appropriate government authorizations, including the filing of an encryption classification request or self-classification report, as applicable. Obtaining the necessary export license or other authorization for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.
Furthermore, we are required to comply with economic and trade sanctions laws and regulations of the countries where we do business, including those administered and enforced by the U.S. government (including through the Office of Foreign Assets Control of the U.S. Treasury Department and the U.S. Department of State). These economic and trade sanctions prohibit or restrict the provisions of products and services to embargoed jurisdictions or sanctioned persons, unless otherwise authorized.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 59 | |
| | | | |
While we have taken certain precautions to prevent our data security solutions from being provided in violation of trade controls and are in the process of enhancing our policies and procedures relating to trade controls, our data security solutions may have been in the past, and could in the future be, provided inadvertently and without our knowledge in violation of such laws. Violations of U.S. trade controls can result in significant fines or penalties and possible criminal liability for responsible employees and managers, in addition to potential reputational harm.
If our partners, including our Channel Partners, fail to obtain appropriate import, export, or re-export licenses or permits, we may also be adversely affected through reputational harm, as well as other negative consequences, including government investigations and penalties.
Also, various countries, in addition to the United States, regulate the import and export of certain encryption and other technology, including import and export licensing requirements, and have enacted laws that could limit our ability to distribute our data security solutions or could limit our customers’ ability to implement our data security solutions in those countries. Changes in our data security solutions or future changes in export and import regulations may create delays in the introduction of our data security solutions in international markets, prevent our customers with international operations from deploying our data security solutions globally or, in some cases, prevent the export or import of our data security solutions to certain countries, governments, or persons altogether. From time to time, various governmental agencies have proposed additional regulation of encryption technology.
Any change in export or import regulations, economic sanctions, or related laws or regulations, or change in the countries, governments, persons, or technologies targeted by such regulations, could result in decreased use of our data security solutions by, or in our decreased ability to export or sell our data security solutions to, existing or potential customers with international operations. Any decreased use of our data security solutions or limitation on our ability to export or sell our data security solutions would adversely affect our business, financial condition, results of operations, and growth prospects.
We are subject to anti-corruption, anti-bribery, and similar laws, and non-compliance with such laws can subject us to criminal or civil liability and harm our business, financial condition, and results of operations.
We are subject to the U.S. Foreign Corrupt Practices Act ("FCPA"), U.S. domestic bribery laws, the UK Bribery Act, and other anti-corruption and anti-boycott laws in the countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. As a public company, the FCPA separately requires that we keep accurate books and records and maintain internal accounting controls sufficient to assure management’s control, authority, and responsibility over our assets. As we engage in and increase our international sales and business and sales to the public sector, we may engage with business partners and third-party intermediaries, including Channel Partners, to market and sell our data security solutions and to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities.
While we have policies and procedures and conduct training designed to address compliance with such laws, our employees and agents may take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.
Detecting, investigating, and resolving actual or alleged violations of anti-corruption laws can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery, or anti-boycott laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties or injunctions, suspension, or debarment from contracting with certain persons, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition, and results of operations could be harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 60 | |
| | | | |
Downturns or upturns in our sales may not be immediately reflected in our financial condition and results of operations.
We recognize a significant portion of our revenue ratably over the term of subscriptions to our data security solutions. As a result, any decreases in new subscriptions or renewals in any one period may not immediately be fully reflected as a decrease in revenue for that period but would negatively affect our revenue in future quarters. This also makes it difficult for us to rapidly increase our revenue through the sale of additional subscriptions in any period. If our quarterly results of operations fall below the expectations of investors and securities analysts who follow our stock, the price of our Class A common stock would decline substantially, and we could face costly lawsuits, including securities class actions.
Seasonality may cause fluctuations in our revenue and related metrics.
Historically, we have experienced seasonality in revenue and related metrics, as we typically sell a higher percentage of subscriptions to new customers, and expansion and renewal subscriptions with existing customers in the fourth quarter of our fiscal year. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. We expect that this seasonality may continue to affect our revenue and related metrics in the future and might become more pronounced as we continue to target enterprise customers.
Our subscription annual recurring revenue ("Subscription ARR"), cloud annual recurring revenue ("Cloud ARR"), and certain other operational data are operating metrics that are subject to assumptions and limitations, including that the factors that impact Subscription ARR will vary from those that impact subscription revenue. As such, these metrics may not provide an accurate indication of our actual performance or our future results.
Subscription ARR, Cloud ARR, and other operational metrics are based on numerous assumptions and limitations, are calculated using our internal data from non-financial systems, have not been independently verified by third parties, and may not accurately reflect actual results nor provide an accurate indication of future or expected results. Further, the definitions and assumptions for these metrics may differ from those calculated by other businesses. Subscription ARR and Cloud ARR are not proxies for revenue or forecasts of revenue, and do not reflect any anticipated reductions in contract value due to contract non-renewals or service cancellations. In addition, the factors that impact Subscription ARR will vary from those that impact subscription revenue in a given period. As a result, Subscription ARR, Cloud ARR, and our other operational data may not accurately reflect our actual performance, and investors should consider these metrics in light of the assumptions and processes used in calculating such metrics and the limitations as a result thereof. Investors should not place undue reliance on these metrics as an indicator of our future or expected results. Moreover, these metrics may differ from similarly titled metrics presented by other companies and may not be comparable to such other metrics. See the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations - Key Business Metrics” for additional information regarding Subscription ARR, Cloud ARR, and other operational metrics.
We will face risks associated with the growth of our business with certain heavily regulated industry verticals.
We market and sell our data security solutions to customers in heavily regulated industry verticals, including the banking, healthcare, and financial services industries. As a result, we face additional regulatory scrutiny, risks, and burdens from the governmental entities and agencies that regulate those industries. Entering new heavily regulated verticals and expanding in those verticals in which we are already operating will continue to require significant resources to address potential regulatory scrutiny, risks, and burdens, and there is no guarantee that such efforts will be successful or beneficial to us. If we are unable to successfully penetrate these verticals, maintain our market share in such verticals in which we already operate, or cost-effectively comply with governmental and regulatory requirements applicable to our activities with customers in such verticals, our business, financial condition, and results of operations may be harmed.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 61 | |
| | | | |
Sales to government entities are subject to a number of challenges and risks.
We sell to U.S. federal, state, and local, as well as foreign governmental agency customers. Sales to such entities are subject to a number of challenges and risks. Selling to such entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government contracting requirements may change and in doing so restrict our ability to sell into the government sector until we have obtained any required government certifications. Further, achieving and maintaining government certifications, such as U.S. Federal Risk and Authorization Management Program ("FedRAMP"), certification for our data security solutions, may require significant upfront and ongoing cost, time, and resources. If we do not obtain and maintain FedRAMP certification for our data security solutions, we may not be able to sell certain solutions to the U.S. federal government and public sector customers as well as eligible private sector customers that require such certification for their intended use cases, which could harm our growth, business, and results of operations. This may also harm our competitive position against larger enterprises whose competitive data security solutions are certified. Further, there can be no assurance that we will secure commitments or contracts with government entities even following such certifications, which could harm our margins, business, financial condition, and results of operations. Government demand and payment for our data security solutions are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our data security solutions.
Further, governmental entities may demand contract terms that differ from our standard arrangements and are less favorable than terms agreed with private sector customers. Such entities may have statutory, contractual, or other legal rights to terminate contracts with us or our Channel Partners for convenience or for other reasons. Any such termination may adversely affect our ability to contract with other government customers as well as our reputation, business, financial condition, and results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely affect our business, financial condition, results of operations, and reputation.
Our customers also include certain non-U.S. governments, to which government procurement law risks similar to those present in U.S. government contracting also apply, particularly in certain emerging markets where our customer base is less established. In addition, compliance with complex regulations and contracting provisions in a variety of jurisdictions can be expensive and consume significant management resources. In certain jurisdictions, our ability to win business may be constrained by political and other factors unrelated to our competitive position in the market. These difficulties could harm our business, financial condition, and results of operations.
In October 2023, we received a grand jury subpoena from the Department of Justice, U.S. Attorney’s Office for the District of Maryland ("DOJ"), which requested information regarding two specific companies, which we subsequently learned were associated with an employee from one of our sales teams who is no longer with the company. We are fully cooperating with this investigation and have been conducting our own thorough internal investigation. In the course of our internal investigation, we have discovered communications among certain employees within one of our sales teams, including such former Rubrik employee, that relate to potential violations of federal law in connection with government contracts, and are similarly cooperating with the DOJ with respect to these matters. These investigations are ongoing, and we do not know when they will be completed, the entirety of facts we will ultimately discover as a result of the investigations, or what actions the government may or may not take. Because we cannot predict the outcome of these investigations, we are not able to provide an estimate of any possible consequences. A negative outcome in any or all of these matters could cause us to incur substantial fines, penalties, or other financial exposure, as well as reputational harm and exclusion from future contracting with the federal government.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 62 | |
| | | | |
Acquisitions, strategic investments, joint ventures, or alliances could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business and culture, dilute stockholder value, and adversely affect our business, financial condition, and results of operations.
We have in the past and may in the future seek to acquire or invest in businesses, joint ventures, products and platform capabilities, technologies, or technical know-how that we believe could complement or expand our platform capabilities, enhance our technical capabilities, or otherwise offer growth opportunities. Further, the proceeds we received from the IPO increase the likelihood that we will devote resources to exploring larger and more complex acquisitions and investments than we have previously attempted. Any such acquisition or investment may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and platform capabilities, personnel, or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our data security solutions, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise. These transactions may also disrupt our business, divert our resources, and require significant management attention that would otherwise be available for development of our existing business. We may also have difficulty establishing our company values with personnel of acquired companies, which may negatively impact our culture and work environment. Any such transactions that we are able to complete may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. In addition, we may not be able to find and identify desirable acquisition targets or business opportunities or be successful in entering into an agreement with any particular strategic partner. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, if the resulting business from such a transaction fails to meet our expectations, our business, financial condition, and results of operations may be adversely affected, or we may be exposed to unknown risks or liabilities.
Any inability to maintain a high-quality customer support organization could lead to a lack of customer satisfaction, which could hurt our customer relationships and have an adverse effect on our business, financial condition, and results of operations.
Once our data security solutions are deployed, customers rely on our technical support services to assist with service customization and optimization and to resolve certain issues relating to the implementation and maintenance of our data security solutions. Customers also rely on our or our Channel Partners’ support personnel to resolve issues and realize the full benefits that our solutions provide. If we or our Channel Partners do not effectively assist customers in deploying our data security solutions, succeed in helping customers quickly resolve technical issues or provide effective ongoing support, our ability to sell additional data security solutions as part of our platform to existing customers would be adversely affected, and our reputation with potential customers could be damaged.
In addition, our sales process is highly dependent on our product and business reputation and on positive recommendations from existing customers. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality technical support, could adversely affect our reputation, our ability to sell our services to existing and prospective customers, and our business, financial condition, and results of operations.
Our business is subject to the risks of warranty claims and product defects from real or perceived defects in our data security solutions or their misuse by customers or third parties and indemnity provisions in various agreements that potentially expose us to substantial liability for intellectual property infringement and other losses.
We may in the future be subject to liability claims for damages related to undetected defects, errors, or vulnerabilities in our data security solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our platform could harm our business, financial condition, and results of operations. Although we generally have limitation of liability provisions in our terms and conditions, in rare cases we have agreed to limited exceptions to such liability caps, and such limitation of liability provisions may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 63 | |
| | | | |
Moreover, as part of our ransomware recovery warranty (the "Ransomware Recovery Warranty"), we also provide certain customers with up to $10,000,000 for recovery expenses related to data recovery and restoration in the event that data backed up using our solutions cannot be recovered following a ransomware attack. As part of the Ransomware Recovery Warranty, if an eligible customer’s data that has been backed-up onto a Rubrik-branded Appliance, Rubrik-certified compatible third-party commodity server, or a Rubrik-hosted cloud platform, is not successfully recovered by way of one of our data security products due to a failure of such solution, we will reimburse the customer for its reasonable and necessary fees and expenses to restore, recover, or recreate its data up to $10,000,000. If many of our customers experience security incidents or other incidents that fall within this program and we are not able to recover their data through our data security solutions, we could be required to pay significant amounts to comply with our obligations under the Ransomware Recovery Warranty. In the event that we are required to regularly provide financial assistance for such recovery activities, and particularly if we have to do so for multiple customers at the same or similar times, this could significantly increase our costs, harm our reputation and brand, and increase the costs to us associated with this warranty program, which could adversely affect our business, financial condition, and results of operations.
Additionally, we typically provide indemnification to customers for certain losses suffered or expenses incurred as a result of third-party claims arising from our infringement of a third party’s intellectual property. We also may be exposed to liability for certain breaches of confidentiality or customer data, as defined in our terms of service which, as a standard practice, are generally subject to caps on liability. We also assume limited liability in the event we breach certain of our terms of service. Certain of these contractual provisions survive termination or expiration of the applicable agreement. We have not received any material indemnification claims from third parties. However, as we continue to grow, the possibility of these claims against us will increase.
If customers or other third parties with whom we do business make intellectual property infringement or other indemnification claims against us, we will incur significant legal expenses and may have to pay damages, license fees, or stop using technology found to be in violation of a third-party’s rights. We may also have to seek a license for the technology. Such licenses may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deliver certain data security solutions or features. We may also be required to develop alternative non-infringing technology, which could either require significant effort and expense or cause us to alter our data security solutions, or both, which could harm our business. Large indemnity obligations, whether for intellectual property or in certain limited circumstances, other claims, would harm our business, financial condition, and results of operations.
Under certain circumstances, our personnel may have access to customer platforms. An employee may take advantage of such access to conduct malicious activities or fail to follow internal policies or make errors that could cause system failures, loss of data, or other adverse effects on our customers. Misuse of our data security solutions by our personnel could result in claims from our customers for damages related to such misuse. Such misuse of our data security solutions could also result in negative press coverage and negatively affect our reputation, which could result in harm to our reputation, business, financial condition, and results of operations. In addition, misuse of our data security solutions could also result in contractual breaches and damages to customers that may assert warranty and other claims for substantial damages against us.
We maintain insurance to protect against certain claims associated with the use of our data security solutions, but our insurance coverage may not adequately cover any claim asserted against us and is subject to deductibles. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our reputation, business, financial condition, and results of operations.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 64 | |
| | | | |
Failure to effectively develop and expand our sales and marketing capabilities or improve the productivity of our sales and marketing organization could harm our ability to expand our potential customer and sales pipeline, increase our customer base, and achieve broader market acceptance of our data security solutions.
Our ability to increase our customer base, achieve broader market adoption and acceptance of our data security solutions, and expand our potential customer and sales pipeline and brand awareness will depend to a significant extent on our ability to expand and improve the productivity of our sales and marketing organization. We plan to continue expanding our sales force, both domestically and internationally. We also plan to dedicate significant resources to sales and marketing programs to decrease the time required for our sales personnel to achieve desired productivity levels, which may be impacted in the short term from our new approach to sales force segmentation. Historically, newly hired sales personnel have needed several quarters to achieve desired productivity levels. Our increased sales and marketing efforts will also involve investing significant financial and other resources, which could result in increased costs and negatively impact margins. We are one of the only providers of a unified data security platform, so we must therefore invest heavily in our sales and marketing functions in order to educate customers and potential customers about our data security solutions. Our business and results of operations will be harmed if our sales and marketing efforts fail to successfully expand our potential customer and sales pipeline, including through increasing brand awareness, new customer acquisition, and market adoption of our platform and data security solutions, particularly for RSC, or fail to generate significant increases in revenue or result in increases that are smaller than anticipated. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, integrate, and retain talented and effective sales personnel, if our new and existing sales personnel, on the whole, are unable to achieve desired productivity levels in a reasonable period of time or at all, or if our sales and marketing programs are not effective.
If we fail to enhance our brand cost-effectively, our ability to expand our customer base will be impaired and our business, financial condition, and results of operations may be adversely affected.
We believe that developing and maintaining awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our existing and future data security solutions and is an important element in attracting new customers. In addition, creating brand awareness of our relatively new data security solutions will require added investment in our marketing and branding activities. We believe that the importance of brand recognition will increase as competition in our market increases. Successful promotion of our brand as a provider of data security solutions will depend largely on the effectiveness of our marketing efforts and on our ability to develop and deploy high-quality, reliable, and differentiated data security solutions to our customers. In the past, our efforts to build our brand have involved significant expense. Brand promotion activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expense we incur in building our brand. If we fail to successfully promote and maintain our brand or incur substantial expense in an unsuccessful attempt to promote and maintain our brand, we may fail to attract new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business, financial condition, and results of operations could be adversely affected.
We have a limited history with pricing models for our data security solutions, and we may need to adjust the pricing terms of our data security solutions, which could have an adverse effect on our revenue and results of operations.
We have limited experience with respect to determining the optimal prices for subscriptions to and renewals of our data security solutions, new subscription editions, and new enterprise, cloud, and SaaS applications. As the market for cloud data security evolves, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers. In the past, we have been able to increase our prices for our data security solutions, but we may choose not to introduce or be unsuccessful in implementing future price increases. Furthermore, since we have limited experience pricing RSC, we may be unsuccessful in implementing future price increases and our future pricing power may erode due to changing market dynamics, increased competition, ability to sell to information security teams, or other factors. As a result of these and other factors, in the future we may be required to reduce our prices or be unable to increase our prices, or it may be necessary for us to increase our services or data security solutions without additional revenue to remain competitive, all of which could harm our financial condition and results of operations.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 65 | |
| | | | |
We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.
We have funded our operations since inception primarily through equity financings, sales of our data security solutions, and the utilization of debt products, including our Amended Credit Facility (as described in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources”). We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business, which may require us to engage in equity or debt financings to secure additional funds. Additional financing may not be available on terms favorable to us, if at all, particularly during times of market volatility, higher interest rates, inflationary pressures, and general economic instability. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, financial condition, and results of operations. If we incur additional debt, the debt holders would have rights senior to holders of common stock to make claims on our assets, and the terms of any debt could restrict our operations, including our ability to pay dividends on our Class A common stock. Furthermore, if we issue additional equity securities, stockholders will experience dilution, and the new equity securities could have rights senior to those of our Class A common stock. Because our decision to issue securities in the future will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing, or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our Class A common stock and diluting their interests.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our results of operations.
Our data security solutions are billed in U.S. dollars, and therefore, our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our data security solutions to our customers outside of the United States, which could adversely affect our results of operations. In addition, an increasing portion of our operating expenses are incurred outside the United States. These operating expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. While we do not currently hedge against the risks associated with currency fluctuations, if our foreign currency risk increases in the future and we are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be adversely affected.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 66 | |
| | | | |
Unfavorable conditions in our industry or the global economy, including those caused by the ongoing conflicts around the world, or reductions in technology spending, could limit our ability to grow our business and negatively affect our results of operations.
Global business activities face widespread macroeconomic uncertainties, and our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, inflation and efforts to control further inflation, including rising interest rates, bank failures, international trade relations, political turmoil, including the conflict in Israel and the surrounding area and the ongoing conflict between Russia and Ukraine, potential U.S. federal government shutdowns, natural catastrophes, warfare, and terrorist attacks could cause a decrease in business investments by existing or potential customers, including spending on technology, and negatively affect the growth of our business. As an example, in the United States, capital markets have experienced and continue to experience volatility and disruption. Furthermore, inflation rates in the United States have recently increased to levels not seen in decades. In addition to the foregoing, adverse developments that affect financial institutions, transactional counterparties, or other third parties, such as bank failures or concerns or speculation about any similar events or risks, could lead to market-wide liquidity problems, which in turn may cause third parties, including our customers, to become unable to meet their obligations under various types of financial arrangements as well as general disruptions or instability in the financial markets. Such economic volatility could adversely affect our business, financial condition, results of operations, and cash flows, and future market disruptions could negatively impact us. In particular, we have experienced and may continue to experience longer sales cycles and related negotiations for prospective customers and existing customer expansions, a reduction in multi-year upfront payments for our subscription offerings, reduced contract sizes or generally increased scrutiny on technology spending and budgets from existing and potential customers, due in part to the effects of macroeconomic uncertainty. These customer dynamics may persist in the future, even if macroeconomic conditions improve, and to the extent there is a sustained general economic downturn, a recession, or another situation where technology budgets grow at a slower rate or contract, these customer dynamics may be exacerbated. In addition to the foregoing, we have operations in Israel, which have been affected and may continue to be affected by the ongoing conflict in Israel and the surrounding area, and our growth, business, and results of operations could be further negatively impacted if the current conflict in Israel and the surrounding area continues, worsens, or expands to other nations or regions. Our competitors, many of whom are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our customers, which may require us to respond in kind and may negatively impact our existing customer relationships and new customer acquisition strategy. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our data security solutions. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry.
We typically provide service-level commitments under our customer agreements. If we fail to meet these commitments, we could face customer terminations, a reduction in renewals, and damage to our reputation, which would lower our revenue and harm our business, financial condition, and results of operations.
Our agreements with our customers typically provide for service-level commitments relating to service availability. If we fail to meet these commitments, we could be required to extend affected services at no charge and could face customer terminations, or a reduction in renewals, which could significantly affect both our current and future revenue. Any service-level commitment failures could also damage our reputation. The complexity and quality of our customers’ implementation and the performance and availability of cloud services and cloud infrastructure are outside our control, and therefore, we are not in full control of whether we can meet these service-level commitments. Our business, financial condition, and results of operations could be adversely affected if we fail to meet our service-level commitments for any reason. Any extended service outages could adversely affect our business, reputation, and brand.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 67 | |
| | | | |
Sales to enterprise customers involve risks that may not be present or that are present to a lesser extent with respect to sales to smaller organizations.
We are seeing an increasing volume of sales to large, enterprise customers. Sales to enterprise customers and large organizations involve risks that may not be present or that are present to a lesser extent with sales to smaller customers, including the commercial customer segment. These risks include longer sales cycles and negotiations, more complex customer requirements (including audit and other requirements driven by such customers’ regulatory and industry contexts), substantial upfront sales costs, and less predictability in completing some of our sales. For example, enterprise customers may require considerable time to evaluate and test our data security solutions and those of our competitors prior to making a purchase decision and placing an order or may need specialized security features to meet regulatory requirements. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our data security solutions, the discretionary nature of purchasing and budget cycles, the macroeconomic uncertainty and challenges and resulting increased technology spending scrutiny, and the competitive nature of evaluation and purchasing approval processes. Since the processes for deployment, configuration, and management of our data security solutions are complex, we are also often required to invest significant time and other resources to train and familiarize potential customers with our data security solutions. Customers may engage in extensive evaluation, testing, and quality assurance work before making a purchase commitment, which increases our upfront investment in sales, marketing, and deployment efforts, with no guarantee that these customers will make a purchase or increase the scope of their subscriptions. In certain circumstances, an enterprise customer’s decision to use our data security solutions may be an organization-wide decision, and therefore, these types of sales require us to provide greater levels of education regarding the use and benefits of our data security solutions. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, has varied, and may continue to vary, significantly from customer to customer, with sales to large enterprises and organizations typically taking longer to complete. Moreover, large enterprise customers often begin to deploy our data security solutions on a limited basis but nevertheless demand configuration, integration services, and pricing negotiations, which increase our upfront investment in the sales effort with no guarantee that these customers will deploy our data security solutions widely enough across their organization to justify our substantial upfront investment.
Given these factors, it is difficult to predict whether and when a sale will be completed and when revenue from a sale will be recognized due to the variety of ways in which customers may purchase our data security solutions. This may result in lower than expected revenue in any given period, which would have an adverse effect on our business, financial condition, and results of operations.
Our intellectual property rights may not adequately protect our business.
To be successful, we must protect our technology, know-how, and brand in the United States and other jurisdictions through trademarks, trade secrets, patents, copyrights, service marks, invention assignments, contractual restrictions, and other intellectual property rights and confidentiality procedures. Despite our efforts to implement these protections, they may not adequately protect our business for a variety of reasons, including:
•our inability to successfully register or obtain patents, trademarks, and other intellectual property rights that sufficiently protect our brand and the full scope of important innovations;
•any inability by us to maintain appropriate confidentiality and other protective measures to establish and maintain our trade secrets;
•uncertainty in, and evolution of, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights;
•potential invalidation of our intellectual property rights through administrative processes or litigation; and
•other practical, resource, or business limitations on our ability to detect and prevent infringement or misappropriation of our rights and to enforce our rights.
Further, the laws of certain foreign countries, particularly certain developing countries, do not provide the same level of protection of corporate proprietary information and assets, such as intellectual property, including trademarks, trade secrets, know-how, and records, as the laws of the United States and mechanisms for enforcement of intellectual property rights may be inadequate. As a result, we may encounter significant problems in protecting and defending our intellectual property or proprietary rights abroad. Additionally, we may also be exposed to material risks of theft or unauthorized reverse engineering of our proprietary information and other intellectual property, including software source code, designs, specifications, or other sensitive information. Our efforts to enforce our intellectual property rights in such foreign countries may be inadequate to obtain a significant commercial advantage from the intellectual property that we develop, which could have an adverse effect on our business, financial condition, and results of operations. Moreover, if we are unable to prevent the disclosure of our trade secrets to third parties, or if our competitors independently develop any of our trade secrets, we may not be able to establish or maintain a competitive advantage in our market, which could seriously harm our business.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 68 | |
| | | | |
We also contribute to open-source projects. Although we have internal policies and procedures designed to pre-approve the incorporation of any of our source code into open-source projects, any such contribution becomes publicly available, subject to the relevant open source license. As a result, our ability to protect some of our intellectual property rights in such source code may be limited or lost entirely, and we would be unable to prevent our competitors or others from using such contributed source code in accordance with the relevant open source license.
Litigation may be necessary to enforce our intellectual property or proprietary rights, protect our trade secrets, or determine the validity and scope of proprietary rights claimed by others. Any litigation, whether or not resolved in our favor, could result in significant expense to us, divert the time and efforts of our technical and management personnel, and result in counterclaims alleging infringement of intellectual property rights by us or challenging the validity or scope of our intellectual property rights, which may lead to the impairment or loss of portions of our intellectual property. If we are unable to prevent third parties from infringing upon or misappropriating our intellectual property or are required to incur substantial expenses defending our intellectual property rights, our business, financial condition, and results of operations may be adversely affected.
If we are not successful in expanding our operations and customer base internationally, our business and results of operations could be negatively affected.
A component of our growth strategy involves the further expansion of our operations and customer base internationally. Customers outside the United States generated 31% and 32% of our total revenue for fiscal 2023 and fiscal 2024, respectively. We are continuing to adapt to and develop strategies to expand in international markets, but there is no guarantee that such efforts will have the desired effect. For example, we anticipate that we will need to establish relationships with new Channel Partners in order to expand into certain countries, and if we fail to identify, establish, and maintain such relationships, we may be unable to execute on our expansion plans. As of January 31, 2024, approximately 46% of our full-time employees were located outside of the United States, with approximately 26% of our full-time employees located in India. We expect that our international activities will continue to grow for the foreseeable future as we continue to pursue opportunities in existing and new international markets, which will require significant dedication of management attention and financial resources. If we invest substantial time and resources to further expand our international operations and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.
We are subject to stringent and evolving U.S. and foreign laws, regulations, rules, contractual obligations, policies, and other requirements relating to privacy and data security. Our actual or perceived failure to comply with such obligations could lead to regulatory investigations or actions, litigation, fines and penalties, disruptions of our business operations, reputational harm, loss of revenue, loss of customers or sales, and other adverse business consequences.
Due to the nature of the data security services and solutions we provide to our customers, we process various categories of data, including proprietary and confidential business data, trade secrets, intellectual property, data about individuals, and other data considered to be sensitive. Our data processing activities may subject us to numerous obligations relating to privacy and data security, such as various laws, regulations, guidance, industry standards, internal and external privacy and security policies, contractual requirements, and other obligations.
In the United States, federal, state, and local governments have enacted numerous data privacy and data security laws, including data breach notification laws, laws governing information about individuals, and consumer protection laws (e.g., Section 5 of the Federal Trade Commission Act). For example, the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH"), imposes specific requirements relating to the privacy, security, and transmission of individually identifiable health information. As another example, the California Consumer Privacy Act ("CCPA"), requires businesses to provide specific disclosures in privacy notices, implement new operational practices, and honor requests from California residents to exercise certain privacy rights. The CCPA contains significant potential penalties for noncompliance (up to $7,500 per violation). California has adopted a new law, the California Privacy Rights Act of 2020 ("CPRA"), that substantially expands the CCPA, effective January 1, 2023, including by establishing a new California Privacy Protection Agency and by applying to certain business contact information and employment-related data. Other states also passed comprehensive privacy laws, and similar laws are being considered in many other states as well as at the federal level. These developments may further complicate compliance efforts and may increase legal risk and compliance costs for us, the third parties upon whom we rely, and our customers.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 69 | |
| | | | |
Outside the United States, an increasing number of laws, regulations, and industry standards may apply to our data processing activities. For example, the European Union’s General Data Protection Regulation ("EU GDPR"), the United Kingdom’s General Data Protection Regulation ("UK GDPR"), and Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, or LGPD) (Law No. 13,709/2018) impose strict requirements for processing personal data. Under the EU GDPR, companies may face fines of up to the greater of 20 million Euros or 4% of their global annual revenues, temporary or definitive bans on data processing and other collective action, and private litigation related to the processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. Furthermore, in Europe, there is a proposed regulation related to AI that, if adopted, could impose onerous obligations related to the use of AI-related systems. In Canada, the Personal Information Protection and Electronic Documents Act ("PIPEDA"), and various related provincial laws, as well as Canada’s Anti-Spam Legislation ("CASL"), may apply to our operations. We also have operations in Japan and Singapore and may be subject to new and emerging data privacy regimes in Asia, including Japan’s Act on the Protection of Personal Information and Singapore’s Personal Data Protection Act.
Additionally, we may transfer personal data from Europe and other jurisdictions to the United States or other countries. Europe and other jurisdictions have enacted laws regulating the cross-border transfer of personal data from Europe to other countries, and, in particular, the European Economic Area and the United Kingdom, or UK, have significantly restricted the cross-border transfer of personal data to the United States, unless the entity has achieved compliance under the Data Privacy Framework and is listed as an active participant on the International Trade Administration’s website. Currently, we are a listed participant. However, given historical challenges to similarly positioned frameworks, it is possible that the Data Privacy Framework is invalidated in the future, and we will need to rely on other established transfer mechanisms for cross border transfers. Other jurisdictions may adopt similarly stringent interpretations of their cross-border data transfer laws. Although standard contractual clauses ("SCCs"), and other mechanisms, currently may be used to transfer personal data from European Economic Area to the United States, these mechanisms are frequently subject to legal challenges, and the efficacy and longevity of such mechanisms for making data transfers from the European Economic Area to the United States remains uncertain. If there is no lawful manner for us to transfer personal data from the European Economic Area or other jurisdictions to the United States, we could face significant consequences, including restricting our operations or relocating part of or all of our business to other jurisdictions and increased exposure to regulatory actions, substantial fines, civil proceedings, and injunctions against processing or transferring personal data, as well as incurring the associated legal and compliance costs. Some European regulators have prevented companies from transferring personal data out of Europe.
In addition to privacy, data protection, and data security laws and regulations, we may be contractually subject to industry standards adopted by industry groups, such as the Payment Card Industry Data Security Standards ("PCI") and may become subject to such obligations in the future. Additionally, the demands our customers place on us relating to privacy, data protection, and data security are becoming more stringent. Data protection laws, such as the EU GDPR, UK GDPR, and CCPA, increasingly require companies to impose specific contractual restrictions on their service providers and contractors. In addition, customers that use certain of our data security solutions to process protected health information may require us to sign business associate agreements that subject us to the privacy and security requirements under HIPAA and HITECH, as well as state laws that govern the privacy and security of health information. Our customers’ increasing data privacy and data security standards also increase the cost and complexity of ensuring that we, and the third parties we rely on to operate our business and deliver our services, can meet these standards. If we, or the third parties on which we rely, are unable to meet our customers’ demands or comply with the increasingly stringent legal or contractual requirements relating to data privacy and data security, we may face increased legal liability, customer contract terminations, and reduced demand for our data security solutions.
Finally, we publish privacy policies, marketing materials, and other statements, such as compliance with certain certifications or self-regulatory principles, as well as other documentation regarding our processing of information about individuals. If these policies, materials, statements, or documentations are found to be deficient, lacking in transparency, deceptive, unfair, or misrepresentative of our practices, we may be subject to investigation, regulatory enforcement actions, costly legal claims by affected individuals or our customers, or other adverse consequences.
Obligations related to data privacy and data security are quickly changing, becoming increasingly stringent, and creating regulatory uncertainty. Additionally, these obligations may be subject to differing applications and interpretations by regulators and other stakeholders, which may be inconsistent or conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources. These obligations may necessitate changes to our services, information technologies, systems, and practices and to those of any third parties that process personal data on our behalf. In addition, these obligations may require us to change our business model.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 70 | |
| | | | |
Our business model materially depends on our ability to process personal data, so we are particularly exposed to the risks associated with the rapidly changing legal landscape. We may be at heightened risk of regulatory scrutiny, and any changes in the regulatory framework could require us to fundamentally change our business model. Despite our efforts to comply with applicable data privacy and data security obligations, we may at times fail (or be perceived to have failed) in our efforts to comply. Moreover, despite our efforts, our personnel or third parties on whom we rely may fail to comply with such obligations, which could negatively impact our business operations. If we, or the third parties on which we rely, fail, or are perceived to have failed, to address or comply with applicable data privacy and data security obligations, we could face significant consequences, including but not limited to: government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-action claims); additional reporting requirements and/or oversight; bans on processing personal data; orders to destroy or not use information about individuals; and imprisonment of company officials. As a data security company, we could be exposed to additional reputational risks should a data privacy incident occur.
As a result of being a public company, we are obligated to develop and maintain proper and effective internal control over financial reporting, and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our Class A common stock.
We are required, pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, as amended ("Sarbanes-Oxley Act"), to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for the fiscal year ending January 31, 2026. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting in our first annual report required to be filed with the SEC following the date we are no longer an “emerging growth company.” We have recently commenced the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404 of the Sarbanes-Oxley Act ("Section 404"), but we may not be able to complete our evaluation, testing, and any required remediation in a timely fashion once initiated. Our compliance with Section 404 will require that we incur substantial expenses and expend significant management efforts. Although we currently have an internal audit group, we will need to hire additional accounting and financial staff with appropriate public company experience and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404.
During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to certify that our internal control over financial reporting is effective. We cannot assure you that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our Class A common stock could decline, and we could be subject to sanctions or investigations by the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 71 | |
| | | | |
We may become subject to intellectual property disputes, which can be costly and may subject us to significant liability and increased costs of doing business.
We have been and may continue in the future to be subject to intellectual property disputes. In regard to future litigation, our success depends, in part, on our ability to develop and commercialize our data security solutions without infringing, misappropriating, or otherwise violating the intellectual property rights of third parties. However, we may not be aware that our data security solutions are infringing, misappropriating, or otherwise violating third-party intellectual property rights, and such third parties may bring claims against us, our business partners, and our customers alleging such infringement, misappropriation, or violation. Companies in the software industry are often required to defend against litigation claims based on allegations of infringement, misappropriation, or other violations of intellectual property rights. For example, between 2020 and 2021, we were involved in patent disputes with two of our competitors which have since been resolved. However, we may not in all instances be able to obtain a settlement, or proactively defend or ascertain all third-party rights implicated by our business. Further, certain patent holders that own large numbers of patents and other intellectual property, including “non-practicing entities,” often threaten or enter into litigation based on allegations of infringement or other violations of intellectual property rights. Any claims of intellectual property infringement, even those without merit, may be time-consuming and expensive to resolve, divert management’s time and attention, cause us to cease using or incorporating the challenged technology, expose us to other legal liabilities, such as indemnification obligations, or require us to enter into licensing agreements to obtain the right to use a third-party’s intellectual property. In addition, many companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them. Any litigation may also involve patent holding companies or other adverse patent owners that have no relevant product revenue, and therefore, our patents may provide little or no deterrence as we would not be able to assert them against such entities or individuals. If we are found to infringe a third-party’s intellectual property rights and we cannot obtain a license or develop a non-infringing alternative, we would be forced to cease business activities related to such intellectual property. Although we carry general liability insurance, our insurance may not cover potential claims of this type or may not be adequate to indemnify us for all liability that may be imposed. We cannot predict the outcome of lawsuits and cannot ensure that the results of any such actions will not have an adverse effect on our business, financial condition, or results of operations. Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:
•cease selling or using data security solutions that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate;
•make substantial payments for legal fees, settlement payments, or other costs or damages;
•obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology; or
•redesign the allegedly infringing data security solutions to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible.
Even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business and results of operations. Moreover, there could be public announcements of the results of hearings, motions or other interim proceedings or developments, and if securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our Class A common stock. We expect that the occurrence of infringement claims is likely to grow as our business grows. Accordingly, our exposure to damages resulting from infringement claims could increase, and this could further exhaust our financial and management resources.
We and our employees have and may continue to be subject to claims alleging violations of our employees’ contractual obligations to their prior employers. These claims may be costly to defend, and if we do not successfully do so, our business could be harmed.
Many of our employees were previously employed at current or potential competitors. Although we have processes to ensure that our employees do not use proprietary information or disclose confidential information from their prior employer in their work for us or otherwise violate their contractual post-employment obligations such as customer and employee non-solicits, we or our employees may still in the future become subject to claims alleging such violations. Litigation may be necessary to defend against these claims. If we fail in defending such claims, in addition to paying monetary damages, we may lose valuable intellectual property rights or personnel. A loss of key personnel or their work product could negatively impact our business. Even if we are successful in defending against these claims, litigation efforts are costly, time-consuming, and a significant distraction to management.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 72 | |
| | | | |
Our company values have contributed to our success. If we cannot maintain these values as we grow, we could lose certain benefits we derive from them, and our employee turnover could increase, which could harm our business.
We believe our culture is driven by our company values which have been and will continue to be a key contributor to our success. Our core company values are:
•Relentlessness. Unyielding will and curiosity to tackle the hardest challenges.
•Integrity. Do what you say and do the right thing.
•Velocity. Drive clarity, decide quickly, and move fast to delight our customers.
•Excellence. Set a high standard and strive for greatness.
•Transparency. Build trust and drive smart decisions through transparent communication.
We have rapidly increased our workforce across all departments, and we expect to continue to hire across our business. Our anticipated headcount growth, combined with our transition from a privately held to a publicly traded company, may result in changes to certain employees’ adherence to our core company values. If we do not continue to maintain our adherence to our company values as we grow, including through any future acquisitions or other strategic transactions, we may experience increased turnover in a portion of our current employee base and may not continue to be successful in hiring future employees. Moreover, following our IPO, many of our employees may be eligible to receive significant proceeds from the sale of common stock in the public markets. This may lead to higher employee attrition rates or disparities in wealth among our employees, which may harm our culture and relations among employees.
We are subject to risks inherent in international operations that can harm our business, financial condition, and results of operations.
Our current and future international business and operations involve a variety of risks, including:
•slower than anticipated availability and adoption of cloud-based data security solutions by international organizations;
•changes in a specific country’s or region’s political or economic conditions;
•the need to adapt and localize our data security solutions for specific countries;
•greater difficulty collecting accounts receivable and longer payment cycles;
•potential changes in trade relations, regulations, or laws;
•unexpected changes in laws, including tax laws, or regulatory requirements;
•more stringent regulations relating to privacy, data security, and data localization requirements and the unauthorized use of, or access to, commercial and personal information;
•differing and potentially more onerous labor regulations, especially in Europe, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;
•challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction;
•difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems;
•increased travel, real estate, infrastructure, and legal compliance costs associated with international operations;
•currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we choose to do so in the future;
•limitations on our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;
•laws and business practices favoring local competitors or general market preferences for local vendors;
•limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents, in the United States or other foreign jurisdictions, such as China;
•political instability, economic sanctions, terrorist activities, or international conflicts, including the conflict in Israel and the surrounding area and the ongoing conflict between Russia and Ukraine, which have in the past and may in the future impact the operations of our business or the businesses of our customers;
•inflationary pressures, such as those the global market is currently experiencing, which may increase costs for certain services;
•health epidemics or pandemics, such as the COVID-19 pandemic;
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 73 | |
| | | | |
•exposure to liabilities under anti-corruption and similar laws, including FCPA, U.S. domestic bribery laws, the UK Bribery Act, and similar laws and regulations in other jurisdictions; and
•adverse tax burdens and foreign exchange controls that could make it difficult to repatriate earnings and cash.
The occurrence of any one of these risks could harm our international business and, consequently, our results of operations. Additionally, operating in international markets requires significant management attention and financial resources. We cannot be certain that the investment and additional resources required to operate in other countries will produce desired levels of revenue or profitability.
Changes in tax laws or regulations could harm our financial condition and results of operations.
The tax regimes to which we are subject or under which we operate, including income and non-income taxes, are unsettled in certain respects and may be subject to significant change. Changes in tax laws or regulations, or changes in interpretations of existing laws and regulations, could materially affect our financial condition and results of operations. For example, the Tax Cuts and Jobs Act (the "Tax Act"), the Coronavirus Aid, Relief, and Economic Security Act, and the Inflation Reduction Act made many significant changes to the U.S. tax laws. Effective January 1, 2022, the Tax Act eliminated the option to deduct research and development expenses for tax purposes in the year incurred and instead requires taxpayers to capitalize and subsequently amortize such expenses over five years for research activities conducted in the United States and over 15 years for research activities conducted outside the United States. Although there have been legislative proposals to repeal or defer the capitalization requirement to later years, there can be no assurance that the provision will be repealed or otherwise modified. The Tax Act also includes certain U.S. tax base anti-erosion provisions, the global intangible low-taxed income ("GILTI"), provisions and the base erosion anti-abuse tax ("BEAT"), provisions. The GILTI provisions require us to include in our U.S. taxable income foreign subsidiary earnings in excess of an allowable return on the foreign subsidiary’s tangible assets. We currently have no foreign subsidiaries with material earnings. Therefore, this provision currently has no material impact on us. The BEAT provisions apply to companies with average annual gross receipts of $500 million or more for the prior three-year period, eliminate the deduction of certain base-erosion payments made to related foreign corporations, and impose a minimum tax if greater than regular tax. We are evaluating the BEAT rules and do not currently expect the BEAT rules to have a material impact on U.S. tax expense in the near term; however, the potential impact of the BEAT rules on us in the future is not certain.
In addition, our tax obligations and effective tax rate in the jurisdictions in which we conduct business could increase, including as a result of the base erosion and profit shifting ("BEPS"), project that is being led by the Organization for Economic Co-operation and Development ("OECD"), and other initiatives led by the OECD or the European Commission. For example, the OECD is leading work on proposals commonly referred to as “BEPS 2.0,” which, if and to the extent implemented, would make important changes to the international tax system. These proposals are based on two “pillars,” involving the reallocation of taxing rights in respect of certain profits of multinational enterprises above a fixed profit margin to the jurisdictions within which they carry on business (subject to certain revenue threshold rules, which we do not currently meet but may meet in the future), referred to as “Pillar One,” and imposing a minimum effective tax rate on certain multinational enterprises, referred to as “Pillar Two.” A number of countries in which we conduct business have enacted with effect from January 1, 2024, or are in the process of enacting, core elements of the Pillar Two rules. Based on our current understanding of the minimum revenue thresholds contained in the Pillar Two proposal, we expect that we are likely to fall within the scope of its rules in the short-to-medium term. The OECD has issued administrative guidance providing transition and safe harbor rules in relation to the implementation of the Pillar Two proposal. We are monitoring developments and evaluating the potential impacts of these new rules, including on our effective tax rates, and considering our eligibility to qualify for these safe harbor rules. As another example, several countries have proposed or enacted taxes applicable to digital services, which could apply to our business.
Due to the large and expanding scale of our international business activities, these types of changes to the taxation of our activities could increase our worldwide effective tax rate, increase the amount of taxes imposed on our business and increase our compliance costs. Such changes also may apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our consolidated financial statements. Any of these outcomes could harm our financial position and results of operations.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 74 | |
| | | | |
We could be required to collect additional sales or other indirect taxes or be subject to other tax liabilities in various jurisdictions that may adversely affect our results of operations.
We sell subscriptions and services primarily through a distribution channel, but if we were to begin selling more (or, in respect of certain jurisdictions, any) subscriptions and services directly to end user or non-business customers, we may be adversely impacted because an increasing number of U.S. states and foreign jurisdictions are considering or have adopted laws that impose tax collection obligations on out-of-state companies or on companies with no taxable presence within such jurisdictions. State, local, or foreign governments may interpret existing laws, or have adopted or may adopt new laws, requiring us to calculate, collect and remit taxes on sales in their jurisdictions. A successful assertion by one or more taxing jurisdictions requiring us to collect taxes in jurisdictions in which we do not currently do so or to collect additional taxes in jurisdictions in which we currently collect taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest, and additional administrative expenses, which could harm our business. The imposition by state, local, or foreign governments of sales or other indirect tax collection obligations on out-of-state sellers or sellers with no taxable presence within the relevant jurisdiction also could create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors, and decrease our future sales, which could have an adverse effect on our business and results of operations.
Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.
As of January 31, 2024, we had net operating loss ("NOL"), carryforwards for federal and state income tax purposes of $533.6 million and $250.9 million, respectively, which may be available to offset taxable income in the future, and portions of which expire in various years beginning in 2037 for federal purposes and 2028 for state purposes if not utilized. Under current law, U.S. federal NOLs incurred in taxable years beginning after December 31, 2017 may be carried forward indefinitely, but such federal NOLs are permitted to be used in any taxable year to offset only up to 80% of taxable income in such year. A lack of future taxable income would adversely affect our ability to utilize certain of these NOLs before they expire. In addition, under Section 382 of the Internal Revenue Code of 1986, as amended (the "Code"), a corporation that undergoes an “ownership change” (as defined under Section 382 of the Code and applicable Treasury Regulations; generally a greater than 50 percentage point change (by value) in its equity ownership by certain stockholders over a three-year period) is subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. We have experienced ownership changes under Section 382 of the Code in the past and we may experience additional ownership changes in the future which could affect our ability to utilize our NOLs to offset our income. Similar provisions of state tax law may also apply. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future also may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state tax purposes. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition.
We may be subject to additional tax liabilities, which could adversely affect our results of operations.
We are subject to taxes in the United States in federal, state, and local jurisdictions and in certain foreign jurisdictions in which we operate. The amount of taxes we pay in different jurisdictions depends on the application of the relevant tax laws to our business activities, the relative amounts of income before taxes in the various jurisdictions in which we operate, the application of new or revised tax laws, the interpretation of existing tax laws and policies, the outcome of current and future tax audits, examinations, or administrative appeals, our ability to realize our deferred tax assets, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. We generally conduct our international operations through subsidiaries and report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships are subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. We may be subject to examination by U.S. federal, state, local, and foreign tax authorities, and such tax authorities may disagree with our tax positions. Our methodologies for pricing intercompany transactions may be challenged, or the taxing authorities in the jurisdictions in which we operate may disagree with our determinations as to the income and expenses attributable to specific jurisdictions or the ownership of certain property acquired or developed pursuant to our intercompany arrangements or property of companies that we have acquired or may acquire in the future. If such a challenge or disagreement were to occur and our position was not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations. While we regularly assess the likelihood of adverse outcomes from any such examinations and the adequacy of our provision for taxes, there can be no assurance that such provision is sufficient or that a determination by a tax authority would not adversely affect our business, financial condition, and results of operations. The determination of our overall provision for income and other taxes is inherently uncertain because it requires significant judgment with respect to complex transactions and calculations. As a result, fluctuations in our tax liabilities may differ materially from amounts recorded in our financial statements and could adversely affect our business, financial condition, and results of operations in the periods for which such determination is made.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 75 | |
| | | | |
If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes appearing elsewhere in this Quarterly Report on Form 10-Q. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Policies and Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant estimates and judgments involve our common stock valuations prior to the completion of the IPO, the volatility used to determine the grant date fair value of our CEO Performance Award, the identification of the number of performance obligations in our RSC subscription offerings, and our material rights associated with our Refresh Rights and Subscription Credits. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the market price of our Class A common stock.
Our leverage could adversely affect our financial condition, our ability to raise additional capital to fund our operations, our ability to operate our business, and our ability to react to changes in the economy or our industry, as well as divert our cash flow from operations for debt payments and prevent us from meeting our debt obligations.
We entered into the Amended Credit Facility in August 2023 with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto, consisting of a $289.5 million term loan and $40.5 million of committed delayed draw term loans. The term loans mature in August 2028, and the interest payments associated with the term loans are due quarterly. The Amended Credit Facility refinanced and replaced the term loan facility we previously entered into in June 2022 with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto.
Our leverage could have an adverse effect on our business and financial condition, including:
•requiring a substantial portion of cash flow from operations to be dedicated to the payment of principal and interest on our indebtedness, thereby reducing our ability to use our cash flow to fund our operations and capital expenditures and pursue future business opportunities;
•exposing us to increased interest expense, as our degree of leverage may cause the interest rates of any future indebtedness, whether fixed or floating rate interest, to be higher than they would be otherwise;
•making it more difficult for us to satisfy our obligations with respect to our indebtedness, and any failure to comply with the obligations of any of our debt instruments, including restrictive covenants, could result in an event of default that accelerates our obligation to repay indebtedness;
•restricting us from making strategic acquisitions;
•limiting our ability to obtain additional financing for working capital, capital expenditures, product development, satisfaction of debt service requirements, acquisitions, and general corporate or other purposes;
•increasing our vulnerability to adverse economic, industry, or competitive developments; and
•limiting our flexibility in planning for, or reacting to, changes in our business or market conditions and placing us at a competitive disadvantage compared to our competitors who may be better positioned to take advantage of opportunities that our existing indebtedness prevents us from exploiting.
A substantial majority of our existing indebtedness consists of indebtedness under our Amended Credit Facility with Goldman Sachs BDC, Inc., as administrative agent, and the other lenders party thereto, which matures in August 2028. We may not be able to further refinance the existing indebtedness because of the amount of our debt, debt incurrence restrictions under our debt agreements, or adverse conditions in credit markets generally. Our inability to generate sufficient cash flow to satisfy our obligations, or to refinance our indebtedness on commercially reasonable terms or at all, would result in an adverse effect on our business, financial condition, and results of operations.
Furthermore, we may incur significant additional indebtedness in the future. Although the financing documents that govern substantially all of our indebtedness contain restrictions on the incurrence of additional indebtedness and entering into certain types of other transactions, these restrictions are subject to a number of qualifications and exceptions. Additional indebtedness incurred in compliance with these restrictions could be substantial. To the extent we incur additional indebtedness, the significant leverage risks described above would be exacerbated.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 76 | |
| | | | |
The terms of the financing documents governing our term loan and credit facilities restrict our current and future operations, particularly our ability to respond to changes or to take certain actions.
The financing documents governing our credit facilities impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests, including restrictions on our ability to:
•incur or guarantee additional indebtedness;
•pay dividends and make other distributions on, or redeem or repurchase, capital stock;
•make certain investments;
•incur certain liens;
•enter into transactions with affiliates;
•merge or consolidate;
•enter into agreements that restrict the ability of subsidiaries to make certain intercompany dividends, distributions, payments, or transfers; and
•transfer or sell assets, including our intellectual property.
As a result of the restrictions described above, we will be limited as to how we conduct our business, and we may be unable to raise additional debt or equity financing to compete effectively or to take advantage of new business opportunities. The terms of any future indebtedness we may incur could include more restrictive covenants. We cannot assure you that we will be able to maintain compliance with these covenants in the future and, if we fail to do so, that we will be able to obtain waivers from the lenders or amend the covenants.
Our failure to comply with the restrictive covenants described above as well as other terms of our indebtedness or the terms of any future indebtedness we may incur from time to time could result in an event of default, which, if not cured or waived, could result in our being required to repay these borrowings before their due date. If we are forced to refinance these borrowings on less favorable terms or are unable to refinance these borrowings, our business, financial condition, and results of operations could be adversely affected.
Risks Related to Ownership of Our Common Stock
The dual class structure of our common stock has the effect of concentrating voting control with the holders of our Class B common stock, including our executive officers, employees, and directors and their affiliates, and limiting your ability to influence corporate matters, which could adversely affect the trading price of our Class A common stock.
Our Class B common stock has 20 votes per share, whereas our Class A common stock has one vote per share. As a result, as of April 30, 2024, holders of our Class B common stock, including our executive officers and directors and their affiliates, together hold approximately 98% of the voting power of our outstanding capital stock, and our directors, executive officers, and principal stockholders beneficially own approximately 55% of our outstanding classes of common stock as a whole, but control approximately 76% of the voting power of our outstanding common stock. As a result, our executive officers, directors, and other affiliates have significant influence over our management and affairs and over all matters requiring stockholder approval, including election of directors and significant corporate transactions, such as a merger or other sale of the company or our assets, for the foreseeable future.
In addition, the holders of Class B common stock collectively will continue to be able to control all matters submitted to our stockholders for approval even if their stock holdings represent less than 50% of the outstanding shares of our common stock. Because of the 20-to-1 voting ratio between our Class B common stock and Class A common stock, the holders of our Class B common stock collectively will continue to control a majority of the combined voting power of our common stock even when the shares of Class B common stock represent as little as 5% of the outstanding shares of our Class A common stock and Class B common stock. This concentrated control will limit your ability to influence corporate matters for the foreseeable future, and, as a result, the market price of our Class A common stock could be adversely affected.
Future transfers by holders of shares of Class B common stock will generally result in those shares converting to shares of Class A common stock, which will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 77 | |
| | | | |
FTSE Russell does not allow most newly public companies utilizing dual or multi-class capital structures to be included in their indices, including the Russell 2000. Also, in 2017, MSCI, a leading stock index provider, opened public consultations on its treatment of no-vote and multi-class structures and temporarily barred new multi-class listings from certain of its indices; however, in October 2018, MSCI announced its decision to include equity securities “with unequal voting structures” in its indices and to launch a new index that specifically includes voting rights in its eligibility criteria. Under the announced policies, our dual class capital structure would make us ineligible for inclusion in certain indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices will not be investing in our stock. In addition, we cannot assure you that other stock indices will not take similar actions. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, exclusion from certain stock indices would likely preclude investment by many of these funds and would make our Class A common stock less attractive to other investors. As a result, the trading price, volume, and liquidity of our Class A common stock could be adversely affected.
Our stock price may be volatile, and the value of our Class A common stock may decline.
The market price of our Class A common stock may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control, including:
•actual or anticipated fluctuations in our financial condition or results of operations;
•variance in our financial performance from our forecasts or the expectations of securities analysts;
•changes in our revenue mix;
•changes in the pricing of our data security solutions;
•changes in our projected operating and financial results;
•changes in laws or regulations applicable to our data security solutions;
•announcements by us or our competitors of significant business developments, acquisitions, or new data security solutions;
•significant data breaches, disruptions to, or other incidents involving our data security solutions;
•our involvement in litigation;
•future sales of our Class A common stock by us or our stockholders, as well as the anticipation of lock-up releases;
•changes in senior management or key personnel;
•the trading volume of our Class A common stock;
•changes in the anticipated future size and growth rate of our market;
•changes in demand for cybersecurity offerings;
•rumors and market speculation involving us or other companies in our industry;
•overall performance of the equity markets;
•general political, social, economic, and market conditions, in both domestic and our foreign markets, including effects of increased; and
•interest rates, inflationary pressures, bank failures, and macroeconomic uncertainty and challenges.
Broad market and industry fluctuations, as well as general economic, political, regulatory, and market conditions, may also negatively impact the market price of our Class A common stock. In addition, technology stocks have historically experienced high levels of volatility. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial expenses and divert our management’s attention.
Future sales of our Class A common stock in the public market could cause the market price of our Class A common stock to decline.
Sales of a substantial number of shares of our Class A common stock in the public market following our IPO, or the perception that these sales might occur, could depress the market price of our Class A common stock and could impair our ability to raise capital through the sale of additional equity securities. Many of our equity holders who held our capital stock prior to completion of the IPO have substantial unrecognized gains on the value of the equity they hold based upon the price at which shares were sold in our IPO, and therefore, they may take steps to sell their shares or otherwise secure the unrecognized gains on those shares. We are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our Class A common stock.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 78 | |
| | | | |
All of our directors, executive officers, and the holders of substantially all of our common stock outstanding and securities exercisable for or convertible into our common stock, have entered into lock-up agreements with the underwriters and/or agreements with market stand-off provisions that restrict our and their ability to sell or transfer shares of our capital stock and securities convertible into or exercisable or exchangeable for shares of our capital stock, for the period ending on the date on which an open trading window period commences following our release of earnings for the quarter ending July 31, 2024, or the Lock-up Period, subject to certain customary exceptions and certain provisions that provide for the release of certain shares of our common stock. In addition, Goldman Sachs & Co. LLC may release any of the securities subject to these lock-up agreements at any time, subject to the applicable notice requirements.
In addition, as of April 30, 2024, there were 10,541,983 shares of Class B common stock issuable upon the exercise of options and 29,107,091 restricted stock units ("RSUs"), to be settled in shares of our Class B common stock. We have registered all of the shares of common stock issuable upon exercise of outstanding options, the vesting and settlement of outstanding RSUs, and other equity incentives we may grant in the future, for public resale under the Securities Act. The shares of common stock will become eligible for sale in the public market to the extent such options are exercised or RSUs are vested and settled, subject to the lock-up agreements described above comply with applicable securities laws.
Further, based on shares outstanding as of April 30, 2024 holders of approximately 74,182,559 shares of our common stock, or approximately 42% of our capital stock outstanding as of such date, have rights, subject to some conditions, to require us to file registration statements covering the sale of their shares or to include their shares in registration statements that we may file for ourselves or other stockholders.
Our issuance of additional capital stock in connection with financings, acquisitions, investments, our equity incentive plans, or otherwise will dilute all other stockholders.
We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors, and consultants under our equity incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in companies, products or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our Class A common stock to decline.
We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our Class A common stock.
We have never declared or paid any cash dividends on our capital stock, and we do not intend to pay any cash dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors. In addition, our Amended Credit Facility contains restrictions on our ability to pay cash dividends on our Class A Common Stock. Additionally, our ability to pay dividends may be further restricted by agreements we may enter into in the future. Accordingly, you may need to rely on sales of our Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on your investment.
We are an “emerging growth company,” and we cannot be certain if the reduced reporting and disclosure requirements applicable to emerging growth companies will make our Class A common stock less attractive to investors.
We are an “emerging growth company,” as defined in the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies,” including the auditor attestation requirements of Section 404, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Pursuant to Section 107 of the JOBS Act, as an emerging growth company, we have elected to use the extended transition period for complying with new or revised accounting standards until those standards would otherwise apply to private companies. As a result, our consolidated financial statements may not be comparable to the financial statements of issuers who are required to comply with the effective dates for new or revised accounting standards that are applicable to public companies, which may make our Class A common stock less attractive to investors. In addition, if we cease to be an emerging growth company, we will no longer be able to use the extended transition period for complying with new or revised accounting standards.
We will remain an emerging growth company until the first to occur of: (1) the last day of the year following the fifth anniversary of our IPO; (2) the last day of the first year in which our annual gross revenue is $1.235 billion or more; (3) the date on which we have, during the previous rolling three-year period, issued more than $1.0 billion in non-convertible debt securities; and (4) the date we qualify as a “large accelerated filer,” with at least $700 million of equity securities held by non-affiliates.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 79 | |
| | | | |
We cannot predict if investors will find our Class A common stock less attractive if we choose to rely on these exemptions. For example, if we do not adopt a new or revised accounting standard, our future results of operations may not be as comparable to the results of operations of certain other companies in our industry that adopted such standards. If some investors find our Class A common stock less attractive as a result, there may be a less active trading market for our Class A common stock, and our stock price may be more volatile.
We incur significant costs as a result of operating as a public company, and our management is required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.
As a public company, we incur significant legal, accounting, and other expenses that we did not incur as a private company, which we expect to further increase after we are no longer an “emerging growth company.” The Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of the New York Stock Exchange, and other applicable securities rules and regulations impose various requirements on public companies. Our management and other personnel devote a substantial amount of time to compliance with these requirements. Moreover, these rules and regulations have increased our legal and financial compliance costs and have made some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will incur as a public company or the specific timing of such costs.
Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management, and limit the market price of our Class A common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
•authorize our board of directors to issue, without further action by the stockholders, shares of undesignated preferred stock with terms, rights, and preferences determined by our board of directors that may be senior to our Class A common stock;
•require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;
•specify that special meetings of our stockholders can be called only by our board of directors, the chairperson of our board of directors, our chief executive officer, or our president (in the absence of a chief executive officer);
•establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for election to our board of directors;
•establish that our board of directors is divided into three classes, with each class serving three-year staggered terms;
•prohibit cumulative voting in the election of directors;
•provide that our directors may be removed for cause only upon the vote of at least 66 2/3% of our outstanding shares of voting stock;
•provide that vacancies on our board of directors may be filled only by the affirmative vote of a majority of directors then in office, even though less than a quorum, or by a sole remaining director; and
•require the approval of our board of directors or the holders of at least 66 2/3% of our outstanding shares of voting stock to amend our bylaws and certain provisions of our certificate of incorporation.
These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally, subject to certain exceptions, prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder. Any of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our Class A common stock, and they could deter potential acquirers of our company, thereby reducing the likelihood that holders of our Class A common stock would receive a premium for their shares of our Class A common stock in an acquisition.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 80 | |
| | | | |
Our amended and restated certificate of incorporation designates the Court of Chancery of the State of Delaware and the federal district courts of the United States of America as the exclusive forums for certain disputes between us and our stockholders, which restricts our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, or employees.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware (or, if and only if the Court of Chancery of the State of Delaware lacks subject matter jurisdiction, any state court located within the State of Delaware or, if and only if all such state courts lack subject matter jurisdiction, the federal district court for the District of Delaware) is the sole and exclusive forum for the following types of actions or proceedings under Delaware statutory or common law: (i) any derivative action or proceeding brought on our behalf; (ii) any action or proceeding asserting a claim of breach of a fiduciary duty owed by any of our current or former directors, officers, or other employees to us or our stockholders, or any action asserting a claim for aiding and abetting such breach of fiduciary duty; (iii) any action or proceeding asserting a claim against us or any of our current or former directors, officers or other employees arising out of or pursuant to any provision of the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws; (iv) any action or proceeding to interpret, apply, enforce or determine the validity of our amended and restated certificate of incorporation or our amended and restated bylaws (including any right, obligation, or remedy thereunder); (v) any action or proceeding as to which the Delaware General Corporation Law confers jurisdiction to the Court of Chancery of the State of Delaware; and (vi) any action or proceeding asserting a claim against us or any of our current or former directors, officers, or other employees that is governed by the internal affairs doctrine, in all cases to the fullest extent permitted by law and subject to the court’s having personal jurisdiction over the indispensable parties named as defendants. This provision does not apply to suits brought to enforce a duty or liability created by the Securities Exchange Act of 1934, as amended (the" Exchange Act"), or any other claim for which the federal courts have exclusive jurisdiction. In addition, to prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation provides that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the federal district courts of the United States of America are the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, including all causes of action asserted against any defendant named in such complaint. For the avoidance of doubt, this provision is intended to benefit and may be enforced by us, our officers and directors, the underwriters to any offering giving rise to such complaint, and any other professional entity whose profession gives authority to a statement made by that person or entity and who has prepared or certified any part of the documents underlying the offering. However, as Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder, there is uncertainty as to whether a court would enforce such provision. Our amended and restated certificate of incorporation further provides that any person or entity holding, owning or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to these provisions. Investors also cannot waive compliance with the federal securities laws and the rules and regulations thereunder.
These choice of forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring such a claim arising under the Securities Act against us, our directors, officers, or other employees in a venue other than in the federal district courts of the United States of America. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and we cannot assure you that the provisions will be enforced by a court in those other jurisdictions. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could harm our business.
If securities or industry analysts do not publish research or publish unfavorable or inaccurate research about our business, the market price and trading volume of our Class A common stock could decline.
The market price and trading volume of our Class A common stock is heavily influenced by the way analysts interpret our financial information and other disclosures. We do not have control over these analysts. If industry analysts cease coverage of us, our stock price would be negatively affected. If securities or industry analysts do not publish research or reports about our business, downgrade our Class A common stock, or publish negative reports about our business, our stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our Class A common stock could decrease, which might cause our stock price to decline and could decrease the trading volume of our Class A common stock.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 81 | |
| | | | |
General Risk Factors
Any future litigation against us could be costly and time-consuming to defend.
We have in the past been and in the future may become subject to legal proceedings and claims that arise in the ordinary course of business, such as intellectual property claims, including trade secret misappropriation and breaches of confidentiality terms, alleged breaches of non-competition or non-solicitation terms, or employment claims made by our current or former employees. Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, financial condition, and results of operations. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, potentially harming our business, financial condition, and results of operations.
Our business could be disrupted by catastrophic events.
Occurrence of any catastrophic event, including earthquake, fire, flood, tsunami, or other weather event, power loss, telecommunications failure, software or commodity appliance malfunction, cyberattack, war, or terrorist attack, explosion, or pandemic could impact our business. In particular, our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity, and are thus vulnerable to damage in an earthquake. Our insurance coverage may not compensate us for losses that may occur in the event of an earthquake or other significant natural disaster. Additionally, we rely on third-party cloud providers and enterprise applications, technology systems, and our website for our development, marketing, operational support, hosted services, and sales activities. In the event of a catastrophic event, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our product development, lengthy interruptions in our data security solutions, and breaches of data security, all of which could have an adverse effect on our results of operations. If we are unable to develop adequate plans to ensure that our business functions continue to operate during and after a disaster and to execute successfully on those plans in the event of a disaster or emergency, our business would be harmed.
Item 2. Unregistered Sales of Equity Securities, Use of Proceeds, and Issuer Purchases of Equity Securities
(a) Recent Sales of Unregistered Securities.
The following sets forth information regarding all unregistered equity securities sold during the three months ended April 30, 2024:
•From February 1, 2024 to April 25, 2024 (the date of the filing of our registration statement on Form S-8, File No. 333-278923), we granted stock options to purchase up to 8,000,000 shares of our Class B common stock to our CEO at an exercise price of $32.00 under our 2014 Plan.
•From February 1, 2024 to April 25, 2024 (the date of the filing of our registration statement on Form S-8, File No. 333-278923), we granted an aggregate of 9,383,173 restricted stock units to our employees to be settled in shares of our Class B common stock under our 2014 Plan.
•From February 1, 2024 to April 25, 2024 (the date of the filing of our registration statement on Form S-8, File No. 333-278923), we issued an aggregate of 641,537 shares of our Class B common stock upon the exercise of options under our 2014 Plan at exercise prices ranging from $0.25 to $19.88 per share, for an aggregate purchase price of $3.6 million.
None of the foregoing transactions involved any underwriters, underwriting discounts or commissions, or any public offering. Unless otherwise stated, the sales of the above securities were deemed to be exempt from registration under the Securities Act in reliance on Section 4(a)(2) of the Securities Act (and Regulation D or Regulation S promulgated thereunder) or Rule 701 promulgated under Section 3(b) of the Securities Act as transactions by an issuer not involving any public offering or pursuant to benefit plans and contracts relating to compensation as provided under Rule 701. The recipients of the securities in each of these transactions represented their intentions to acquire the securities for investment only and not with a view to or for sale in connection with any distribution thereof. All recipients had adequate access, through their relationships with us, to information about us. The sales of these securities were made without any general solicitation or advertising.
(b) Use of Proceeds.
On April 29, 2024, we completed our IPO, in which we issued and sold 23,500,000 shares of our Class A common stock, at a public offering price of $32.00 per share. We received net proceeds of approximately $710.3 million, after deducting underwriting discounts and commissions of $41.7 million. All shares sold were registered pursuant to a registration statement on Form S-1 (File No. 333-278434), as amended (the “Registration Statement”), declared effective by the SEC on April 24, 2024. Goldman Sachs & Co. LLC acted as the representative of the underwriters for the offering. The offering terminated after the sale of all securities registered pursuant to the Registration Statement. No payments for such expenses were made directly or indirectly to (i) any of our officers or directors or their associates, (ii) any persons owning 10% or more of any class of our equity securities, or (iii) any of our affiliates.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 82 | |
| | | | |
There has been no material change in the planned use of proceeds from our IPO as described in our Final Prospectus for the IPO dated as of April 24, 2024 and filed with the SEC pursuant to Rule 424(b)(4) on April 26, 2024.
Item 3. Defaults Upon Senior Securities
None.
Item 4. Mine Safety Disclosures
Not applicable.
Item 5. Other Information
None.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 83 | |
| | | | |
Item 6. Exhibits
| | | | | | | | | | | | | | | | | | | | |
| | Incorporated by Reference |
Exhibit Number | Description of Exhibit | Form | File No. | Exhibit | Filing Date | Filed Herewith |
3.1 | | S-1/A | 333-278434 | 3.2 | 4/16/2024 | |
3.2 | | S-1/A | 333-278434 | 3.4 | 4/16/2024 | |
10.1 | | S-1/A | 333-278434 | 10.3 | 4/16/2024 | |
10.2 | | S-1/A | 333-278434 | 10.4 | 4/16/2024 | |
10.3 | | S-1/A | 333-278434 | 10.5 | 4/16/2024 | |
10.4 | | S-1 | 333-278434 | 10.6 | 4/1/2024 | |
10.5 | | S-1 | 333-278434 | 10.7 | 4/1/2024 | |
10.6 | | S-1 | 333-278434 | 10.8 | 4/1/2024 | |
31.1 | | | | | | X |
31.2 | | | | | | X |
32.1* | | | | | | X |
32.2* | | | | | | X |
101 | The following financial information from Rubrik Inc.'s Quarterly Report on Form 10-Q for the quarter ended April 30, 2024 formatted in Inline XBRL (Extensible Business Reporting Language) includes: (i) the Condensed Consolidated Balance Sheets, (ii) the Condensed Consolidated Statements of Operations, (iii) the Condensed Consolidated Statements of Comprehensive Loss, (iv) the Condensed Consolidated Statements of Redeemable Convertible Preferred Stock and Stockholders' Deficit, (v) the Condensed Consolidated Statements of Cash Flows, and (vi) Notes to the Condensed Consolidated Financial Statements. | | | | | X |
104 | Cover Page Interactive Data File (formatted as inline XBRL and contained in Exhibits 101). | | | | | X |
* The certifications furnished in Exhibits 32.1 and 32.2 hereto are deemed to accompany this Quarterly Report on Form 10-Q and are not deemed “filed” for purposes of Section 18 of the Exchange Act, or otherwise subject to the liability of that section, nor shall they be deemed incorporated by reference into any filing under the Securities Act or the Exchange Act, irrespective of any general incorporation language contained in such filing.
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 84 | |
| | | | |
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, as amended, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
Date: June 13, 2024
| | | | | |
Rubrik, Inc. | |
By: | /s/ Bipul Sinha |
Name: | Bipul Sinha |
Title: | Chief Executive Officer |
| (Principal Executive Officer) |
| |
By: | /s/ Kiran Choudary |
Name: | Kiran Choudary |
Title: | Chief Financial Officer |
| (Principal Financial and Accounting Officer) |
| |
| |
| | | | | | | | | | | | | | |
| Rubrik, Inc. | Q1 2025 Form 10-Q | 85 | |
| | | | |