MIME 2017 Annual Report

17 Our business depends substantially on customers renewing their subscriptions with us. A decline in our customer renewals would harm our future operating results. In order for us to maintain or improve our operating results, it is important that our customers renew their subscriptions with us when the existing subscription term expires. Although the majority of our customer contracts include auto-renew provisions, our customers have no obligation to renew their subscriptions upon expiration, and we cannot provide assurance that customers will renew subscriptions at the same or higher level of service, if at all. For each of the fiscal years ended March 31, 2018, 2017 and 2016, our customer retention rate has been consistently greater than 90%. We calculate customer retention rate as the percentage of paying customers on the last day of the relevant period in the prior year who remain paying customers on the last day of the relevant period in the current year. The rate of customer renewals may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction or dissatisfaction with our solutions, the effectiveness of our customer support services, our pricing, the prices of competing products or services, mergers and acquisitions affecting our customer base, or reductions in our customers’ spending levels. If our customers do not renew their subscriptions, or renew on less favorable terms, our revenue may decline, and we may not realize improved operating results from our customer base. The markets in which we participate are highly competitive, with several large established competitors, and our failure to compete successfully would make it difficult for us to add and retain customers and would reduce or impede the growth of our business. Our market is large, highly competitive, fragmented and subject to rapidly evolving technology, shifting customer needs and frequent introductions of new products and services. We currently compete with companies that offer products that target email and data security, continuity and archiving, as well as large providers such as Google Inc. and Microsoft Corporation, which offer functions and tools as part of their core mailbox services that may be, or be perceived to be, similar to ours. Our current and potential future competitors include: Barracuda Networks, Inc., Google, Microsoft Exchange Online Protection, Proofpoint, Inc., Symantec Corporation and Cisco Systems Inc., in security, and EMC, Microsoft Office 365 ® , Veritas Technologies LLC and Barracuda in archiving. We expect competition to increase in the future from both existing competitors and new companies that may enter our markets. Additionally, some potential customers, particularly large enterprises, may elect to develop their own internal products. If two or more of our competitors were to merge or partner with one another, the change in the competitive landscape could reduce our ability to compete effectively. Our continued success and growth depends on our ability to out-perform our competitors at the individual service level as well as increasing demand for a unified service infrastructure. We cannot guarantee that we will out- perform our competitors at the product level or that the demand for a unified service technology will increase. Some of our current competitors have, and our future competitors may have, certain competitive advantages such as greater name recognition, longer operating history, larger market share, larger existing user base and greater financial, technical and other resources. Some competitors may be able to devote greater resources to the development, promotion and sale of their products and services than we can to ours, which could allow them to respond more quickly than we can to new technologies and changes in customer needs. We cannot assure you that our competitors will not offer or develop products or services that are superior to ours or achieve greater market acceptance. Data security and integrity are critically important to our business, and breaches of our information and technology networks and unauthorized access to a customer’s data could harm our business and operating results. We have experienced, and will continue to experience, cyberattacks and other malicious internet-based activity, which continue to increase in sophistication, frequency and magnitude. Because our services involve the storage of large amounts of our customers’ sensitive and proprietary information, solutions to protect that information from cyberattacks and other threats, data security and integrity are critically important to our business. Despite all of our efforts to protect this information, we cannot provide assurance that systems that access our services and databases will not be compromised or disrupted, whether as a result of criminal conduct, distributed denial of service, or DDoS, attacks, such as the one we experienced in September 2015, or other advanced persistent attacks by malicious actors, including hackers, state-backed hackers and cybercriminals, breaches due to employee error or malfeasance, or other disruptions during the process of upgrading or replacing computer software or hardware, power outages, computer viruses, telecommunication or utility failures or natural disasters or other catastrophic events. Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently or may be designed to remain dormant until a predetermined event and often are not recognized until launched against a target, we may be unable to anticipate these techniques or implement adequate preventative measures. Though it is difficult to determine what harm may directly result from any specific interruption or breach, unauthorized access to or disclosure of confidential information, disruption, including DDoS attacks, or the perception that the confidential information of our customers is not secure, any of these events could result in a material loss of business, substantial legal liability or significant harm to our reputation. Further, any mandatory regulatory disclosures regarding a security breach, unauthorized access to or disclosure of confidential information often lead to widespread negative publicity, which may cause our customers to lose confidence in the effectiveness of our data security measures.