Commvault(CVLT) - 2025 Q4 - Annual Report

Part I Business Commvault provides cyber resiliency solutions for data protection and recovery across on-premises, hybrid, and multi-cloud environments, leveraging strategic partnerships and facing intense market competition Company Overview Commvault's core business provides cyber resiliency by protecting and recovering data and cloud-native applications across various deployment models and environments - Commvault's core business is providing customers with cyber resiliency by protecting and recovering their data and cloud-native applications from threats like ransomware[16] - Offerings are delivered through multiple models: self-managed software, software-as-a-service (SaaS), integrated appliances, or managed by partners, catering to on-premises, hybrid, and multi-cloud environments[16] Products Commvault Cloud is the main product, organized into three packages: Operational Recovery, Autonomous Recovery, and Cyber Recovery, with specialized offerings like Cleanroom Recovery and HyperScale X - The main product portfolio, Commvault Cloud, is organized into three packages: Operational Recovery (core backup and recovery), Autonomous Recovery (adds automation for disaster recovery), and Cyber Recovery (most comprehensive, adding threat scanning and clean data recovery)[19][20][21][22] - Specialized offerings include Cleanroom Recovery (isolated cloud recovery environment), HyperScale X (scale-out integrated appliance), Air Gap Protect (secure cloud storage), and Clumio Backtrack (rapid data reversion in Amazon S3)[23][24][25][26][29] Professional & Customer Support Services The company offers 24/7 global support, leveraging AI, and provides extensive services including technical consulting, recovery, education, and managed services - The company offers a wide range of services including 24/7 global real-time support, leveraging an AI-powered assistant named Arlie for faster resolutions[30] - Service offerings are extensive, covering technical consulting, recovery services, education and certifications, and managed services for data protection and cyber resilience[36] Strategic Relationships Commvault's strategy heavily relies on partnerships with technology leaders, distributors, resellers, OEMs, service providers, cloud hyperscalers, and cybersecurity firms, with Arrow being a key distribution channel - Commvault's strategy heavily relies on partnerships with technology leaders, distributors, resellers, OEMs, service providers, cloud hyperscalers (AWS, Google, Microsoft, Oracle), and cybersecurity firms[33][34][38][39][40] - A non-exclusive distribution agreement with Arrow Enterprise Computing Solutions is a key channel, accounting for approximately 35% of total revenues in fiscal 2025 and 36% in fiscal 2024[37] Competition The data protection and cyber resilience market is intensely competitive and highly fragmented, with primary competitors including Cohesity, Druva, Rubrik, and Veeam - The data protection and cyber resilience market is intensely competitive and highly fragmented[41] - Primary competitors include Cohesity, Druva, Rubrik, and Veeam. Some competitors have greater financial resources, name recognition, and larger installed customer bases[42][43] Technology, Intellectual Property and Proprietary Rights The company protects its intellectual property through trade secrets, patents, copyrights, and contracts, holding over 1,500 issued patents and 200 worldwide trademark registrations - The company relies on a combination of trade secrets, patents, copyrights, and contractual provisions to protect its intellectual property[47] - Commvault holds a robust portfolio of over 1,500 issued patents and over 200 worldwide trademark registrations and applications, covering areas like cyber resilience, data protection, and SaaS solutions[48] People As of March 31, 2025, Commvault had approximately 3,300 employees worldwide, with 37% in the United States and 63% internationally - As of March 31, 2025, Commvault had approximately 3,300 employees worldwide[52] - The workforce is globally distributed, with 37% in the United States and 63% located internationally[52] Information about our Executive Officers This section provides a table listing the company's executive officers as of May 2, 2025, including their names, ages, and positions Executive Officers as of May 2, 2025 | Name | Age | Position | | :--- | :--- | :--- | | Sanjay Mirchandani | 60 | President and Chief Executive Officer | | Jennifer DiRico | 40 | Chief Financial Officer | | Gary Merrill | 50 | Chief Commercial Officer | Risk Factors Commvault faces significant risks from intense industry competition, a heavy reliance on indirect sales channels like Arrow (35% of revenue), and global economic volatility. Key technological risks include potential system failures, cybersecurity incidents, and the challenges of interoperating with third-party systems. The company specifically disclosed a recent security incident involving a suspected nation-state actor in its Azure environment. Other material risks include challenges in its India operations (where 39% of its workforce resides), evolving data privacy regulations (GDPR, CCPA), potential impairment of its substantial goodwill balance, and the financial impact of changes in tax laws Risks Related to Our Business and Industry The cyber resiliency market is intensely competitive, with significant reliance on indirect sales channels and renewals, and the company recently completed a restructuring plan - The cyber resiliency market is intensely competitive and highly fragmented, with competitors that may have greater financial, technical, and sales resources[63][64] - Significant reliance on indirect sales channels, particularly the distributor Arrow, which accounted for approximately 35% of total revenues in fiscal 2025. Disruption to this relationship could materially harm business[68][70] - A significant portion of revenue comes from renewals of support and subscription agreements. Failure to renew these agreements on favorable terms could adversely impact financial performance[73][74] - The company completed a restructuring plan in fiscal 2025, which carries risks such as unexpected costs, adverse effects on employee morale, and failure to meet operational targets[95] Risks Related to our International Operations International sales, accounting for 46% of revenues, expose the company to foreign currency and geopolitical risks, with India operations posing specific challenges due to workforce concentration - International sales accounted for 46% of revenues in fiscal 2025, exposing the company to risks from differing legal, political, and economic conditions, as well as foreign currency fluctuations[111][112] - Operations in India are a key success factor but also a significant risk, with approximately 39% of employees located there. Risks include rising wage costs, intense competition for talent, and potential civil unrest or political instability[106] Risks Related to Technology and Security The company faces risks from IT system failures, cybersecurity incidents, including a suspected nation-state attack in its Azure environment, and reliance on third-party technology - The company is subject to IT system failures, network disruptions, and cybersecurity incidents. In February and April 2025, Microsoft notified the company of unauthorized activity within its Azure environment by a suspected nation-state threat actor[114][117] - Cybercriminals are leveraging AI to develop more sophisticated attacks, increasing the challenge of detection and prevention[115] - The company relies on third-party technology and infrastructure, such as Microsoft Azure. Any errors, disruptions, or failures in these third-party services could adversely affect Commvault's business and brand[122][123] Risks Related to Financial, Accounting, Regulatory, Tax, and Other Legal Matters The company is subject to global data privacy laws, potential changes in tax laws, and risks related to the impairment of its significant goodwill balance and corporate headquarters property - The company is subject to numerous global data privacy and protection laws (e.g., CCPA, GDPR), and failure to comply could result in costly legal action and reputational damage[127][128] - Changes in tax laws, such as the OECD's BEPS 2.0 project, could materially affect the company's financial position and increase its worldwide effective tax rate[131] - Goodwill represents a significant portion of assets ($185.3 million, or 17% of total assets as of March 31, 2025), and any future impairment could negatively impact results of operations[136] - An impairment charge of $2.9 million was recorded in fiscal 2025 related to the company's corporate headquarters, which is classified as held for sale. Additional charges may be required if the fair value declines further[137] Unresolved Staff Comments The company reports that it has no unresolved staff comments from the SEC - None[151] Cybersecurity Commvault maintains a cybersecurity program based on the NIST framework, overseen by a Chief Security Officer (CSO). The program, which is integrated into the company's enterprise risk management, includes policies and plans for incident response, disaster recovery, and business continuity. The Board's Audit Committee provides governance oversight with quarterly briefings. The company disclosed a recent security incident involving a suspected nation-state actor but stated it is not aware of any material impact to its business or financial condition to date Risk Management and Strategy The company's cybersecurity program, led by the CSO, leverages the NIST framework and includes comprehensive incident response, disaster recovery, and business continuity plans - The cybersecurity program is led by the Chief Security Officer (CSO) and leverages the National Institute of Standards and Technology (NIST) Cybersecurity Framework[152] - The company maintains a Security Incident Response Plan (SIRP), Crisis Management Plan, Disaster Recovery Plan, and Business Continuity Plan, and partners with third-party experts for monitoring and penetration testing[152] - In February and April 2025, Microsoft notified the company of unauthorized activity in its Azure environment by a suspected nation-state actor. The company activated its incident response plan and implemented enhanced security measures[154] Governance The Board of Directors oversees cybersecurity risks as part of enterprise risk management, with the Audit Committee receiving quarterly briefings from the CSO - The Board of Directors provides oversight of cybersecurity risks as part of its enterprise risk management strategy[155] - The Audit Committee of the Board receives quarterly briefings on the cybersecurity program from the CSO[155] Properties The company's principal facility is its owned corporate headquarters in Tinton Falls, New Jersey. A purchase and sale agreement for this property was signed in October 2024, with the sale expected to be completed in the first quarter of fiscal 2026. Upon closing, Commvault will lease back a portion of the premises. The company also maintains numerous other offices in the U.S. and internationally - The company signed a purchase and sale agreement in October 2024 to sell its corporate headquarters in Tinton Falls, New Jersey. The sale is expected to close in Q1 of fiscal 2026, after which the company will lease back a portion of the property[158] - Commvault has additional offices across the United States and in numerous countries throughout Europe, Asia, Africa, and the Americas[159] Legal Proceedings The company states that it is not currently party to any pending legal action that is reasonably expected to have a material adverse effect on its business or operating results - The company is not currently party to any pending legal action expected to have a material adverse effect on its business[160] Mine Safety Disclosures This item is not applicable to the company - Not Applicable[161] Part II Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Commvault's common stock is traded on The Nasdaq Stock Market under the symbol "CVLT". The company has never paid cash dividends and intends to retain future earnings for business growth. It maintains an active share repurchase program, having repurchased $29.8 million of its common stock in the fourth quarter of fiscal 2025. In April 2025, the Board of Directors increased the total available authorization for the repurchase program to $250.0 million - The company's common stock is listed on The Nasdaq Stock Market under the symbol "CVLT"[163] - Commvault has never paid cash dividends and does not anticipate paying any in the foreseeable future, intending to retain earnings to fund business growth[165] Share Repurchases for Q4 FY2025 | Period | Total Shares Purchased | Average Price Paid per Share | | :--- | :--- | :--- | | Jan 2025 | 62,963 | $157.92 | | Feb 2025 | 53,923 | $174.65 | | Mar 2025 | 65,250 | $160.32 | | Total Q4 | 182,136 | $163.73 | - As of March 31, 2025, $91.5 million remained available under the share repurchase program. On April 17, 2025, the Board increased the authorization so that $250.0 million was available[166] Management's Discussion and Analysis of Financial Condition and Results of Operations In fiscal 2025, total revenues grew 19% to $995.6 million, primarily driven by a 37% increase in subscription revenue, which now constitutes 59% of total revenue. This growth was fueled by a 74% increase in SaaS revenue. Operating income was $73.7 million, and net income was $76.1 million. The company's liquidity remains strong, with $302.1 million in cash and cash equivalents, primarily sourced from operations. Significant capital allocation activities during the year included two acquisitions (Appranix and Clumio) for $65.3 million and the repurchase of $165.0 million of common stock. Subsequent to year-end, the company refinanced and increased its revolving credit facility to $300 million Results of Operations Total revenues increased by 19% in fiscal 2025, driven by significant growth in subscription and SaaS revenues, while operating expenses also rose due to increased sales and marketing, R&D, and restructuring charges Fiscal 2025 vs. Fiscal 2024 Revenue Performance | Revenue Type | FY 2025 ($M) | FY 2024 ($M) | % Change | | :--- | :--- | :--- | :--- | | Subscription | $589.7 | $429.2 | 37% | | Perpetual license | $55.6 | $57.6 | -3% | | Customer support | $307.6 | $307.8 | 0% | | Other services | $42.7 | $44.7 | -4% | | Total revenues | $995.6 | $839.2 | 19% | - Subscription revenue growth was driven by a 74% increase in SaaS revenue and a 22% increase in term-based license revenue[204] - Sales and marketing expenses increased 22% to $434.1 million due to higher sales commissions, strategic go-to-market investments, and increased stock-based compensation[212] - Research and development expenses rose 11% to $146.3 million, primarily due to additional headcount from the Appranix and Clumio acquisitions[212] - Restructuring charges of $10.0 million were recorded in fiscal 2025 related to a plan initiated in fiscal 2024 to reorganize customer success functions[212] Liquidity and Capital Resources The company maintains strong liquidity with $302.1 million in cash, primarily from operations, and actively manages capital through share repurchases and a recently refinanced credit facility Summarized Cash Flow Information (in millions) | | FY 2025 | FY 2024 | | :--- | :--- | :--- | | Net cash provided by operating activities | $207.4 | $203.8 | | Net cash used in investing activities | ($70.4) | ($5.5) | | Net cash used in financing activities | ($147.8) | ($170.6) | - As of March 31, 2025, cash and cash equivalents were $302.1 million, with approximately $265.4 million held outside the United States[215] - During fiscal 2025, the company repurchased $165.0 million of common stock (approx. 1.2 million shares)[218] - On April 15, 2025, the company refinanced its credit facility, increasing its total borrowing capacity from $100 million to $300 million[217][400] Quantitative and Qualitative Disclosures About Market Risk The company's primary market risk is foreign currency risk, as international sales accounted for 46% of total revenue in fiscal 2025. The main exposures are to the Euro, Australian dollar, British pound, and other currencies. The company estimates that a hypothetical 10% adverse change in all foreign exchange rates would impact its annual operating profit by approximately $15.5 million. The company does not report any significant interest rate risk - The company reports no significant interest rate risk[228] - The primary market risk is foreign currency exposure, with 46% of sales in fiscal 2025 generated outside the United States[229] - A hypothetical 10% adverse change in all foreign exchange rates is estimated to impact annual operating profit by approximately $15.5 million[230] Financial Statements and Supplementary Data This section presents the company's audited consolidated financial statements for the fiscal years ended March 31, 2025, 2024, and 2023. It includes the independent auditor's report from Ernst & Young LLP, which provides an unqualified opinion. Key financial statements—Consolidated Balance Sheets, Statements of Operations, and Statements of Cash Flows—are detailed, along with comprehensive notes covering significant accounting policies, business combinations, revenue recognition, and other material financial information Consolidated Statements of Operations Summary (in thousands) | | FY 2025 | FY 2024 | FY 2023 | | :--- | :--- | :--- | :--- | | Total revenues | $995,619 | $839,247 | $784,590 | | Gross margin | $816,584 | $687,637 | $649,188 | | Income (loss) from operations | $73,738 | $75,355 | ($15,885) | | Net income (loss) | $76,106 | $168,906 | ($35,774) | | Diluted EPS | $1.68 | $3.75 | ($0.80) | Consolidated Balance Sheets Summary (in thousands) | | Mar 31, 2025 | Mar 31, 2024 | | :--- | :--- | :--- | | Cash and cash equivalents | $302,103 | $312,754 | | Total current assets | $635,057 | $595,126 | | Total assets | $1,118,266 | $943,913 | | Total current liabilities | $555,050 | $484,928 | | Total liabilities | $793,144 | $665,828 | | Total stockholders' equity | $325,122 | $278,085 | Consolidated Statements of Cash Flows Summary (in thousands) | | FY 2025 | FY 2024 | FY 2023 | | :--- | :--- | :--- | :--- | | Net cash provided by operating activities | $207,382 | $203,798 | $170,288 | | Net cash used in investing activities | ($70,400) | ($5,521) | ($5,286) | | Net cash used in financing activities | ($147,818) | ($170,581) | ($135,579) | Changes in and Disagreements With Accountants on Accounting and Financial Disclosure The company reports no changes in or disagreements with its accountants on any matter of accounting principles or practices, or financial statement disclosure - None[401] Controls and Procedures Management, including the CEO and CFO, evaluated the company's disclosure controls and procedures as of March 31, 2025, and concluded they were effective. Similarly, management's assessment of internal control over financial reporting, based on the 2013 COSO framework, found it to be effective. The company's independent registered public accounting firm, Ernst & Young LLP, has also issued an unqualified audit report on the effectiveness of the internal control over financial reporting - Management, including the CEO and CFO, concluded that the company's disclosure controls and procedures were effective as of March 31, 2025[402] - Based on the COSO framework, management concluded that the company's internal control over financial reporting was effective as of March 31, 2025[406] - No changes in internal control over financial reporting occurred during the fourth quarter of fiscal 2025 that materially affected, or are reasonably likely to materially affect, internal controls[407] Other Information This section discloses the adoption of Rule 10b5-1 trading plans by two members of the Board of Directors, Vivie Lee and Allison Pickens, in February 2025 for the future sale of company stock. No other directors or officers adopted, modified, or terminated such plans during the fourth quarter of fiscal 2025 - In February 2025, board members Vivie Lee and Allison Pickens each adopted a Rule 10b5-1 trading arrangement for the sale of company common stock[417][418] Disclosure Regarding Foreign Jurisdictions that Prevent Inspections This item is not applicable to the company - Not applicable[420] Part III Directors, Executive Officers and Corporate Governance Information required for this item is incorporated by reference from the company's definitive Proxy Statement for its 2025 Annual Meeting of Stockholders, which is expected to be filed within 120 days of the fiscal year-end - Information is incorporated by reference from the forthcoming 2025 Proxy Statement[422] Executive Compensation Information required for this item is incorporated by reference from the company's definitive Proxy Statement for its 2025 Annual Meeting of Stockholders - Information is incorporated by reference from the forthcoming 2025 Proxy Statement[423] Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters Information required for this item is incorporated by reference from the company's definitive Proxy Statement for its 2025 Annual Meeting of Stockholders - Information is incorporated by reference from the forthcoming 2025 Proxy Statement[423] Certain Relationships and Related Transactions, and Director Independence Information required for this item is incorporated by reference from the company's definitive Proxy Statement for its 2025 Annual Meeting of Stockholders - Information is incorporated by reference from the forthcoming 2025 Proxy Statement[424] Principal Accountant Fees and Services Information required for this item is incorporated by reference from the company's definitive Proxy Statement for its 2025 Annual Meeting of Stockholders - Information is incorporated by reference from the forthcoming 2025 Proxy Statement[425] Part IV Exhibits and Financial Statement Schedules This section lists the financial statements, which are included in Item 8, and notes that all financial statement schedules are omitted as they are not required or the information is included elsewhere. It also provides a list of exhibits filed with or incorporated by reference into the Form 10-K - This section contains a list of all exhibits filed with the Form 10-K, including governance documents, material contracts, and certifications[428][429] Form 10-K Summary The company indicates that there is no Form 10-K summary - None[431]