(EDGAR Online via COMTEX) -- Item 2. Management's Discussion and Analysis of Financial Condition and Results of Operations. The following discussion and analysis of our financial condition and results of operations should be read in conjunction with (1) our consolidated financial statements and related notes appearing elsewhere in this Quarterly Report on Form 10-Q and (2) the audited consolidated financial statements and the related notes and Management's Discussion and Analysis of Financial Condition and Results of Operations for the fiscal year ended December 31, 2019 included in our Annual Report on Form 10-K, filed with the SEC on February 28, 2020. This Quarterly Report on Form 10-Q contains "forward-looking statements" within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act, and Section 21E of the Securities Exchange Act of 1934, as amended, or the Exchange Act. These statements are often identified by the use of words such as "anticipate," "believe," "continue," "could," "estimate," "expect," "intend," "may," "plan," "project," "will," "would" or the negative or plural of these words or similar expressions or variations and such forward-looking statements include, but are not limited to, statements with respect to our outlook; the impact of new accounting standards; deferred revenue; our business strategy, plans and objectives for future operations; our future financial and business performance and the uncertain negative impacts that COVID-19 may have on our business, financial condition, results of operations and changes in overall level of security software spending and volatility in the global economy. The events described in these forward-looking statements are subject to a number of risks, uncertainties, assumptions and other factors that could cause actual results and the timing of certain events to differ materially from future results expressed or implied by the forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those identified herein, and those discussed in the section titled "Risk Factors," set forth in Part II, Item 1A of this Quarterly Report on Form 10-Q and in our other SEC filings. You should not rely upon forward-looking statements as predictions of future events. Furthermore, such forward-looking statements speak only as of the date of this report. Except as required by law, we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements. Overview Rapid7 is a leading cyber security solutions provider, on a mission to make successful security tools and practices accessible to all. Rapid7 Insight Platform technology, expert services, and thought-leading research enables over 9,000 customers to improve their security programs so that they can safely advance and innovate. In the nearly 20 years that Rapid7 has been in business, security companies and trends have come and gone, while broader technology innovation continues to advance rapidly. Every company is now a technology company, and rampant innovation inevitably creates security risk. The migration of businesses to the cloud and ubiquitous connected devices present security teams with an increasingly complex, ever-changing, and unpredictable attack surface. We believe as cybersecurity challenges continue to rise exponentially, two key factors can prevent organizations from effectively managing their growing security exposure. First, the tools to manage complex security problems are often equally complicated to use. Second, there is a scarcity of cybersecurity professionals who are qualified to successfully manage these sophisticated tools. These two factors compound the difficulties that resource-constrained organizations face when attempting to minimize their security exposure, meet security compliance regulations and provide visibility to their leadership. The expanding divide between risk created through innovation and risk managed by security teams is called the Security Achievement Gap. We believe Rapid7 is uniquely positioned to improve how customer security challenges are addressed. Our solutions simplify the complex, allowing teams to more effectively reduce vulnerabilities, monitor malicious behavior, investigate and shut down attacks, and automate routine tasks. All of our solutions and services are built with and supported by the expertise of our dedicated team of security researchers and consultants, who bring knowledge of attacker behavior and emerging vulnerabilities directly to customers. We also continue to invest in further simplifying our technology to improve usability, lowering the barrier to managing security for teams and organizations who lack resources. While our security technology is the foundation of our mission to make successful security accessible to all, technology alone will not solve today's cybersecurity challenges. Our ongoing commitment to researching and partnering with the technology community helps to curb new security risks born through innovation. We are also investing in under-served, at risk communities, like non-profits and hospitals, to better understand their needs and make security technology and services accessible. By continuously improving our technology, stemming the creation of risk in the community, and making security more usable and accessible, Rapid7 aims to close the Security Achievement Gap. We market and sell our products and professional services to organizations of all sizes globally, including mid-market businesses, enterprises, non-profits, educational institutions and government agencies. Our customers span a wide variety of industries such as technology, energy, financial services, healthcare and life sciences, manufacturing, media and entertainment, Table of Contents retail, education, real estate, transportation, government and professional services. As of March 31, 2020, we had over 9,000 customers in 141 countries, including 45% of the Fortune 100. Our revenue was not concentrated with any individual customer and no customer represented more than 1% of our revenue for the three months ended March 31, 2020 or 2019. We sell our products and professional services through direct inside and field sales teams and indirect channel partner relationships. Our sales teams focus on both new customer acquisition as well as up-selling and cross-selling additional offerings to our existing customers. Our sales teams are organized by geography, consisting of the Americas; Europe, the Middle East and Africa (EMEA); and Asia Pacific (APAC), as well as by target organization size. Our highly technical sales engineers help define customer use cases, manage solution evaluations and train channel partners. In addition, we maintain a global channel partner network that complements our sales organization, particularly in EMEA, APAC and Latin America. Recent Developments Acquisition of Divvy Cloud Corporation On May 1, 2020, we acquired Divvy Cloud Corporation (DivvyCloud), a Cloud Security Posture Management (CSPM) company, for consideration of approximately $130.8 million in cash paid at closing, an aggregate of 200,596 shares of Rapid7's common stock to be issued to the founders of DivvyCloud in three equal annual installments beginning on the first anniversary of the closing date and $7.4 million in deferred cash payments. We also issued restricted stock units pursuant to our equity incentive plan with an aggregate fair market value of approximately $12.0 million to certain employees of DivvyCloud, subject to vesting conditions. Convertible Senior Notes On May 1, 2020, we issued $230.0 million aggregate principal amount of convertible senior notes due May 1, 2025 (collectively, the 2025 Notes). The total net proceeds from the offering, after deducting initial purchase discounts and estimated debt issuance costs, were approximately $223.2 million. The 2025 Notes are unsecured obligations and bear interest at a fixed rate of 2.25% per annum, payable semi-annually in arrears on May 1 and November 1 of each year, commencing on November 1, 2020. The 2025 Notes will mature on May 1, 2025, unless earlier converted, redeemed or repurchased. The Notes do not contain any financial covenants. The 2025 Notes are governed by an indenture between the Company, as issuer, and U.S. Bank National Association, as trustee (the 2025 Indenture).
In connection with the issuance of the 2025 Notes, we entered into capped call transactions with certain counterparties (the Capped Calls). We used $27.3 million of the net proceeds from the 2025 Notes to purchase the Capped Calls. The Capped Calls are expected to offset potential dilution to our common stock upon conversion of the 2025 Notes. The Capped Calls have an initial cap price of $93.88 per share (which initially represents a premium of 100% over the last reported sale price of our common stock on April 28, 2020), subject to certain adjustments.
Key Metrics We monitor the following key metrics to help us measure and evaluate the effectiveness of our operations: Three Months Ended March 31, 2020 2019 (dollars in thousands) Total revenue $ 94,340 $ 73,185 Year-over-year revenue growth 28.9 % 34.2 % Non-GAAP (loss) income from operations $ (3,933) $ 577 Operating cash flow $ (7,215) $ (13,566) As of March 31, 2020 2019 (dollars in thousands) Number of customers 9,024 7,934 Year-over-year customer growth 14 % 12 % Annualized recurring revenue (ARR) $ 350,884 $ 268,194 Year-over-year ARR growth 30.8 % 51.0 %
Total Revenue and Growth. We are focused on driving continued revenue growth through increased sales of our products and professional services to new and existing customers.
Three Months Ended March 31, 2020 2019 (in thousands) GAAP total gross profit $ 66,626 $ 53,212 Stock-based compensation expense 931 573 Amortization of acquired intangible assets 1,658 1,358 Non-GAAP total gross profit $ 69,215 $ 55,143 Three Months Ended March 31, 2020 2019 (in thousands) GAAP gross profit - products $ 66,293 $ 51,476 . . .
May 08, 2020
(c) 1995-2020 Cybernet Data Systems, Inc. All Rights Reserved