SideChannel (OTCQB: SDCH) outlines Enclave growth, R&D spend and capital risks
Rhea-AI Filing Summary
SideChannel, Inc. is a Delaware-based cybersecurity advisory and software company focused on mid-market and emerging businesses. It provides virtual Chief Information Security Officer (vCISO) services and cybersecurity software and services, including its proprietary Enclave platform for zero trust network segmentation and machine-identity-based access control.
For the year ended September 30, 2025, research and development spending was $562 thousand and selling and marketing expenses were $966 thousand, reflecting continued investment in Enclave and client acquisition. As of September 30, 2025, the company had 23 full-time employees and approximately 15 independent contractors, and an accumulated deficit of $20.7 million. Management believes existing cash will fund operations through at least December 2026, but the company may need additional capital, which could dilute existing stockholders.
SideChannel’s common stock trades on the OTCQB, with an aggregate market value of non‑affiliate common equity of approximately $5.0 million on March 31, 2025 based on a $0.04 share price and 231,229,054 shares outstanding as of December 17, 2025. The filing highlights intense competition from larger cybersecurity vendors, dependence on consulting and vCISO services, thin trading and penny stock status, warrant anti‑dilution provisions, and previously identified internal control weaknesses as key risks.
Positive
- None.
Negative
- None.
Insights
SideChannel grows cybersecurity platform but remains loss‑making and capital dependent.
SideChannel positions itself in the underserved mid‑market with vCISO services and its Enclave zero trust software. The company is spending to build this position: research and development totaled
Financially, SideChannel remains in an early‑stage profile. It reports an accumulated deficit of
On the market side, the stock trades on the OTCQB with non‑affiliate equity valued at about
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM
For
the Fiscal Year Ended
OR
For the transition period from ____ to ____
Commission
File Number:
(Exact name of registrant as specified in its charter)
State or other jurisdiction of incorporation or organization) |
I.R.S. Employer Identification No. |
(Address of principal executive offices) (Zip Code)
(Registrant’s telephone number, including area code)
Securities registered pursuant to Section 12(b) of the Act:
| Title of each class | Trading Symbol(s) | Name of each exchange on which registered | ||
| N/A | N/A | N/A |
Securities registered pursuant to Section 12(g) of the Act:
(Title of Class)
Indicate
by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐
Indicate
by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes
☐
Indicate
by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities
Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such
reports), and (2) has been subject to such filing requirements for the past 90 days.
Indicate
by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to
Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the
registrant was required to submit such files).
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company or an emerging growth company. See definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
| Large accelerated filer | ☐ | Accelerated filer | ☐ |
| ☒ | Small reporting company | ||
| Emerging growth company |
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate
by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness
of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered
public accounting firm that prepared or issued its audit report.
If
securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant
included in the filing reflect the correction of an error to previously issued financial statements.
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate
by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No
On
March 31, 2025, the last business day of the registrant’s most recently completed second fiscal quarter, the aggregate market value
of the common equity held by non-affiliates of the registrant was approximately $
As of December 17, 2025, there were shares of the issuer’s common stock, par value $ per share, outstanding.
Documents
Incorporated by Reference:
SIDECHANNEL, INC.
FORM 10-K ANNUAL REPORT
FOR THE FISCAL YEAR ENDED SEPTEMBER 30, 2025
TABLE OF CONTENTS
| PART I | |||
| ITEM 1. | BUSINESS | 4 | |
| ITEM 1A. | RISK FACTORS | 9 | |
| ITEM 1B. | UNRESOLVED STAFF COMMENTS | 24 | |
| ITEM 1C. | CYBERSECURITY | 24 | |
| ITEM 2. | PROPERTIES | 26 | |
| ITEM 3. | LEGAL PROCEEDINGS | 26 | |
| ITEM 4. | MINE SAFETY DISCLOSURES | 26 | |
| PART II | |||
| ITEM 5. | MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES | 27 | |
| ITEM 6. | [Reserved] | 27 | |
| ITEM 7. | MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS | 28 | |
| ITEM 7A. | QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK | 33 | |
| ITEM 8. | FINANCIAL STATEMENTS | 34 | |
| ITEM 9. | CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE | 56 | |
| ITEM 9A. | CONTROLS AND PROCEDURES | 56 | |
| ITEM 9B. | OTHER INFORMATION | 58 | |
| ITEM 9C. | DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS | 58 | |
| PART III | |||
| ITEM 10. | DIRECTORS, EXECUTIVE OFFICERS, AND CORPORATE GOVERNANCE | 59 | |
| ITEM 11. | EXECUTIVE COMPENSATION | 59 | |
| ITEM 12. | SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS | 59 | |
| ITEM 13. | CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE | 59 | |
| ITEM 14. | PRINCIPAL ACCOUNTANT FEES AND SERVICES | 59 | |
| PART IV | |||
| ITEM 15. | EXHIBITS AND FINANCIAL STATEMENT SCHEDULES | 60 | |
| SIGNATURES | 61 |
| 2 |
Except as otherwise required by the context, references to “SideChannel,” “SideChannel, Inc.,” the “Company,” “we,” “us” and “our” are to SideChannel, Inc., a Delaware corporation and its subsidiaries.
Forward-Looking Statements
This Annual Report on Form 10-K, including estimates, projections, statements relating to our business plans, objectives and expected operating results, and the assumptions upon which those statements are based, are “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995, Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These forward-looking statements generally are identified by the words “believe,” “project,” “expect,” “anticipate,” “estimate,” “intend,” “strategy,” “plan,” “may,” “should,” “will,” “would,” “will be,” “will continue,” “will likely result,” and similar expressions. Forward-looking statements are based on current expectations and assumptions that are subject to risks and uncertainties which may cause actual results to differ materially from the forward-looking statements. A detailed discussion of risks and uncertainties that could cause actual results and events to differ materially from such forward-looking statements is included in the section entitled “Item 1A. Risk Factors” (“Risk Factors”) and elsewhere in this Annual Report on Form 10-K. We undertake no obligation to update or revise publicly any forward-looking statements, whether because of new information, future events, or otherwise.
These forward-looking statements are based on management’s current expectations. These statements are neither promises nor guarantees, but involve known and unknown risks, uncertainties, and other important factors that may cause our actual results, performance, or achievements to be materially different from any future results, performance, or achievements expressed or implied by the forward-looking statements.
Although we believe that the assumptions underlying our forward-looking statements are reasonable, any of the assumptions could be inaccurate; therefore, we cannot assure you that the forward-looking statements included in this Annual Report on Form 10-K will prove to be accurate. Considering the significant uncertainties inherent in our forward-looking statements, the inclusion of such information should not be regarded as a representation by us or any other person that our objectives and plans will be achieved. Some of these and other risks and uncertainties that could cause actual results to differ materially from such forward-looking statements are more fully described in Risk Factors and elsewhere in this Annual Report on Form 10-K, or those discussed in other documents we filed with the Securities and Exchange Commission (“SEC”). Except as may be required by applicable law, we undertake no obligation to publicly update or advise of any change in any forward-looking statement, whether as a result of new information, future events, or otherwise. In making these statements, we disclaim any obligation to address or update each factor in future filings with the SEC or communications regarding our business or results, and we do not undertake to address how any of these factors may have caused changes to discussions or information contained in previous filings or communications. In addition, any of the matters discussed above may have affected our past results and may affect future results, so that our actual results may differ materially from those expressed in this Annual Report on Form 10-K and in prior or subsequent communications.
This information should be read in conjunction with the audited financial statements and the notes thereto included in this Annual Report on Form 10-K, and “Part II. Other Information - Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations”, contained in this Annual Report on Form 10-K.
We are not aware of any misstatements regarding any third-party information presented in this Annual Report on Form 10-K; however, these estimates, in particular, as they relate to projections, involve numerous assumptions, are subject to risks and uncertainties, and are subject to change based on various factors, including those discussed under, and incorporated by reference in, Risk Factors of this Annual Report on Form 10-K. These and other factors could cause our future performance to differ materially from our assumptions and estimates. Some market and other data included herein, as well as the data of competitors as they relate to SideChannel, is also based on our good faith estimates.
| 3 |
PART I
ITEM 1. BUSINESS
Business Overview & Strategy
SideChannel is a cybersecurity advisory services and software company. Our mission is to make cybersecurity simple and accessible for mid-market and emerging companies, a market that we believe is currently underserved. Our solutions provide effective cybersecurity risk management for our clients. We anticipate that our target customers will continue to need cost-effective security solutions. We continue to expand our catalogue of services and solutions to address the cybersecurity needs of our customers, including virtual Chief Information Security Officer (“vCISO”), cyber program strategy, zero trust, third-party risk management, compliance readiness, cloud security and architecture services, privacy, threat intelligence, managed end-point security solutions, and awareness and training.
Our Solutions
Our efforts are focused on protecting and enabling the critical business functions of our clients and customers through comprehensive cybersecurity programs. This specifically includes:
| ● | Deploying Enclave, a proprietary software product simplifying the important cybersecurity tasks of segmenting and securing digital networks, addressing the increased demand for remote worker technologies, and advancing zero trust strategies to better protect against threats such as ransomware and intrusions. | |
| ● | Embedding vCISOs as a fractional resource into the leadership teams of our clients. The role of vCISOs is becoming increasingly pivotal, especially among small and cloud-enabled companies. The flexibility and expertise offered by vCISOs make them an attractive option for companies facing budget constraints, needing to establish a robust security posture quickly, and overseeing increasingly complex regulatory environments. | |
| ● | Assessing, identifying, and mitigating cybersecurity and privacy risks through tech-enabled security engineering processes. We leverage AI-based security operations for post-detection actions, including alert prioritization, augmented threat detection/hunting, playbook creation, and automation of incident response processes. | |
| ● | Reselling third-party cybersecurity services and software when appropriate, expanding our offerings to include a full range of cybersecurity products and services delivered through our team of security engineers and a network of third-party service providers and value-added resellers (VARs). |
| 4 |
In the context of SideChannel’s offerings, Enclave is well-positioned to address these challenges faced by enterprises in achieving a zero trust environment:
| ● | Establishing a clear scope, |
| ● | Communicating success through strategic and operational metrics, and |
| ● | Anticipating increase in staffing and costs without delays. |
Enclave simplifies crucial cybersecurity tasks such as asset inventory, vulnerability management, and microsegmentation. By integrating access control, microsegmentation, encryption, machine identity management, and secure networking concepts into a unified solution, Enclave provides a comprehensive solution for managing cybersecurity controls effectively. It allows IT professionals to segment enterprise networks efficiently, allocate the right personnel to those segments, and direct traffic seamlessly. This alignment with zero trust principles ensures that organizations can enhance their security posture and achieve measurable risk reduction.
By combining zero trust network access with certificate management and machine identity, Enclave seamlessly creates a unified security architecture that eliminates traditional network vulnerabilities. This integration enables IT teams to enforce precise access policies based on verified machine identities. Certificate-based identities allow a simplified management for any certificate-based communication, while the zero trust framework continuously validates every connection attempt. This powerful combination delivers robust security without the typical management overhead, allowing organizations to implement sophisticated microsegmentation strategies with remarkable simplicity and minimal resource requirements.
We offer cybersecurity service solutions designed to address financial and espionage-driven breaches effectively, minimize end-user errors, and ensure rapid incident response. With the increase in data transmission and connected intelligent devices through the prevalence of Internet of Things, the scale of security risks and the attack surface are much larger. Our offerings in data security, application security, network security, security operations, and risk management position us to meet these challenges.
Further information about Enclave and our service offerings are available on our website (www.sidechannel.com).
Revenue Categories
We internally report our revenue using two categories:
| ● | vCISO Services: This category captures the revenue from the Chief Information Security Officer services that we provide to our clients on a “virtual” or outsourced basis. Embedded into the C-suite executive teams of our clients, our vCISOs deliver services including assessing the cybersecurity risk profile, implementing policies and programs to mitigate risks, and managing the day-to-day tasks to ensure compliance with the adopted cybersecurity framework. Most of our clients use our vCISO services. Engagements typically include a fixed monthly subscription fee and exceed 12 months because of renewal options of 1, 3, 6, or 12 months. | |
| ● | Cybersecurity Software and Services: This category encompasses an array of cybersecurity software and services that our clients deem necessary to protect their digital assets, including Enclave. These augment our vCISO offering and include a full range of other cybersecurity products and services delivered through a team of security engineers along with a network of third-party service providers and VARs. Commercial relationships with third-party service providers and VARs provide SideChannel with additional internal capabilities to mitigate cybersecurity risks. We earn licensing revenue from software contracts and commissions from third-party service provider partnerships which are included in this revenue category. |
| 5 |
Growth Strategy
Our growth strategy focuses on these three initiatives:
| ● | Increasing adoption of Enclave: By promoting Enclave and our other cybersecurity solutions to our existing vCISO clients, we aim to deepen our relationships and provide comprehensive, integrated security solutions. This supports the increased demand for zero trust strategies and remote worker technologies. |
| ● | Securing new vCISO Services Clients: As organizations plan to increase security investments due to breaches and the rising complexity of cyber threats, we aim to expand our client base by offering flexible, expert vCISO services that address budget constraints and the need for rapid security posture establishment. |
| ● | Adding new Cybersecurity Software and Services offerings: We plan to enhance our portfolio by incorporating transformational technologies such as AI-based security operations, data security posture management (“DSPM”), polymorphic encryption, cyber-physical system (“CPS”) security, and application security posture management (“ASPM”). This aligns with industry trends and the anticipated incremental spend on application and data security due to generative AI. |
Industry Standards and Compliance
Industry-standard cybersecurity and risk management frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework and Center for Internet Security Controls (“CIS”), prioritize inventory of assets and access control as top requirements for a sustainable and compliant cybersecurity program. The first three controls in CIS version 8 call for organizations to:
| ● | Critical Control 1: “Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data.” |
| ● | Critical Control 2: “Actively manage (inventory, track, and correct) all software (operating systems and applications) on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.” |
| ● | Critical Control 3: “Configure data access control lists based on a user’s need to know. Apply data access control lists, also known as access permissions, to local and remote file systems, databases, and applications.” |
We built Enclave to primarily address these three extremely critical cybersecurity controls along with other controls in CIS version 8. Enclave seamlessly combines access control, microsegmentation, encryption, and other secure networking concepts to create a comprehensive solution. Through software, it allows IT professionals to easily segment the enterprise network, place the right staff in those segments, and direct traffic. Unlike open, traditional models, Enclave allows for near-limitless micro-segmented networks to operate insulated from one another.
| 6 |
Company History
The Company was originally incorporated in the State of Texas on June 22, 1953, as American Mortgage Company. During 1996, the Company acquired the operations of Eden Systems, Inc. (“Eden”), which became a wholly owned subsidiary of the Company. Eden was engaged in water treatment and the retailing of cleaning products. Eden’s operations were sold on October 1, 1997. On May 16, 1996, the Company changed its name to National Scientific Corporation. From September 30, 1997, through the year ended September 30, 2001, the company aimed its efforts in the research and development of semiconductor proprietary technology and processes and in raising capital to fund its operations and research. Effective August 27, 2014, the Company changed its name to Cipherloc Corporation (“Cipherloc”) after it began engaging in cybersecurity software development. The Company redomiciled and became a Delaware corporation on September 30, 2021. A reverse merger was completed on July 1, 2022, between SCS, Inc., f.k.a. SideChannel, Inc. and Cipherloc. The combined entity changed its name to SideChannel, Inc., on July 5, 2022, and the acquiree is now named SCS, Inc. (“SCS”) and for accounting purposes, is a subsidiary of the Company.
Research and Development
Since Enclave is a proprietary software product, we classify all our software development activities to be research and development. The success of our software product, Enclave, depends on our ability to provide our customers with reliable, innovative features and benefits that are delivered before, or at least no later than, our competitors. When the demands of product development exceed the capacity or knowledge of our in-house staff, we retain temporary third-party consultants to assist us.
Our research and development expenditures for the fiscal years ended September 30, 2025, and September 30, 2024, were $562 thousand and $546 thousand, respectively. These costs were incurred primarily to develop Enclave.
Selling and Marketing
We use four primary sources to identify prospective clients for our services and products including Enclave:
| ● | Digital Marketing | |
| ● | Industry Events and Conferences | |
| ● | Direct Outreach | |
| ● | Referral Partners |
We continue enhancing our digital marketing tactics and expanding our online presence. A growing list of referral partners recommend SideChannel to their clients as the primary option to identify, assess, and mitigate cybersecurity risks. Certain referral partners receive a commission upon a referral becoming a SideChannel client.
As of September 30, 2025, we had three (3) employees dedicated to selling and marketing activities. Our selling and marketing expenditures for the fiscal years ended September 30, 2025, and September 30, 2024, were $966 thousand and $771 thousand, respectively.
| 7 |
Competition
The cybersecurity software and services market is highly competitive, subject to rapid change, and significantly affected by new product introductions and other activities of market participants.
Some of our competitors have greater financial, technical, sales, marketing, and other resources than we do. Because of these and other factors, competitive conditions in the markets we operate in are likely to continue to intensify in the future, as participants compete for market share. Increased competition could result in price reductions for our products and services, possibly reducing our net revenue and profit margins and resulting in a loss of our market share, any of which would likely harm our business.
We believe that our future results depend largely upon our ability to serve our clients and customers with the products and services described earlier better than our competitors, and by offering new services and product enhancements, whether such product and service offerings are developed internally or through acquisition. We also believe that we must provide product and service offerings that compete favorably against those of our competitors with respect to ease of use, reliability, performance, range of useful features, reputation and price.
We anticipate that we will face increasing pricing pressures from our competitors in the future. Since there are low barriers to entry into the cybersecurity services and software markets, we believe competition in these markets will persist and intensify in the future.
Our chief services competitors include companies such as Optiv, NCC, Coalfire, PwC, EY, Deloitte, and GuidePoint. Our primary software competitors are companies such as Check Point, Cisco, CrowdStrike, F5 Networks, HPE, Huawei, Illumio, Juniper, Microsoft, Netskope, Palo Alto Networks, SonicWALL, Sophos, and zScaler.
Intellectual Property
Protective Measures
We believe that our intellectual property is an important and vital asset, which enables us to develop, market, and sell our products and services and enhance our competitive position. Our intellectual property includes our proprietary business and technical know-how, inventions, works of authorship, and confidential information. To protect our intellectual property, we rely primarily upon legal rights in trade secrets, patents, copyrights, and trademarks, in addition to our policies and procedures, security practices, contracts, and relevant operational measures.
We protect the confidentiality of our proprietary information by entering into non-disclosure agreements with our employees, contractors, and other entities with which we do business. In addition, our license agreements related to our software and proprietary information include confidentiality terms. These agreements are generally non-transferable. We also employ access controls and associated security measures to protect our facilities, equipment, and networks.
Patents, Copyrights, Trademarks, and Licenses
Our products, particularly our software and related documentation, are protected under domestic and international copyright laws and other laws related to the protection of intellectual property and proprietary rights. Currently, we have six active patents registered with the U.S. Patent and Trademark Office. We employ procedures to label copyrightable works with the appropriate proprietary rights notices, and we actively enforce our rights in the United States and abroad. However, these measures may not provide us with adequate protection from infringement, and our intellectual property rights may be challenged.
Our SideChannel and Enclave logos are registered with the U.S. Patent and Trademark Office (“USPTO”). In the United States, we can maintain our trademark rights and renew trademark registrations for as long as the trademarks are in use.
| 8 |
Government Regulation
Export Control Regulations
We expect that all our products will be subject to U.S. export control laws and applicable foreign government import, export and/or use requirements. The level of such control generally depends on the nature of the products in question. Often, the level of export control is impacted by the nature of the software and cybersecurity incorporated into our products. In those countries where such controls apply, the export of our products may require an export license or authorization. However, even if a transaction qualifies for a license exception or the equivalent, it may still be subject to corresponding reporting requirements. For the export of some of our products, we may be subject to various post-shipment reporting requirements. Minimal U.S. export restrictions apply to all our products, whether or not they perform cybersecurity functions. If we become a Department of Defense prime contractor in the future, certain registration requirements may be triggered by our sales. In addition, certain of our products and related services may be subject to the International Traffic in Arms Regulations (ITAR) if our software or services are specifically designed or modified for defense purposes. If we become engaged in manufacturing or exporting ITAR-controlled goods and services (even if we do not export such items), we will be required to register with the U.S. State Department.
To date, Export Control Regulations have had no material impact on our business.
Enhancements to our existing products may be subject to review under the Export Administration Act to determine what export classification they will receive. In addition, any new products that we release in the future will also be subject to such review before we can export them. The U.S. Congress continues to discuss the correct level of export control in possible anti-terrorism legislation. Such export regulations may be modified at any time. Modifications to these export regulations could reduce or eliminate our ability to export some or all of our products from the United States in the future, which could put us at a disadvantage in competing with companies located outside of the U.S. Modifications to U.S. export regulations could restrict us from exporting our existing and future products. Any such modifications to export regulations may put us at a competitive disadvantage with respect to selling our products internationally.
Privacy Laws
We may be subject to various international, federal and state regulations regarding the treatment and protection of personally identifying and other regulated information. Applicable laws may include U.S. federal laws and implementing regulations, such as the GLBA and HIPAA, as well as state and international laws and regulations, including the California Consumer Privacy Act (CCPA) and the European Union General Data Protection Regulation (GDPR). Some of these laws have requirements on the transmittal of data from one jurisdiction to another. In the event our systems are compromised, many of these privacy laws require that we provide notices to our customers whose personally identifiable data may have been compromised. Additionally, if we transfer data in violation of these laws, we could be subjected to substantial fines. To mitigate the risk of having such data compromised, we use cybersecurity, software and other security procedures to protect our databases.
Personnel
As of September 30, 2025, we had 23 full-time employees. We also had approximately 15 independent contractors that provide services to us. We anticipate that we will need to increase our staffing in the foreseeable future.
ITEM 1A. RISK FACTORS
Our business, financial condition and results of operations and the market price for our common stock are subject to numerous risks, many of which are driven by factors that we cannot control or predict. An investment in our common stock involves a high degree of risk. You should carefully consider the following information about these risks, together with the other information contained in this Annual Report on Form 10-K, including the information regarding “Forward-Looking Statements” earlier in this Form 10-K immediately prior to Part I, Item 1 and “Part II, Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations,” before investing in our common stock. If any of the events anticipated by the risks described below occur, our results of operations and financial condition could be adversely affected, which could result in a decline in the market price of our common stock, causing you to lose all or part of your investment. Additional risks that we do not yet know of, or that we currently think are immaterial, may also affect our business and results of operations.
| 9 |
Risks Related to Our Common Stock
The market price for our common stock has been volatile, and you may not be able to sell our stock at a favorable price, or at all.
You should consider an investment in our common stock to be risky, and you should invest in our common stock and securities convertible into our common stock only if you can withstand a complete loss and wide fluctuations in the market value of your investment. Some factors that may cause the market price of our common stock to fluctuate, in addition to the other risks mentioned in this “Risk Factors” section and elsewhere are:
| ● | Sale of our common stock by our stockholders, executives, and directors; | |
| ● | Volatility in price and level of trading volumes of our shares of common stock; | |
| ● | Our ability to obtain financings to conduct and complete research and development activities and other business activities; | |
| ● | The timing and success of introductions of new products and services by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors; | |
| ● | Our ability to attract and retain new customers, clients, licensees, and resellers; | |
| ● | Changes in the development status of our products and services; | |
| ● | Changes in our capital structure, future issuances of securities, and sales of large blocks of common stock by our stockholders; | |
| ● | Our cash position; | |
| ● | Announcements and events surrounding financing efforts, including debt and equity securities; | |
| ● | Our inability to enter into new markets or develop new products and services; | |
| ● | Reputational issues; | |
| ● | Announcements of acquisitions, partnerships, collaborations, joint ventures, new products and services, capital commitments, or other events by us or our competitors; | |
| ● | Changes in industry conditions or perceptions; | |
| ● | Our ability to attract analysts to initiate research coverage and once obtained, having such analysts issue research reports, recommendations and any changes in recommendations, price targets, and withdrawals of coverage; | |
| ● | Departures and additions of key personnel; | |
| ● | Disputes and litigations related to intellectual properties, proprietary rights, and contractual obligations; | |
| ● | Changes in applicable laws, rules, regulations, or accounting practices and other dynamics; and | |
| ● | Other events or factors, many of which may be out of our control. |
In addition, if the market for stock of companies in our industry or industries related to our industry, or the stock market in general, experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, financial condition and results of operations. If any of the foregoing occurs, it could cause our stock price to fall and may expose us to lawsuits that, even if unsuccessful, could be costly to defend and a distraction to management.
| 10 |
Substantial sales of our common stock, or the perception that such sales might occur, could depress the market price of our common stock.
We cannot predict whether future issuances of our common stock, or resale of shares in the open market, will decrease the market price of our common stock. The consequence of any such issuances or resale of our common stock on our market price may be increased as a result of the fact that our common stock is thinly, or infrequently, traded. The exercise of any outstanding options, or the vesting of any restricted stock, that we may grant to directors, executive officers and other employees in the future, or the issuance of common stock in connection with acquisitions and other issuances of our common stock, may decrease the market price of our common stock.
Holders of our common stock have a risk of potential dilution if we issue additional shares of common stock in the future.
The exercise or conversion of stock options, warrants, preferred stock, or convertible securities will dilute the ownership percentage of our then existing stockholders. The dilutive effect of the exercise or conversion of these securities may adversely affect our ability to obtain additional capital. The holders of these securities may be expected to exercise or convert their securities when we are able to obtain additional equity capital on terms more favorable than these securities. On September 13, 2021, our stockholders approved an equity incentive plan authorized by our Board of Directors under which we may issue equity awards that may increase the number of outstanding shares of common stock. In the future, we may grant additional stock options, warrants, preferred stock or convertible securities.
The anti-dilutive rights of certain warrants could result in significant dilution to our existing stockholders and/or require us to issue a substantially greater number of shares, which may adversely affect the market price of our common stock.
The warrants to purchase 12,011,114 shares of our common stock issued to investors in a private placement transaction that closed on April 16, 2021, contain anti-dilution rights such that if we issue, or are deemed to have issued, common stock or common stock equivalents at a price less than the then exercise price of those warrants, the exercise price of those warrants will automatically be reduced to such lower value, and the number of shares of common stock issuable upon exercise thereafter will be adjusted proportionately, so that the aggregate exercise price payable upon exercise of such warrants is the same prior to and after such reduction in exercise price. As a result, the effect of the anti-dilution right may cause significant dilution to our other stockholders. All the 12,011,114 warrants will expire on April 16, 2026.
The warrants to purchase 8,332,439 shares of our common stock issuable upon exercise of warrants issued to the placement agent in the private placement include a weighted average anti-dilution right in the event we issue any shares of common stock or equivalents with a value less than the then exercise price. As a result, the effect of the anti-dilution right may cause significant dilution to our other stockholders. The triggering of the anti-dilution rights in the warrants issued in the private placement may result in such securities being exercisable for a reduced exercise price.
As of September 30, 2025, no anti-dilution triggers had occurred.
Certain warrants issued in 2021 inhibit our access to equity capital, if we should need it, which may limit our ability to grow and maintain our competitiveness.
The warrants we issued in the 2021 private placement described in Part II, Item 8, Financial Statements, Note 9, contain various provisions including, but not limited to, various price reset and anti-dilution provisions when new equity is issued in certain transactions including stock issued for cash at a price less than the $0.36 exercise price stated in the 2021 private placement warrants. These provisions inhibit our access to cash for the issuance of common stock which may limit our ability to compete in a very dynamic market through new investments in research and development or selling and marketing. We cannot predict the financial impact of the issuance of the warrants on our financial statements, specifically our balance sheet. We also cannot predict the financial impact of the various provisions included in the warrant agreements.
| 11 |
The purchase agreement related to our 2021 private placement includes covenants that we must comply with, or we may suffer potential monetary and other penalties.
The securities purchase agreement we entered into in connection with the recent private placement contains certain customary covenants. If we do not comply with these covenants, we will be in breach of our obligations under the securities purchase agreement, which may lead to exercise by the investors of the remedies available to them under the securities purchase agreement, which may cause a material impact upon our financial condition.
Our common shares are thinly traded, and in the future may continue to be thinly traded, and you may be unable to sell your shares at or near ask prices or at all, if you need to sell your shares to raise money or otherwise desire to liquidate such shares.
We cannot predict the extent to which an active public market for our common stock will develop or be sustained due to a number of factors, including the fact that we are a small company that is relatively unknown to stock analysts, stock brokers, institutional investors and others in the investment community that generate or influence sales volume, and that even if we came to the attention of such persons, they tend to be risk-averse and would be reluctant to follow an unproven company such as ours or purchase or recommend the purchase of our shares until such time as we become more seasoned and viable. As a consequence, there may be periods of several days or more when trading activity in our shares is minimal or non-existent, as compared to a seasoned issuer that has a large and steady volume of trading activity that will generally support continuous sales without an adverse effect on its share price. We cannot give you any assurance that a broader or more active public trading market for our common stock will develop or be sustained, or that even current trading levels will be sustained. You may be unable to sell your common stock at or above your purchase price, if at all, which may result in substantial losses to you. As a consequence of this lack of liquidity, the trading of relatively small quantities of shares by our stockholders may disproportionately influence the price of those shares in either direction. The price for our shares could, for example, decline precipitously in the event that a large number of our common shares are sold on the market without commensurate demand, as compared to a seasoned issuer that could better absorb those sales without adverse impact on its share price. As a consequence of this enhanced risk, more risk-averse investors may, under the fear of losing all or most of their investment in the event of negative news or lack of progress, be more inclined to sell their shares on the market more quickly and at greater discounts than would be the case with the stock of a seasoned issuer.
Future sales and issuances of our securities could result in additional dilution of the percentage ownership of our stockholders and could cause our share price to fall.
We expect that we will need significant additional capital in the future to continue our planned operations, including research and development, increased marketing, hiring new personnel, commercializing our products, and continuing activities as an operating public company. To the extent that we raise additional capital by issuing equity securities, our existing stockholders may experience substantial dilution. We may sell common stock, convertible securities or other equity securities in one or more transactions, at prices and in a manner that we determine from time to time, in our discretion. If we sell common stock, convertible securities or other equity securities in more than one transaction, investors may be materially diluted by subsequent sales. Such sales may also result in material dilution to our existing stockholders, and new investors could gain rights superior to our existing stockholders.
| 12 |
Our common stock is subject to restrictions on sales by broker-dealers and penny stock rules, which may be detrimental to investors.
Our common stock is subject to Rules 15g-1 through 15g-9 under the Securities Exchange Act of 1934, as amended (the “Exchange Act”), which impose certain sales practice requirements on broker-dealers who sell our common stock to persons other than established customers and “accredited investors” (as defined in Rule 501(a) of the Securities Act of 1933, as amended (the “Securities Act”)). For transactions covered by this rule, a broker-dealer must make a special suitability determination for the purchaser and receive the purchaser’s written consent to the transaction prior to the sale. This rule adversely affects the ability of broker-dealers to sell our common stock and holders of our common stock to sell their shares of our common stock.
Additionally, our common stock is subject to SEC regulations applicable to “penny stocks.” Penny stocks include any non-Nasdaq equity security that has a market price of less than $5.00 per share, subject to certain exceptions. The regulations require that, prior to any non-exempt buy/sell transaction in a penny stock, a disclosure schedule proscribed by the SEC relating to the penny stock market must be delivered by a broker-dealer to the purchaser of such penny stock. This disclosure must include the amount of commissions payable and the current price quotations for our common stock. The regulations also require that monthly statements be sent to holders of a penny stock that disclose recent price information for the penny stock and information regarding the limited market for penny stocks. These requirements adversely affect the market liquidity of our common stock.
Because our common stock is quoted on the OTCQB instead of a national exchange, our investors may have difficulty selling their stock or may experience negative volatility on the market price of our common stock.
Our common stock is quoted on the OTCQB Market, operated by the OTC Markets Group. The OTCQB is often highly illiquid, in part because it does not have a national quotation system by which potential investors can follow the market price of shares, except through information received and generated by a limited number of broker-dealers that make markets in particular stocks. There is a greater chance of volatility for securities that trade on the OTCQB, as compared to a national exchange or quotation system. This volatility may be caused by a variety of factors, including the lack of readily available price quotations, the absence of consistent administrative supervision of bid and ask quotations, lower trading volume, and market conditions. Investors in our common stock may experience high fluctuations in the market price and volume of the trading market for our securities. These fluctuations, when they occur, have a negative effect on the market price for our securities. Accordingly, our stockholders may not be able to realize a fair price for their shares when they determine to sell them or may have to hold them for a substantial period of time until the liquidity of the market for our common stock improves.
Our charter allows us to issue “blank check” preferred stock and establish its terms, conditions, rights, powers and preferences without stockholder approval.
Pursuant to our certificate of incorporation, our Board of Directors has the authority to issue up to 10 million shares of “blank check” preferred stock and to determine the price, rights, preferences, privileges, and restrictions, including voting rights, of those shares without any additional vote or action by our stockholders. Because our Board of Directors can designate the terms, conditions, rights, powers, and preferences of the preferred stock without the vote of a majority of our stockholders, our stockholders will have no control over what designations and preferences our preferred stock will have. The issuance of shares of preferred stock, or the rights associated therewith, could cause substantial dilution to our existing stockholders. Additionally, the dilutive effect of any preferred stock that we may issue may be exacerbated given the fact that such preferred stock may have voting rights, liquidation and/or other rights or preferences that could provide the preferred stockholders with substantial voting control over us and/or give those holders the power to prevent or cause a change in our control. As a result, the issuance of shares of preferred stock may cause the value of our common stock to decrease.
| 13 |
We have never paid or declared any dividends on our common stock.
We do not anticipate paying dividends or distributions on our common stock. Any future dividends on our common stock will be declared at the discretion of our Board of Directors and will depend on, among other things, our earnings, our financial requirements for future operations and growth, and other facts as we may then deem appropriate. Since we do not anticipate paying cash dividends on our common stock, return on your investment, if any, will depend solely on an increase, if any, in the market value of our common stock.
If securities or industry analysts do not initiate research coverage on us and, if initiated, fail to publish research or reports, or publish unfavorable research or reports, about our business, our stock price and trading volume may decline.
The trading market for our common stock will rely in part on the research and reports that industry or financial analysts publish about us, our business, our markets, and our competitors. We do not currently have any securities or industry analysts that have initiated research coverage on our business. When any securities or industry analysts initiate research coverage on our business, we will not control these analysts. If securities analysts do not cover our common stock, the lack of research or other coverage may adversely affect the market price and decrease the trading volume of our common stock. Furthermore, if one or more of the analysts who do cover us downgrade our stock, or if those analysts issue other unfavorable commentary about us or our business, our stock price would likely decline. If one or more of these analysts cease coverage of us or fails to regularly publish reports on us, we could lose visibility in the market, and interest in our stock could decrease, which in turn could cause our stock price or trading volume to decline and may also impair our ability to expand our business and attract new clients and customers to purchase our cybersecurity products and services.
The sale of shares of our common stock by our directors and officers may adversely affect the market price for our common stock.
Sales of significant amounts of shares of common stock by our officers and directors, or the prospect of such sales, could adversely affect the market price of our common stock. Our management’s stock ownership may discourage a potential acquirer from making a tender offer or otherwise attempting to obtain control of us, which in turn could reduce our stock price or prevent our stockholders from realizing a premium over our stock’s market price.
The ability of our executive officers and directors to control our business may limit or eliminate other stockholders’ ability to influence corporate affairs.
As of September 30, 2025, our Executive Leadership Team (“ELT”) and Directors owned approximately 46.4% of the Company’s total issued and outstanding shares. Because of this voting control through share ownership by the ELT and Directors, these individuals, acting as a group, have significant influence over corporate actions requiring a shareholder vote, including the selection of our Directors, who in turn approve all executive officers, authorizing change-in-control transactions, amendments to our Articles of Incorporation, and other significant corporate matters. The interests of our ELT and Directors may differ from the interests of other stockholders with respect to the issuance of shares, business transactions with or sales to other companies, selection of future officers and directors and other business decisions. The minority stockholders will have no way of overriding the decisions made by our ELT and Directors acting as a group.
Risks Related to Our Industry
Economic uncertainty may pressure our customers to reduce their IT and cybersecurity spending.
Worsening economic conditions, including inflation, recession, pandemic, or other changes in economic conditions, may cause lower IT spending and adversely affect our results of operations. If demand for computing power, PCs, servers, and other computing devices declines, or consumer or business spending for those products declines, our results of operations could be adversely affected. Our product distribution system relies on our partner and network. The impact of economic conditions on our partners, such as the bankruptcy of one of our partners could adversely affect our financial condition and results of operations.
Challenging economic conditions also may impair the ability of our customers to pay for products and services they have purchased. As a result, allowances for doubtful accounts and write-offs of accounts receivable may increase.
| 14 |
Current global financial conditions have been characterized by increased volatility, which could negatively impact our business, prospects, liquidity and financial condition.
Global financial conditions continue to be marked by significant volatility, rising interest rates, inflationary pressures, and tightening credit markets. These factors may negatively affect customer budgets, delay technology investments, and reduce demand for our cybersecurity products and services. Market instability could also restrict our access to capital, increase borrowing costs, and limit our liquidity or operational flexibility. In addition, periods of financial stress often coincide with heightened cybersecurity risks, as organizations with constrained resources may defer security upgrades or reduce cyber defense spending. Sustained volatility or an extended economic downturn could materially and adversely impact our business operations, financial performance, and long-term growth prospects.
Inflation and geo-political events increase the risk that we are unable to achieve and maintain profitable operations.
A disruption or failure of our systems, operations, or supply chain because of a major earthquake, weather event, cyberattack, terrorist attack, pandemic, or other catastrophic event could cause delays in completing sales, providing services, or performing other critical functions. A catastrophic event that results in the destruction or disruption of any of our critical business or systems, or the infrastructure or systems they rely on, such as power grids, could harm our ability to conduct normal business operations or adversely affect our results of operations. Providing our customers with more services and solutions in the cloud puts a premium on the resilience of our systems and strength of our business continuity management plans and magnifies the potential negative consequences of prolonged service outages.
Abrupt political change, terrorist activity, and armed conflict, such as the ongoing conflict in Ukraine, pose economic and other risks, which may negatively impact our ability to sell to and collect from customers, increase our operating costs, or otherwise disrupt our operations in markets both directly and indirectly impacted by such events. These conditions also may add uncertainty to the timing and budget for technology investment decisions by our customers and may cause supply chain disruptions for hardware manufacturers. Geopolitical change may result in changing regulatory systems and requirements and market interventions that could impact our operating strategies, access to national, regional, and global markets, hiring, and profitability. Geopolitical instability may lead to sanctions and impact our ability to do business in some markets or with some public-sector customers. Any of these changes could adversely affect our results of operations. Changes in geopolitical conditions also increase the security risks described elsewhere in these risk factors.
The occurrence of regional epidemics or a global pandemic, such as COVID-19, could adversely affect our business, operations, financial condition, and results of operations. The extent to which global pandemics impact our business going forward will depend on factors such as the duration and scope of the pandemic; governmental, business, and individuals’ actions in response to the pandemic; and the impact on economic activity, including the possibility of recession or financial market instability. Measures to contain a global pandemic may intensify other risks described in these Risk Factors.
Risks Related to Our Financial Position and Need for Capital
We have incurred net losses and may never achieve profitability.
Our likelihood of success must be considered in light of the problems, expenses, difficulties, complications and delays frequently encountered in connection with development of a new business enterprise. Our accumulated deficit as of September 30, 2025, was $20.7 million.
We cannot assure our current stockholders or future investors that that any of our new products and services currently under development will be successfully commercialized, and the extent of our future losses and the timing of any possible profitability, if ever achieved, are highly uncertain. If we are unable to achieve profitability, we may, at any time, be unable to continue our operations.
Our ability to continue as a going concern may depend upon our ability to raise additional capital and such capital may not be available on acceptable terms, or at all.
We currently believe that our available cash will allow us to fund our operations through at least December 2026. Nevertheless, we may need to raise additional capital to fund operating losses, support future expansion, develop new or enhanced products and services, hire employees, respond to competitive pressures, acquire technologies, or respond to unanticipated events or requirements before then. Our management’s plans include attempting to improve our profitability and our ability to generate sufficient cash flow from operations to meet our operating needs on a timely basis, obtaining additional working capital funds through equity and debt financing arrangements, and restructuring on-going operations to eliminate inefficiencies and reduce our expenses. However, we are not assured that these plans and arrangements will be sufficient to fund our ongoing capital expenditures, working capital, and other requirements. The outcome of these actions cannot be predicted at this time. There can be no assurance that any additional financings will be available to us on satisfactory terms and conditions, if at all. If adequate funds are not available on acceptable terms, we may be unable to develop or enhance our products and services, take advantage of future opportunities or respond to competitive pressures or unanticipated requirements, any of which could have a material adverse effect on our business, financial condition and operating results. If we raise additional funds through the issuance of equity securities, or convertible debt, the percentage ownership of our stockholders will be reduced, and holders may experience dilution in net book value per share.
| 15 |
The amount of capital we may need depends on many factors, including the progress, timing, scope and market acceptance of our product development programs; the time and cost required to obtain any necessary regulatory approvals; the possibility of litigation; our ability to enter into and maintain collaborative, licensing and other commercial relationships; and our ability to secure commitment of time and resources from third parties to the development and commercialization of our products.
The capital markets have been unpredictable for unprofitable companies such as ours. The amount of capital that we may be able to raise depends on variables that are beyond our control. As a result, we may not be able to secure financing on terms acceptable to us, or at all. Even if we are able to consummate a financing arrangement, the amount raised may not be sufficient to meet our future needs. If adequate funds are not available on acceptable terms, or at all, our business, including our results of operations, financial condition and our continued viability will be materially adversely affected.
If we can raise additional funding, we may be required to do so on terms that are dilutive to our stockholders.
Our future issuances of new equity will dilute the ownership percentage of our existing stockholders. The extent of such dilution will depend on the number of shares issued. Neither the amount of funds that may be received in such equity financing, nor the price per share of our equity securities issued are known at this time.
We will continue to incur increased costs as a result of being a reporting company and, given our limited capital resources, such additional costs may have an adverse impact on our profitability.
We are a Securities Exchange Act of 1934 (the “Exchange Act”) reporting company, meaning that we report certain required material financial information with the Securities and Exchange Commission (“SEC”). The rules and regulations under the Exchange Act require reporting companies to provide periodic reports with interactive data files, which require that we engage legal, accounting and auditing professionals, and XBRL (eXtensible Business Reporting Language) and EDGAR (Electronic Data Gathering, Analysis, and Retrieval) service providers. The engagement of such services can be costly, and we may continue to incur additional financial losses, which may adversely affect our ability to continue as a going concern. In addition, the Sarbanes Oxley Act of 2002, as well as a variety of new related and unrelated rules implemented by the SEC, have required changes in corporate governance practices and generally increased the disclosure requirements of public companies. For example, as a result of being a reporting company, we are required to file periodic and current reports and other information with the SEC, and we are adopting and revising policies regarding disclosure controls and procedures, including internal controls over financial reporting.
The additional costs we continue to incur in connection with being a reporting company (expected to be approximately seven to eight hundred thousand dollars per year) will continue to further stretch our limited capital resources. Due to our limited resources, we have to allocate resources away from other productive uses in order to continue to comply with our obligations as an SEC reporting company. Further, there is no guarantee that we will have sufficient resources to continue to meet our reporting and filing obligations with the SEC as they come due.
We may apply working capital and future funding to uses that ultimately do not improve our operating results or increase the market price of our securities.
In general, we have complete discretion over the use of our working capital and any new investment capital we may obtain in the future that has no dedicated use of proceeds. Because of the number and variety of factors that could determine our use of funds, our ultimate expenditure of funds (and their uses) may vary substantially from our current intended operating plan for such funds.
We intend to use existing working capital and future funding to support the development of our products and services, the expansion of our marketing, or the support of operations to educate the end users of the software we sell. We will also use capital for market and network expansion, acquisitions, and general working capital purposes. However, we do not have more specific plans for the use and expenditure of our capital. Our management has broad discretion to use any or all of our available capital reserves. Our capital could be applied in ways that do not improve our operating results or otherwise increase the market value of a stockholder’s shares.
Risks Related to our Business and Results of Operations
We depend significantly upon the continued involvement of our present management and on our ability to attract and retain talented employees.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, any failure to have in place and execute an effective succession plan for key executives or delays in hiring required personnel, particularly in engineering, sales and marketing, may seriously harm our business, financial condition and results of operations. From time to time, we experience turnover in our management-level personnel. None of our key employees has an employment agreement for a specific term, and any of our employees may terminate their employment at any time. Our ability to continue to attract and retain highly skilled personnel will be critical to our future success.
Competition for highly skilled personnel is frequently intense, especially for qualified sales, support and engineering employees in cybersecurity software and services and especially in the locations where we have a substantial presence and need for highly skilled personnel, such as software engineers and advanced cybersecurity engineers. We may not be successful in attracting, assimilating or retaining qualified personnel to fulfill our current or future needs. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information. Changes in immigration laws, including changes to the rules regarding H1-B visas, may also harm our ability to attract personnel from other countries. Our inability to hire properly qualified and effective sales, support and engineering employees could harm our growth and our ability to effectively support growth.
We rely on third-party software for certain essential financial and operational services. Failure, outages or disruption in services, systems and infrastructure supplied by third parties could negatively affect our business, financial condition and financial results.
We currently incorporate, and will in the future incorporate, technology that we license from third parties, including software, into our solutions. We cannot be certain that our licensors will continue to be available to us or in the market in general. Some of our agreements with our licensors may be terminated by them for convenience or otherwise provide for a limited term. If we are unable to continue to license technology or if we are unable to continue our license agreements with our third-party licensors or enter into new licenses on commercially reasonable terms, our ability to develop and sell solutions and services containing or dependent on that technology would be limited, and our business could be harmed. Additionally, if we are unable to license technology from third parties, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and may require us to use alternative technology of lower quality or performance standards. This could limit or delay our ability to offer new or competitive solutions and increase our costs. As a result, our margins, market share, and results of operations could be significantly harmed.
| 16 |
We previously identified material weaknesses in our disclosure controls and procedures and internal control over financial reporting. If not remediated, our failure to establish and maintain effective disclosure controls and procedures and internal control over financial reporting could result in material misstatements in our financial statements and a failure to meet our reporting and financial obligations, each of which could have a material adverse effect on our financial condition and the trading price of our common stock.
Maintaining effective internal control over financial reporting and effective disclosure controls and procedures are necessary for us to produce reliable financial statements. Our disclosure controls and procedures and internal controls over financial reporting are currently ineffective and have in the past been subject to material weaknesses. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis. A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
We cannot assure you that additional material weaknesses will not arise in the future. The development of new material weaknesses in our internal control over financial reporting, could result in material misstatements in our financial statements and cause us to fail to meet our reporting and financial obligations, which in turn could have a material adverse effect on our financial condition and the trading price of our common stock, and/or result in litigation against us or our management.
If our estimates, assumptions, or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.
If we do not effectively manage our growth, our business resources and systems may become strained, and we may be unable to increase revenue growth.
If we do not effectively manage our growth, our operations, systems, and resources may become overextended, leading to inefficiencies and diminished performance. Rapid expansion can strain our infrastructure, challenge internal controls, and limit management’s ability to maintain operational discipline and quality standards. Inadequate integration of new customers, employees, or technologies could disrupt service and software delivery. Additionally, failing to scale our systems or workforce in line with growth may prevent us from meeting demand, containing costs, or achieving strategic objectives. Such challenges could materially and adversely affect our revenue growth, operating results, and long-term competitiveness.
Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.
Increased market awareness of our capabilities and products and increased lead generation are essential to our continued growth and our success in all our markets, particularly the market for sales to large businesses, service providers and government organizations. While we have increased our investments in sales and marketing, it is not clear that these investments will continue to result in increased revenue. If our investments in additional sales personnel or our marketing programs are not successful in continuing to create market awareness of our company and products or increasing lead generation, in growing billings for our broad product suite or if we experience turnover and disruption in our sales and marketing teams, we may not be able to achieve sustained growth, and our business, financial condition and results of operations may be adversely affected.
If we do not effectively expand and train our direct sales force, we may be unable to add new customers or retain and increase sales to our existing customers, and our business will be adversely affected.
We depend on our direct sales force to obtain new customers or retain and increase sales with existing customers. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining enough sales personnel, particularly in international markets. There is significant competition for sales personnel with the skills and technical knowledge that we require. New hires require significant training and may take significant time before they achieve full productivity, and this delay is accentuated by our long sales cycles. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, a large percentage of our sales force is new to our company and selling our solutions, and therefore this team may be less effective than our more seasoned sales personnel. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. If we are unable to hire and train enough effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or increasing sales to our existing customer base, our business and results of operations will be adversely affected.
Our future revenue and operating results will depend significantly on our ability to retain clients and customers and the ability to add new clients and customers. Any decline in our retention rates or failure to add new clients and customers will harm our business prospects and operating results.
Our future revenue and operating results depend significantly on our ability to retain existing clients and attract new ones. Competitive pressures, evolving customer expectations, pricing dynamics, and changes in technology preferences could negatively affect our retention rates and sales performance. If we fail to maintain strong client relationships, effectively demonstrate value, or expand our customer base, our growth opportunities and recurring revenue streams may decline. Any sustained decrease in client retention or delays in acquiring new customers could adversely affect our business prospects, financial performance, and overall market position.
Our growth depends in part on the success of our strategic relationships with third parties.
Our growth depends in part on the strength and success of our strategic relationships with third parties, including technology providers, resellers, and service partners. If these partners fail to meet performance expectations, modify their business objectives, or terminate agreements, our ability to deliver products and expand into new markets could be hindered. Dependence on third parties also limits our control over key aspects of service delivery, pricing, and customer experience. Any disruptions, misalignments, or loss of these relationships could negatively affect our revenue growth, market reach, and competitive position.
| 17 |
If we experience a decline in billing, delays and/or defaults in payments, we could be unable to recover all expenditures, and our operating margins may decline.
We may experience slowing growth or a decrease in billings, revenue, operating margin and free cash flow for a number of reasons, including a slowdown in pipeline growth or for demand for our products or services generally, a shift in demand from products to services, decrease in services revenue growth, increased competition, execution challenges including sales execution challenges and lack of optimal sales productivity, worldwide or regional economic challenges based on inflation or possible stagflation, a regional recession or a recession in the global economy, changing interest rates, the war in Ukraine, a decrease in the growth of our overall market or softness in demand in certain geographies or industry verticals, such as the service provider industry, changes in our strategic opportunities, execution risks, lower sales productivity and our failure for any reason to continue to capitalize on sales and growth opportunities due to other risks identified in the risk factors described in this periodic report. Our expenses as a percentage of total revenue may be higher than expected if our revenue is lower than expected. If our investments in sales and marketing and other functional areas do not result in expected billings and revenue growth, we may experience margin declines. In addition, we may not be able to sustain our historical profitability levels in future periods if we fail to increase billings, revenue or deferred revenue, and do not appropriately manage our cost structure, free cash flow, or encounter unanticipated liabilities. As a result, any failure by us to maintain profitability and margins and continue our billings, revenue and free cash flow growth could cause the price of our common stock to materially decline.
We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position. We may lose market share to our competitors, which could adversely affect our business, financial condition, and results of operations.
The market for network security products is intensely competitive and dynamic, and we expect competition to continue to intensify. We face many competitors across the different cybersecurity markets. Our competitors include companies such as Check Point, Cisco, CrowdStrike, F5 Networks, HPE, Huawei, Illumio, Juniper, Microsoft, Netskope, Palo Alto Networks, SonicWALL, Sophos, and zScaler. Some of our existing and potential competitors enjoy competitive advantages such as: greater name recognition and/or longer operating histories; larger sales and marketing budgets and resources; broader distribution and established relationships with distribution partners and end-customers; access to larger customer bases; greater customer support resources; greater expertise in certain single point solutions; greater resources to make acquisitions; stronger U.S. government relationships; lower labor and development costs; and substantially greater financial, technical and other resources.
In addition, certain of our larger competitors have broader product offerings, and leverage their relationships based on other products or incorporate functionality into existing products in a manner that discourages customers from purchasing our products. These larger competitors often have broader product lines and market focus and are in a better position to withstand any significant reduction in capital spending by end-customers in these markets. Therefore, these competitors will not be as susceptible to downturns in a particular market. Also, many of our smaller competitors that specialize in providing protection from a single type of security threat are often able to deliver these specialized security products to the market more quickly than we can.
Conditions in our markets could change rapidly and significantly because of technological advancements or continuing market consolidation. Our competitors and potential competitors may also be able to develop products or services, and leverage new business models, that are equal or superior to ours, achieve greater market acceptance of their products and services, disrupt our markets, and increase sales by utilizing different distribution channels than we do. For example, certain of our competitors are focusing on delivering security services from the cloud which include cloud-based security providers, such as CrowdStrike and Zscaler. In addition, current or potential competitors may be acquired by third parties with greater available resources, and new competitors may arise pursuant to acquisitions of network security companies or divisions. As a result of such acquisitions, competition in our market may continue to increase and our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisition or other opportunities more readily, or develop and expand their product and service offerings more quickly than we do. In addition, our competitors may bundle products and services competitive with ours with other products and services. Customers may accept these bundled products and services rather than separately purchasing our products and services. As our customers refresh the security products bought in prior years, they may seek to consolidate vendors, which may result in current customers choosing to purchase products from our competitors on an ongoing basis. Due to budget constraints or economic downturns, organizations may be more willing to incrementally add solutions to their existing network security infrastructure from competitors than to replace it with our solutions. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer customer orders, reduced revenue and gross margins and loss of market share.
| 18 |
We have limited experience with some of our pricing models, particularly for our newer products and solutions as well as bundled sales of our products and solutions, and we may not accurately predict the long-term rate of paying customer adoption or renewal, or the impact these will have on our revenue or results of operations.
We have limited experience with some of our pricing models, especially for newer or bundled offerings, and may not accurately predict their long-term performance or customer adoption. Changes in customer usage, market expectations, or competitive dynamics could lead to revenue fluctuations or lower-than-expected renewals. Inflexible billing systems, evolving consumption patterns, or misaligned pricing structures may also impact our ability to forecast growth or maintain profitability. If we fail to optimize or correctly anticipate the financial impact of our pricing strategies, our revenue stability and operating results could be materially affected.
Competitive pricing pressure may reduce our gross profits and adversely affect our financial results.
The cybersecurity market is highly competitive, and pricing pressure from both established and emerging competitors may reduce our gross profit margins. Many providers are lowering prices to gain market share or appeal to budget-conscious customers, which can erode profitability across the industry. As customers increasingly evaluate offerings based on cost and perceived value, we may be required to adjust our pricing or offer additional incentives to remain competitive. If we cannot effectively differentiate our solutions or maintain pricing discipline while preserving quality, our revenue, gross margins, and overall financial results could be adversely affected.
Our largest revenue stream is providing consulting services. If we are unable to attract and retain qualified personnel, our business could be harmed.
Our consulting services represent a significant source of revenue, and our success depends on attracting, developing, and retaining highly qualified professionals. The cybersecurity industry faces a well-documented shortage of skilled talent, driving intense competition for experienced consultants. If we cannot hire or retain personnel with the necessary technical expertise or industry certifications, we may be unable to deliver projects on time, maintain service quality, or meet client expectations. High turnover, increased labor costs, or resource constraints could also reduce our consulting capacity and profitability. Any inability to sustain a skilled workforce may adversely affect our growth and financial results.
If we do not accurately predict, prepare for, and respond promptly to rapidly evolving technological and market developments and successfully manage product introductions and transitions to meet changing needs in the cybersecurity technology market, our competitive position, financial results, and prospects will be harmed.
The cybersecurity landscape evolves rapidly, driven by emerging threats, regulatory shifts, and advancements such as AI, zero trust architectures, and post-quantum security. Our success depends on accurately anticipating these developments, aligning our solutions with market needs, and managing timely product launches and transitions. Failure to predict or respond effectively to new technologies or changing customer requirements could result in outdated offerings, reduced competitiveness, or missed growth opportunities. If we do not continually innovate and adapt to these market dynamics, our competitive position, financial performance, and long-term prospects could be materially harmed.
| 19 |
Delays in product development or failure to introduce new and improved offerings could harm our revenues and competitive position.
Our ability to maintain growth and competitiveness depends on timely product development and continual innovation. The cybersecurity industry evolves rapidly, and meeting customer expectations requires ongoing enhancements in performance, features, and reliability. Delays in product development schedules, resource constraints, or technical challenges could limit our ability to introduce new or improved offerings on time. Additionally, if our new products or updates fail to gain market acceptance, or if we cannot keep pace with emerging technologies and competitive advancements, our market share and profitability could decline. Ineffective management of product transitions or innovation pipelines may also lead to reduced customer confidence and missed growth opportunities. Collectively, these factors could materially and adversely affect our revenues, reputation, and overall financial performance.
Failures, defects, or vulnerabilities in our complex products and services could harm our reputation, reduce sales, and expose us to legal or financial liability.
Our success depends on the market’s confidence in our ability to provide effective network security protection. Despite our efforts and processes to prevent breaches of our internal networks, systems and websites, whether in our premises, cloud providers or colocations, we are still vulnerable to computer viruses, break-ins, phishing attacks, ransomware attacks, attempts to overload our servers with denial-of-service, vulnerabilities in vendor hardware and software that we leverage, advanced persistent threats from sophisticated actors and other cyber-attacks and similar disruptions from unauthorized access to our internal networks, systems or websites, whether in our premises, cloud providers or colocations. Our security measures may also be breached due to employee error, malfeasance or otherwise, which breaches may be more difficult to detect than outsider threats, and the existing programs and trainings we have in place to prevent such insider threats may not be effective or sufficient. Third parties may also attempt to fraudulently induce our employees to transfer funds or disclose information in order to gain access to our networks and confidential information. Third parties may also send our customers or others malware or malicious emails that falsely indicate that we are the source, potentially causing lost confidence in us and reputational harm. We cannot guarantee that the measures we have taken to protect our networks, systems and websites, whether in our premises, cloud providers or colocations, will provide adequate security. Moreover, because we provide network security products, we may be a more attractive target for attacks by computer hackers and any security breaches and other security incidents involving us may result in more harm to our reputation and brand than companies that do not sell network security solutions. Hackers and malicious parties may be able to develop and deploy viruses, worms, ransomware and other malicious software programs that attack our products and customers, that impersonate our update servers in an effort to access customer networks and negatively impact customers, or otherwise exploit any security vulnerabilities of our products, or attempt to fraudulently induce our employees, customers or others to disclose passwords or other sensitive information or unwittingly provide access to our internal networks, systems or data. Moreover, the threat landscape continues to evolve as a result of new technologies, including AI, and malicious parties may use AI to help attack our solutions, systems, and our customers.
| 20 |
Although we take numerous measures and implement multiple layers of security to protect our networks, we cannot guarantee that our security products, processes and services will secure against all threats. Further, we cannot be sure that third parties have not been, or will not in the future be, successful in improperly accessing our systems and our customers’ systems, which could negatively impact us and our customers. An actual breach could significantly harm us and our customers, and an actual or perceived breach, or any other actual or perceived data security incident, threat or vulnerability, that involves our supply chains, networks, systems or websites and/or our customers’ supply chains, networks, systems or websites could adversely affect the market perception of our products and services and investor confidence in our company. Any breach of our networks, systems or websites could impair our ability to operate our business, including our ability to provide Enclave and other security subscriptions and Enclave technical support services to our end-customers, lead to interruptions or system slowdowns, cause loss of critical data or lead to the unauthorized disclosure or use of confidential, proprietary or sensitive information. We could also be subject to liability and litigation and reputational harm, and our channel partners and end-customers may be harmed, lose confidence in us and decrease or cease using our products and services. Any breach of our internal networks, systems or websites could have an adverse effect on our business, operating results and stock price.
Claims, litigation, government investigations, and other proceedings may adversely affect our business and results of operations.
We may become subject to a variety of claims and lawsuits. These claims may arise from a wide variety of business practices and initiatives, including new product releases, significant business transactions, warranty or product claims, employment practices, and regulation. As we continue to expand our business and offerings, we may experience new and novel legal claims. Adverse outcomes in some or all these claims may result in significant monetary damages or injunctive relief that could adversely affect our ability to conduct our business. Litigation and other claims are subject to inherent uncertainties and management’s view of these matters may change in the future. An adverse impact to our financial condition and results of operations could occur for the period in which the effect of an unfavorable outcome becomes probable and reasonably estimable.
The success of our business depends in part on our ability to protect and enforce our intellectual property rights.
Protecting our intellectual property rights and combating unlicensed copying and use of our software, source code, and other intellectual property is difficult. Similarly, the absence of harmonized international patent laws makes it more difficult to ensure consistent respect for patent rights. Changes in the law may continue to weaken our ability to prevent the use of patented technology. Our increasing engagement with open source software will also cause us to license our intellectual property rights broadly in certain situations. If we are unable to protect our intellectual property, our results of operations could be adversely affected.
Claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business, financial condition, results of operations and prospects.
From time to time, others may claim we infringe their intellectual property rights, including current copyright infringement and other claims arising from AI training and output. To resolve these claims, we may enter into royalty-bearing data access or licensing agreements on terms that are less favorable than currently available, stop selling or redesign affected products or services, or pay damages to satisfy indemnification commitments with our customers. Adverse outcomes could also include monetary damages or injunctive relief that may limit or prevent importing, marketing, and selling our products or services that have infringing technologies. We may be required to pay significant amounts to settle claims related to the use of technology and intellectual property rights and to procure intellectual property rights as part of our strategy to manage this risk, and may continue to do so, which could adversely affect our results of operations.
| 21 |
We are subject to changing laws and regulations, of which failure to comply could subject us to fines and penalties.
We are subject to a wide range of laws, regulations, and legal requirements in the U.S. and globally, including those that may apply to our products and online services offerings, and those that impose requirements related to user privacy, telecommunications, data storage and protection, digital accessibility, advertising, and online safety. Laws in several jurisdictions, including EU Member State laws under the European Electronic Communications Code, increasingly define certain of our services as regulated services. This trend may continue with our offerings becoming subject to additional data protection, security, digital safety, law enforcement surveillance, and other obligations. Regulators and private litigants may assert that our collection, use, and management of customer data and other information is inconsistent with their laws and regulations, including laws that apply to the tracking of users via technology such as cookies. In addition, laws requiring us to retrieve and produce customer data in response to compulsory legal demands from law enforcement and governmental authorities are expanding and the requests we are experiencing are increasing in volume and complexity.
New, existing, and evolving laws and regulations, or interpretations or applications of existing laws and regulations in a manner inconsistent with our interpretations of such laws and regulations or our practices, may result in modification of our products and services, altered business models and operations, increased costs, reputational damage, and civil or criminal liability.
Failure to comply with laws and regulations applicable to government contracting, or to meet the unique requirements and constraints of government customers, could harm our reputation and ability to secure or maintain public sector business.
Sales to U.S. and foreign federal, state and local government organizations are subject to several risks. Because of public sector
budgetary cycles and laws or regulations governing public procurements, such sales often require significant upfront time and expense
without any assurance of winning a sale. Government demand, sales and payment for our products and services may be negatively impacted
by numerous factors and requirements unique to selling to government agencies, such as: policies, laws and regulations have in the past,
and may in the future, require us to obtain and maintain certain security and other certifications in order to sell our products and
services into certain government organizations, and such certifications may be costly and time-consuming to obtain and maintain; funding
authorizations and requirements unique to government agencies, with funding or purchasing reductions or delays adversely affecting public
sector demand for our products; and geopolitical matters, including tariff and trade disputes, government shutdowns, impact of the war
in Ukraine, tensions between China and Taiwan and trade protectionism and other political dynamics that may adversely affect our ability
to sell in certain locations or obtain the requisite permits and clearances required for certain purchases by government organizations
of our products and services.
In addition, if we do not have certain certifications, this may restrict our ability to sell to certain customers until we have obtained
certain certifications, and we may not obtain the certifications in a timely manner or at all. For example, certain of our competitors
may have decided to become certified under the U.S. Federal Risk and Authorization Management Program (“FedRAMP”), and until
the time that we also certify under FedRAMP, we risk losing deals to certified competitors for deals where FedRAMP certification is a
requirement.
The rules and regulations applicable to sales to government organizations may also negatively impact sales to other organizations. For
example, government organizations may have contractual or other legal rights to terminate contracts with our distributors and resellers
for convenience or due to a default, and any such termination may adversely impact our future results of operations. If the distributor
receives a significant portion of its revenue from sales to government organizations, the financial health of the distributor could be
substantially harmed, which could negatively affect our future sales to such distributor. Governments routinely investigate, review and
audit government vendors’ administrative and other processes, and any unfavorable investigation, audit, other review or unfavorable
determination related to any government clearance or certification could result in the government’s refusing to continue buying
our products and services, a limitation and reduction of government purchases of our products and services, a reduction of revenue or
fines, or civil or criminal liability if the investigation, audit or other review uncovers improper, illegal or otherwise concerning
activities. Any such penalties could adversely impact our results of operations in a material way. Further, any refusal to grant certain
certifications or clearances by one government agency, or any decision by one government agency that our products do not meet certain
standards, may reduce business opportunities and cause reputational harm and cause concern with other government agencies, governments
and businesses and cause them to not buy our products and services and/or lead to a decrease in demand for our products generally.
| 22 |
Governmental restrictions on the sale of our products and services in non-U.S. markets could negatively affect our business, financial condition, and financial results.
Expanding internationally and selling outside the United States may depend on our ability to comply with evolving export control laws and government-imposed restrictions on the sale or use of cybersecurity products. U.S. and foreign regulations increasingly limit the export of technology, software, and services involving advanced computing, encryption, or cybersecurity tools to certain countries or entities. New or expanded governmental restrictions—such as U.S. export controls on cybersecurity and artificial intelligence–related systems—could delay shipments, restrict market access, or require costly licensing and compliance procedures. These laws are complex and may change unpredictably in response to geopolitical tensions. If we are unable to obtain necessary licenses or adapt to new compliance requirements, we could lose revenue, face penalties, or be excluded from key international markets, which could materially and adversely affect our business, reputation, and growth prospects.
Cyberattacks and security vulnerabilities could lead to reduced revenue, increased costs, liability claims, or harm to our reputation or competitive position.
Threats to security can take a variety of forms. Threat actors, including individual and groups of hackers and sophisticated organizations, including nation-states, state-sponsored organizations, or cybercriminal groups, continuously undertake attacks that pose threats to our customers and our internal infrastructure. These actors use a wide variety of methods, which include developing and deploying malicious software; exploiting known and potential vulnerabilities or intentionally designed processes in our or third-party software, or other infrastructure to attack our products and services or gain access to our networks; using social engineering techniques to induce our employees, users, partners, or customers to disclose sensitive information, such as passwords, or take other actions to gain access to our data or our users’ or customers’ data; or acting in a coordinated manner or conducting coordinated attacks.
Inadequate account security or organizational security practices, including those of companies we have acquired or those of the third parties we utilize, have resulted and may result in unauthorized access to our systems and data, including customer systems and data. Employees or third parties may intentionally compromise our or our users’ security or systems or reveal confidential information, and laws in foreign jurisdictions may compel actions by such parties against our interests and could limit our recourse. Malicious actors may employ the supply chain to introduce malware through software updates or compromised supplier accounts or hardware.
Cyberthreats are constantly evolving and becoming increasingly sophisticated and complex, increasing the difficulty of detecting and successfully defending against them. Our current capabilities may not detect certain vulnerabilities or new attack methods, which may allow them to persist in the environment over long periods of time. It may be difficult to determine the best way to investigate, mitigate, contain, and remediate the harm caused by a cyber incident. Such efforts may not be successful, and we may make errors or fail to take necessary actions. It is possible that threat actors may gain undetected access to other networks and systems after establishing a foothold on an internal system. Breaches of our facilities, network, or data security can disrupt the security of our systems and business applications, impair our ability to provide services to our customers and protect the privacy of their data, result in product development delays, compromise confidential or technical business information, require us to allocate more resources to improve technologies or remediate the impacts of attacks, or otherwise adversely affect our business. In addition, actions taken to remediate an incident could result in outages, data losses, and disruptions of our services.
Cyber incidents and attacks, individually or in the aggregate, could adversely affect our financial condition, results of operations, competitive position, and reputation, or expose us to legal or regulatory risk.
| 23 |
ITEM 1B. UNRESOLVED STAFF COMMENTS
None.
ITEM 1C. CYBERSECURITY
SideChannel, Inc. recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.
Managing Material Risks & Integrated Overall Risk Management
Engage Third Parties on Risk Management
Oversee Third-party Risk
Risks from Cybersecurity Threats
The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established robust oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence.
Board of Directors Oversight
| 24 |
The CISO and the Chief Executive Officer (“CEO”) play a pivotal role in informing the Audit Committee on cybersecurity risks. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
| ● | Current cybersecurity landscape and emerging threats; | |
| ● | Status of ongoing cybersecurity initiatives and strategies; | |
| ● | Incident reports and learnings from any cybersecurity events; and | |
| ● | Compliance with regulatory requirements and industry standards. |
In addition to our scheduled meetings, the Audit Committee, CISO and CEO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the Board’s oversight is proactive and responsive. The Audit Committee actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into the broader strategic objectives of SideChannel, Inc. The Audit Committee conducts an annual review of the company’s cybersecurity posture and the effectiveness of its risk management strategies. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework.
Risk Management Personnel
Monitor Cybersecurity Incidents
| 25 |
Reporting to Board of Directors
ITEM 2. PROPERTIES
On December 10, 2021, we entered into a lease for approximately 500 square feet of office space at 146 Main Street in Worcester, Massachusetts, with the option to renew annually. The annual renewal date is January 1st. Our current lease payment is $986 per month. The lease allows for a two percent (2%) increase effective at the beginning of each renewal period. We anticipate the lease payment to be $1,006 per month during calendar year 2026.
ITEM 3. LEGAL PROCEEDINGS
As of the filing date of this Annual Report on Form 10-K, there are no material pending legal proceedings. From time to time, we may be involved in ordinary routine litigation incidental to our business, to which we are a party or which our property is the subject. In addition, none of our officers, directors, affiliates or 5% stockholders (or any associates thereof) is a party averse to us, or has a material interest adverse to us, in any material proceeding.
Recently Settled Litigation
In April 2021, Eric Marquez, the former Secretary/Treasurer and Chief Financial Officer of Cipherloc Corporation, and certain other plaintiffs, filed a lawsuit against Cipherloc Corporation and Michael De La Garza, Cipherloc’s former Chief Executive Officer and President, in the 20th Judicial District for Hays County, Texas (Cause No. 20-0818). We executed a settlement agreement with the plaintiffs on December 13, 2024, resulting in the dismissal of the lawsuit with prejudice on January 2, 2025. The settlement agreement requires the Company to issue the plaintiffs a combined 356,400 shares of common stock and pay a total of $95 thousand in cash in six equal, quarterly installments of approximately $16 thousand each, beginning by January 1, 2025, and ending by April 1, 2026. The expenses associated with this settlement were included in our results for the fiscal year ended September 30, 2024. Four payments totaling approximately $63 thousand have been made and 356,400 shares of common stock have been issued as of September 30, 2025.
ITEM 4. MINE SAFETY DISCLOSURES
Not applicable.
| 26 |
PART II
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Our common stock is traded on the over-the-counter market and is quoted on the OTCQB Venture Market run by OTC Markets Group under the symbol “SDCH.”
The OTC Markets Group is a network of security dealers who buy and sell stock. The dealers are connected by a computer network that provides information on current “bids” and “asks,” as well as volume information. The trading of securities on the OTC Markets is often sporadic and investors may have difficulty buying and selling our shares or obtaining market quotations for them, which may have a negative effect on the market price of our common stock.
Transfer Agent
The Transfer Agent and Registrar for our common stock is Computershare Limited located in Canton, Massachusetts (“Computershare”).
Trading History
The following table sets forth, for the periods indicated the high and low closing bid quotations for our common stock. These quotations represent inter-dealer quotations, without adjustment for retail markup, markdown, or commission and may not represent actual transactions.
| Low | High | |||||||
| Fiscal 2024 | ||||||||
| First Quarter (October 1, 2023, to December 31, 2023) | $ | 0.01 | $ | 0.05 | ||||
| Second Quarter (January 1, 2024, to March 31, 2024) | 0.02 | 0.06 | ||||||
| Third Quarter (April 1, 2024, to June 30, 2024) | 0.03 | 0.07 | ||||||
| Fourth Quarter (July 1, 2024, to September 30, 2024) | 0.03 | 0.05 | ||||||
| Fiscal 2025 | ||||||||
| First Quarter (October 1, 2024, to December 31, 2024) | $ | 0.03 | $ | 0.06 | ||||
| Second Quarter (January 1, 2025, to March 31, 2025) | 0.03 | 0.05 | ||||||
| Third Quarter (April 1, 2025, to June 30, 2025) | 0.03 | 0.07 | ||||||
| Fourth Quarter (July 1, 2025, to September 30, 2025) | 0.06 | 0.16 | ||||||
| Fiscal 2026 | ||||||||
| First Quarter (October 1, 2025, to December 31, 2025) (1) | $ | 0.05 | $ | 0.08 | ||||
| (1) | Through December 12, 2025 |
As of September 30, 2025, there were 231,229,054 shares of our common stock issued and outstanding, and there were approximately 699 holders of our common stock on record at Computershare.
Also as of September 30, 2025, there were zero (0) shares of Preferred Stock issued and outstanding.
Dividends
Our Board of Directors does not intend to declare dividends in the foreseeable future. The declaration, payment, and amount of any future dividends will be made at the discretion our Board of Directors, and will depend upon, among other things, the results of our operations, cash flows and financial condition, operating and capital requirements, and such other factors as our Board of Directors consider relevant at that time. We currently expect to use all available funds to finance the future development and expansion of our business, and we do not anticipate paying dividends on our common stock in the foreseeable future.
Recent Sales of Unregistered Securities
There have been no sales of unregistered securities during the year ended September 30, 2025.
ITEM 6. RESERVED
| 27 |
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
This Management’s Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with the accompanying consolidated financial statements and the notes thereto. In addition, please refer to the discussion of our business and markets contained in Part 1, Item 1 of this Annual Report on Form 10-K.
Overview
Our Business
Our mission is to make cybersecurity simple and accessible for mid-market and emerging companies, a market that we believe is currently underserved. We believe that our cybersecurity offerings will identify and develop cybersecurity, privacy, and risk management solutions for our customers. We anticipate that our target customers will continue to need cost-effective security solutions. We continue to expand our catalogue of services and solutions to address the cybersecurity needs of our customers, including virtual Chief Information Security Officer, cyber program strategy, zero trust, third-party risk management, compliance readiness, cloud security services, privacy, threat intelligence, managed end-point security solutions, and cybersecurity awareness.
We are marketing and selling Enclave, a proprietary software product that simplifies important cybersecurity tasks to achieve “microsegmentation.” By combining zero trust network access with certificate management and machine identity, Enclave seamlessly creates a unified security architecture that eliminates traditional network vulnerabilities. This integration enables IT teams to enforce precise access policies based on verified machine identities. Certificate-based identities allow a simplified management for any certificate-based communication, while the zero trust framework continuously validates every connection attempt. This powerful combination delivers robust security without the typical management overhead, allowing organizations to implement sophisticated microsegmentation strategies with remarkable simplicity and minimal resource requirements.
Our growth strategy focuses on these three initiatives:
| ● | Increasing adoption of Enclave: By promoting Enclave and our other cybersecurity solutions to our existing vCISO clients, we aim to deepen our relationships and provide comprehensive, integrated security solutions. This supports the increased demand for zero trust strategies and remote worker technologies. |
| ● | Securing new vCISO Services Clients: As organizations plan to increase security investments due to breaches and the rising complexity of cyber threats, we aim to expand our client base by offering flexible, expert vCISO services that address budget constraints and the need for rapid security posture establishment. |
| ● | Adding new Cybersecurity Software and Services offerings: We plan to enhance our portfolio by incorporating transformational technologies such as AI-based security operations, data security posture management, polymorphic encryption, cyber-physical system security, and application security posture management. This aligns with industry trends and the anticipated incremental spend on application and data security due to generative AI. |
We internally report our revenue using two categories:
| ● | vCISO Services: This category captures the revenue from the Chief Information Security Officer services that we provide to our clients on a “virtual” or outsourced basis. Embedded into the C-suite executive teams of our clients, our vCISOs deliver services including assessing the cybersecurity risk profile, implementing policies and programs to mitigate risks, and managing the day-to-day tasks to ensure compliance with the adopted cybersecurity framework. Most of our clients use our vCISO services. Engagements typically include a fixed monthly subscription fee and exceed 12 months because of renewal options of 1, 3, 6, or 12 months. | |
| ● | Cybersecurity Software and Services: This category encompasses an array of cybersecurity software and services that our clients deem necessary to protect their digital assets, including Enclave. These augment our vCISO offering and include a full range of other cybersecurity products and services delivered through a team of security engineers along with a network of third-party service providers and VARs. Commercial relationships with third-party service providers and VARs provide SideChannel with additional internal capabilities to mitigate cybersecurity risks. We earn licensing revenue from software contracts and commissions from third-party service provider partnerships which are included in this revenue category. |
| 28 |
Revenue
The following revenue metrics are for the twelve months ended September 30, 2025, versus the same period in 2024. These summary metrics are accompanied by pie charts that reflect the revenue by category in fiscal years 2025 and 2024:
| ● | Total revenue declined by $49 thousand or 0.7%. | |
| ● | vCISO Services category revenue decreased by $715 thousand or 14.9%. | |
| ● | Cybersecurity Software and Services category revenue grew by $666 thousand or 25.6%. |
 |
 |
The year-over-year decline in vCISO Services revenue reflects new vCISO client acquisition not exceeding vCISO client churn and the transitioning of vCISO Services clients into lower revenue generating Cybersecurity Software & Services. Cybersecurity Software & Services revenue benefited from these transitions along with the expansion of the software and services offered.
| 29 |
We also monitor new and retained revenue. The revenue earned from clients during our first twelve months of working with them is classified as new, while the revenue earned with clients after our first twelve months of working with them is classified as retained. The following chart provides details on our new and retained revenue for fiscal years 2025 and 2024:
Further, we consider revenue retention a key performance indicator. Revenue retention is calculated by dividing retained revenue by the prior year total revenue. The following table shows the revenue retention for fiscal years 2025 and 2024 by revenue category.
| Trailing Twelve Months Ended | ||||||||
| September 30, 2025 | September 30, 2024 | |||||||
| vCISO Services | 56.4 | % | 67.7 | % | ||||
| Cybersecurity Software & Services | 76.9 | % | 72.2 | % | ||||
| Total | 63.6 | % | 69.2 | % | ||||
| 30 |
Results of Operations
Fiscal Year Ended September 30, 2025, Compared to Fiscal Year Ended September 30, 2024
| Twelve Months Ended | ||||||||
| September 30, | ||||||||
| 2025 | 2024 | |||||||
| Revenues | $ | 7,351 | $ | 7,400 | ||||
| Cost of revenues | 3,847 | 3,868 | ||||||
| Gross profit | 3,504 | 3,532 | ||||||
| Gross margin | 47.7 | % | 47.7 | % | ||||
| Operating expenses | ||||||||
| General and administrative | 2,894 | 3,155 | ||||||
| Selling and marketing | 966 | 771 | ||||||
| Research and development | 562 | 546 | ||||||
| Total operating expenses | 4,422 | 4,472 | ||||||
| Operating loss | (918 | ) | (940 | ) | ||||
| Other income, net | 40 | 41 | ||||||
| Net loss before income tax expense | (878 | ) | (899 | ) | ||||
| Income tax expense | 14 | 5 | ||||||
| Net loss after income tax expense | $ | (892 | ) | $ | (904 | ) | ||
Revenue. Our revenue was $7.4 million for the year ended September 30, 2025, compared to $7.4 million in the prior year, a decrease of $49 thousand or 0.7%. We believe this decrease reflects the factors previously discussed in the Overview section above.
Gross Margin. Gross margin was 47.7% in each of the fiscal years 2025 and 2024. We have experienced an increase in higher gross margin Enclave revenue which was offset by increased revenue from lower gross margin third-party services and software.
Operating Expenses. Total operating expenses during fiscal year 2025 were $4.4 million compared to fiscal year 2024 total operating expenses of $4.5 million, a decrease of $50 thousand or 1.1%.
General and Administrative Expenses. Our general and administrative expenses were $2.9 million for the year ended September 30, 2025, compared to $3.2 million for the prior year, a decrease of $261 thousand or 8.3%. The decrease in general and administrative expenses primarily resulted from lower professional services, stock-based compensation, and insurance costs. These favorable variances were partially offset by an increase in personnel related costs.
Selling and Marketing Expenses. Our selling and marketing expenses were $966 thousand for the year ended September 30, 2025, compared to $771 thousand for the prior year, an increase of $195 thousand or 25.3% resulting from an increase in personnel costs and advertising expenses.
Research and Development Expenses. Our research and development expenses were $562 thousand for the year ended September 30, 2025, compared to $546 thousand for the prior year, an increase of $16 thousand or 2.9%. Increases in personnel and consulting costs were partially offset by a decrease in stock-based compensation.
Other Income. Other Income was $40 thousand and $41 thousand for fiscal years 2025 and 2024 respectively, which reflects interest income from the cash on deposit at our bank.
Income Tax Expense. We recorded income tax expense of $14 thousand in the fiscal year ended September 30, 2025, compared to $5 thousand for the year ended September 30, 2024. Our income tax expense is attributed to accruals for state income taxes in the various jurisdictions where we have customers, employees, or property.
| 31 |
Liquidity and Capital Resources
During fiscal year 2025, we incurred a net loss of $878 thousand, and we had $130 thousand of cash used by operations. Our primary source of liquidity and capital resources was the $1.3 million of cash, cash equivalents, and short-term investments at the beginning of fiscal year 2025. We had an accumulated deficit of $20.7 million as of September 30, 2025.
The following table summarizes, for the periods indicated, selected items in our Statements of Cash Flows:
| (In thousands) | 2025 | 2024 | ||||||
| Net cash provided by (used in): | ||||||||
| Operating activities | $ | (130 | ) | $ | 307 | |||
| Investing activities | 150 | (265 | ) | |||||
| Financing activities | - | (50 | ) | |||||
Total cash provided by (used) | $ | 20 | $ | (8 | ) | |||
Operating Activities. Net cash used by operations for the year ended September 30, 2025, was $130 thousand compared to $307 thousand provided by operations for the year ended September 30, 2024. During fiscal year 2025, we recorded net, non-cash charges of $498 thousand for depreciation, amortization and stock-based compensation expense. Our net accounts receivable decreased by $179 thousand due to earlier payment of invoices by our clients as well as a decrease in revenue. We also experienced a $286 thousand increase in deferred revenue because of higher payments from clients in advance of receiving software and services. These two sources of cash were partially offset by a $214 thousand decrease in accounts payable and accrued liabilities.
Investing Activities. We purchased and sold short-term investments in the form of time deposits during fiscal year 2025, yielding a net of $150 thousand provided by investing activities.
Financing Activities. We had zero ($0) cash provided by or used in financing activities during fiscal year 2025.
As of September 30, 2025, we had $1.2 million in cash, cash equivalents, and short-term investments; and our working capital was $0.8 million. We believe that our existing cash balances are sufficient to fund our operations through at least December 31, 2026.
We expect to fund our operations with our existing cash balance and any cash flow generated by operations. We intend to manage our business such that our expenses will allow us to sustain positive cash flow from our operations, but we cannot assure this will occur. We don’t currently have any credit facilities available to us; however, we have had discussions with several lenders about establishing a line of credit secured by our accounts receivable.
Critical Accounting Estimates
The preparation of consolidated financial statements in conformity with accounting principles generally accepted in the United States of America requires us to make estimates and judgments that affect the reported amounts of assets, liabilities, revenues, expenses, and related disclosure of contingent assets and liabilities. On an on-going basis, we evaluate our estimates, including those related to long-lived assets, goodwill, identifiable intangibles and deferred income tax assets and liabilities including their related valuation allowances. We base our estimates on historical experience and on appropriate and customary assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Some of these accounting estimates and assumptions are particularly sensitive because of their significance to our consolidated financial statements and because of the possibility that future events affecting them may differ markedly from what had been assumed when the financial statements were prepared.
| 32 |
Goodwill, Intangible and Long-Lived Assets
We account for goodwill and intangible assets in accordance with Accounting Standards Codification (“ASC”) Topic 350 (Intangibles- Goodwill and Other). Finite-lived intangible assets are amortized over their estimated useful economic life and are carried at cost less accumulated amortization. Goodwill is assessed for impairment at least annually in the fourth quarter, on a reporting unit basis, or more frequently when events and circumstances occur indicating that the recorded goodwill may be impaired. As a part of the goodwill impairment assessment, we have the option to perform a qualitative assessment to determine whether it is more-likely-than-not that the fair value of a reporting unit is less than its carrying amount. If, because of our qualitative assessment, we determine this is the case, we are required to perform a goodwill impairment test to identify potential goodwill impairment and measure the amount of goodwill impairment loss to be recognized. The test is discussed below. If, because of our qualitative assessment, we determine that it is more-likely-than-not that the fair value of the reporting unit is greater than its carrying amounts, the goodwill impairment test is not required.
The quantitative goodwill impairment test, used to identify both the existence of impairment and the amount of impairment loss, compares the fair value of a reporting unit with its carrying amount, including goodwill. If the fair value of a reporting unit exceeds its carrying amount, goodwill of the reporting unit is considered not impaired. If the carrying amount of a reporting unit exceeds its fair value, an impairment loss shall be recognized in an amount equal to that excess, limited to the total amount of goodwill allocated to that reporting unit. The goodwill impairment assessment is based upon the income approach, which estimates the fair value of our reporting units based upon a discounted cash flow approach. This fair value is then reconciled to our market capitalization at year end with an appropriate control premium. The determination of the fair value of our reporting units requires management to make significant estimates and assumptions including the selection of control premiums, discount rates, terminal growth rates, forecasts of revenue and expense growth rates, income tax rates, changes in working capital, depreciation, amortization and capital expenditures. Changes in assumptions concerning future financial results or other underlying assumptions could have a significant impact on either the fair value of the reporting unit or the amount of the goodwill impairment charge. Goodwill was $1.4 million at both September 30, 2025 and 2024. The fair value of the goodwill at September 30, 2025, as determined by our impairment analysis, was more than the carrying value; thus, we had no impairment of goodwill in fiscal year 2025.
We did not record indefinite-lived intangible assets in the fiscal years ended September 30, 2025 and 2024.
Long-lived assets, which consist of finite-lived intangible assets and property and equipment, are assessed for impairment whenever events or changes in business circumstances indicate that the carrying amount of the assets may not be fully recoverable or that the useful lives of these assets are no longer appropriate. Each impairment test is based on a comparison of the estimated undiscounted cash flows to the recorded value of the asset. If impairment is indicated, the asset is written down to its estimated fair value. The cash flow estimates used to determine the impairment, if any, contain management’s best estimates using appropriate assumptions and projections at that time. We have $17 thousand in property and equipment at September 30, 2025. At September 30, 2025 and 2024, finite-lived intangibles and long-lived assets were zero ($0) and zero ($0), respectively.
Off-Balance Sheet Arrangements
We did not have during the periods presented, nor do we currently have, any off-balance sheet arrangements as defined under applicable SEC rules.
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
The Company is not required to provide the information required by this Item as it is a “smaller reporting company,” as defined in Rule 229.10(f)(1) of Regulation S-K promulgated by the SEC.
| 33 |
ITEM 8. FINANCIAL STATEMENTS
SIDECHANNEL, INC.
| TABLE OF CONTENTS | Page | |
| Report of Independent Registered Public Accounting Firm (PCAOB ID Number 587) | 35 | |
| Financial Statements: | ||
| Balance Sheets as of September 30, 2025 and 2024 | 36 | |
| Statements of Operations for the years ended September 30, 2025 and 2024 | 37 | |
| Statements of Stockholders’ Equity for the years ended September 30, 2025 and 2024 | 38 | |
| Statements of Cash Flows for the years ended September 30, 2025 and 2024 | 39 | |
| Notes to Financial Statements | 40 |
| 34 |
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Board of Directors and
Stockholders of SideChannel, Inc.
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of SideChannel, Inc., (the Company) as of September 30, 2025 and 2024, and the related consolidated statements of operations, stockholders’ equity, and cash flows for each of the years in the two-year period ended September 30, 2025, and the related notes (collectively referred to as the consolidated financial statements). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company as of September 30, 2025 and 2024, and the results of its operations and its cash flows for each of the years in the two-year period ended September 30, 2025, in conformity with accounting principles generally accepted in the United States of America.
Basis for Opinion
These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s consolidated financial statements based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits, we are required to obtain an understanding of internal control over financial reporting, but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.
Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
Critical Audit Matters
The critical audit matters communicated below are matters arising from the current period audit of the financial statements that were communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the financial statements, taken as a whole, and we are not, by communicating the critical audit matters below, providing separate opinions on the critical audit matters or on the accounts or disclosures to which they relate. We determined that there are no critical audit matters.
| /s/
|
|
| We have served as the Company’s auditor since 2021. | |
| December 18, 2025 | |
| RBSM
LLP (PCAOB ID Number |
| 35 |
SIDECHANNEL, INC.
CONSOLIDATED BALANCE SHEETS
(In thousands, except share and per share data)
| September 30, 2025 | September 30, 2024 | |||||||
| ASSETS | ||||||||
| Current assets | ||||||||
| Cash and cash equivalents | $ | $ | ||||||
| Short-term investments | ||||||||
| Accounts receivable, net | ||||||||
| Deferred costs | ||||||||
| Prepaid expenses and other current assets | ||||||||
| Total current assets | ||||||||
| Fixed assets | ||||||||
| Goodwill | ||||||||
| Total assets | $ | $ | ||||||
| LIABILITIES & STOCKHOLDERS’ EQUITY | ||||||||
| Current liabilities | ||||||||
| Accounts payable and accrued liabilities | $ | $ | ||||||
| Deferred revenue | ||||||||
| Income taxes payable | ||||||||
| Total current liabilities | ||||||||
| Total liabilities | ||||||||
| Commitments and contingencies (Note 14) | ||||||||
| Common stock, $ par value, shares authorized; and shares issued and outstanding as of September 30, 2025, and September 30, 2024, respectively | ||||||||
| Additional paid-in capital | ||||||||
| Accumulated deficit | ( | ) | ( | ) | ||||
| Total stockholders’ equity | ||||||||
| Total liabilities and stockholders’ equity | $ | $ | ||||||
The accompanying notes are an integral part of these audited consolidated financial statements.
| 36 |
SIDECHANNEL, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS
(In thousands, except share and per share data)
| Twelve Months Ended | ||||||||
| September 30, | ||||||||
| 2025 | 2024 | |||||||
| Revenues | $ | $ | ||||||
| Cost of revenues | ||||||||
| Gross profit | ||||||||
| Operating expenses | ||||||||
| General and administrative | ||||||||
| Selling and marketing | ||||||||
| Research and development | ||||||||
| Total operating expenses | ||||||||
| Operating loss | ( | ) | ( | ) | ||||
| Other income, net | ||||||||
| Net loss before income tax expense | ( | ) | ( | ) | ||||
| Income tax expense | ||||||||
| Net loss after income tax expense | $ | ( | ) | $ | ( | ) | ||
| Net loss per common share – basic and diluted | $ | ) | $ | ) | ||||
| Weighted average common shares outstanding – basic and diluted | ||||||||
The accompanying notes are an integral part of these audited consolidated financial statements.
| 37 |
SIDECHANNEL, INC.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY
FOR THE TWELVE MONTHS ENDED SEPTEMBER 30, 2025 AND 2024
(In thousands, except share data)
Common Shares | Common Par Value | APIC | Accumulated Deficit | Total Equity | ||||||||||||||||
| Balance at September 30, 2023 | ( | ) | ||||||||||||||||||
| Shares issued for 2023 Warrant Exchange | ( | ) | ||||||||||||||||||
| Shares issued for legal settlement | ||||||||||||||||||||
| Shares issued for services | ||||||||||||||||||||
| Stock-based compensation | ||||||||||||||||||||
| Net loss | - | ( | ) | ( | ) | |||||||||||||||
| Balance at September 30, 2024 | ( | ) | ||||||||||||||||||
| Shares issued for legal settlement | ( | ) | ( | ) | ||||||||||||||||
| Stock-based compensation | ||||||||||||||||||||
| Net loss | - | ( | ) | ( | ) | |||||||||||||||
| Balance at September 30, 2025 | ( | ) | ||||||||||||||||||
The accompanying notes are an integral part of these audited consolidated financial statements.
| 38 |
SIDECHANNEL, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(In thousands)
Twelve Months Ended September 30, | ||||||||
| 2025 | 2024 | |||||||
| CASH FLOWS FROM OPERATING ACTIVITIES: | ||||||||
| Net loss | $ | ( | ) | $ | ( | ) | ||
| Adjustments to reconcile net loss to net cash flows provided by / (used in) operating activities: | ||||||||
| Depreciation | ||||||||
| Amortization | ||||||||
| Legal settlement paid in stock | ( | ) | ||||||
| Stock-based compensation and payments for services, net | ||||||||
| Changes in operating assets and liabilities: | ||||||||
| Accounts receivable, net | ||||||||
| Prepaid expenses and other assets | ( | ) | ||||||
| Accounts payable and accrued liabilities | ( | ) | ||||||
| Income taxes payable | ( | ) | ||||||
| Deferred revenue | ||||||||
| Net cash provided by / (used in) operating activities | ( | ) | ||||||
| CASH FLOWS FROM INVESTING ACTIVITIES: | ||||||||
| Net sale (purchase) of short-term investments | ( | ) | ||||||
| Purchase of fixed assets | ( | ) | ||||||
| Net cash provided by / (used in) investing activities | ( | ) | ||||||
| CASH FLOWS FROM FINANCING ACTIVITIES: | ||||||||
| Payment of note payable | ( | ) | ||||||
| Net cash used in financing activities | ( | ) | ||||||
| INCREASE / (DECREASE) IN CASH | ( | ) | ||||||
| CASH, BEGINNING OF PERIOD | ||||||||
| CASH, END OF PERIOD | $ | $ | ||||||
| SUPPLEMENTAL DISCLOSURES OF CASH FLOW INFORMATION: | ||||||||
| Shares Issued for Services | $ | $ | ||||||
| Purchase of RSUs sold by employees to pay for taxes due on vested RSUs | ||||||||
The accompanying notes are an integral part of these audited consolidated financial statements.
| 39 |
SIDECHANNEL, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
FOR THE YEARS ENDED SEPTEMBER 30, 2025 AND 2024
(Amounts shown in thousands, except shares and per share amounts)
NOTE 1 – DESCRIPTION OF BUSINESS
Our mission is to make cybersecurity simple and accessible for mid-market and emerging companies, a market that we believe is currently underserved. We believe that our cybersecurity product and service offerings provide cybersecurity and privacy risk management solutions for our customers. We anticipate that our target customers will continue to need cost-effective security solutions. We continue to expand our catalogue of services and solutions to address the cybersecurity needs of our customers, including virtual Chief Information Security Officer (“vCISO”), cyber program strategy, zero trust, third-party risk management, compliance readiness, cloud security and architecture services, privacy, threat intelligence, managed end-point security solutions, and cybersecurity awareness.
We are marketing and selling Enclave, a proprietary software product that simplifies important cybersecurity tasks to achieve “microsegmentation.” By combining zero trust network access with certificate management and machine identity, Enclave seamlessly creates a unified security architecture that eliminates traditional network vulnerabilities. This integration enables IT teams to enforce precise access policies based on verified machine identities. Certificate-based identities allow a simplified management for any certificate-based communication, while the zero trust framework continuously validates every connection attempt. This powerful combination delivers robust security without the typical management overhead, allowing organizations to implement sophisticated microsegmentation strategies with remarkable simplicity and minimal resource requirements.
Our headquarters are located at 146 Main Street, Suite 405, Worcester, MA, 01608. Our website is www.sidechannel.com.
NOTE 2 – GOING CONCERN ASSESSMENT
We are required to perform a going concern assessment for the annual reporting period. The assessment uses a two-step process to evaluate whether there are conditions and/or events that raise substantial doubt about our ability to continue as a going concern within one year after the date on which the annual financial statements are issued.
The two steps are to:
| 1. | Determine if “substantial doubt” is raised regarding the entity’s ability to continue as a going concern. If it is not raised, the assessment stops there. However, if substantial doubt is raised, management would proceed to the next assessment step. | |
| 2. | Determine if the substantial doubt continues to exist after considering any plan to address and mitigate the doubt. However, regardless of whether such a plan alleviates the initial doubt, the guidance will require some level of disclosure in the financial statements. |
Substantial doubt exists when it is probable (within one year after the date on which the financial statements are issued) that the Company will be unable to meet its obligations as they become due. Probable is used consistently with its use in ASC 450, Contingencies (the future event or events are likely to occur, which is a higher threshold than “more likely than not” but lower than “virtually certain”).
This assessment
is through December 31, 2026, because our fiscal year 2025 financial statements were issued during December 2025. For the year ended
September 30, 2025, we reported a net loss of $
We have determined that substantial doubt does not exist about our ability to continue as a going concern through December 31, 2026.
| 40 |
NOTE 3 - SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES
Basis of Presentation and Use of Estimates
The accompanying consolidated financial statements include our accounts and those of our wholly owned subsidiaries. All significant intercompany accounts and transactions have been eliminated upon consolidation. The preparation of financial statements in conformity with U.S. GAAP requires us to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements and the reported amounts of revenue and expenses during the reporting period. Actual results could differ from those estimates. Certain of our accounts, including goodwill, identifiable intangibles, and deferred tax assets and liabilities, including related valuation allowances, are based upon estimates. References to fiscal year 2025 and fiscal year 2024 used throughout this report shall mean the current fiscal year ending September 30, 2025, and the prior fiscal year ended September 30, 2024, respectively.
Reclassifications
Certain prior year amounts have been reclassified to be comparable with the current year’s presentation or adjusted due to rounding and have had no impact on net income or stockholders’ equity.
Segment Information
The Company operates as a single reportable segment focused on cybersecurity solutions, which consists of two primary revenue-generating categories: 1) vCISO Services and 2) Cybersecurity Software and Services.
| ● | vCISO
Services: This category captures the revenue from the Chief Information Security Officer services that we provide to our clients
on a “virtual” or outsourced basis. Embedded into the C-suite executive teams of our clients, our vCISOs deliver services
including assessing the cybersecurity risk profile, implementing policies and programs to mitigate risks, and managing the day-to-day
tasks to ensure compliance with the adopted cybersecurity framework. Most of our clients use our vCISO services. | |
| ● | Cybersecurity Software and Services: This category encompasses an array of cybersecurity software and services that our clients deem necessary to protect their digital assets, including Enclave. These augment our vCISO offering and include a full range of other cybersecurity products and services delivered through a team of security engineers along with a network of third-party service providers and VARs. Commercial relationships with third-party service providers and VARs provide SideChannel with additional internal capabilities to mitigate cybersecurity risks. We earn licensing revenue from software contracts and commissions from third-party service provider partnerships which are included in this revenue category. |
Our Chief Executive Officer is our Chief Operating Decision Maker (“CODM”). Revenue is the primary segment performance measure reviewed by the CODM for operational and capital allocation decisions.
The following table presents revenue reviewed by the CODM for the twelve months ended September 30, 2025 and 2024:
| Twelve Months Ended | ||||||||
| (in thousands) | September 30, | |||||||
| 2025 | 2024 | |||||||
| vCISO services | $ | $ | ||||||
| Cybersecurity software and services | ||||||||
| Total | $ | $ | ||||||
Business Combinations
Acquired businesses are accounted for using the purchase method of accounting, which requires that the purchase price be allocated to the net assets acquired at their respective fair values. Any excess of the purchase price over the estimated fair values of the net assets acquired is recorded as goodwill. Fair values of intangible assets are estimated by valuation models prepared by our management and third-party advisors. The assets purchased and liabilities assumed have been reflected in our consolidated balance sheets, and the operating results are included in the consolidated statements of operations and consolidated statements of cash flows from the date of acquisition. Any change in the fair value of acquisition-related contingent consideration after the acquisition date, including changes from events after the acquisition date, will be recognized in the consolidated statement of operations in the period of the estimated fair value change. Acquisition-related transaction costs, including legal and accounting fees and other external costs directly related to the acquisition, are recognized separately from the acquisition and expensed as incurred in general and administrative expense in the consolidated statements of operations.
Cash, Cash Equivalents, and Short-Term Investments
Cash includes funds deposited in banks.
We consider all highly liquid investments with an original maturity of 90 days or less to be cash equivalents. Highly liquid investments with original maturities of 91 days or more that will mature less than one year from the balance sheet date are classified as short-term investments. Securities with maturities of more than 360 days, if any, are included in “long-term investments.”
| 41 |
Our cash equivalents and short-term investments are placed primarily in money market funds and time deposits and are classified as held-to-maturity based on our positive intent and ability to hold the securities to maturity. We value cash equivalents at their original purchase prices plus interest that has accrued at the stated rate. We value short-term investments at their original purchase prices. Interest earned on short-term investments is accrued in interest receivable which is included on our balance sheet in “Accounts receivable, net.”
Interest income related to cash equivalents and short-term investments is reported in “Other income, net” on the Consolidated Statement of Operations.
Accounts Receivable
Trade accounts receivable are recorded at the invoiced amounts and do not bear interest. We grant credit to customers and generally require no collateral. To minimize our risk, we perform ongoing credit evaluations of our customers’ financial condition. Effective January 1, 2023, we follow the guidance in Accounting Standards Codification (“ASC”) Topic 326 (Financial Instruments – Credit Losses) in developing our estimate of the allowance for credit losses related to our accounts receivable. The allowance for credit losses is our best estimate of the amount of expected credit losses in our existing accounts receivable. In establishing the amount of allowance for credit losses, we consider all information available as of the reporting date including information related to past events, such as historical loss rates and actual incurred losses, as well as current conditions that may indicate future risk of loss and any other factors of which we are aware, that we believe could impact the ultimate collectability of the related receivables in future periods.
Account balances are charged off against the allowance after all means of collection have been exhausted and the potential for recovery is considered remote. We do not have any significant off-balance sheet credit exposure related to our customers. Cash flows from accounts receivable are recorded in operating cash flows.
For
the year ended September 30, 2025, there was
Fair Value of Financial Instruments
Our financial instruments consisted primarily of cash and cash equivalents, short-term investments, accounts receivable, accounts payable and accrued expenses. The carrying amounts of such financial instruments approximate their respective estimated fair value due to the short-term maturities and approximate market interest rates of these instruments.
Fair value is focused on an exit price that would be received upon sale of an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date. Within the measurement of fair value, the use of market-based information is prioritized over entity specific information and a three-level hierarchy for fair value measurements is used based on the nature of inputs used in the valuation of an asset or liability as of the measurement date.
The three-level hierarchy for fair value measurements is defined as follows:
| ● | Level 1 – inputs to the valuation methodology are quoted prices (unadjusted) for identical assets or liabilities in active markets; | |
| ● | Level 2 – inputs to the valuation methodology include quoted prices for similar assets and liabilities in active markets, and inputs that are observable for the asset or liability other than quoted prices, either directly or indirectly, including inputs in markets that are not considered to be active; | |
| ● | Level 3 – inputs to the valuation methodology are unobservable and significant to the fair value measurement. |
For more information about the Company’s accounting policies surrounding fair value investments, see Note 7.
| 42 |
Goodwill, Intangible, and Long-Lived Assets
We account for goodwill and intangible assets in accordance with ASC Topic 350 (Intangibles – Goodwill and Other). Finite-lived intangible assets are amortized over their estimated useful economic life and are carried at cost less accumulated amortization. Goodwill is assessed for impairment annually during the fourth quarter on a reporting unit basis, or more frequently when events and circumstances occur indicating that the recorded goodwill may be impaired. Goodwill is impaired if the fair value of a reporting unit is less than its carrying amount. As a part of the goodwill impairment assessment, we have the option to perform a qualitative assessment to determine whether it is more-likely-than-not that the fair value of a reporting unit is less than its carrying amount. If, because of our qualitative assessment, we determine that it is more-likely-than-not that the fair value of the reporting unit is greater than its carrying amount, a quantitative goodwill impairment test is not required. However, if, as a result of our qualitative assessment, we determine it is more-likely-than-not that the fair value of a reporting unit is less than its carrying amount, or, if we choose not to perform a qualitative assessment, we are required to perform a quantitative goodwill impairment test to identify potential goodwill impairment and measure the amount of goodwill impairment loss to be recognized.
The
quantitative goodwill impairment test compares the fair value of a reporting unit with its carrying amount, including goodwill. If the
fair value of a reporting unit exceeds its carrying amount, goodwill of the reporting unit is considered not impaired. If the carrying
amount of a reporting unit exceeds its fair value, an impairment loss will be recognized in an amount equal to that excess, limited to
the total amount of goodwill allocated to that reporting unit. The goodwill impairment assessment is based upon the income approach,
which estimates the fair value of our reporting units based upon a discounted cash flow approach. This fair value is then reconciled
to our market capitalization at year end with an appropriate control premium. The determination of the fair value of our reporting units
requires management to make significant estimates and assumptions including the selection of control premiums, discount rates, terminal
growth rates, forecasts of revenue and expense growth rates, income tax rates, changes in working capital, depreciation, amortization,
and capital expenditures. Changes in assumptions concerning future financial results or other underlying assumptions could have a significant
impact on either the fair value of the reporting unit or the amount of the goodwill impairment charge. The goodwill was evaluated at
the balance sheet date of September 30, 2025. For fiscal years 2025 and 2024, we recorded
None of the goodwill associated with business combinations is deductible for income tax purposes.
We did not record indefinite-lived intangible assets in the fiscal years ended September 30, 2025 and 2024.
Long-lived assets, which consist of finite-lived intangible assets and property and equipment, are assessed for impairment whenever events or changes in business circumstances indicate that the carrying amount of the assets may not be fully recoverable or that the useful lives of these assets are no longer appropriate. Each impairment test is based on a comparison of the estimated undiscounted cash flows to the recorded value of the asset. If impairment is indicated, the asset is written down to its estimated fair value. The cash flow estimates used to determine the impairment, if any, contain management’s best estimates using appropriate assumptions and projections at that time.
Revenue Recognition
We recognize revenue in accordance with the guidance in ASC Topic 606 (Revenue from Contracts with Customers).
| 43 |
Nature of Products and Services
We identify, develop, and deploy cybersecurity and privacy risk management solutions for our clients in North America. We categorize our products and services as either vCISO Services or Cybersecurity Software and Services. The revenue earned from Enclave, our proprietary software product, as well as the revenue from reselling third-party software and services are included in Cybersecurity Software and Services.
Performance Obligations
A performance obligation is a promise in a contract to transfer a distinct good or service to the client and is the unit of accounting in Topic 606. A significant portion of our revenue is from clients with whom we have a Master Service Agreement (“MSA”). Each MSA generally contains one or more Statement(s) of Work (“SOW”). Each SOW specifies the products and services and their respective transaction prices. We refer to an MSA and its SOW(s) as a “Contract”. Our Contracts generally contain monthly service subscriptions, annual software licenses, time and material based billing, or fixed fee projects.
A Contract’s transaction price is allocated to each distinct performance obligation. For Contracts with multiple performance obligations, we allocate the Contract’s transaction price to each performance obligation based on the relative standalone selling price.
Revenue is recognized over a period of time for monthly service subscriptions and software licenses. Revenue is recognized at a point in time when, or as, the performance obligation is satisfied for fixed fee projects and time and material based billing. The completed work products we create for our clients do not have alternative uses to SideChannel and our Contracts created a right to payment for work completed. Each of the fixed fee project performance obligations we delivered in fiscal year 2025 were accompanied by an upfront payment. Our determination for point in time revenue recognition is based upon client acceptance of the performance obligation.
We do not have any material variable consideration arrangements, client-specific acceptance criteria, or any material payment terms with our clients other than standard payment terms which generally range from net 15 to net 30 days.
Principal vs Agent
We resell the software and services provided by third parties. When we have discretion over the pricing used in the Contracts with our clients then we deem ourselves to be the principal for purposes of revenue recognition and record revenue on a gross basis using the price specified in the Contract. This is the case for almost all the third-party software and services we sell. Also consistent in our determinations to recognize revenue as the principal is our ability to direct the third party to provide the service to the client on our behalf.
Occasionally, we receive a commission from the sale of third-party software and services in which case we are an agent and record revenue on a net basis equal to the amount of the commission earned.
Contract Balances
We record accounts receivable at the time of invoicing. To the extent that we do not recognize revenue at the same time as we invoice, we record a liability for deferred revenue. In certain instances, we also receive customer deposits in advance of invoicing and recording of accounts receivable. Deferred revenue and customer deposits are included in current liabilities on our consolidated balance sheets. In these instances, the recognition of revenue is deferred until we have determined that we have satisfied our performance obligations under the Contract.
| 44 |
Costs to Obtain a Contract with a Customer
The costs we incur associated with obtaining contracts with customers are marketing costs incurred with third-party service providers and sales commissions that we pay to our employees, contractors, or third-party sales representatives. Commissions are calculated based on set percentages of the revenue value of each product or service sold. Commissions are considered earned by our internal sales personnel at the time we recognize revenue for a particular transaction. Commissions are considered earned by third-party sales representatives at the time that revenue is recognized for a particular transaction. We record commission expense in our consolidated statements of operations at the time the commission is earned. Commissions earned but not yet paid are included in current liabilities on our balance sheets.
Leases
We account for leases in accordance with ASC Topic 842 (Leases). We determine if an arrangement is a lease at inception. A lease contract is within scope if the contract has an identified asset (property, plant, or equipment) and grants the lessee the right to control the use of the asset during the lease term. The identified asset may be either explicitly or implicitly specified in the contract. In addition, the supplier must not have any practical ability to substitute a different asset and would not economically benefit from doing so for the lease contract to be in scope. The lessee’s right to control the use of the asset during the term of the lease must include the ability to obtain substantially all the economic benefits from the use of the asset as well as decision-making authority over how the asset will be used. Leases are classified as either operating leases or finance leases based on the guidance in ASC Topic 842. Operating leases are included in operating lease ROU assets and operating lease liabilities in our consolidated balance sheets. Finance leases are included in property and equipment and financing lease liabilities. We do not currently have any financing leases.
Operating lease payments are included in cash outflows from operating activities on our consolidated statements of cash flows.
We have made an accounting policy election not to apply the recognition requirements of ASC Topic 842 to short-term leases (leases with a term of one year or less at the commencement date of the lease). Our lease periods are less than one-year in duration. Lease expense for short-term lease payments is recognized on a straight-line basis over the lease term.
Following the guidance of ASC Topic 842, we are not required to record ROU assets and operating lease liabilities.
See Note 6 for further disclosures regarding our leases.
Research and Development and Software Development Expenses
All research and development costs, including patent and software development costs, are expensed as incurred.
We account for stock-based compensation in accordance with ASC Topic 718 (Compensation – Stock Compensation) which requires that employee share-based equity awards be accounted for under the fair value method and requires the use of an option pricing model for estimating fair value of awards, which is then amortized to expense over the service periods. The Company estimates the fair value of share-based payment awards on the date of grant using an option-pricing mode or the fair value of our stock on the grant date. The value of the portion of the award that is ultimately expected to vest is recognized as stock compensation expense over the requisite service period in the Company’s consolidated statements of income.
As stock compensation expense recognized in the accompanying consolidated statements of income is based on awards ultimately expected to vest. Accounting guidance requires forfeitures to be estimated at the time of grant and revised, if necessary, in subsequent periods if actual forfeitures differ from those estimates. The Company has limited historical experience with forfeitures and were based on management’s estimates.
| 45 |
Excess tax benefits or deficiencies from stock compensation are recognized in the income tax provision and are not estimated in the effective tax rate. Rather, they are recorded as discrete tax items in the period they occur. Excess income tax benefits from stock compensation arrangements are classified as a cash flow from operations.
See further disclosures related to our stock-based compensation plans in Note 13.
Legal
We are subject to legal proceedings, claims, and liabilities which arise in the ordinary course of business, and we accrue for losses associated with legal claims when such losses are probable and can be reasonably estimated. These accruals are adjusted as additional information becomes available or circumstances change. Legal fees are charged to general and administrative expenses as they are incurred.
Income Taxes
We utilize the asset and liability method in accounting for income taxes. Under this method, deferred tax assets and liabilities are recognized for operating loss and tax credit carryforwards and for the future tax consequences attributable to differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the year in which those temporary differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in the results of operations in the period that includes the enactment date. A valuation allowance is recorded to reduce the carrying amounts of deferred tax assets unless it is more likely than not that the value of such assets will be realized.
We
use the two-step approach to recognize and measure uncertain tax positions. The first step is to evaluate the tax position for recognition
by determining if the weight of available evidence indicates it is more likely than not that the position will be sustained on audit,
including resolution of related appeals or litigation processes, if any. The second step is to measure the tax benefit as the largest
amount, which is more than 50% likely of being realized upon ultimate settlement. We consider many factors when evaluating and estimating
our tax positions and tax benefits, which may require periodic adjustments. We did
Basic loss per share is computed by dividing net loss available to common stockholders by the weighted average number of common shares outstanding during the reporting period. The weighted average number of shares is calculated by taking the number of shares outstanding and weighting them by the amount of time that they were outstanding. Diluted earnings per share reflects the potential dilution that could occur if stock options, warrants, and other commitments to issue common stock were exercised or equity awards vest resulting in the issuance of common stock that could share in our earnings. Diluted loss per share is the same as basic loss per share during periods where net losses are incurred since the inclusion of the potential common stock equivalents would be anti-dilutive as a result of the net loss.
Warrants
We evaluate warrants in accordance with ASC Topics 480 (Distinguishing Liabilities from Equity) and 815 (Derivatives and Hedging). The result of this accounting treatment is that the fair value of the embedded derivative, if required to be bifurcated, is marked-to-market at each balance sheet date and recorded as a liability. The change in fair value is recorded in the Statement of Operations as a component of other income or expense. Upon exercise of a warrant, it is marked to fair value at the exercise date and then that fair value is reclassified to equity.
| 46 |
Recent Accounting Announcements
The Financial Accounting Standards Board (“FASB”) issues Accounting Standards Updates (“ASU”) to amend the authoritative literature in the ASC. There have been several ASUs to date that amend the original text of the ASCs. Other than those discussed below, we believe those ASUs issued to date either (i) provide supplemental guidance, (ii) are technical corrections, (iii) are not applicable to us, or (iv) are not expected to have a significant impact on us.
Accounting Pronouncements Adopted
In November 2023, the FASB issued ASU 2023-07, “Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures,” which provides guidance to improve reportable segment disclosure requirements, primarily through enhanced disclosures about significant segment expenses. In addition, the guidance enhances interim disclosure requirements, clarifies circumstances in which an entity can disclose multiple segment measures of profit or loss, provides new segment disclosure requirements for entities with a single reportable segment, and contains other disclosure requirements. The purpose of the guidance is to enable investors to better understand an entity’s overall performance and assess potential future cash flows. The guidance is effective for fiscal years beginning after December 15, 2023, and interim periods within fiscal years beginning after December 15, 2024. For us, annual reporting requirements were effective for our fiscal year 2025 beginning on October 1, 2024, and interim reporting requirements will be effective beginning with our first quarter of fiscal year 2026. We manage our operations as a single operating segment for the purpose of assessing performance and making operating decisions. Our Chief Executive Officer is our CODM. No changes have been made to the presentation of our financial statements because of this pronouncement.
We did not adopt additional new accounting pronouncements during the year ended September 30, 2025.
Accounting Pronouncements Not Yet Adopted
In December 2023, the FASB issued ASU 2023-09, “Income Taxes (Topic 740): Improvements to Income Tax Disclosures,” which updates income tax disclosure requirements primarily by requiring specific categories and greater disaggregation within the rate reconciliation table and disaggregation of income taxes paid, net of refunds, by jurisdiction. All entities are required to apply the guidance prospectively, with the option to apply it retrospectively. The guidance is effective for fiscal years beginning after December 15, 2024, which for us is our fiscal year 2026 beginning on October 1, 2025. Early adoption is permitted.
The Company does not believe that the above recently issued, but not yet effective accounting standards, when adopted, will have a material effect on the accompanying consolidated financial statements.
In March 2024, the Securities and Exchange Commission issued a rule which will require companies to make certain climate-related disclosures in periodic filings. The rule includes certain disclosures in the footnotes of the financial statements:
● capitalized costs, expenditures expensed, and losses incurred because of severe weather events and other natural conditions, such as hurricanes, tornadoes, flooding, drought, wildfires, extreme temperatures, and sea level rise;
● capitalized costs, expenditures expensed, and losses related to carbon offsets and renewable energy credits or certificates if they are used as a material component of a registrant’s plans to achieve its disclosed climate-related targets or goals; and
● whether estimates and assumptions used to produce the financial statements were materially impacted by risks and uncertainties associated with severe weather events and other natural conditions or any disclosed climate-related targets or transition plans.
The footnote disclosures are effective for annual filings for the year ended September 30, 2026. The Company is currently evaluating the impact of the adoption of the rule.
| 47 |
NOTE 4 – CASH EQUIVALENTS AND INVESTMENTS
We have financial instruments included as cash equivalents and short-term investments on our balance sheets. Money market funds and time deposits with maturities of less than 90 days from the purchase date are included in “Cash and cash equivalents.” Time deposits with maturities from 91-360 days are included in “Short-term investments.” As of September 30, 2025 and 2024, the Company had no long-term investments.
The following table presents the carrying amounts of cash equivalents and short-term investments as of September 30, 2025 and 2024:
| September 30, | September 30, | |||||||
| 2025 | 2024 | |||||||
| Cash equivalents | ||||||||
| Money market funds | $ | $ | ||||||
| Total cash equivalents | $ | $ | ||||||
| Short-term investments | ||||||||
| Time deposits | ||||||||
| Total short-term investments | $ | $ | ||||||
For more information about the fair value of the Company’s financial instruments, see Note 7.
NOTE 5 – DEFERRED COSTS
On
July 23, 2021, we entered into a financial advisory and consulting agreement with Paulson Investment Company, LLC
(“Paulson”). Pursuant to the agreement, Paulson will provide the following services at the Company’s request: (a)
familiarize itself with the Company’s business, assets, and financial condition; (b) assist the Company in developing
strategic and financial objectives; (c) assist the Company in increasing its exposure in the software industry; (d) assist the
Company in increasing its profile in the investment and financial community through introductions to analysts and potential
investors, participation in investment conferences and exploitation of reasonably available media opportunities; (e) identify
potentially attractive merger and acquisition opportunities; (f) review possible innovative financing opportunities and (g) render
other financial advisory services as may be reasonably requested. The term of the agreement is four years from the date of the
agreement, unless terminated earlier by either party as provided therein. As compensation for these services, the Company issued to
Paulson
million shares of the Company’s common stock and agreed to reimburse Paulson for all reasonable and documented expenses
incurred by Paulson in connection with providing such services. The fair value of the shares issued was $
thousand which the Company recognized as deferred costs, which were amortized at a rate of $
NOTE 6 - LEASES
On
December 10, 2021, we entered into a lease for approximately
Operating lease payments are included in cash outflows from operating activities on our consolidated statements of cash flows.
| 48 |
Operating
lease expenses were $
We have made an accounting policy election not to apply the recognition requirements of ASC Topic 842 (Leases) to short-term leases (leases with a term of one year or less at the commencement date of the lease). Lease expense for short-term lease payments is recognized on a straight-line basis over the lease term. We do not have any long-term operating leases or financing leases as of September 30, 2025.
We
expect to pay approximately $
NOTE 7 – FAIR VALUE MEASUREMENT
ASC Topic 820 “Fair Value Measurement” (“Topic 820”) defines fair value, establishes a market-based framework or hierarchy for measuring fair value, and expands disclosures about fair value measurements. Topic 820 is applicable whenever assets and liabilities are measured and included in the financial statements at fair value.
The following tables present the carrying amounts, estimated fair values, and valuation input levels of certain financial instruments as of September 30, 2025 and 2024.
| September 30, 2025 | ||||||||||||||||||||
| Carrying | Fair Value Measured Using | Fair | ||||||||||||||||||
| (in thousands) | Amount | Level 1 | Level 2 | Level 3 | Value | |||||||||||||||
| Short-term investments | ||||||||||||||||||||
| Time deposits: 91 - 360 days | $ | $ | $ | $ | $ | |||||||||||||||
| Total Short-term investments | $ | $ | $ | $ | $ | |||||||||||||||
| September 30, 2024 | ||||||||||||||||||||
| Carrying | Fair Value Measured Using | Fair | ||||||||||||||||||
| (in thousands) | Amount | Level 1 | Level 2 | Level 3 | Value | |||||||||||||||
| Short-term investments | ||||||||||||||||||||
| Time deposits: 91 - 360 days | $ | $ | $ | $ | $ | |||||||||||||||
| Total Short-term investments | $ | $ | $ | $ | $ | |||||||||||||||
The
entire September 30, 2025, balance of time deposits maturing in 91 to 360 days are certificates of deposit issued by a bank at which
total deposits are less than the FDIC limit of $
NOTE 8 – DEBT
SideChannel did not have debt at September 30, 2025.
NOTE 9 – STOCKHOLDERS’ EQUITY
Common Stock
As of September 30, 2025 and 2024, we had and shares of common stock outstanding, respectively, and were authorized to issue shares of common stock at a par value of $.
| 49 |
Common Stock Issued for Cash
common shares were issued for cash in fiscal year 2025 or fiscal year 2024.
Common Stock Issued for Business Combinations
shares were issued for business combinations in fiscal year 2025 or fiscal year 2024.
Common Stock Issued for Services
Until
March 31, 2024, our Board of Directors elected to have each of its members receive one-half of such member’s quarterly compensation
in the form of shares of the Company’s common stock instead of cash. We also use stock as a form of compensation for independent
contractors who provide professional services to us in sales, marketing, or administration. During fiscal year 2024, the fair market
value of stock issued for services totaled $
Common Stock Issued Under Equity Incentive Plan
We issued shares of common stock for restricted stock units (“RSUs”) that vested during the year ended September 30, 2025. The number of RSUs sold by these employees to fund payroll taxes for the year September 30, 2025, was .
We issued shares of common stock for restricted stock units (“RSUs”) that vested during the year ended September 30, 2024. The number of RSUs sold by these employees to fund payroll taxes for the year September 30, 2024, was .
Common Stock Issued for Legal Settlement
We issued shares of common stock in fiscal year 2025 related to a legal settlement and shares were issued in fiscal year 2024 related to legal settlements.
Common Stock Issued for Tender Offer
stock was issued for tender offers in fiscal year 2025.
On
August 22, 2023, the Company commenced a Tender Offer for the
We
closed the November 7 Offer to Exchange on December 26, 2023, resulting in the issuance of
shares of common stock and
Preferred Stock
As of September 30, 2025 and 2024, we had zero () shares of preferred stock outstanding.
Warrants
We have four categories of warrants outstanding which are summarized below along with exercise prices and expiration dates.
| (In thousands, except prices and lives) | Number of Warrants | Exercise Price | Expiration Date | |||||||
| 2018 Placement Agent | $ | |||||||||
| 2021 Private Placement | ||||||||||
| 2021 Placement Agent | ||||||||||
| 2023 Warrant Exchange | ||||||||||
| Total Outstanding Warrants | ||||||||||
We did not have any warrant activity during fiscal year 2025.
Warrant activity for years ended September 30, 2025 and 2024, is as follows:
| (In thousands, except prices and lives) | Number of Warrants | Weighted Average Exercise Price | Weighted Average Remaining Life | |||||||||
| Outstanding at September 30, 2023 | $ | |||||||||||
| Granted in 2023 Warrant Exchange | ||||||||||||
| Tendered in 2023 Warrant Exchange | ( | ) | ( | ) | ( | ) | ||||||
| Exercised | — | |||||||||||
| Canceled/Forfeited | — | |||||||||||
| Outstanding at September 30, 2024 | $ | |||||||||||
| Granted | — | |||||||||||
| Exercised | — | |||||||||||
| Canceled/Forfeited | — | |||||||||||
| Outstanding at September 30, 2025 | $ | |||||||||||
| 50 |
NOTE 10 – REVENUE FROM CONTRACTS WITH CLIENTS
Deferred revenue is comprised of payments received from our clients and customers for products or services in advance of receiving the product or service and primarily occurs for annual software and service contracts including Enclave. The deferred revenue is expected to be earned within 12 months of the balance sheet date.
| (In thousands) | ||||
| Balance at September 30, 2023 | $ | |||
| Deferral of revenue | ||||
| Recognition of revenue | ( | ) | ||
| Balance at September 30, 2024 | $ | |||
| Deferral of revenue | ||||
| Recognition of revenue | ( | ) | ||
| Balance at September 30, 2025 | $ | |||
NOTE 11 – BUSINESS RISK AND CREDIT RISK CONCENTRATION INVOLVING CASH
No
client individually accounted for over
We
had two clients each with an accounts receivable balance that exceeded
We
maintain our cash, cash equivalents, and short-term investments in accounts held by highly reputable financial institutions (collectively
“Deposits”). The Federal Deposit Insurance Corporation (“FDIC”) insures these Deposits up to $
NOTE 12 – RELATED PARTY TRANSACTIONS
Brian
Haugli, our Chief Executive Officer and our stockholder in the Company, is also a principal shareholder of RealCISO Inc. (“RealCISO”).
In September 2020, SideChannel assigned to RealCISO Inc. certain contracts and intellectual property. We are a reseller of the RealCISO
software. We receive revenue from our customers for the use of RealCISO software and pays licensing fees to RealCISO for such use. For
fiscal years 2025, and 2024, SideChannel paid $
We
also invoiced $
On
October 13, 2023, the Association of the US Army (“AUSA”) signed an agreement for a cybersecurity risk assessment for
approximately $
No other related party transactions occurred during the years ending September 30, 2025, and September 30, 2024.
| 51 |
As of September 30, 2025, we had million unvested RSUs granted under the 2021 Omnibus Equity Compensation Plan (the “2021 Equity Incentive Plan”) approved by stockholders on September 13, 2021.
The
stockholder approval of the 2021 Equity Incentive Plan included a reserve of million shares for awards. The 2021 Equity Incentive
Plan also allows for an annual increase in the reserve up to an amount approximately equal to five percent (
| 2021 Omnibus Equity Incentive Plan Reserve | ||||
| (In thousands) | ||||
| Initial Reserve at September 13, 2021 | ||||
| Non-exempt awards | ( | ) | ||
| Forfeitures | ||||
| Annual reserve increases | ||||
| Reserve at September 30, 2025 | ||||
| Reserve percent of outstanding shares at September 30, 2025 | % | |||
We typically have granted RSUs and stock options with a -year, service-based vesting period. Our unvested RSUs and stock options are accounted for based on their grant date fair value. As of September 30, 2025, total compensation expense to be recognized in future periods was $ thousand. That cost is expected to be recognized over the remaining vesting period.
Our total stock-based compensation expense for the year ended September 30, 2025, was $ thousand for the amortization of outstanding equity compensation grants.
Certain
employees opted to sell RSUs back to the Company at the fair market value on the vesting date to fund their portion of payroll taxes
due on the taxable income generated by the vested RSUs. For the year ended September 30, 2025, we purchased RSUs with a vesting date
value of $
We
incurred stock-based compensation expense of $ thousand for the year ended September 30, 2024, which is comprised of $
Stock-based compensation of $ thousand, $ thousand, and $ thousand was included in general and administrative expense, selling and marketing expense, and research and development expense respectively in our accompanying Consolidated Statements of Operations for the year ended September 30, 2025.
| 52 |
Restricted Stock Units
We record compensation expense for RSUs based on the closing market price of our stock at the grant date and amortize the expense over the vesting period which is typically three years. For RSUs, we recognize compensation cost for unvested share-based awards on a straight-line basis over the requisite service period. The fair value of stock awards is based on the quoted price of our common stock on the grant date.
| Outstanding Restricted Stock Unit Grants | Number of RSU’s | Weighted Average Grant Date Value Per RSU | ||||||
| (In thousands) | ||||||||
| Outstanding Grants at September 30, 2023 | $ | |||||||
| Granted | ||||||||
| Vested | ( | ) | ||||||
| Canceled/Forfeited | ( | ) | ||||||
| Outstanding Grants at September 30, 2024 | ||||||||
| Granted | ||||||||
| Vested | ( | ) | ||||||
| Canceled/Forfeited | ( | ) | ||||||
| Outstanding Grants at September 30, 2025 | $ | |||||||
The weighted-average remaining vesting period of RSUs at September 30, 2025, was years. The total grant-date fair value of RSUs vested during fiscal years 2025 and 2024, was $ thousand, and $ thousand, respectively.
Aggregate intrinsic value of RSUs represents the applicable number of awards multiplied by the Company’s closing share price on the last trading day of the relevant fiscal period. The approximate aggregate intrinsic value of RSUs outstanding at September 30, 2025, was $ thousand. The approximate aggregate intrinsic values of RSUs awarded during fiscal years 2025 and 2024 were $ thousand and $ thousand, respectively. The Company’s closing share price was approximately $ on September 30, 2025, and $ on September 30, 2024.
Stock Options
The following table summarizes the activity of our stock options granted under our Equity Incentive Plan during the nine months ended June 30, 2025:
| Number of Stock Options | ||||
| Outstanding Options at September 30, 2024 | ||||
| Granted | ||||
| Vested | ||||
| Cancelled/Forfeited | ( | ) | ||
| Outstanding Options at June 30, 2025 | ||||
On December 20, 2024, our Board of Directors authorized the termination of stock options previously awarded to independent directors.
We have no other forms of equity compensation outstanding as of September 30, 2025. We did not have grants, vesting, or forfeitures of any other forms of equity compensation during fiscal year 2025.
NOTE 14 – COMMITMENTS AND CONTINGENCIES
Litigation
We are currently not involved in any litigation that we believe could have a material adverse effect on its financial condition or results of operations.
| 53 |
Recently Settled Litigation
In
April 2021, Eric Marquez, the former Secretary/Treasurer and Chief Financial Officer of Cipherloc Corporation, and certain other plaintiffs,
filed a lawsuit against Cipherloc Corporation and Michael De La Garza, Cipherloc’s former Chief Executive Officer and President,
in the 20th Judicial District for Hays County, Texas (Cause No. 20-0818). We executed a settlement agreement with the plaintiffs
on December 13, 2024, resulting in the dismissal of the lawsuit with prejudice on January 2, 2025. The settlement agreement requires
the Company to issue the plaintiffs a combined shares of common stock and pay a total of $
NOTE 15 - INCOME TAXES
We began filing consolidated federal and state income tax returns beginning for the tax year ended September 30, 2023. We have adopted the provisions related to accounting for uncertainty in income taxes, which defines a recognition threshold and measurement attribute for the financial statement recognition and measurement of a tax position taken or expected to be taken in a tax return. We have considered our tax positions and believe that all the positions taken by us in our federal and state tax returns are more likely than not to be sustained upon examination.
We utilize the asset and liability method in accounting for income taxes. Under this method, deferred tax assets and liabilities are recognized for operating loss and tax credit carryforwards and for the future tax consequences attributable to differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the year in which those temporary differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in the results of operations in the period that includes the enactment date. A valuation allowance is recorded to reduce the carrying amounts of deferred tax assets unless it is more likely than not that the value of such assets will be realized.
The provision for income taxes from continued operations for the years ended September 30, 2025 and 2024 consist of the following:
| September 30, | ||||||||
| (In thousands) | 2025 | 2024 | ||||||
| Current: | ||||||||
| Federal | $ | $ | ||||||
| State | ||||||||
| Total | $ | $ | ||||||
| Deferred: | ||||||||
| Federal | $ | $ | ||||||
| State | ||||||||
| Total | ||||||||
| Provision for income taxes, net | $ | $ | ||||||
The difference between income tax expense computed by applying the federal statutory corporate tax rate and actual income tax expense is as follows:
| September 30, | ||||||||
| 2025 | 2024 | |||||||
| Statutory federal income tax rate | % | % | ||||||
| Non-deductible meals & entertainment | ( | ) | ( | ) | ||||
| Non-deductible contingent consideration | ||||||||
| Prior year adjustment | ( | ) | ( | ) | ||||
| State tax | ( | ) | ||||||
| Loss of NOL due to statute | ( | ) | ( | ) | ||||
| Change in valuation allowance | ( | ) | ||||||
| Effective tax rate | ( | )% | % | |||||
For
the years ended September 30, 2025 and 2024, the difference between the amounts of income tax expense or benefit that would result from
applying the statutory rates to pretax income to the reported income tax expense of $
| 54 |
Deferred income taxes result from temporary differences in the recognition of income and expenses for the financial reporting purposes and for tax purposes. The tax effect of these temporary differences representing deferred tax asset and liabilities result principally from the following:
Federal
| September 30, | ||||||||
| 2025 | 2024 | |||||||
| Net operating loss carry forward | $ | $ | ||||||
| Intangible asset – not deductible for tax | ||||||||
| AIPR&D capitalization | ||||||||
| Other | ||||||||
| Deferred compensation | ||||||||
| Valuation allowance | ( | ) | ( | ) | ||||
| Deferred income tax asset | $ | $ | ||||||
State
| September 30, | ||||||||
| 2025 | 2024 | |||||||
| Net operating loss carry forward | $ | $ | ||||||
| Intangible asset – not deductible for tax | ||||||||
| Other | ||||||||
| Valuation allowance | ( | ) | ( | ) | ||||
| Deferred income tax asset | $ | $ | ||||||
The
Company has a net operating loss carry forward of $
Utilization
of the pre-Business Combination net operating loss carryforwards (“pre-Combination NOL’s”) attributable to Cipherloc
may become subject to a substantial annual limitation under Section 382 of the Internal Revenue Code of 1986 due to ownership changes
occurred during the tax year during the tax year ended September 30, 2022.
The Company is current on all its federal income tax filings. The Company is subject to IRS examinations for periods beginning after September 30, 2020, and all net operating losses we may use in future federal tax filings are subject to IRS examination.
NOTE 16 - SUBSEQUENT EVENTS
On December 8, 2025, Anna Seacat was appointed to our Board. The Board considers Ms. Seacat to be “independent” under the independent director requirements of the Nasdaq Stock Market LLC.
On December 9, 2025, Deborah MacConnel, a current Member of the Board of Directors (“Board”) of SideChannel, Inc., (the “Company”), and the Chairwoman of the Board informed the Company of her upcoming retirement from the Board of Directors.
Ms. MacConnel will remain a member of the Board and the Chairwoman until the Company’s next Annual Stockholders Meeting (“Annual Meeting”), at which time Ms. MacConnel will not stand for re-election as a Member of the Board.
Ms. MacConnel’s departure is not the result of any disagreement with the Company’s management, the Company’s Board or the Company on any matter related to its operations, policies or practices.
In recognition of Ms. MacConnel’s tenure and contributions to the Company during her service as a member of the Board, the Company will provide her with the vesting of restricted stock units (“RSUs”), which were awarded to her on December 23, 2024, and are scheduled to vest on March 1, 2026. The remaining RSUs from the December 23, 2024, award will be forfeited by Ms. MacConnel.
The Company has evaluated events through December 18, 2025, the filing date of this Annual Report on Form 10-K and determined that there have been no additional subsequent events that occurred that would require adjustments to our disclosures in the consolidated financial statements.
| 55 |
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE
None.
ITEM 9A. CONTROLS AND PROCEDURES
Our management is responsible for establishing and maintaining adequate “disclosure controls and procedures,” as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act, that are designed to ensure that information required to be disclosed by us in reports that we file or submit under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our principal executive officer to allow timely decisions regarding required disclosure. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed in our reports filed or submitted under the Exchange Act is accumulated and communicated to our management, including our Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”), to allow timely decisions regarding required disclosure. In designing and evaluating our disclosure controls and procedures, the Company recognized that disclosure controls and procedures, no matter how well conceived and operated, can provide only reasonable assurance of achieving the desired control objectives, and we necessarily are required to apply our judgment in evaluating the cost-benefit relationship of possible disclosure controls and procedures.
Evaluation of Disclosure Controls and Procedures
As of September 30, 2025, our management, with the participation of our CEO and CFO, evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act). Our CEO and CFO have concluded, based upon the evaluation described above, that, as of September 30, 2025, our disclosure controls and procedures were not effective at the reasonable assurance level because of the material weaknesses discussed below.
Notwithstanding the material weaknesses in internal control over financial reporting described below, our management has concluded that our consolidated financial statements included in this Form 10-K are fairly stated in all material respects in accordance with U.S. GAAP.
Material Weaknesses
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis.
| 56 |
In connection with the preparation of our audited financial statements for the year ended September 30, 2023, we identified material weaknesses in our internal control over financial reporting, as of September 30, 2023. These material weaknesses had not been fully remediated as of September 30, 2025. The material weaknesses identified related to the fact that we did not design and maintain accounting policies, procedures and controls to ensure complete, accurate and timely financial reporting in accordance with U.S. GAAP. Specifically, the material weaknesses identified included the following:
| ● | Did not design and maintain formal accounting policies, procedures and controls to achieve complete, accurate and timely financial accounting, reporting and disclosures, including controls over the preparation and review of account reconciliations, journal entries and classification of certain costs; | |
| ● | We had not developed and effectively communicated to our employees our accounting policies and procedures, which resulted in inconsistent practices. Since these entity level programs have a pervasive effect across the organization, management has determined that these circumstances constitute a material weakness; | |
| ● | We do not have sufficient, qualified finance and accounting staff with the appropriate U.S. GAAP technical accounting expertise to identify, evaluate and account for accounting and financial reporting, and effectively design and implement systems and processes that allow for the timely production of accurate financial information in accordance with internal financial reporting timelines. As a result, we did not design and maintain formal accounting policies, processes and controls related to complex transactions necessary for an effective financial reporting process; and | |
| ● | As a high-growth, smaller reporting company that became responsible for listed financial reporting, we have a limited staff and budget available to adequately test and monitor the effectiveness of certain internal controls. |
Remediation Plan
Our management is actively engaged and committed to taking the steps necessary to remediate the control deficiencies that constituted the material weaknesses. During fiscal year 2025, we continued documenting and enhancing accounting policies, procedures and controls to achieve complete, accurate, and timely financial accounting, reporting and disclosures including controls over the preparation and review of account reconciliations, journal entries and classification of certain costs.
Our remediation activities will continue during fiscal year 2026. In addition to the above actions, additional activities may include:
| ● | Hiring additional qualified accounting staff to enable additional separation of duties; | |
| ● | Engaging external consultants to provide support and to assist us in our evaluation of more complex applications of U.S. GAAP, and to assist us with documenting and assessing our accounting policies and procedures until we have sufficient technical accounting resources; and | |
| ● | Implementing business process-level controls across all significant accounts and information technology general controls across all relevant systems. This includes providing training for control owners that will present expectations as it relates to the control design, execution and monitoring of such controls, including enhancements to the documentation to evidence the execution of the controls. |
We continue to enhance corporate oversight over process-level controls and structures to ensure that there is appropriate assignment of authority, responsibility, and accountability to enable remediation of our material weaknesses. We believe that our remediation plan will be sufficient to remediate the identified material weaknesses and strengthen our controls. As we continue to evaluate, and work to improve our controls, management may determine that additional measures to address control deficiencies or modifications to the remediation plan are necessary.
| 57 |
While we have performed certain remediation activities to strengthen our controls to address the identified material weaknesses, control weaknesses are not considered remediated until new internal controls have been operational for a period of time, are tested, and management concludes that these controls are operating effectively. We will continue to monitor the effectiveness of our remediation measures in connection with our future assessments of the effectiveness of internal control over financial reporting and disclosure controls and procedures, and we will make any changes to the design of our plan and take such other actions that we deem appropriate given the circumstances.
Management’s Annual Report on Internal Control over Financial Reporting
Management is responsible for establishing and maintaining adequate internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) of the Exchange Act) of the Company. Internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with U.S. GAAP.
The information set forth under “Material Weaknesses” above is incorporated herein by reference.
Management, under the supervision of the Company’s CEO and CFO, conducted an evaluation, as of September 30, 2025, of the effectiveness of internal control over financial reporting based on the framework in 2013 Internal Control – Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this evaluation, management concluded that the Company’s internal control over financial reporting was not effective as of September 30, 2025.
Changes in Internal Control over Financial Reporting
There have been no changes in the Company’s internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) during the fiscal year ended September 30, 2025, covered by this Form 10-K that have materially affected, or are reasonably likely to materially affect, the Company’s internal control over financial reporting, other than described herein. We are continuing to take steps to remediate the material weaknesses in our internal control over financial reporting, as discussed above.
Inherent Limitation on the Effectiveness of Internal Control
Readers are cautioned that internal control over financial reporting, no matter how well designed, has inherent limitations and may not prevent or detect misstatements. Therefore, even effective internal control over financial reporting can only provide reasonable assurance with respect to the financial statement preparation and presentation.
This annual report does not include an attestation report of the Company’s registered public accounting firm regarding internal control over financial reporting. Management’s report was not subject to attestation by the Company’s registered public accounting firm pursuant to rules of the SEC that permit the Company to provide only management’s report in this annual report.
ITEM 9B. OTHER INFORMATION
ITEM 9C. DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS
None.
| 58 |
PART III
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS, AND CORPORATE GOVERNANCE
Information regarding directors and executive officers of the Company, as well as the required disclosures with respect to the Company’s audit committee financial expert, is incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2025.
The Company has adopted a Code of Ethics that applies to all our directors, officers and employees, including our Chief Executive Officer and Chief Financial Officer. The complete text of this Code of Ethics is available on the SEC’s EDGAR system as described in Part IV, Item 15 of this Form 10-K.
ITEM 11. EXECUTIVE COMPENSATION
Information regarding executive compensation of our directors and officers, is incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2025.
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
Information regarding security ownership of certain beneficial owners and management and the Company’s equity compensation plans are incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2025.
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
Information regarding certain relationships and related transactions and director independence is incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2025.
ITEM 14. PRINCIPAL ACCOUNTANT FEES AND SERVICES
Information regarding principal accounting fees and services is incorporated herein by reference to the information included in our Proxy Statement for our next Annual Meeting of Stockholders which will be filed with the SEC within 120 days after the end of our fiscal year 2025.
| 59 |
PART IV
ITEM 15. EXHIBITS AND FINANCIAL STATEMENT SCHEDULES
| (a) | Documents filed as part of this report: | |
| 1. | Financial Statements | |
| The financial statements and schedules required by this Item 15 are set forth in Part II, Item 8 of this Form 10-K. | ||
| (b) | Exhibits. The following exhibits are filed as a part of this report: |
Exhibit Number |
Description of Document | |
| 2.1 | Agreement and Plan of Merger by and between Cipherloc Corporation, a Texas corporation and Cipherloc Corporation, a Delaware corporation (incorporated by reference to Exhibit 2.1 to Current Report on Form 8-K filed September 17, 2021). | |
| 3.1 | Certificate of Incorporation of Cipherloc Corporation, a Delaware corporation (incorporated by reference to Exhibit 3.1 to the Company’s Current Report on Form 8-K filed on September 30, 2021). | |
| 3.2 | Bylaws (incorporated by reference to Exhibit 3.2 to the Company’s Current Report on Form 8-K, filed on September 30, 2021). | |
| 3.3 | Certificate of Amendment of Certificate of Incorporation of the Company (incorporated by reference to Exhibit 3.2 to the Company’s Current Report on Form 8-K filed July 6, 2022). | |
| 3.4 | Certificate of Designation of Series A Preferred Stock (incorporated by reference to Exhibit 3.1 to the Company’s Current Report on Form 8-K filed July 6, 2022). | |
| 4.1* | Description of the Registrant’s Securities Registered Pursuant to Section 12 of the Securities Exchange Act of 1934. | |
| 10.1 | Form of Securities Purchase Agreement between Cipherloc, a Texas corporation and the several purchasers of the Company’s units (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on April 8, 2021). | |
| 10.2 | Form of Registration Rights Agreement dated March 31, 2021 (incorporated by reference to Exhibit 10.2 to the Company’s Current Report on Form 8-K filed on April 8, 2021). | |
10.3 |
2018 Common Stock Purchase Warrant issued to the placement agents associated with a 2018 private placement conducted by Paulson Investment Company, LLC. | |
| 10.4 | 2021 Common Stock Purchase Warrant issued to the placement agents associated with a 2021 private placement conducted by Paulson Investment Company, LLC. | |
| 10.5 | 2021 Common Stock Purchase Warrant issued to the investors in the 2021 private placement conducted by Paulson Investment Company, LLC. | |
| 10.6 | Letter Agreement with Paulson Investment Company, LLC (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on July 28, 2021). | |
| 10.7† | Ryan Polk Executive Employment Agreement (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on October 12, 2021). | |
| 10.8† | 2021 Omnibus Equity Incentive Plan approved by the Company’s stockholders at the 2021 Annual Meeting held September 13, 2021 (incorporated by reference to Appendix A to the Company’s Definitive Proxy Statement filed on July 20, 2021). | |
| 10.9† | Brian Haugli Executive Employment Agreement (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on July 6, 2022). | |
| 10.10 | Independent Contractor Agreement by and between the Company and Thomas Wilkinson (Thomas W. Wilkinson, CPA, PLLC) dated December 28, 2022 (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on December 30, 2022). | |
| 10.11† | Ryan Polk 2023 Compensation Change Authorization (incorporated by reference to Exhibit 10.1 to the Company’s Current Report on Form 8-K filed on May 5, 2023). | |
| 10.12 | Offer to Exchange Common Stock for Certain Outstanding Warrants, dated August 21, 2023 (incorporated by reference to Exhibit (a)(1)(A) to the Schedule TO filed on August 22, 2023). | |
| 10.13 | Notice of Extension of the Offer to the Holders of the Warrants, dated September 19, 2023 (incorporated by reference to Exhibit (a)(1)(I) to the Schedule TO Amendment No. 2 filed on September 20, 2023. | |
| 10.14 | Notice of Withdrawal of the Offer to the Holders of Warrants, dated November 3, 2023 (incorporated by reference to Exhibit (a)(1)(J) to the Schedule TO Amendment No. 3 filed on November 3, 2023). | |
| 10.15 | Offer to Exchange Common Stock for Certain Outstanding Warrants, dated November 6, 2023 (incorporated by reference to Exhibit (a)(1)(A) to the Schedule TO filed on November 7, 2023). | |
| 10.16 | 2023 Common Stock Purchase Warrant as Amended on November 14, 2023, dated November 14, 2023 (incorporated by reference to Exhibit (a)(1)(F) to the Schedule TO Amendment No. 1 filed on November 14, 2023). | |
| 10.17 | Offer to Exchange Common Stock and New Warrants for 2021 Investor Warrants and Amended on December 1, 2023 (incorporated by reference to Exhibit (a)(1)(H) to the Schedule TO Amendment No. 2 filed on December 4, 2023). | |
| 14.1 | Code of Ethics for Directors, Officers and Employees of SideChannel and its Affiliates, dated August 8, 2019 (incorporated by reference to Exhibit 14.1 to the Company’s Current Report on Form 8-K, filed on August 12, 2019). | |
| 19.1 | SideChannel Insider Trading Policy adopted on March 14, 2024. | |
| 21.1 | Subsidiaries of the Registrant. | |
| 23.1* | Consent of Independent Registered Public Accounting Firm. | |
| 24.1* | Power of Attorney (included on signature page) | |
| 31.1* | Certification of Principal Executive Officer Pursuant to the Securities Exchange Act of 1934, Rules 13a-14 and 15d-14, as adopted pursuant to Section 302 of the Sarbanes-Oxley Act of 2002. | |
| 31.2* | Certification of Principal Financial Officer Pursuant to the Securities Exchange Act of 1934, Rules 13a-14 and 15d-14, as adopted pursuant to Section 302 of the Sarbanes-Oxley Act of 2002. | |
| 32.1** | Certification of Principal Executive Officer and Principal Financial Officer Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002. | |
| 101.INS* | Inline XBRL Instance Document. | |
| 101.SCH* | Inline XBRL Taxonomy Extension Schema Document. | |
| 101.CAL* | Inline XBRL Taxonomy Extension Calculation Linkbase Document. | |
| 101.LAB* | Inline XBRL Taxonomy Extension Label Linkbase Document. | |
| 101.PRE* | Inline XBRL Taxonomy Extension Presentation Linkbase Document. | |
| 101.DEF* | Inline XBRL Taxonomy Extension definition Linkbase Document. | |
| 104* | Cover Page Interactive Data File (formatted as Inline XBRL and contained in the Exhibit 101 attachments). |
† Indicates management or compensatory plan or arrangement
* Filed herewith
** Furnished herewith
EXHIBIT 16. FORM 10-K SUMMARY
None
| 60 |
SIGNATURES
In accordance with Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, there unto duly authorized.
| SideChannel, Inc. | ||
| Date: December 18, 2025 | By: | /s/ Brian Haugli |
| Brian Haugli | ||
| President and Chief Executive Officer | ||
| Date: December 18, 2025 | By: | /s/ Ryan Polk |
| Ryan Polk | ||
| Chief Financial Officer | ||
POWER OF ATTORNEY
Each person whose signature appears below hereby appoints Brian Haugli and Ryan Polk, and each of them, as attorney-in-fact with full power of substitution to execute in the name and on behalf of the registrant and each such person, individually and in each capacity stated below, one or more amendments to the annual report on Form 10-K, which amendments may make such changes in the report as the attorney-in-fact acting deems appropriate and to file any such amendment to the annual report on Form 10-K with the Securities and Exchange Commission. Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities and on the dates indicated.
In accordance with the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Company and in the capacities and on the dates indicated.
| Date: December 18, 2025 | By: | /s/ Brian Haugli |
| Brian Haugli | ||
| President, Chief Executive Officer, and Director (principal executive officer) | ||
| Date: December 18, 2025 | By: | /s/ Ryan Polk |
| Ryan Polk | ||
| Chief Financial Officer (principal financial officer and principal accounting officer) | ||
| Date: December 18, 2025 | By: | /s/ Deborah MacConnel |
| Deborah MacConnel | ||
| Chairwoman of the Board | ||
| Date: December 18, 2025 | By: | /s/ Robert Brown |
| Robert Brown | ||
| Director | ||
| Date: December 18, 2025 | By: | /s/ Nick Hnatiw |
| Nick Hnatiw | ||
| Chief Technology Officer and Director | ||
| Date: December 18, 2025 | By: | /s/ Hugh Regan, Jr. |
| Hugh Regan, Jr. | ||
| Director | ||
Date: December 18, 2025 |
By: | /s/ Anna Seacat |
| Anna Seacat | ||
| Director |
| 61 |
FAQ
What does SideChannel (SDCH) do and what is its core business model?
SideChannel, Inc. is a cybersecurity advisory services and software company focused on mid‑market and emerging organizations. Its core offerings are virtual Chief Information Security Officer (vCISO) services and cybersecurity software and services, including its proprietary Enclave platform, which supports zero trust architectures, network microsegmentation, and machine‑identity‑based access control.
How much did SideChannel (SDCH) spend on R&D and sales in fiscal 2025?
For the fiscal year ended September 30, 2025, SideChannel’s research and development expenditures were
What is SideChannel’s (SDCH) financial condition and cash runway?
SideChannel reported an accumulated deficit of
How many SideChannel (SDCH) shares are outstanding and what is its recent market value?
As of December 17, 2025, SideChannel had 231,229,054 shares of common stock outstanding. On March 31, 2025, the last business day of its most recently completed second fiscal quarter, the aggregate market value of common equity held by non‑affiliates was approximately
What are the main risks for SideChannel (SDCH) shareholders mentioned in this 10-K?
The filing highlights several key risks: volatility and thin trading of its OTCQB‑quoted penny stock; potential dilution from future equity issuances, stock plans, and 2021 private placement warrants with anti‑dilution provisions; continued operating losses and an accumulated deficit of
How does SideChannel (SDCH) generate revenue from its cybersecurity offerings?
SideChannel reports revenue in two categories. vCISO Services are provided on a virtual, outsourced basis, typically under fixed monthly subscriptions with engagement terms often exceeding 12 months. Cybersecurity Software and Services includes its Enclave software, other cybersecurity products and services, licensing revenue from software contracts, and commissions from third‑party service providers and value‑added resellers.
How many employees does SideChannel (SDCH) have and where is it based?
As of September 30, 2025, SideChannel had 23 full‑time employees and approximately 15 independent contractors. The company’s principal executive offices are located at 146 Main Street, Suite 405, Worcester, MA 01608, and its main telephone number is (508) 925‑0114.
