UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 20-F

(Mark One)

☐ REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR SECTION 12(g) OF THE SECURITIES EXCHANGE ACT OF 1934

OR

☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2022

OR

☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from         to         

OR

☐ SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

Date of event requiring this shell company report

Commission file number:  001-41634

HUB Cyber Security Ltd.

(Exact name of Registrant as specified in its charter)

Not Applicable

(Translation of Registrant’s name into English)

State of Israel

(Jurisdiction of incorporation or organization)

17 Rothschild Blvd
Tel Aviv, Israel 6688120

(Address of principal executive offices)

Uzi Moskovich

Chief Executive Officer

+972-3-924-4074

HUB Cyber Security Ltd.
17 Rothschild Blvd
Tel Aviv, Israel 6688120

(Name, Telephone, E-mail and/or Facsimile number and Address of Company Contact Person)

Securities registered or to be registered, pursuant to Section 12(b) of the Act

Securities registered or to be registered pursuant to Section 12(g) of the Act: None

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None

Indicate the number of outstanding shares of each of the issuer’s classes of capital stock or common stock as of the close of the period covered by the annual report. As of December 31, 2022, the registrant had 88,791,362 ordinary shares outstanding, no par value. As of July 31, 2023, the registrant had 98,110,712 ordinary shares outstanding, no par value.

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.

Yes ☐    No ☒

If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934.

Yes ☐     No ☒

Note—Checking the box above will not relieve any registrant required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 from their obligations under those Sections.

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

Yes ☐     No ☒

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).

Yes ☒     No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:

If “Other” has been checked in response to the previous question indicate by check mark which financial statement item the registrant has elected to follow.

Item 17 ☐     Item 18 ☐

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).

Yes ☐     No ☒

CONTENTS

ABOUT THIS ANNUAL REPORT

Except where the context otherwise requires or where otherwise indicated in this Annual Report, the terms “HUB Cyber Security Ltd.,” “HUB Security,” “HUB,” the “Company,” “we,” “us,” “our,” “our company” and “our business” refer to HUB Cyber Security Ltd. and its subsidiaries.

All references in this Annual Report to “Business Combination” refer to the transactions effected under the merger agreement, dated as of March 23, 2022 (the “Merger Agreement”), by and among Mount Rainier Acquisition Corp., a Delaware corporation (“RNER”), HUB and Rover Merger Sub, Inc., a Delaware corporation and wholly owned subsidiary of HUB (“Merger Sub”). Pursuant to the Merger Agreement, Merger Sub merged with and into RNER, with RNER surviving the merger. Upon consummation of the Business Combination and the other transactions contemplated by the Merger Agreement on February 28, 2023, RNER became a wholly owned subsidiary of HUB.

All references in this Annual Report to “Israeli currency” and “NIS” refer to New Israeli Shekels, the terms “dollar,” “USD” or “$” refer to U.S. dollars and the terms “€” or “euro” refer to the currency introduced at the start of the third stage of European economic and monetary union pursuant to the treaty establishing the European Community, as amended.

PRESENTATION OF FINANCIAL AND OTHER INFORMATION

Our financial statements have been prepared in accordance with International Financial Reporting Standards as issued by the IASB (“IFRS”). We present our consolidated financial statements in U.S. dollars.

Our fiscal year ends on December 31 of each year. References to fiscal 2020 and 2020 are references to the fiscal year ended December 31, 2020, references to fiscal 2021 and 2021 are references to the fiscal year ended December 31, 2021, and references to fiscal 2022 and 2022 are references to the fiscal year ended December 31, 2022.

Market and Industry Data

Unless otherwise indicated, information contained in this Annual Report concerning our industry and the regions in which we operate, including our general expectations and market position, market opportunity, market share and other management estimates, is based on information obtained from various independent publicly available sources and other industry publications, surveys and forecasts, which we believe to be reliable based upon our management’s knowledge of the industry. We assume liability for the accuracy and completeness of such information to the extent included in this Annual Report. Such assumptions and estimates of our future performance and growth objectives and the future performance of our industry and the markets in which we operate are necessarily subject to a high degree of uncertainty and risk due to a variety of factors, including those discussed under the headings “Cautionary Statement Regarding Forward-Looking Statements” Item 3.D. “Key Information—Risk Factors” and Item 5. “Operating and Financial Review and Prospects” in this Annual Report.

Certain monetary amounts, percentages and other figures included in this Annual Report have been subject to rounding adjustments. Certain other amounts that appear in this Annual Report may not sum due to rounding. Revenue shown throughout this Annual Report is revenue from continuing operations, unless otherwise stated.

Unless otherwise noted, in this Annual Report we cite a source the first time a statement relying upon that source is made, and do not include citations subsequently when that statement is repeated.

Trademarks

This Annual Report contains references to trademarks, trade names and service marks belonging to other entities. Solely for convenience, trademarks, trade names and service marks referred to in this Annual Report may appear without the ® or TM symbols, but such references are not intended to indicate, in any way, that the applicable licensor will not assert, to the fullest extent under applicable law, its rights to these trademarks and trade names. We do not intend our use or display of other companies’ trade names, trademarks or service marks to imply a relationship with, or endorsement or sponsorship of us by, any other companies.

CAUTIONARY STATEMENT REGARDING FORWARD-LOOKING STATEMENTS

In addition to historical facts, this Annual Report contains forward-looking statements within the meaning of Section 27A of the U.S. Securities Act of 1933, as amended (the “Securities Act”), Section 21E of the U.S. Securities Exchange Act of 1934, as amended (the “Exchange Act”) and the safe harbor provisions of the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are principally contained in the sections entitled Item 3.D. “Key Information—Risk Factors,” Item 4. “Information on the Company,” and Item 5. “Operating and Financial Review and Prospects.” In some cases, these forward-looking statements can be identified by words or phrases such as “may,” “might,” “will,” “could,” “would,” “should,” “expect,” “plan,” “anticipate,” “intend,” “seek,” “believe,” “estimate,” “predict,” “potential,” “continue,” “contemplate,” “possible” or similar words. Statements regarding our future results of operations and financial position, growth strategy and plans and objectives of management for future operations, including, among others, expansion in new and existing markets, are forward-looking statements.

Forward-looking statements involve a number of risks, uncertainties and assumptions, and actual results or events may differ materially from those projected or implied in those statements. Important factors that could cause such differences include, but are not limited to:

Our estimates and forward-looking statements are mainly based on our current expectations and estimates of future events and trends which affect or may affect our business, operations and industry. Although we believe that these estimates and forward-looking statements are based upon reasonable assumptions, they are subject to numerous risks and uncertainties.

These forward-looking statements are subject to a number of known and unknown risks, uncertainties, other factors and assumptions, including the risks described in Item 3.D “Key Information—Risk Factors” and elsewhere in this Annual Report.

You should not rely on forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this Annual Report primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition and operating results. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties and other factors described in the section titled “Risk factors” and elsewhere in this Annual Report. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this Annual Report. The results, events and circumstances reflected in the forward-looking statements may not be achieved or occur, and actual results, events or circumstances could differ materially from those described in the forward-looking statements.

In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based on information available to us as of the date of this Annual Report. While we believe that information provides a reasonable basis for these statements, that information may be limited or incomplete. Our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all relevant information. These statements are inherently uncertain, and investors are cautioned not to unduly rely on these statements. We qualify all of our estimates and forward-looking statements by these cautionary statements.

The forward-looking statements made in this Annual Report relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report to reflect events or circumstances after the date of this Annual Report or to reflect new information or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures or investments.

PART I

Item 1. Identity of Directors, Senior Management and Advisers

Not applicable.

Item 2. Offer Statistics and Expected Timetable

Not applicable.

Item 3. Key Information

A. [Reserved.]

B. Capitalization and Indebtedness

Not applicable.

C. Reasons for the Offer and Use of Proceeds

Not applicable.

D. Risk Factors

You should carefully consider the risks described below before making an investment decision. Additional risks not presently known to us or that we currently deem immaterial may also impair our business operations. Our business, financial condition or results of operations could be materially and adversely affected by any of these risks. The trading price and value of our ordinary shares could decline due to any of these risks, and you may lose all or part of your investment. This Annual Report also contains forward-looking statements that involve risks and uncertainties. Our actual results could differ materially from those anticipated in these forward-looking statements as a result of certain factors, including the risks faced by us described below and elsewhere in this Annual Report. See “Cautionary Statement Regarding Forward-Looking Statements” on page iv of this Annual Report. Such risks include, but are not limited to:

Risks Relating to the Internal Investigation, Our Ability to Continue as a Going Concern, Our Internal
Controls and Related Matters

Our previously disclosed internal investigation was initiated to review allegations of misappropriation of Company funds and other potential fraudulent actions regarding the use of Company funds by a former senior officer of the Company. As a result of or in connection with the matters that were the subject of the investigation, we may become subject to certain regulatory scrutiny. We are unable to predict the timing of completion or the effectiveness of any remediation measures recommended by the Special Committee.  In addition, we have incurred and may continue to incur substantial costs in connection with the internal investigation, which could have a material adverse effect on our business, financial condition and results of operations. 

As previously disclosed in the Company’s Report of Foreign Private Issuer on Form 6-K on April 20, 2023, our board of directors appointed a Special Committee of Independent Directors (the “Special Committee”) to oversee an internal investigation (the “Internal Investigation”) in order to review certain allegations of misappropriation of Company funds and other potential fraudulent actions regarding the use of Company funds by a former senior officer of the Company. During the course of the Internal Investigation, the Special Committee, together with its outside advisers, believed that it found sufficient evidence to support a determination that Mr. Eyal Moshe, our former Chief Executive Officer and President of U.S. operations and former member of the board of directors, and Ms. Ayelet Bitan, our former Chief of Staff and wife of Mr. Moshe, misappropriated (from a Company bank account over which Mr. Moshe had sole signatory rights) a total of approximately NIS 2 million (approximately $582 thousand) for personal use. Further, in certain instances, evidence reviewed by the Special Committee demonstrated that Mr. Moshe authorized payments to contractors without either (i) proper documentation and signatory approval; or (ii) required budget and expense reports. The employment of Eyal Moshe, was terminated effective July 24, 2023 for cause and Mr. Moshe resigned from our board on August 15, 2023. Additionally, the Company has commenced a legal action in Israel against Ms. Bitan to dispute her requests for severance payments in accordance with Israeli law in connection with these determinations by the Special Committee.

Additionally, the Special Committee believed that it found sufficient evidence to determine that, one of the controllers of the Company, with the permission of Mr. Moshe, used Company credit cards for personal use in the amount of approximately NIS 400,000 (approximately $110 thousand). These personal expenses were neither factored into the controller’s payroll nor properly documented in the Company’s financial books and records. Additionally, Mr. Moshe approved a bonus of NIS 250,000 to the controller. However, this bonus was not paid to the controller but instead was paid to a third-party at the controller’s direction.

The Internal Investigation is complete, although the Company continues to pursue recovery of the misappropriated funds. These events regarding the Special Committee and Internal Investigation are the subject of possible regulatory review and expose the Company and its directors and officers to possible investigations and possible enforcement actions by regulators both in Israel and the United States, including the Israel Securities Authority (“ISA”), Israel Tax Authority, U.S. Securities and Exchange Commission (“SEC”), the Nasdaq Stock Market LLC (“Nasdaq”) and/or U.S. Department of Justice (“DOJ”). The Company has provided certain information and documentation to certain regulatory authorities and is prepared to respond to any regulatory inquiry it may receive. The Company’s management and its board of directors do not currently believe there are any impacts on the Company’s financial statements. If the Company were to be subject to an investigation or enforcement action from a regulatory agency it could have a material adverse effect on the Company’s business, financial position and results of operations. 

If any federal authorities were to ultimately determine that the Company violated any laws or regulations, the Company may be exposed to a broad range of civil and criminal sanctions including, but not limited to, injunctive relief, disgorgement, fines, penalties, modifications to business practices including the termination or modification of existing business relationships, the imposition of compliance programs and the retention of a monitor to oversee future compliance by the Company, which could be costly and burdensome to our management, and could adversely impact our business, prospects, reputation, financial condition, liquidity, results of operations or cash flows. Even if an inquiry or investigation does not result in any adverse determinations, it potentially could create negative publicity and give rise to third-party litigation or other actions, which could also have a material adverse effect on our business, financial condition, results of operations and cash flows.

The Special Committee is neither a civil nor a criminal a court of law and no court has yet substantiated the findings of the Special Committee. It is possible that a court of law may find differently than the Special Committee has, which could expose the Company to counterclaims from Mr. Moshe, Ms. Bitan or others. Additionally, while we have informed Mr. Moshe that he has been summarily dismissed as an employee, Mr. Moshe resigned from our board of directors and we have commenced a legal action in Israel against Ms. Bitan to dispute her requests for severance payments in accordance with Israeli law, there can be no assurance that Mr. Moshe, Ms. Bitan or others will not bring forth any claims or commence any litigation against us in connection with Mr. Moshe’s dismissal, his resignation from the board, our challenging Ms. Bitan’s severance payments or the publication of the Special Committee’s findings from the Internal Investigation.

Further, we have incurred substantial costs and diverted management resources in connection with the Internal Investigation, and the Internal Investigation itself caused us to fail to timely file our Annual Report on Form 20-F with the SEC. We may also incur material costs associated with our indemnification arrangements with our current and former directors and certain of our officers, as well as other indemnitees related to law suits or regulatory proceedings that have arisen and may arise in the future from the Internal Investigation.

Our reported material weaknesses in internal control over financial reporting subjects us to additional litigation and regulatory examinations, investigations, proceedings or court orders, including additional cease and desist orders, the suspension of trading of our securities, delisting of our securities, the assessment of civil monetary penalties and other equitable remedies. In addition, the remediation of the material weaknesses (set forth below in Item 15. Controls and Procedures) will require us to incur additional costs and to divert management resources in the upcoming periods, which could adversely affect our business, financial condition, results of operations, and growth prospects.

We are a company with a history of net losses and anticipate that we may incur net losses for the foreseeable future and may never be profitable. Moreover, our independent registered public accounting firm’s report, contained herein, includes an explanatory paragraph that expresses substantial doubt about our ability to continue as a going concern, indicating the possibility that we may not be able to continue to operate in the future.

We have incurred net losses in each year since our inception, including net losses of $80,000 thousand and $13,623 thousand in the years ended December 31, 2022, and 2021, respectively. In addition, we may continue to incur net losses for the foreseeable future, and we may not achieve or maintain profitability in the future. Because the market for our network security solutions and products is rapidly evolving and has not yet reached widespread adoption, it is difficult for us to predict our future results of operations or the limits of our market opportunity. We expect our operating expenses to be temporarily reduced in 2023 and to begin increasing significantly over the next several years, as we expand our operations and infrastructure, continue to attempt to recover and enhance our brand, develop and expand our product features, integrations, and enhancements, and increase our spending on sales and marketing. We cannot be certain when, if ever, we will become profitable. Even if we were to become profitable, we might not be able to sustain such profitability on a quarterly or annual basis.

Primarily because of our losses incurred to date, our expected continued future losses, our default on existing debt facilities and limited cash balances, our independent registered public accounting firm has included in its report an explanatory paragraph expressing substantial doubt about our ability to continue as a going concern. We are generating negative cash flow, requiring constant and immediate cash injections to continue to operate, failing to meet obligations as they become due, including financial, suppliers debts and other ordinary course of operations costs. In addition, and as a result of our ongoing operating losses, we had outstanding liabilities that could not be met by our revenues, including payments due to our debt holders, vendors and service providers. We are currently negotiating with our debt holders with whom we are currently in default to extend the term of their notes or to convert the same into our ordinary shares. Our ability to continue as a going concern is contingent upon, among other factors, the sale of ordinary shares to obtain additional funding to support our operations and/or obtaining alternate financing and the ability to cure our outstanding defaults or that these obligations may be negotiated on terms that are favorable to us, if at all. Management currently believes that it will be necessary for us to secure additional funds to continue our existing business operations and to fund our obligations. We have raised and will likely continue to seek to raise additional funds during 2023 through a variety of equity and/or debt financing arrangements; however, there can be no assurance that we will be able to obtain funds on commercially acceptable terms, if at all. If we cannot generate sufficient revenues, reduce cost and/or secure additional financing on acceptable terms, we may be required to, among other things, alter our business strategy, significantly curtail or discontinue operations or obtain funds by entering into financing agreements on unattractive terms. See “—We will likely be required to raise additional funds in the near future in order to execute our business plan and these funds may not be available to us when we need them. If we cannot raise additional funds when we need them, our business, prospects, financial condition and operating results could be negatively affected” below for additional information.

We have identified material weaknesses in our internal control over financial reporting. If our remediation of the material weaknesses is not effective, or we fail to develop and maintain effective internal controls over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable laws and regulations could be impaired.

As described above, we appointed the Special Committee to oversee an internal investigation related to alleged misappropriation of Company funds and other potentially fraudulent actions regarding the use of Company funds by a former senior officer of the Company. As such, when preparing the financial statements that are included in this Annual Report, our management and our independent registered public accounting firm determined that we have material weaknesses in our internal control over financial reporting as of December 31, 2021, which had not been remedied as of December 31, 2022. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim consolidated financial statements will not be prevented or detected on a timely basis.

The material weaknesses as of December 31, 2022 and 2021 identified include, but are not limited to:

As a result of the material weaknesses, management has concluded that our internal control over financial reporting was ineffective as of each of December 31, 2022 and 2021.

Further, there can be no guarantee that the Internal Investigation and subsequent inquiries revealed all instances of inaccurate disclosure or other deficiencies, or that other existing or past inaccuracies or deficiencies will not be revealed in the future. Our failure to correct these deficiencies or our failure to discover and address any other deficiencies could result in inaccuracies in our financial statements and could also impair our ability to comply with applicable financial reporting requirements and related regulatory filings on a timely basis. As a result, our business, financial condition, results of operations and prospects, as well as the trading price of our ordinary shares and warrants, may be materially adversely affected.

We, together with any additional remediation actions to be suggested by the Special Committee, have taken and will continue to take the following actions to remediate these material weaknesses:

We cannot assure you the measures we are taking to remediate the material weaknesses will be sufficient or that they will prevent future material weaknesses. Additional material weaknesses or failure to maintain effective internal control over financial reporting could cause us to fail to meet our reporting obligations as a public company and may result in a restatement of our financial statements for prior periods. In addition, these deficiencies could cause investors to lose confidence in our reported financial information, limiting our access to capital markets, adversely affecting our operating results and leading to declines in the trading price of our ordinary shares and warrants.

Our independent registered public accounting firm is not required to attest to the effectiveness of our internal control over financial reporting until after we are no longer an “emerging growth company” as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event our internal controls over financial reporting do not operate effectively. If we are not able to complete our initial assessment of our internal controls and otherwise implement the requirements of Section 404 of the Sarbanes-Oxley Act in a timely manner or with adequate compliance, our independent registered public accounting firm may not be able to certify as to the effectiveness of our internal controls over financial reporting. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will eventually be required to include in its periodic reports that are filed with the SEC. If we are unable to remediate our existing material weakness or identify additional material weaknesses and are unable to comply with the requirements of Section 404 in a timely manner or assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting once we are no longer an emerging growth company, investors may lose confidence in the accuracy and completeness of the financial reports and the market price of our ordinary shares and warrants could be negatively affected, and we could become subject to investigations by Nasdaq, the SEC or other regulatory authorities, which could require additional financial and management resources. For more information regarding these remedial actions and enhancement measures, see “Item 15. Controls and Procedures—Material Weaknesses in Internal Control Over Financial Reporting.

The circumstances that led to the failure to file our Annual Report on time, and our efforts to investigate, assess and remediate those matters have caused and may continue to cause substantial delays in our SEC filings.

Our ability to resume a timely filing schedule with respect to our SEC reporting is subject to a number of contingencies, including whether and how quickly we are able to effectively remediate the identified material weaknesses in our internal control over financial reporting. Our filing of our Annual Report has been delayed and we cannot assure you we will be able to timely make our future filings.

In cases where we delay our filings, investors will need to evaluate certain decisions with respect to our ordinary shares and warrants in light of our lack of current financial information. Accordingly, any investment in our ordinary shares and/or warrants may involve a greater degree of risk than other companies who are current on their public filings. Our lack of current public information may have an adverse impact on investor confidence, which could lead to a reduction in our share price or restrictions on our abilities to obtain financing in the public market, among others.

We are not currently in compliance with the continued listing standards of Nasdaq and our failure to meet the continued listing requirements of Nasdaq could result in a delisting of our securities. 

If we fail to satisfy the continued listing requirements of Nasdaq such as the corporate governance requirements or the minimum closing bid price requirement, Nasdaq will take steps to delist our securities. We did not timely file this Annual Report and the per share price of our ordinary shares has declined below the minimum bid price threshold required for continued listing on Nasdaq. Such a delisting would likely have a negative effect on the price of the securities and would impair shareholders’ ability to sell or purchase the securities when they wish to do so as well as adversely affect our ability to issue additional securities and obtain additional financing in the future.

On May 19, 2023, we received a notification letter from the Listing Qualifications Department of Nasdaq stating that we were not in compliance with the requirements of Nasdaq Listing Rule 5250(c)(1) (the “Reporting Rule”) as a result of not having timely filed this Annual Report with the SEC. Under the Nasdaq rules, the Company had 60 calendar days, or until July 18, 2023, to file this Annual Report or to submit to Nasdaq a plan to regain compliance with the Nasdaq Listing Rules.

On June 9, 2023, we received a deficiency notice from Nasdaq (the “Deficiency Notice”) informing us that our ordinary shares have failed to comply with the $1.00 minimum bid price required for continued listing under Nasdaq Listing Rule 5450(a)(1) (the “Minimum Bid Price Requirement”) based upon the closing bid price of our ordinary shares for the 30 consecutive business days prior to the date of the Deficiency Notice. The Deficiency Notice did not result in the immediate delisting of our ordinary shares from Nasdaq. In accordance with Nasdaq Listing Rule 5810(c)(3)(A), we were given 180 calendar days from June 9, 2023, or until December 6, 2023, to regain compliance with the Minimum Bid Price Requirement. If at any time before December 6, 2023, the bid price of our ordinary shares closes at $1.00 per share or more for a minimum of 10 consecutive business days, then Nasdaq will provide written confirmation that we have regained compliance.

On July 18, 2023, we submitted a plan of compliance to achieve and sustain compliance with all Nasdaq listing requirements, including the Reporting Rule and Minimum Bid Requirement. We filed our Annual Report on August 15, 2023 and intend to actively monitor our bid price.

In the event of a delisting, we can provide no assurance that any action taken by us to restore compliance with listing requirements would allow our securities to become listed again, stabilize the market price or improve the liquidity of our securities, prevent our securities from dropping below the Minimum Bid Price Requirement or prevent future non-compliance with Nasdaq’s listing requirements. Additionally, if our securities are not listed on, or become delisted from, Nasdaq for any reason, and are quoted on the OTC Bulletin Board, an inter-dealer automated quotation system for equity securities that is not a national securities exchange, the liquidity and price of HUB’s securities may be more limited than if it were quoted or listed on Nasdaq or another national securities exchange as the liquidity that Nasdaq provides would no longer be available to investors. Shareholders may be unable to sell their securities unless a market can be established or sustained, and we could face a lengthy process to re-list the ordinary shares, if at all.

We have previously financed our operations and certain capital needs through various debt, convertible debt and equity issuances. Our existing and future debt obligations could impair our liquidity and financial condition. We are currently in default under certain of our debt obligations. If we are unable to negotiate a solution for the payment of our outstanding debt or otherwise meet our debt obligations, the lenders could foreclose on our assets which could cause us to curtail or cease operations or have an adverse impact on our business, results of operations and financial condition and the price of our ordinary shares.

We are currently in default under certain of our debt and convertible obligations totaling approximately $20 million in debt (the “Outstanding Debt”). Upon an event of default under the Outstanding Debt, the holders of such debt may exercise all rights and remedies available under the terms of the notes or applicable laws. Some of the Outstanding Debt is payable through conversion into our ordinary shares, but we currently are unable to make such payments in ordinary shares due to our failure to timely file our Annual Report, our failure to register the ordinary shares issuable upon conversion and the current trading price of our ordinary shares.

We are currently in discussions with holders of the Outstanding Debt regarding possible solutions for the payment of the Outstanding Debt, including the possible extension of the outstanding obligations and, in some cases, maturity date of the Outstanding Debt. However, there can be no assurance that our discussions will be successful and, if we are not successful in finding an acceptable resolution to the existing default or the impending event of default, the holders of the Outstanding Debt will be able to seek judgement for the full amount due and may seek to foreclose on our assets, which would adversely affect our business or possibly force us to cease operations and commence liquidation proceedings. Our debt and financial obligations:

The Outstanding Debt could enable the lenders to foreclose on certain of our assets and could significantly diminish the market value and marketability of our ordinary shares and could result in the acceleration of other payment obligations or default under other contracts or possibly force us to cease operations and commence liquidation proceedings. In addition, the conversion of some or all of the Outstanding Debt into ordinary shares will dilute the ownership interests of our existing shareholders. Any sales in the public market of our ordinary shares issuable upon such conversion could adversely affect prevailing market prices of our ordinary shares. In addition, the existence of the Outstanding Debt may encourage short selling by market participants because the conversion of the Outstanding Debt would likely depress the price of our ordinary shares.

We will likely be required to raise additional funds in the near future in order to execute our business plan and these funds may not be available to us when we need them. If we cannot raise additional funds when we need them, our business, prospects, financial condition and operating results could be negatively affected. 

We may require additional capital in the future in order to fund our growth strategy or to respond to technological advancements, competitive dynamics or technologies, customer demands, business opportunities, challenges, acquisitions or unforeseen circumstances. We may also determine to raise equity or debt financing for other reasons. For example, in order to further enhance business relationships with current or potential customers or partners, we may issue equity or equity-linked securities to such current or potential customers or partners.

We may not be able to timely secure additional debt or equity financing on favorable terms, or at all. If we raise additional funds through the issuance of equity or convertible debt or other equity-linked securities, our existing shareholders could experience significant dilution. In addition, any debt financing obtained by us in the future, whether in the form of a credit facility or otherwise, could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to grow or support our business and to respond to business challenges could be significantly limited. In addition, because our decision to issue debt or equity in the future will depend on market conditions and other factors beyond our control, we cannot predict or estimate the amount, timing, nature or success of our future capital raising efforts.

Risks Related to Our Business and Industry 

An inability to attract new customers, retain existing customers and sell additional services to customers could adversely impact our revenue and results of operations.

Currently, we generate the majority of our revenues from our Professional Services division, which, among other services, enables enterprise clients to identify, manage and respond to cybersecurity threats with comprehensive, bundled solutions that provide a crucial layer of protection for organizations as well as a means to manage associated risk and compliance. More recently, we have bundled solutions under a package approach called HUB Guard that includes dashboards providing scoring on the customer’s cyber resiliency.

The ability to maintain or increase our revenues and achieve profitability may be impacted by a number of factors, including our ability to attract new customers, retain existing customers and sell our professional services to additional customers. We may incur higher customer acquisition or retention costs as we seek to grow our customer base and expand our markets. Moreover, to the extent we are unable to retain and sell additional services to existing customers, including as part of our initiative to address existing accounts that have substandard margins, our revenue and results of operations may decrease. For example, our Professional Services division has a large contract with a governmental agency in Israel, which is set to expire in December 2023. We, along with a number of other companies, have been invited to bid for a renewal of the contract. We cannot be certain that we will win the renewal of the tender and the customer is under no obligation to renew its services with us after the contract period expires. The loss of business from any of our major customers, whether by the cancellation of existing contracts, the failure to obtain renewal of these contracts or win new business or lower overall demand for our services, could materially and adversely impact our revenue and results of operations.

The termination of, or material changes to, our relationships with key vendors could materially adversely affect our business, financial condition and operating results, which could be exacerbated due to our reliance on a small number of vendors for a significant portion of our distribution and offerings in our Professional Services division.

We contract to purchase from specific vendors a significant portion of our distribution and offerings for our Professional Services division. For the year ended December 31, 2022, two vendors accounted for approximately 80% of inventory purchases. Given our lack of liquidity, we may not be able to pay these vendors in accordance with the trade terms we have previously negotiated with them, or such vendors may require certain financial assurances from us. In the event these vendors decide to terminate their relationships with us or cease supplying products or renegotiate the trade terms we currently have in place, such vendors may be difficult to replace and/or the products they supply us may be more expensive or of lesser quality. It can take a significant amount of time and resources to identify, develop and maintain relationships with vendors. The termination of, or material changes to, arrangements with key vendors, disagreements with key vendors as to payment or other terms, or the failure of a key vendor to meet its contractual obligations to us may require us to contract with alternative vendors. If we have to replace key vendors, we may be subject to pricing or other terms less favorable than those we currently enjoy, and it may be difficult to identify and secure relationships with alternative vendors that are able to meet our volume requirements and quality or other standards. If we cannot replace or engage vendors who meet our specifications and standards in a short period of time, we could encounter increased expenses, shortages of items, disruptions or delays in customer shipments. Such effects could be further exacerbated due to our reliance on a small number of vendors for the majority of our inventory purchases. If any of the above were to occur, we could experience delays in our ability to conduct our business and offer our professional services, experience cancellations and experience a reduction in sales revenue, any of which could materially adversely affect our business, financial condition and operating results.

Actions that we have taken to reduce costs and rebalance investments may not result in anticipated savings or operational efficiencies, could result in total costs and expenses that are greater than expected, and could disrupt our business.

Beginning in March 2023, we began implementing a plan to reduce our workforce in order to become more efficient in our costs and to optimize facilities-related costs. We adopted this plan to improve operational efficiencies and align our investments more closely with our strategic priorities. We may incur additional expenses associated with the reduction in our workforce not contemplated by our plan such as employment litigation costs, which may have an impact on other areas of our liabilities and obligations and contribute to losses in future periods. We may not realize, in full or in part, the anticipated benefits and savings from our plan due to unforeseen difficulties, delays or unexpected costs. If we are unable to realize the expected operational efficiencies and cost savings, our operating results and financial condition would be adversely affected.

Furthermore, ongoing implementation of our plan and reductions in force may be disruptive to our operations. For example, our workforce reduction could result in attrition beyond planned staff reductions, increased difficulties in our day-to-day operations and reduced employee morale. If employees who were not affected by the few rounds of reduction in force seek alternative employment, we could incur unplanned additional expense to ensure adequate resourcing and fail to attract and retain qualified management, sales and marketing personnel who are critical to our business. Our failure to do so could harm our business and our future performance.

Our limited operating history in the field of Confidential Computing makes it difficult to evaluate our business and future prospects and increases the risk of your investment. 

We began operations in 1984 as A.L.D. Advanced Logistics Development Ltd. (“ALD”) and are engaged in developing and marketing quality management software tools and solutions. HUB Cyber Security Ltd, was founded in 2017 by veterans of the elite Unit 8200 and Unit 81 of the Israeli Defense Forces, with deep experiences and proven track records in setting up and commercializing start-ups in a multi-disciplinary environment. HUB merged with ALD in June 2021 and began trading on the Tel Aviv Stock Exchange (the “TASE”). Following the merger with ALD, we have developed unique technology and products in the field of confidential computing (“Confidential Computing”), which is a rapidly evolving industry. Further, significant portions of our growth have been through mergers with, and acquisitions, of other companies. As a result, there is limited information that investors can use in evaluating our business, strategy, operating plan, results and prospects. While we currently derive the majority of our revenues from our Professional Services division, we intend to derive most of our revenues in the future from the delivery of our Confidential Computing protection solution, which is a newly developed technology. It is difficult to predict future revenues and appropriately budget for expenses, and we have limited insight into trends that may emerge and affect our business. To date we have only derived a small portion of our historical revenues from our Confidential Computing solution. In addition, we have encountered and expect to continue to encounter risks and uncertainties frequently experienced by growing companies in rapidly evolving industries, such as the risks and uncertainties described herein. As a result, if we do not address these risks successfully, or if the assumptions we use to plan and operate our business are incorrect or change, our results of operations could differ materially from our expectations and our business, financial condition and results of operations could be materially adversely affected.

The network security market is rapidly evolving within the increasingly challenging cyber threat landscape. If our solutions fail to adapt to market changes and demands, sales may not continue to grow or may decline. 

We offer a combined hardware and software solution that provides end-to-end data protection across all phases of data storage and processing. If customers do not recognize the benefit of our solutions as a critical layer of an effective security strategy, our revenues may fail to grow or otherwise decline. Security solutions such as ours create a protective envelope around each data processing component to protect data while it is being processed. However, advanced cyber attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations’ sensitive data and technology assets, including those of IT and cybersecurity providers. The techniques they use to access or sabotage networks or applications or to disrupt operations (for example, via ransomware) change frequently and are frequently not recognized until launched against a target. In addition, the COVID-19 pandemic has significantly impacted online behavior and the security of businesses and individuals, and we have observed a significant increase in cyber-attack activity since the beginning of the pandemic. We expect that our customers, and thereby our solutions, will face new and increasingly sophisticated methods of attack, particularly due to the increased use by attackers of tools and techniques that are designed to circumvent security controls, to avoid detection and to remove or obfuscate evidence. We face significant challenges in ensuring that our solutions effectively identify and respond to sophisticated attacks while avoiding disruption to our customers’ businesses. As a result, we must continually modify and improve our products and solutions in response to market and technology trends and evolvement, including obtaining interoperability with existing or newly introduced technologies and systems, to ensure we are meeting market needs and continuing to provide valuable solutions that can be deployed in a variety of IT environments. If we fail to identify and respond to new and increasingly complex methods of attack or to update our solutions to detect or prevent such threats in time to protect our customers’ critical business data, the integrity of our solutions and reputation, as well as our business and operating results, could suffer.

We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop or acquire product enhancements or new products or solutions to meet such needs or opportunities in a timely manner or at all. Additionally, we cannot guarantee that we will be able to comply with new regulatory requirements (see “— The dynamic regulatory environment around privacy and data protection may limit our offering or require modification of our products and services, which could limit our ability to attract new customers and support our existing customers and increase our operational expenses. We could also be subject to investigations, litigation, or enforcement actions alleging that we fail to comply with the regulatory requirements, which could harm our operating results and adversely affect our business.”). Furthermore, new technologies and solutions that may be introduced into the market may make our solutions obsolete, lowering the demand for our products and reducing our sales. Even if we are able to anticipate, develop and commercially introduce new features and solutions and ongoing enhancements to our existing solutions, there can be no assurance that such enhancements or new solutions will achieve widespread market acceptance. Delays in developing, completing or delivering new or enhanced solutions could cause our offerings to be less competitive, impair customer acceptance of our solutions and result in delayed or reduced revenue.

Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or if our customers experience security breaches, which could have a material adverse effect on our business, reputation and operating results. 

Network security products, solutions and services such as ours are complex in development, design and deployment and may contain errors, bugs, misconfigurations or vulnerabilities that are potentially incapable of being remediated or detected until after their deployment, if at all. Any real or perceived errors, bugs, design failures, defects, vulnerabilities, misconfigurations in our solutions or untimely or insufficient remediation thereof, could cause our solutions to not meet specifications, be vulnerable to security attacks or fail to secure networks or applications which could negatively impact customer operations and consequently harm our business and reputation.

In addition, we may suffer significant adverse publicity and reputational harm if our solutions are associated, or are believed to be associated with, or fail to reasonably protect against, a security attack or a breach at a high-profile customer. Moreover, any actual or perceived cyber-attack, other security breach, exposure or theft of ours or our customers’ data, regardless of whether the breach or theft is attributable to the failure of our solutions, could:

Furthermore, security breaches or defects in our solutions could result in loss or alteration of, or unauthorized access to, customers’ data and compromise our customers’ networks and applications that are secured by our solutions. If such a security breach results in the disruption or loss of availability, integrity or confidentiality of customers’ data, we could incur significant liability to our customers and to businesses or individuals whose information was being handled by our customers, in addition to regulatory agencies. There can be no assurance that limitation of liability, indemnification or other protective provisions that we attempt to include in our contracts would be applicable, enforceable or adequate in connection with a security breach, or would otherwise protect us from any such liabilities or damages with respect to any particular claim.

There is no guarantee that our solutions will be free of flaws or vulnerabilities. Our customers may also misuse or improperly install our solutions, which could result in vulnerabilities to a breach or theft of business data.

Competition in the market for cybersecurity solutions, in general, is intense. If we are unable to compete effectively, our business, financial condition and results of operations could be harmed. 

The network security solutions market in which we operate is characterized by intense competition, constant innovation, rapid adoption of different technological solutions and services, and evolving security threats. We compete with a multitude of companies that offer a broad array of network security products and that employ different approaches and delivery models to address these evolving threats.

Our primary competitors in the network security industry consist of Cisco Systems, Inc., Juniper Networks, Inc., Fortinet Inc., Check Point Software Technologies Ltd. and Palo Alto Networks, Inc., as well as companies that have network security capabilities as part of broader IT solutions offerings, such as Microsoft Corporation, McAfee, Inc., International Business Machines Corporation, Hewlett-Packard Enterprise Company and FireEye, Inc.

In addition, IT security spending is spread across a wide variety of solutions and strategies, including, for example, endpoint, network and cloud security, vulnerability management and identity and access management. Organizations continually evaluate their security priorities and investments and may allocate their IT security budgets to other solutions and strategies and may not adopt or expand use of our solutions. Accordingly, we may also compete for budgetary reasons with additional vendors that offer threat protection solutions in adjacent or complementary markets to ours.

Most of our competitors have greater financial, personnel and other resources than we have, which may limit our ability to effectively compete with them. We also expect to continue to face additional competition as new participants enter the market or extend their portfolios into related technologies. Current and future participants may also be able to respond more quickly to new or emerging technologies and changes in customer demands and to devote greater resources to the development, promotion and sale of their products than we can. Larger companies with substantial resources, brand recognition and sales channels may form alliances with or acquire competing security solutions and emerge as significant competitors.

Competition may result in lower prices or reduced demand for our solutions and a corresponding reduction in our ability to recover costs, which may impair our ability to achieve, maintain and increase profitability. Furthermore, the dynamic market environment poses a challenge in predicting market trends and expected growth. We cannot assure you that we will be able to implement our business strategy in a manner that will allow us to be competitive. If any of our competitors offer products or services that are more competitive than ours, we could lose market share and our business, financial condition and results of operations could be materially and adversely affected as a result.

Our ability to introduce new products, features, integrations and enhancements is dependent on adequate research and development resources. 

To remain competitive, we must maintain adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market. If we are unable to offer high level and new services in our Professional Services division, develop new products, features, integrations and enhancements internally due to certain constraints, such as employee turnover, a lack of management ability or a lack of other research and development resources, our business may be harmed. Moreover, research and development projects can be technically challenging and expensive. The nature of these research and development cycles may cause us to experience delays between the time we incur expenses associated with research and development and the time we are able to offer compelling features, integrations and enhancements and generate revenue, if any, from such investment. If we expend a significant amount of resources on research and development and our efforts do not lead to the successful introduction or competitive improvement of products, features, integrations and enhancements, it could harm our business, results of operations and financial condition. For example, we are in the process of developing our “single chip” solution, which is a complicated process and there is no assurance that we will be able to successfully release this solution as planned. In addition, our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors may harm our business, results of operations and financial condition.

If we are unable to acquire large enterprise customers for our security solutions or sell additional products and services to our existing customers, our future revenues and operating results will be harmed. 

Our success and continued growth will depend in part on our ability to convince large enterprises to adopt our technologies and solutions and selling incremental or new solutions to existing customers. If we are unable to succeed in such efforts, we will likely be unable to generate revenue growth at desired or projected rates. For example, in July 2022, we completed the acquisition of the cybersecurity assets of Legacy Technologies Gmbh (“Legacy”). At the time of the Legacy acquisition, our management believed that the acquisition could have the potential to bring in a considerable amount of new enterprises and government customers within the European Union (“EU”) and the Middle East. To date, we have yet to recognize any revenues or acquire new customers from the Legacy assets and it remains extremely uncertain as to when, if at all, we may be able to do so. For example, as of December 31, 2022, we identified indicators of impairment for the assets acquired from Legacy since no binding purchase orders had been signed nor significant progress had been made on the purchased customer relationships as was expected upon the purchase date. As a result, as of December 31, 2022 we determined that the assets acquired should be fully impaired.

In addition, competition in the industry may lead us to acquire fewer new customers or result in our providing more favorable commercial terms to new or existing customers. Macro-economic effects may also affect our ability to maintain our customer base and expand it.

Additional factors that impact our ability to acquire new customers or sell additional products and services to our existing customers include the consumption of their past purchases, a reduction in the perceived need for network security, the size of our prospective and existing customers’ IT budgets, the utility and efficacy of our solution offerings, whether proven or perceived, changes in our pricing models, and general economic conditions. These factors may have a material negative impact on future revenues and operating results.

We currently have and target many customers that are large corporations and government entities, which are subject to a number of challenges and risks, such as increased competitive pressures, administrative delays and additional approval requirements. 

Many of our existing and potential customers are large corporations and government agencies who store sensitive data. Selling to large corporations and government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that HUB will complete a sale. Large enterprise customers frequently demand terms of sale which are less favorable than the prevailing market terms. In addition, government demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, funding reductions, government shutdowns or delays, such that any of these occurrences may adversely affect public sector demand for our products. Finally, some large corporations and government entities require products such as ours to be certified by industry-approved security agencies as a pre-condition of purchasing them. We cannot be certain that any certificate will be granted or that we would be able to satisfy the technological and other requirements to maintain certifications. The loss of any of our existing certificates, or the failure to obtain new ones, could result in the imposition of various penalties, reputational harm, loss of existing customers or could deter new and existing customers from purchasing our solutions, any of which could adversely affect our business, operating results or financial condition.

The market’s acceptance of Confidential Computing as implemented by our solutions is not fully proven, is evolving and this market may develop more slowly than or differently from our expectations. 

Our solutions use a unique combination of hardware and software to provide network security. This method is different from traditional network security solutions that rely on software implementation of network perimeter protection. The market adoption of our solutions is relatively new, rapidly evolving and not fully proven. Accordingly, it is difficult to predict customer adoption and renewals and demand for our products and services, or the future growth rate, expansion, longevity and the size of the market for our products. Our ability to penetrate our target market depends on a number of factors, including: our ability to educate our target customers of the benefits of our solutions, the cost, performance and perceived value associated with our solutions and the extent to which our solutions improve network security and are easy to use for our customers. If our solutions do not achieve market acceptance, or there is a reduction in demand caused by decreased customer acceptance, technological challenges, weakening economic conditions, privacy, data protection and data security concerns, governmental regulation, competing technologies and products or decreases in information technology spending or otherwise, the market for our solutions may not continue to develop or may develop more slowly than we expect, which could adversely affect our business, financial condition and results of operations.

We may not be able to convert our customer orders in backlog or pipeline into revenue. 

As of December 31, 2022, our backlog estimates consisted of approximately $39 million in customer contracts, and we had an estimated $103 million in pipeline, consisting of customer contracts in various stages of negotiation and initial revenue indications from potential customers that have not been contractually committed. There is no assurance that our backlog will materialize into actual revenues or that we will be able to convert our pipeline into executed contracts that generate revenues.

Our ability to convert our estimated backlog into revenue is dependent upon the successful delivery of our solutions to customers and assumes that our customers will not cancel or amend the terms of their contracts. The conversion of our pipeline into executed, revenue-generating contracts depends upon a number of factors including the continued interest by potential customers in our products and the successful negotiation of contracts with those customers. If we are able to successfully enter into contracts with potential customers, the realization of estimated revenues from those contracts remains subject to our ability to successfully deliver network security solutions to those customers.

In addition, since storage and protection of sensitive data is subject to numerous regulatory and industry requirements, some of our solutions may need to qualify under relevant standards in order for us to implement them for our customers. Such standards include, for example, the Payment Card Industry Data Security Standards for storing credit card data and the Federal Information Processing Standard Publication 140-2 for providing network security to U.S. government entities. Our solutions have not yet obtained qualification under any relevant regulatory or industry standards, and achieving such qualifications may be a time-consuming and costly process. There can be no assurance that our solutions will obtain the necessary qualification. A delay or failure to obtain qualification will impair our ability to deliver solutions to our customers.

As a result, the contracts comprising our backlog may not result in actual revenue in any particular period, or at all, and the actual revenue from such contracts may differ from our backlog estimates.

We may fail to fully execute, integrate or realize the benefits expected from acquisitions, which may require significant management attention, disrupt our business and adversely affect our results of operations. 

As part of our business strategy and in order to remain competitive, we continually evaluate acquiring or making investments in complementary companies, products or technologies. We may not be able to find suitable acquisition candidates or complete such acquisitions on favorable terms. We may incur significant expenses, divert employee and management time and attention from other business-related tasks and our organic strategy and incur other unanticipated complications while engaging with potential target companies where no transaction is eventually completed.

If we do complete acquisitions, it may not ultimately strengthen our competitive position or achieve our goals or expected growth, and any acquisitions we complete could be viewed negatively by our customers or experience unexpected competition from market participants. Any integration process may require significant time and resources. HUB may not be able to manage the process successfully and may experience a decline in our profitability as it incurs expenses prior to fully realizing the benefits of the acquisition. We acquired two companies and certain assets within the past two and a half years and greatly increased our number of employees and fields of operation. The smooth integration into HUB of the operations of these companies and of their employees is an important part of our sales and growth plan. The staff of the first company that was acquired, Advanced Logistics Development Ltd., are the foundation upon which HUB will build our Professional Services business, and the strengths of the second acquired company, COMSEC Ltd, in marketing, support, sales and cybersecurity consulting are to be the foundation of our sales efforts. Finally, the acquisition of Legacy Technologies Gmbh had the potential to bring in considerable amount of new enterprises and governments customers within the EU and the Middle East, however no binding purchase orders have been signed nor significant progress had been made on the purchased customer relationships as was expected upon the purchase date. We believe that the above mentioned acquisitions will also give us direct access to a large number of blue-chip customers around the world, which can save us a significant amount of time that would be needed to penetrate these markets organically. Our failure to smoothly integrate the operations and employees of these companies into our goals and plans will reduce our prospects for growth. There is no assurance that the acquired companies, including their personnel and operations, can be successfully integrated with our existing employees and operations.

We could also expend significant cash and incur acquisition-related costs and other unanticipated liabilities associated with the acquisition, the product or the technology, such as contractual obligations, potential security vulnerabilities of the acquired company and our products and services and potential intellectual property infringement. In addition, any acquired technology or product may not comply with legal or regulatory requirements and may expose us to regulatory risk and require us to make additional investments to make them compliant.

We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges and tax liabilities. We could become subject to legal claims following an acquisition or fail to accurately forecast the potential impact of any claims. Any of these issues could have a material adverse impact on our business and results of operations.

The market for network security solutions may not continue to grow. 

Continued growth of the network security industry will depend, to a great extent, upon:

A failure or slowdown in one or more of the trends listed above may delay the purchase by large organizations of network security equipment and may reduce demand for our products.

Our quarterly operating results may fluctuate significantly and could fall below the expectations of securities analysts and investors due to seasonality and other factors, some of which are beyond our control, resulting in a decline in our stock price. 

Our quarterly results of operations have fluctuated in the past and may vary significantly in the future. As such, historical comparisons of our operating results may not be meaningful. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control and may not fully reflect the underlying performance of our business. These fluctuations could adversely affect our ability to meet expectations or those of securities analysts or investors. If we do not meet these expectations for any period, the value of our business and our securities, or those of the combined company, could decline significantly. Factors that may cause these quarterly fluctuations include, without limitation, those listed below:

A shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs. 

Our ability to meet customer demands depends in part on our ability to obtain timely deliveries of parts from our suppliers and contract manufacturers. There is no assurance that we will not encounter supply and fulfilment issues in the future and certain components are presently available to us only from limited sources. We may not be able to diversify sources in a timely and cost-effective manner, which could harm our ability to deliver products to customers and adversely impact present and future sales and profitability.

We may experience a shortage of certain component parts as a result of our own manufacturing issues, manufacturing issues at our suppliers or contract manufacturers, capacity problems or transportation and freight carriers issues experienced by our suppliers or contract manufacturers, or strong demand in the industry for those parts, especially if there is growth in the overall economy. If there is growth in the economy, such growth is likely to create greater pressures on us and our suppliers to accurately project overall component demand and component demands within specific product categories and to establish optimal component levels. If shortages or delays persist, such as due to the global chip shortage, the price of these components may increase, or the components may not be available at all. In addition, disruptions in our supply chain, particularly as a result of the global chip shortage, could delay the development of our single chip solution and have a material adverse effect on our business, financial condition and results of operations.

We rely on a few suppliers for components and subcontractors for the manufacture of our products. 

We rely on a limited number of suppliers and contract manufacturers for the components, subassemblies and modules necessary for the manufacture or integration of our products. Our reliance on such suppliers and subcontractors involves several risks, including potential inability to obtain an adequate supply of required components, subassemblies or modules and limited control over pricing, quality and timely delivery of components, subassemblies or modules. Such risks could be exacerbated to the extent such suppliers and subcontractors are materially disrupted by quarantines, factory slowdowns or shutdowns, border closings and travel restrictions resulting from the COVID-19 pandemic.

If we are unable to continue to acquire from these suppliers or subcontractors on acceptable terms or should any of these suppliers or subcontractors cease to supply us with such components, subassemblies or modules for any reason, we may not be able to identify and integrate an alternative source of supply in a timely fashion or at the same costs. Any transition to one or more alternate suppliers or contract manufacturers could result in delays, operational problems and increased costs, and may limit our ability to deliver our products to customers on time during such a transition period, any of which could have a material adverse effect on our business, financial condition and results of operations.

Our management team has limited experience managing a U.S. listed public company. 

Part of our management team has limited experience managing a U.S. listed publicly traded company, interacting with U.S. public company investors and complying with the increasingly complex laws pertaining to U.S. listed public companies. Our management team may not successfully or efficiently manage their relatively new roles and responsibilities. Our transition to being a U.S. listed public company subject to significant regulatory oversight and reporting obligations under the federal securities laws and the continuous scrutiny of securities analysts and investors. These new obligations and constituents will require significant attention from our senior management and could divert their attention away from the day-to-day management of our business, which could adversely affect our business, financial condition and operating results.

Due to our limited resources, we may be forced to focus on a limited number of commercial opportunities which may force us to pass on opportunities that could have a greater chance of success.

Due to our current cash situation and our overall limited resources and capabilities, we will have to decide to focus on pursuing a limited number of commercial opportunities. As a result, the Company may forego or delay pursuit of certain business opportunities that later prove to have greater commercial potential. Our resource allocation decisions may cause us to fail to capitalize on profitable market opportunities. Additionally, our spending on research and development programs may not yield any commercially viable products. If we make incorrect determinations regarding the viability or market potential of any or all of our products and offerings or misread trends in the cybersecurity industry, our business, prospects, financial condition and results of operations could be materially adversely affected.

Our business relies on the performance of, and we face stark competition for, highly skilled personnel, including our management and other key employees, and the loss of one or more of such personnel or of a significant number of our team members or the inability to attract and retain executives and qualified employees we need to support our operations and growth, could harm our business. 

Our success and future growth depend upon the continued services of our management team and other key employees, including in companies we acquired. Our leadership team are critical to our overall management, as well as the continued development of our solutions, culture and strategic direction. From time to time, there may be changes in our management team resulting from the hiring or departure of executives and key employees, which could disrupt our business. Though sometimes new management can contribute and provide a new beneficial approach, for example, our Chief Executive Officer, Uzi Moskovich, only started in his position in the last six months and we have made significant changes to our executive management team in an effort to reduce costs and increase efficiency. We are also dependent on the continued service of our existing engineering team because of the complexity of our product and solutions. We may terminate any employee’s employment at any time, with or without cause, and any employee may resign at any time, with or without cause, subject only to the notice periods prescribed by their respective agreements if done without cause. The loss of one or more members of our senior management or key employees could harm our business, and we may not be able to find adequate replacements. There is no assurance that we will be able to retain the services of any members of our senior management or key employees.

In addition, we must attract and retain new highly qualified personnel in order to execute our growth plan. We have had difficulty quickly filling certain open positions in the past and expect to have significant future hiring needs. Competition is intense, particularly in Israel and other areas in which we have offices, for engineers experienced in designing and developing cybersecurity products, research and development specialists, providers of professional services in the cyber field and experienced sales professionals. The Israeli high-tech industry experienced record growth and activity in 2021. This flurry of growth and activity has caused a sharp increase in job openings in both Israeli high-tech companies and Israeli research and development centers of foreign companies and intensified competition among employers to attract qualified employees in Israel, leading to a severe shortage of skilled human capital. In order to continue to access top talent, we may continue to grow our footprint of office locations, which may add to the complexity and costs of our business operations. From time to time, we have experienced, and expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have and we may not succeed in recruiting additional experienced or professional personnel, retaining personnel or effectively replacing current personnel who may depart with qualified or effective successors. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees, or we, have breached their legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, experiences significant volatility, such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to offer competitive compensation packages and thereby adversely impact our ability to recruit and retain key employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be harmed. In addition, as a result of the intense competition for highly qualified personnel, the high-tech industry has also experienced and may continue to experience significant wage inflation. Accordingly, our efforts to attract, retain and develop personnel may also result in significant additional expenses, which could adversely affect our profitability.

We enter into non-competition agreements with our employees in certain jurisdictions. These agreements prohibit our employees from competing with us or working for our competitors for a limited period. We may be unable to enforce these agreements under the laws of the jurisdictions in which those employees work, and it may be difficult for us to restrict our competitors from benefiting from the expertise our former employees developed while working for us. For example, Israeli labor courts have required employers seeking to enforce non-compete undertakings of a former employee to demonstrate that the competitive activities of the former employee will harm one of a limited number of material interests of the employer that have been recognized by the courts, such as the protection of a company’s trade secrets or other intellectual property.

We will be educating our target market on the benefits of our technology and the need for our products, and such education will be expensive and time consuming. 

Our technology is new and not widely understood among our customer base. We will have to educate our customers of the benefits of our technology and the difference between our solution and other available solutions. Educating customers is frequently time consuming and expensive and requires expertise, patience and a delicate touch. There can be no assurance that we will be able to educate the market of the benefits of our solution, or that potential customers will understand or appreciate the superior performance of our products. Delays in the market’s understanding of our superior products will delay the expected pace of our growth in revenues.

Prolonged economic uncertainties or downturns in certain regions or industries could materially adversely affect our business. 

Our business depends on our current and prospective customers’ ability and willingness to invest money in network security, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy or certain regions, including conditions resulting from financial and credit market fluctuations, exchange rate fluctuations, or inflation, could cause a decrease in corporate spending on network security solutions and services. Other matters that influence consumer confidence and spending, including political unrest, public health crises, terrorist attacks, armed conflicts (such as the conflict between Russia and Ukraine) and natural disasters could also negatively affect our customers’ spending on our solutions and services. A significant portion of our business operations are concentrated in core geographic areas such as the Middle East and Europe, and if they were to experience economic downturns, this could severely affect our business operations. In addition, some of our business operations depend on emerging markets that are less resilient to fluctuations in the global economy. In 2022, we generated 95% of our revenues from Israel, 4% of our revenues from Europe and less than 1% from the rest of the world.

In addition, a significant portion of our revenue is generated from customers in the financial services industry, including banking and insurance. Negative economic conditions may cause customers generally, and in that industry in particular, to reduce their IT spending. Customers may delay or cancel IT projects perceived to be discretionary, choose to focus on in-house development efforts or seek to lower their costs by renegotiating contracts. Further, customers may be more likely to make late payments in worsening economic conditions, which could lead to increased collection efforts and require us to incur additional associated costs to collect expected revenues. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our results of operation could be adversely affected.

Our sales and operations in international markets expose us to operational, financial and regulatory risks. 

We currently offer our solutions in several countries and intend to continue to expand our international operations. While we have committed resources to expanding our international operations and sales channels, these efforts may not be successful. International operations are subject to a number of other risks, including:

There is no assurance that the foregoing factors will not have a material adverse effect on our future revenues and, as a result, on our business, operating results and financial condition.

Changes in tax laws or exposure to additional income tax liabilities could affect our future profitability. 

Factors that could materially affect our future, effective tax rates, include but are not limited to:

Because we do not have a long operating history and have significant expansion plans, our effective tax rate may fluctuate in the future. Future effective tax rates could be affected by operating losses in jurisdictions where no tax benefit can be recorded, changes in the composition of earnings in countries with differing tax rates, changes in deferred tax assets and liabilities, or changes in tax laws.

Fluctuations in currency exchange rates could harm our operating results and financial condition. 

We offer our solutions to customers globally and have sales in several countries. Although a large portion of our cash generated from revenue is denominated in U.S. dollars, most of our revenues and operating expenses are incurred in Israel and denominated in Israeli New Shekels. As a result, our consolidated U.S. dollar financial statements are subject to fluctuations due to changes in exchange rates as our revenues and operating expenses are translated from NIS into U.S. dollars. In particular, for the last two fiscal years, there has been a significant fluctuation in the value of the U.S. dollar relative to the NIS, with the representative exchange rate having dropped from NIS 3.215 per U.S. dollar on December 31, 2020 to NIS 3.11 per U.S. dollar on December 31, 2021 and having gained from NIS 3.11 per U.S. dollar on December 31, 2021 to NIS 3.519 on December 31, 2022. If the significant fluctuation in the value of the U.S. dollar relative to the NIS will continue, it will have an impact on the U.S. dollar amount of our future operating expenses. Our financial results are also subject to changes in exchange rates that impact the settlement of transactions in non-local currencies. Because we conduct business in currencies other than U.S. dollars but report our results of operations in U.S. dollars, it also faces re-measurement exposure to fluctuations in currency exchange rates, which could hinder our ability to predict future results and earnings and could materially and adversely impact our financial condition and results of operations. We evaluate periodically the various currencies to which we are exposed and take selective hedging measures to reduce the potential adverse impact from the appreciation or the devaluation of our non-U.S. dollar-denominated expenses, as appropriate and as reasonably available to us. There can be no assurances that our hedging activities will be successful in protecting us from adverse impacts from currency exchange rate fluctuations.

Risks Related to Our Systems and Technology

As a company that seeks to become a comprehensive cybersecurity provider, if any of our systems, our customers’ cloud or on-premises environments, or our internal systems are breached or if unauthorized access to customer or third-party data is otherwise obtained, public perception of our business may be harmed, and we may lose business and incur losses or liabilities. 

The success of our security solution capturing significant market share depends in part on the market’s perception of the integrity of the HUB solution in securely storing, transmitting and processing data. Because our solutions and services are used by our customers to encrypt large data sets that often contain proprietary, confidential and sensitive information (including in some instances personal or identifying information and personal health information), components protected by our products will be perceived by computer hackers as an attractive target for attacks, and our software could face threats of unintended exposure, exfiltration, alteration, deletion or loss of data. Additionally, because many of our customers use our solutions to store, transmit and otherwise process proprietary, confidential, or sensitive information and complete mission critical tasks, they have a lower risk tolerance for security vulnerabilities in our solutions and services than for vulnerabilities in other, less critical, software products and services.

We, and the third-party vendors upon which we rely, have experienced, and may in the future experience, cybersecurity threats, including threats or attempts to disrupt our information technology infrastructure and unauthorized attempts to gain access to sensitive or confidential information. We and our third-party vendors’ technology systems may be damaged or compromised by malicious events, such as cyber-attacks (including computer viruses, malicious and destructive code, phishing attacks, and denial of service attacks), physical or electronic security breaches, natural disasters, fire, power loss, telecommunications failures, personnel misconduct, and human error. Such attacks or security breaches may be perpetrated by internal bad actors, such as employees or contractors, or by third parties (including traditional computer hackers, persons involved with organized crime, or foreign state or foreign state-supported actors). Cybersecurity threats can employ a wide variety of methods and techniques, which may include the use of social engineering techniques, are constantly evolving, and have become increasingly complex and sophisticated; all of which increase the difficulty of detecting and successfully defending against them.

Furthermore, because the techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until after they are launched against a target, we and our third-party vendors may be unable to anticipate these techniques or implement adequate preventative measures. Although prior cyber-attacks directed at us have not had a material impact on our financial results, and we are continuing to bolster our threat detection and mitigation processes and procedures, we cannot guarantee that future cyber-attacks against our own computer components or components owned by third parties that are protected by our solutions, will not have a material impact on our business or financial results.

Many governments have enacted laws requiring companies to provide notice of data security incidents involving certain types of data, including personal data. In addition, most of our customers contractually require us to notify them of data security breaches. If an actual or perceived breach of security measures, unauthorized access to our system or the systems of the third-party customers that are protected by our solutions, we may face direct or indirect liability, costs, or damages, contract termination, our reputation in the industry and with current and potential customers may be compromised, our ability to attract new customers could be negatively affected and our business, financial condition, and results of operations could be materially and adversely affected.

Further, a successful hacking of systems that are protected by our solutions could result in the loss of information; significant remediation costs; litigation, disputes, regulatory action, or investigations that could result in damages, material fines, and penalties; indemnity obligations; interruptions in the operation of our business, including our ability to provide new product features, new solutions, or services to our customers; and other liabilities. Moreover, our remediation efforts may not be successful. Any or all of these issues, or the perception that any of them have occurred, could negatively affect our ability to attract new customers, cause existing customers to terminate or not renew their agreements, hinder our ability to obtain and maintain required or desirable cybersecurity certifications and result in reputational damage, any of which could materially adversely affect our results of operations, financial condition and future prospects. As our focus and business continues to shift towards cybersecurity, the risk will intensify as more of a premium is placed on our cybersecurity efforts. There can be no assurance that any limitations of liability provisions in our license arrangements with customers or in our agreements with vendors, partners, or others would be enforceable, applicable, or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim.

We maintain different types of insurance, subject to applicable deductibles and policy limits, but our insurance may not be sufficient to cover the financial, legal, business or reputational losses that may result from an interruption or breach of our systems. We also cannot be sure that our existing general liability insurance coverage and coverage for cyber liability or errors or omissions will continue to be available on acceptable terms or will be available in sufficient amounts to cover one or more large claims or that the insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could result in our business, financial condition and results of operations being materially adversely affected. In addition, our cybersecurity risk could be increased as a result of the ongoing military conflict between Russia and Ukraine and the related sanctions imposed against Russia. We implement continuous multi-layered cybersecurity protection for our operations and resources and also have an internal professional group of cybersecurity services to ensure protection against attacks by state actors, including with respect to any new cybersecurity threats that may be presented by the unfolding conflict between Russia and Ukraine.

Undetected defects and errors may increase our costs and impair the market acceptance of our products and solutions. 

Our products and solutions have occasionally contained, and may in the future contain, undetected defects or errors, especially when first introduced or when new versions are released, due to defects or errors that we fail to detect, including in components supplied to us by third parties. In addition, because our customers integrate our products into their networks with products from other vendors, it may be difficult to identify the product that has caused the problem in the network. Regardless of the source of these defects or errors, we will then need to divert the attention of our engineering personnel from our product development efforts to detect and correct these errors and defects. In the past, we have not incurred significant warranty or repair costs, nor have we been subject to liability claims for material damages related to product errors or defects, nor have we experienced any material lags or delays as a result thereof. However, there can be no assurance that these costs, liabilities, lags and delays will continue to be immaterial in the future. Any insurance coverage that we maintain may also not provide sufficient protection should a claim be asserted. Moreover, the occurrence of errors and defects, whether caused by our products or the components supplied by another vendor, may result in significant customer relations problems and injure our reputation, thereby impairing the market acceptance of our products.

Interruption or failure of our information technology and communications systems could impact our ability to effectively provide our products and services. 

The availability and effectiveness of our services depend on the continued operation of information technology and communications systems. Our systems will be vulnerable to damage or interruption from, among others, physical theft, fire, terrorist attacks, natural disasters, power loss, war, telecommunications failures, viruses, denial or degradation of service attacks, ransomware, social engineering schemes, insider theft or misuse or other attempts to harm our systems. We utilize reputable third-party service providers or vendors for all of our IT and communications systems, and these providers could also be vulnerable to harms similar to those that could damage our systems, including sabotage and intentional acts of vandalism causing potential disruptions. Some of our systems will not be fully redundant, and our disaster recovery planning cannot account for all eventualities. Any problems with our third-party cloud hosting providers could result in lengthy interruptions in our business. In addition, our services and functionality consist of highly technical and complex technology which may contain errors or vulnerabilities that could result in interruptions in our business or the failure of our systems.

We incorporate third-party technologies in our products, which makes us dependent on the providers of these technologies and exposes us to potential intellectual property claims. 

Our products and services contain certain technologies that are purchased and/or licensed from other companies. Third-party developers or owners of such technologies may be unwilling to sell to us or enter into, or renew, license agreements with us for the technologies that we need on acceptable terms, or at all. If we cannot purchase these products or obtain licenses to these technologies, we could lose competitive advantage compared to our competitors who are able to license these technologies. In addition, when we obtain licenses for third-party technologies, we may have little or no ability to determine in advance whether the technology infringes the intellectual property rights of others. Our suppliers and licensors may not be required or may not be able to indemnify us if claims of infringement are asserted against us, or they may be required to indemnify us only up to a maximum amount, and we would be responsible for any costs or damages above such maximum amount. Any failure to obtain licenses to intellectual property or any exposure to liability as a result of incorporating third-party technologies into our products could materially and adversely affect our business, results of operations and financial condition.

If our products do not effectively interoperate with our customers’ existing or future IT infrastructures, implementations of our products could be delayed or cancelled, which could harm our business. 

Our products must effectively interoperate with our customers’ existing or future IT infrastructures, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors and contain multiple generations of products that have been added over time. If we find errors in the existing software or defects in the hardware used by our customers’ infrastructure or problematic network configurations or settings, we may need to modify our software or hardware so that our products will interoperate with our customers’ infrastructure and business processes.

We may not deliver or maintain interoperability quickly or cost-effectively, or at all. These efforts require capital investment and engineering resources. If we fail to maintain compatibility of our products with our customers’ internal networks and infrastructures, our customers may not be able to fully utilize our services and products, and we may, among other consequences, lose or fail to increase our market share and number of customers and experience reduced demand for our products, and our business, financial condition and results of operations could be materially adversely affected.

Risks Related to Our Intellectual Property 

Our proprietary rights may be difficult to enforce, which could enable others to copy or use aspects of our products without compensating us. 

We rely primarily on patent, trademark, copyright and trade secrets laws and confidentiality procedures and contractual provisions to protect our technology. As of December 31, 2021, we had owned six registered patents in the United States and one registered patent in Europe, as well as two U.S. patent applications. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to protect our technology or products. Any issued patents may be challenged, invalidated or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Patent applications in the United States are typically not published until at least 18 months after filing, or, in some cases, not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. In addition, recent changes to the patent rules in the United States may bring into question the validity of certain software patents and may make it more difficult and costly to prosecute patent applications. As a result, we may not be able to obtain adequate patent protection or effectively enforce our issued patents.

Despite our efforts to protect our intellectual proprietary rights, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. We generally enter into confidentiality or license agreements with our employees, consultants, vendors and customers and generally limit access to and distribution of our proprietary information. However, we cannot guarantee that the steps taken by us will prevent misappropriation of our technology. Policing unauthorized use of our technology or products is difficult. In addition, the laws of some foreign countries do not protect proprietary rights to as great an extent as the laws of the United States or Israel, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States or Israel. From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the proprietary rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition. If we are unable to protect our proprietary rights (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that we seek to create.

We may not be able to adequately protect or enforce our intellectual property rights or prevent unauthorized parties from copying or reverse engineering our products or technology. Our efforts to protect and enforce our intellectual property rights and prevent third parties from violating our rights may be costly. 

The success of our products and business depends in part on our ability to obtain patents and other intellectual property rights and maintain adequate legal protection for our products. As of the date of this Annual Report, we own eight (8) patents registered in the U.S. and one registered patent in each of Israel and the EU. We have a further three patent applications pending in the United States and one application pending in Israel. We rely on a combination of patent, service mark, and trade secret laws, as well as confidentiality procedures and contractual restrictions, to establish and protect our proprietary rights, all of which provide only limited protection.

We cannot be sure that any patents will be issued with respect to our currently pending patent applications or that any trademarks will be registered with respect to our currently pending applications in a manner that provides adequate defensive protection or competitive advantages, if at all, or that any patents issued to us will not be challenged, invalidated or circumvented. We may file for patents and trademarks in the United States and other international jurisdictions, but such protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice. For example, the legal environment relating to intellectual property protection in certain emerging market countries where we may operate in the future is relatively weaker, often making it difficult to create and enforce such rights. Our currently-registered intellectual property and any intellectual property that may be issued or registered, as applicable, in the future with respect to pending or future applications may not provide sufficiently broad protection or may not prove to be enforceable in actions against alleged infringers. We cannot be certain that the steps we have taken will prevent unauthorized use of our technology or the reverse engineering of our technology. Moreover, others may independently develop technologies that are competitive to or infringe our intellectual property.

Protecting against the unauthorized use of our intellectual property, products and other proprietary rights is expensive and difficult, particularly internationally. We believe that our intellectual property is foundational in the area of Confidential Computing and we intend to enforce the intellectual property portfolio that we have built. Unauthorized parties may attempt to copy or reverse engineer our technology or certain aspects of our products that we consider proprietary. Litigation may be necessary in the future to enforce or defend our intellectual property rights, to prevent unauthorized parties from copying or reverse engineering our products or technology to determine the validity and scope of the proprietary rights of others or to block the importation of infringing products into the U.S., Israel or other jurisdictions in which we seek to protect our intellectual property rights.

Any such litigation, whether initiated by us or a third party, could result in substantial costs and diversion of management resources, either of which could adversely affect our business, operating results and financial condition. Even if we obtain favorable outcomes in litigation, we may not be able to obtain adequate remedies, especially in the context of unauthorized parties copying or reverse engineering our products or technology.

Effective patent, trademark, service mark, copyright and trade secret protection may not be available in every country in which our products are available and competitors based in other countries may sell infringing products in one or more markets. Failure to adequately protect our intellectual property rights could result in our competitors offering similar products, potentially resulting in the loss of some of our competitive advantage, and our business, financial condition and results of operations could be materially adversely affected.

Our intellectual property applications, including patent applications, may not be approved or granted or may take longer than expected to be approved, which may have a material adverse effect on our ability to prevent others from commercially exploiting products similar to ours. 

We cannot be certain that we are the first inventor of the subject matter to which we have filed a particular patent application or if we are the first party to file such a patent application. The process of securing definitive patent protection can take five or more years. If another party has filed a patent application to the same subject matter as we have, we may not be entitled to some or all of the protection sought by the patent application. We also cannot be certain whether the claims included in a patent application will ultimately be allowed in the applicable issued patent or the timing of any approval or grant of a patent application. Further, the scope of protection of issued patent claims is often difficult to determine. As a result, we cannot be certain that the patent applications that we file will issue, or that our issued patents will afford protection against competitors with similar technology. In addition, if our competitors may design around our registered or issued intellectual property, our business, financial condition and results of operations could be materially adversely affected.

Third-party claims that we are infringing intellectual property, whether successful or not, could subject us to costly and time-consuming litigation or expensive licenses, and our business could be adversely affected. 

Participants in our industry typically protect their technology, especially embedded software, through copyrights and trade secrets in addition to patents. As a result, there is frequent litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. We may in the future receive inquiries from other intellectual property holders and may become subject to claims that we infringe their intellectual property rights, particularly as we expand our presence in the market, expand to new use cases and face increasing competition. In addition, parties may claim that the names and branding of our products infringe their trademark rights in certain countries or territories. If such a claim were to prevail, we may have to change the names and branding of our products in the affected territories and could incur other costs.

We may in the future need to initiate infringement claims or litigation in order to try to protect our intellectual property rights. In addition to litigation where we are a plaintiff, our defense of intellectual property rights claims brought against us or our customers or suppliers, with or without merit, could be time-consuming, expensive to litigate or settle, could divert management resources and attention and could force us to acquire intellectual property rights and licenses, which may involve substantial royalty or other payments and may not be available on acceptable terms or at all. Further, a party making such a claim, if successful, could secure a judgment that requires us to pay substantial damages or obtain an injunction and we may also lose the opportunity to license our technology to others or to collect royalty payments. An adverse determination could also invalidate or narrow our intellectual property rights and adversely affect our ability to offer our products to our customers and may require that we procure or develop substitute products that do not infringe, which could require significant effort and expense. If any of these events were to materialize, our business, financial condition and results of operations could be materially adversely affected.

Certain of our products contain third-party open-source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products or expose us to other risks. 

Our products contain software modules licensed to us by third-party authors under “open source” licenses. From time to time, there have been claims against companies that distribute or use open-source software in their products and services, asserting that open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming infringement of intellectual property rights in what we believe to be licensed open-source software. Use and distribution of open-source software may entail greater risks than use of third-party commercial software, as, for example, open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open-source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open-source software in a certain manner, HUB could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of product sales for HUB.

Although we monitor our use of open-source software to avoid subjecting our products to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that, for example, could impose unanticipated conditions or restrictions on our ability to commercialize our products. In this event, we could be required to seek licenses from third parties to continue offering our products, to make our proprietary code generally available in source code form, to re-engineer our products or to discontinue the sale of our products if re-engineering could not be accomplished on a timely basis, and our business, financial condition and results of operations could be materially adversely affected.

In addition to patented technology, we rely on unpatented proprietary technology, trade secrets, designs, experiences, workflows, data, processes, software and know-how. 

We rely on proprietary information (such as trade secrets, designs, experiences, workflows, data, know-how and confidential information) to protect intellectual property that may not be patentable or subject to copyright, trademark, trade dress or service mark protection, or that we believe is best protected by means that do not require public disclosure. We generally seek to protect this proprietary information by entering into confidentiality agreements, or consulting, services or employment agreements that contain non-disclosure and non-use provisions with our employees, consultants, customers, contractors and third parties. However, we may fail to enter into the necessary agreements, and even if entered into, such agreements may be breached or may otherwise fail to prevent disclosure, third-party infringement or misappropriation of our proprietary information, may be limited as to their term and may not provide adequate remedies in the event of unauthorized disclosure or use of proprietary information. We have limited control over the protection of trade secrets used by our current or future manufacturing counterparties and suppliers and could lose future trade secret protection if any unauthorized disclosure of such information occurs. In addition, our proprietary information may otherwise become known or be independently developed by our competitors or other third parties. To the extent that our employees, consultants, customers, contractors, advisors and other third parties use intellectual property owned by others in their work for us, disputes may arise as to the rights in related or resulting know-how and inventions. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain protection for our proprietary information could adversely affect our competitive business position. Furthermore, laws regarding trade secret rights in certain markets where we operate may afford little or no protection to our trade secrets.

We also rely on physical and electronic security measures to protect our proprietary information, but cannot provide assurance that these security measures will not be breached or provide adequate protection for our property. There is a risk that third parties may obtain and improperly utilize our proprietary information to our competitive disadvantage. We may not be able to detect or prevent the unauthorized use of such information or take appropriate and timely steps to enforce our intellectual property rights, and our business, financial condition and results of operations could be materially adversely affected.

Risks Related to Our Legal and Regulatory Environment 

The dynamic regulatory environment around privacy and data protection may limit our offering or require modification of our products and services, which could limit our ability to attract new customers and support our existing customers and increase our operational expenses. We could also be subject to investigations, litigation, or enforcement actions alleging that we fail to comply with the regulatory requirements, which could harm our operating results and adversely affect our business. 

Federal, state and international bodies continue to adopt, enact, and enforce new laws and regulations, as well as industry standards and guidelines, addressing cybersecurity, privacy, data protection and the collection, processing, storage, cross-border transfer and use of personal information.

We are subject to diverse laws and regulations relating to data privacy, including but not limited to the EU General Data Protection Regulation 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), the Health Insurance Portability and Accountability Act as amended by the Health Information Technology for Economic and Clinical Health Act (“HIPAA”), the UK Data Protection Act 2018, national privacy laws of EU Member States and other laws relating to privacy, data protection, and cloud computing. These laws are evolving rapidly, as exemplified by the recent adoption by the European Commission of a new set of Standard Contractual Clauses, the prospect of a new European “ePrivacy Regulation” (to replace the existing “ePrivacy Directive,” Directive 2002/58 on Privacy and Electronic Communications) and the California Privacy Rights Act, which took effect on January 1, 2023 and created obligations with respect to certain data relating to consumers, significantly expanded the CCPA, including by introducing additional obligations such as data minimization and storage limitations, granting additional rights to consumers, such as correction of personal information and additional opt-out rights, and created a new entity, the California Privacy Protection Agency, to implement and enforce the law. Similar laws coming into effect in U.S. states, adoption of a comprehensive U.S. federal data privacy law, and new legislation in international jurisdictions may continue to change the data protection landscape globally and could result in us expending considerable resources to meet these requirements. Compliance with these laws, as well as efforts required to understand and interpret new legal requirements, require HUB to expend significant capital and other resources. We could be found to not be in compliance with obligations or suffer from adverse interpretations of such legal requirements either as directly relating to our business or in the context of legal developments impacting our customers or other businesses, which could impact our ability to offer our products or services, impact operating results, or reduce demand for our products or services.

Compliance with privacy and data protection laws and contractual obligations may require changes in services, business practices, or internal systems resulting in increased costs, lower revenue, reduced efficiency, or greater difficulty in competing with companies that are not subject to these laws and regulations. For example, GDPR and the UK compliance regime impose several stringent requirements for controllers and processors of personal data and increase our obligations such as, requiring robust disclosures to individuals, establishing an individual data rights regime, setting timelines for data breach notifications, imposing conditions for international data transfers, requiring detailed internal policies and procedures and limiting retention periods. Ongoing compliance with these and other legal and contractual requirements may necessitate changes in services and business practices, which may lead to the diversion of engineering resources from other projects. Additionally, given our overall cash position, liquidity concerns and lack of resources, we may not have sufficient capability to adequately maintain ongoing compliance with all relevant legal and contractual requirements or timely and properly implement new policies and procedures to comply with new and changing laws and regulations.

As a company that focuses on cybersecurity, our customers may rely on our products and services as part of their own efforts to comply with security control obligations under GDPR and other laws and contractual commitments. If our products or services are found insufficient to meet these standards in the context of an investigation into us or our customers, or we are unable to engineer products that meet these standards, we could experience reduced demand for our products or services. There is also increased international scrutiny of cross-border transfers of data, including by the EU for personal data transfers to countries such as the U.S., following recent case law and regulatory guidance. This increased scrutiny, as well as evolving legal and other regulatory requirements around the privacy or cross-border transfer of personal data could increase our costs, restrict our ability to store and process data as part of our solutions, or, in some cases, impact our ability to offer our solutions or services in certain jurisdictions.

Enactment of further privacy laws in the U.S., at the state or federal level, or introduction of new services or products that are subject to additional regulations, as well as ensuring compliance of solutions that we obtained through acquisitions, may require us to expend considerable resources to fulfill regulatory obligations, and could carry the potential for significant financial or reputational exposure to our business, delay introduction to the market and affect adoption rates.

Claims that we have breached our contractual obligations or failed to comply with applicable privacy and data protection laws, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. In addition to litigation, we could face regulatory investigations, negative market perception, potential loss of business, enforcement notices and/or fines (which, for example, under GDPR / UK regime can be up to 4% of global turnover for the preceding financial year or €20 / £17.5 million, whichever is higher).

Failure to comply with applicable economic sanctions laws and regulations could harm our business. 

Failure to comply with trade compliance and economic sanctions laws and regulations of the U.S., the EU (including Germany), Israel and the UK and other applicable international jurisdictions could materially adversely affect our reputation and operations.

Our business must be conducted in compliance with applicable economic and trade sanctions laws and regulations, such as those administered and enforced by the U.S. Department of Treasury’s Office of Foreign Assets Control, the U.S. Department of State, the U.S. Department of Commerce, the United Nations Security Council, the EU, His Majesty’s Treasury of the United Kingdom and other relevant sanctions authorities. Our global operations expose us to the risk of violating, or being accused of violating, economic and trade sanctions laws and regulations.

While we have taken certain precautions to prevent our solutions from being provided in violation of applicable trade controls laws and regulations, our products may have been in the past, and could in the future be, provided inadvertently, and without our knowledge, in violation of such laws. Violations of U.S. trade controls laws and regulations can result in significant fines or penalties and possible criminal liability for responsible employees and managers, in addition to potential reputational harm.

Any change in export or import regulations, economic sanctions or related laws or regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our solutions by, or in our decreased ability to export or sell our solutions to, existing or potential end-customers with international operations. Any decreased use of our solutions or limitation on our ability to export or sell our solutions could adversely affect our business, financial condition, results of operations, and growth prospects.

Our business may be affected by sanctions, export controls and similar measures targeting Russia and other countries and territories as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries. 

As a result of Russia’s military conflict in Ukraine, governmental authorities in the United States, the EU and the UK, among others, launched an expansion of coordinated sanctions and export control measures, including:

As the conflict in Ukraine continues, there can be no certainty regarding whether the governmental authorities in the United States, the EU, the UK or other counties will impose additional sanctions, export controls or other measures targeting Russia, Belarus or other territories. Furthermore, in retaliation against new international sanctions and as part of measures to stabilize and support the volatile Russian financial and currency markets, the Russian authorities also imposed significant currency control measures aimed at restricting the outflow of foreign currency and capital from Russia, imposed various restrictions on transacting with non-Russian parties, banned exports of various products and other economic and financial restrictions.

We must be ready to comply with the existing and any other potential additional measures imposed in connection with the conflict in Ukraine. The imposition of such measures could adversely impact our business, including preventing us from performing existing contracts, recognizing revenue, pursuing new business opportunities or receiving payment for products already supplied or services already performed with customers.

Furthermore, even if an entity is not formally subject to sanctions, customers and business partners of such entity may decide to reevaluate or cancel projects with such entity for reputational or other reasons. As a result of the ongoing conflict in Ukraine, many U.S. and other multi-national businesses across a variety of industries, including consumer goods and retail, food, energy, finance, media and entertainment, tech, travel and logistics, manufacturing and others, have indefinitely suspended their operations and paused all commercial activities in Russia and Belarus. As a result of the outbreak of the war in Ukraine, we have ceased to conduct any business operations in the region. We may seek to resume operations in the area, dependent on the outcome of the hostilities. While we do not currently have any material operations or business in Russia or Ukraine, depending on the extent and breadth of sanctions, export controls and other measures that may be imposed in connection with the conflict in Ukraine, it is possible that our business, financial condition and results of operations could be materially and adversely affected.

We are subject to complex, evolving regulatory requirements that may be difficult and expensive to comply with and that could negatively impact our business. 

Our business and operations are subject to a variety of often changing regulatory requirements in the countries in which we operate or offer our solutions, including, among other things, with respect to trade compliance, anti-corruption, sanction regimes, information security, data privacy and protection, tax, labor and government contracts. Compliance with these regulatory requirements may be onerous, time-consuming, and expensive, especially where these requirements are inconsistent from jurisdiction to jurisdiction, or where the jurisdictional reach of certain requirements is not clearly defined or seeks to reach across national borders. Regulatory requirements in one jurisdiction may make it difficult or impossible to do business in another jurisdiction. We may also be unsuccessful in obtaining permits, licenses, or other authorizations required to operate our business, such as for the marketing or sale or import or export of our products and services.

While we endeavor to implement policies, procedures and systems designed to achieve compliance with these regulatory requirements, there is no assurance that these policies, procedures, or systems will be adequate or that we or our personnel will not violate these policies and procedures or applicable laws and regulations. Violations of these laws or regulations may harm our reputation and deter government agencies and other existing or potential customers or partners from purchasing our solutions. Furthermore, non-compliance with applicable laws or regulations could result in fines, damages, criminal sanctions against us, our officers, or our employees, restrictions on the conduct of our business and damage to our reputation.

Moreover, regulatory requirements are subject to constant updates, modifications and revisions by the authorities adopting and implementing such requirements which result in uncertainty as well as difficulties in planning ahead of time. Adapting our practices, policies and procedures to this ever-changing regulatory environment involves resources and time and requires our regulatory compliance teams to be on the watch for any actual or potential changes and may have an impact on our ability to pursue business opportunities and anticipate the future results.

We are subject to anti-corruption, anti-bribery, anti-money laundering and similar laws, and non-compliance with such laws can subject us to criminal penalties or significant fines and harm our business and reputation. 

We are subject to anti-corruption and anti-bribery and similar laws, such as the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act 2010, Chapter 9 (sub-chapter 5) of the Israeli Penal Law, 5737-1977, the Israeli Prohibition on Money Laundering Law, 5760-2000, and other anti-corruption, anti-bribery laws and anti-money laundering laws in countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly and generally prohibit companies and their employees and agents from directly or indirectly promising, authorizing, making, offering, soliciting, or receiving improper payments of anything of value to or from government officials or others in the private sector. As we increase our international sales and business, our risks under these laws may increase. Although we have internal policies and procedures, including a code of ethics and proper business conduct, reasonably designed to promote compliance with anti-bribery laws, HUB cannot be sure that our employees or other agents will not engage in prohibited conduct and render HUB responsible under the FCPA, the U.K. Bribery Act or any similar anti-bribery laws in other jurisdictions. Noncompliance with these laws could subject HUB to investigations, sanctions, settlements, prosecutions, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, collateral litigation, adverse media coverage and other consequences. Any investigations, actions or sanctions could harm our business, results of operations and financial condition.

If we fail to comply with environmental requirements, our business, financial condition, operating results and reputation could be adversely affected. 

We are subject to various environmental laws and regulations, including laws governing the hazardous material content of our products, laws relating to real property and future expansion plans and laws concerning the recycling of Electrical and Electronic Equipment (“EEE”). The laws and regulations to which HUB may be subject to include the EU RoHS Directive, EU Regulation 1907/2006 — Registration, Evaluation, Authorization and Restriction of Chemicals (the “REACH Regulation”) and the EU Waste Electrical and Electronic Equipment Directive (the “WEEE Directive”), as well as the implementing legislation of the EU member states. Similar laws and regulations have been passed or are pending in China, South Korea, Norway and Japan and may be enacted in other regions, including in the United States, and we may in the future be subject to these laws and regulations.

The EU RoHS Directive and the similar laws of other jurisdictions ban or restrict the presence of certain hazardous substances such as lead, mercury, cadmium, hexavalent chromium and certain fire-retardant plastic additives in electrical equipment, including our products. HUB attempts to comply with these laws, including research and development costs, costs associated with assuring the supply of compliant components and costs associated with writing off scrapped noncompliant inventory. HUB expects to continue to incur costs related to environmental laws and regulations in the future.

As part of the Circular Economy Action Plan, the European Commission amended the EU Waste Framework Directive (“WFD”) to include a number of measures related to waste prevention and recycling, whereby HUB may be responsible for submitting product data to a database of hazardous substances established under the WFD and managed by the European Chemicals Agency. HUB may incur costs to comply with this new requirement.

The EU has also adopted the WEEE Directive, which requires electronic goods producers to be responsible for the collection, recycling and treatment of such products. Although currently our EU international channel partners may be responsible for the requirements of this directive as the importer of record in most of the European countries in which we sell our products, changes in interpretation of the regulations may cause us to incur costs or have additional regulatory requirements in the future to meet in order to comply with this directive, or with any similar laws adopted in other jurisdictions.

Our failure to comply with these and future environmental rules and regulations could result in reduced sales of our products, increased costs, substantial product inventory write-offs, reputational damage, penalties and other sanctions.

Investors’ expectations of our performance relating to environmental, social and governance factors may impose additional costs and expose us to new risks. 

There is an increasing focus from certain investors, employees and other stakeholders concerning corporate responsibility, specifically related to environmental, social and governance (“ESG”) matters. Some investors may use these factors to guide their investment strategies and, in some cases, may choose not to invest in our company if they believe our policies relating to corporate responsibility are inadequate. Third-party providers of corporate responsibility ratings and reports on companies have increased to meet growing investor demand for measurement of corporate responsibility performance. The criteria by which our corporate responsibility practices are assessed may change, which could result in greater expectations of us and cause us to undertake costly initiatives to satisfy such new criteria. If we elect not to or are unable to satisfy such new criteria, investors may conclude that our policies with respect to corporate social responsibility are inadequate. We may face reputational damage in the event that our corporate social responsibility procedures or standards do not meet the standards set by various constituencies.

Furthermore, if our competitors’ corporate social responsibility performance is perceived to be better than ours, potential or current investors may elect to invest with our competitors instead. In addition, in the event that we communicate certain initiatives and goals regarding environmental, social and governance matters, we could fail, or be perceived to fail, in our achievement of such initiatives or goals, or we could be criticized for the scope of such initiatives or goals. If we fail to satisfy the expectations of investors, employees and other stakeholders or our initiatives are not executed as planned, our reputation and business, operating results and financial condition could be adversely impacted.

Actual or perceived failures to comply with applicable data protection, privacy and security laws, regulations, standards and other requirements could adversely affect our business, financial condition and prospects.

The global data protection landscape is rapidly evolving, and we are or may become subject to numerous state, federal and foreign laws, requirements and regulations governing the collection, use, disclosure, retention, and security of personal data, such as information that we may collect in connection with clinical trials in the U.S. and abroad. Implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future, and we cannot yet determine the impact future laws, regulations, standards, or perception of their requirements may have on our business. This evolution may create uncertainty in our business, affect our ability to operate in certain jurisdictions or to collect, store, transfer use and share personal information, necessitate the acceptance of more onerous obligations in our contracts, result in liability or impose additional costs on us. The cost of compliance with these laws, regulations and standards is high and is likely to increase in the future. Any failure or perceived failure by us to comply with federal, state or foreign laws or regulation, our internal policies and procedures or our contracts governing our processing of personal information could result in negative publicity, government investigations, fines and enforcement actions, claims by third parties and damage to our reputation, any of which could have a material adverse effect on our business, financial condition and prospects.

As our operations and business grow, we may become subject to or affected by new or additional data protection laws and regulations and face increased scrutiny or attention from regulatory authorities. For example, the State of Israel has implemented data protection laws and regulations, including the Israeli Protection of Privacy Law of 1981. In addition, the California Consumer Privacy Act of 2018, or CCPA, went into effect on January 1, 2020. The CCPA creates individual privacy rights for California consumers and increases the privacy and security obligations of entities handling certain personal information. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches has increased the likelihood, and risks associated with data breach litigation. The CCPA increases our compliance costs and potential liability, and many similar laws have been proposed at the federal level and in other states, including in Utah, Connecticut, Virginia, and Colorado. Further, the California Privacy Rights Act, or CPRA, generally went into effect on January 1, 2023 and significantly amends the CCPA. The CPRA imposes additional data protection obligations on covered businesses, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data. It will also create a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. Additional compliance investment and potential business process changes may also be required. In the event that we are subject to or affected by Israeli data protection laws, the CCPA, the CPRA or other domestic or foreign privacy and data protection laws, any liability from failure to comply with the requirements of these laws could adversely affect our financial condition.

In Europe, the General Data Protection Regulation, or GDPR, went into effect in May 2018 and imposes strict requirements for processing the personal data of individuals within the European Economic Area, or EEA. Companies that must comply with the GDPR face increased compliance obligations and risk, robust regulatory enforcement of data protection requirements and potential fines for noncompliance of up to €20 million or 4% of the annual global revenues of the noncompliant company, whichever is greater. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the United States In July 2020, the Court of Justice of the EU, or CJEU limited how organizations could lawfully transfer personal data from the EU/EEA to the United States by invalidating the Privacy Shield for purposes of international transfers and imposing further restrictions on the use of standard contractual clauses, or SCCs. In March 2022, the United States and EU announced a new regulatory regime intended to replace the invalidated regulations; however, this new EU-US Data Privacy Framework has not been implemented beyond an executive order signed by President Biden on October 7, 2022 on Enhancing Safeguards for United States Signals Intelligence Activities. European court and regulatory decisions subsequent to the CJEU decision of July 16, 2020 have taken a restrictive approach to international data transfers. As supervisory authorities issue further guidance on personal data export mechanisms, including circumstances where the SCCs cannot be used, and/or start taking enforcement action, we could suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations, and could adversely affect our financial results.

Further, from January 1, 2021, companies have had to comply with the GDPR and also the UK GDPR, which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law. The UK GDPR mirrors the fines under the GDPR, i.e., fines up to the greater of €20 million (£17.5 million) or 4% of global turnover. As we continue to expand into other foreign countries and jurisdictions, we may be subject to additional laws and regulations that may affect how we conduct business.

Although we work to comply with applicable laws, regulations and standards, our contractual obligations and other legal obligations, these requirements are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another or other legal obligations with which we must comply. Any failure or perceived failure by us or our employees, representatives, contractors, consultants, collaborators, or other third parties to comply with such requirements or adequately address privacy and security concerns, even if unfounded, could result in additional cost and liability to us, damage our reputation, and adversely affect our business, financial condition and prospects.

Our business could be negatively affected as a result of the actions of activist shareholders, and such activism could impact the trading value of our securities. 

In recent years, U.S. and non-U.S. companies listed on securities exchanges in the U.S. have been faced with governance-related demands from activist shareholders, unsolicited tender offers and proxy contests. Although as a foreign private issuer we are not subject to U.S. proxy rules, responding to any action of this type by activist shareholders could be costly and time-consuming, disrupting our operations and diverting the attention of management and our employees. Such activities could interfere with our ability to execute our strategic plans. In addition, a proxy contest for the election of directors at our annual meeting would require us to incur significant legal fees and proxy solicitation expenses and require significant time and attention by management and our board of directors. The perceived uncertainties due to such actions of activist shareholders also could affect the market price of our securities.

A small number of shareholders own a substantial portion of our ordinary shares, and they may make decisions with which investors may disagree.

As of July 31, 2023, our directors, executive officers and significant shareholders owned approximately 29.94% of the voting power of our outstanding ordinary shares, and approximately 32.59% of our outstanding ordinary shares if the percentage includes options currently exercisable or exercisable within 60 days of July 31, 2023. The interests of these shareholders may differ from the interests of other shareholders and may present a conflict. If these shareholders act together, they could exercise significant influence over our operations and business strategy. For example, although these shareholders may at any time hold considerably less than a majority of our outstanding ordinary shares, they may have sufficient voting power to influence matters requiring approval by our shareholders, including the election and removal of directors and the approval or rejection of mergers or other business combination transactions. In addition, this concentration of ownership may delay, prevent or deter a change in control, or deprive a shareholder of a possible premium for our ordinary shares as part of a sale of us to a third party.

We may be required to indemnify our directors and officers in certain circumstances. 

Our Articles of Association that became effective upon the closing of the Business Combination (“the “Articles”) allow us to indemnify, exculpate and insure our directors and senior officers to the fullest extent permitted under the Israeli Companies Law. As such, we have entered into agreements with each of our directors and senior officers to indemnify, exculpate and insure them against some types of claims, subject to dollar limits and other limitations. Subject to Israeli law, these agreements generally provide that HUB will indemnify each of these directors and senior officers for any of the following liabilities or expenses that they may incur due to an act performed or failure to act in their capacity as directors or senior officers:

We are subject to a number of securities class actions and other litigations and could be subject to additional litigation in the United States, Israel or elsewhere that could negatively impact our business, including resulting in substantial costs and liabilities.

From time to time, we are subject to litigation or claims that could negatively affect our business operations and financial position. We and certain of our directors and officers have been named as defendants in a number of lawsuits that could cause us to incur unforeseen expenses, service disruptions, and otherwise occupy a significant amount of our management’s time and attention, any of which, if determined adversely to us, could have a material adverse impact on our business, financial condition, results of operations, cash flows, growth prospects and reputation.

For additional information on these class action and other lawsuits and for information concerning additional litigation proceedings, please refer to Item 8. “Financial Information—Consolidated Statements and Other Financial Information—Legal and Arbitration Proceedings.”.

We also from time to time receive inquiries and subpoenas and other types of information requests from government regulators and authorities and we may become subject to related claims and other actions related to our business activities. While the ultimate outcome of investigations, inquiries, information requests and related legal proceedings is difficult to predict, such matters can be expensive, time-consuming and distracting, and adverse resolutions or settlements of those matters may result in, among other things, modification of our business practices, reputational harm or costs and significant payments, any of which could negatively affect our business operations and financial position.

Our current and future cash balances and investment portfolio may be adversely affected by market conditions and interest rates. 

We currently have limited cash resources and liquidity. As our business grows, we anticipate having larger reserves of cash in the future. As such we expect to maintain balances of cash and cash equivalents for purposes of acquisitions and general corporate purposes. While we do not currently hold any marketable securities, there is no guarantee that we will not maintain marketable securities in the future. The performance of the capital markets affects the values of funds that are held in marketable securities. These assets are subject to market fluctuations, changes in interest rates and credit spreads, market liquidity and various other factors, including, without limitation, rating agency downgrades that may impair their value, or unexpected changes in the financial markets’ healthiness worldwide. In addition, in case we hold liquid investments in the future and would like to liquidate some of our investments and turn them into cash, we will be dependent on market conditions and liquidity opportunities, which may be impacted by global economic trends.

Risks Related to Being a U.S. Listed Public Company

We will continue to incur increased costs as a result of operating as a U.S. listed public company, and our management will need to devote substantial time to new compliance initiatives. 

As a newly public company subject to reporting requirements in the United States, we are incurring significant legal, accounting and other expenses that we did not incur prior to completing the Business Combination and listing in the United States, and these expenses may increase even more after we are no longer an emerging growth company, as defined in Section 2(a) of the Securities Act. As a public company in the United States, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, as well as rules adopted, and to be adopted, by the SEC and Nasdaq. Our management and other personnel will need to devote a substantial amount of time to these new compliance initiatives. Moreover, these rules and regulations have substantially increased our legal and financial compliance costs and have made some activities to be more time-consuming and costly. Further, as a result of the Internal Investigation discussed above, we failed to timely file this Annual Report. As a result the preparation and filing of this Annual Report was exceedingly time consuming and costly for us and we cannot be certain that similar situations would not occur in the future. Additionally continued delinquency in future filings could lead to the SEC instituting administrative proceedings pursuant to Section 12(j) of the Exchange Act to suspend or revoke the registration of our ordinary shares. The increased costs will likely increase our net loss in the short term. For example, we expect these rules and regulations to make it more difficult and more expensive for us to obtain and maintain our director and officer liability insurance and we may ultimately be forced to accept reduced policy limits or incur substantially higher costs to maintain the same or similar coverage. We cannot predict or estimate the amount or timing of additional costs we may incur to respond to these requirements. The impact of these requirements could also make it more difficult for us to attract and retain qualified persons to serve on our board of directors, our board committees or as executive officers.

A market for our securities may not develop or be sustained, which would adversely affect the liquidity and price of our securities. 

The price of our securities has and may continue to fluctuate significantly due to general market and economic conditions. An active trading market for our securities may never develop or, if developed, it may not be sustained. In addition, the price of our securities can vary due to general economic conditions and forecasts, our general business conditions and the release of our financial reports. Additionally, if our securities become delisted from Nasdaq and are quoted on the OTC Bulletin Board (an inter-dealer automated quotation system for equity securities that is not a national securities exchange) or the combined company’s securities are not listed on Nasdaq and are quoted on the OTC Bulletin Board, the liquidity and price of our securities may be more limited than if we were quoted or listed on the NYSE, Nasdaq or another national securities exchange. You may be unable to sell your securities unless a market can be established or sustained.

If we fail to remediate our material weaknesses or if we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

As discussed above, in connection with the review of our consolidated financial statements for the years ended December 31, 2022, 2021 and 2020 included in this Annual Report, our management identified material weaknesses in our internal control over financial reporting. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act, is accumulated and communicated to our principal executive and financial officers. We believe that any disclosure controls and procedures, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. These inherent limitations include the realities that judgments in decision-making can be faulty, and that breakdowns can occur because of simple error or mistake. Additionally, controls can be circumvented by the individual acts of some persons, by collusion of two or more people or by an unauthorized override of the controls. Accordingly, because of the inherent limitations in our control system, misstatements due to error or fraud may occur and not be detected.

We are also continuing to try to improve our internal control over financial reporting. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight. If any of these new or improved controls and systems do not perform as expected, we may experience material weaknesses in our controls. In addition to our results determined in accordance with IFRS, we believe certain non-IFRS measures and key metrics may be useful in evaluating our operating performance. We present certain non-IFRS financial measures and key metrics in this Annual Report and intend to continue to present certain non-IFRS financial measures and key metrics in future filings with the SEC and other public statements. Any failure to accurately report and present our non-IFRS financial measures and key metrics could cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our ordinary shares.

While we are in the process of implementing remediation measures to address the material weaknesses identified by our management, our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, additional material weaknesses or other weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our consolidated financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations that we will be required to include in our second annual report that we file with the SEC and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will be required to include in our annual reports after we lose our status as an “emerging growth company.” Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our ordinary shares. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on Nasdaq.

We are required to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting pursuant to Section 404(a) of the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”) in the second annual report following the completion of the Business Combination. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. The rules governing the standards that must be met for our management to assess our internal control over financial reporting are complex and require significant documentation, testing and possible remediation. Testing and maintaining internal controls may divert our management’s attention from other matters that are important to our business. Additionally, while we remain an emerging growth company, our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting pursuant to Section 404(b) of the Sarbanes-Oxley Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed or operating.

We continue to be engaged in a process to document and evaluate our internal control over financial reporting, which is both costly and challenging. In this regard, we will need to continue to dedicate internal resources, potentially engage outside consultants, and adopt a detailed work plan to assess and document the adequacy of internal control over financial reporting, continue steps to improve control processes as appropriate, validate through testing that controls are functioning as documented, and implement a continuous reporting and improvement process for internal control over financial reporting. Despite our efforts, there is a risk that we will not be able to conclude, within the prescribed time frame or at all, that our internal control over financial reporting is effective as required by Section 404. If we cannot properly remediate our material weaknesses and develop our internal controls, or identify additional material weaknesses it could result in an adverse reaction in the financial markets due to a loss of confidence in the reliability of our financial statements. As a result, the market price of our ordinary shares could be negatively affected, and we could become subject to investigations by the SEC or other regulatory authorities, which could require additional financial and management resources.

Any failure to maintain effective disclosure controls and internal control over financial reporting could adversely affect our business, financial condition, and results of operations and could cause a decline in the price of our ordinary shares.

As a result of our business combination with a special purpose acquisition company, regulatory obligations may impact us differently than other publicly traded companies.

On February 28, 2023, we completed the Business Combination with RNER, a special purpose acquisition company, or SPAC, pursuant to which, on March 1, 2023, we became a publicly traded company in the United States. As a result of this transaction, regulatory obligations have, and may continue, to impact us differently than other publicly traded companies. For instance, the SEC and other regulatory agencies may issue additional guidance or apply further regulatory scrutiny to companies like us that have completed a business combination with a SPAC. Managing this regulatory environment, which has and may continue to evolve, could divert management’s attention from the operation of our business, negatively impact our ability to raise additional capital when needed or have an adverse effect on the price of our ordinary shares and warrants.

Risks Related to Ownership of Our Ordinary Shares and Warrants  

The market price and trading volume of our ordinary shares and warrants on Nasdaq may be volatile and could decline significantly. 

The stock markets, including Nasdaq on which we have listed our ordinary shares and warrants under the symbols “HUBC,” “HUBCW” and “HUBCZ,” respectively, have from time to time experienced significant price and volume fluctuations. Even if an active, liquid and orderly trading market develops and is sustained for our ordinary shares and warrants, the market price of our ordinary shares and warrants may be volatile and could decline significantly. In addition, the trading volume in our ordinary shares and warrants has already and may continue to fluctuate and cause significant price variations to occur. The market price of our ordinary shares has already declined significantly in the limited period in which our securities have been trading on Nasdaq and if it declines further, you may be unable to resell your ordinary shares or warrants at or above the market price of the ordinary shares and warrants as of the date of this Annual Report. We cannot assure you that the market price of our ordinary shares and warrants will not fluctuate widely or decline significantly in the future in response to a number of factors, including, among others, the following:

In the past, securities class-action litigation has often been instituted against companies following periods of volatility in the market price of their shares. This type of litigation could result in substantial costs and divert our management’s attention and resources, which could have a material adverse effect on us.

We must adapt our financial and disclosure systems and operations to meet the standards required for a company traded on Nasdaq and subject to U.S. securities regulations. 

We are an Israeli company whose shares and warrants only recently began trading in the United States. Prior to the consummation of the Business Combination, our shares were traded on the TASE. Our accounting policies, corporate governance systems and compliance programs have been geared toward maintaining the standards that are applicable to Israeli companies. These standards differ, in some cases materially, from the standards that must be maintained by companies whose shares are traded on the Nasdaq and who are subject to rules and regulations of the SEC. Reworking our accounting, regulatory and compliance systems will require significant management attention in the several quarters following the Business Combination. Our failure to properly comply with these rules and regulations may attract regulatory attention, and result in fines, negative publicity and the loss of investor confidence. Any of these results may have a material adverse impact on our business, financial condition, results of operation, cash flows and reputation.

If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below expectations of securities analysts and investors, resulting in a decline in our stock price. 

The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. HUB’s management bases its estimates on various assumptions that it believes to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions. These could cause HUB’s operating results to fall below the expectations of securities analysts and investors, resulting in a decline in HUB’s stock price. Significant assumptions and estimates used in preparing HUB’s consolidated financial statements include those related to revenue recognition, valuation of inventory, accounting for business combination, contingent liabilities and accounting for income taxes.

Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between forecasted and actual tax rates. 

We conduct business in several countries and is subject to taxation in many of such jurisdictions. The taxation of HUB’s business is subject to the application of multiple and sometimes conflicting tax laws and regulations, as well as multinational tax conventions. HUB’s effective tax rate will depend upon the geographic distribution of its worldwide earnings or losses, the tax regulations and tax holidays in each geographic region, the availability of tax credits and the effectiveness of its tax planning strategies. The application of tax laws and regulations is subject to legal and factual interpretation, judgment and uncertainty. Tax laws themselves are subject to change as a result of changes in fiscal policy, changes in legislation and the evolution of regulations and court rulings. Consequently, tax authorities may impose tax assessments or judgments against HUB that could materially impact its tax liability and effective income tax rate.

The Organization for Economic Co-operation and Development (“OECD”), an international association comprised of 37 countries, including the United States, has issued and continues to issue guidelines and proposals that change various aspects of the existing framework under which HUB’s tax obligations are determined in many of the countries in which it does business. Due to HUB’s international business activities, any changes in the taxation of such activities could increase its tax obligations in many countries and may increase its worldwide effective tax rate.

We do not intend to pay dividends for the foreseeable future. Accordingly, you may not receive any return on investment unless you sell your HUB ordinary shares for a price greater than the price you paid for them. 

We have never declared or paid any cash dividends on our shares. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on the HUB ordinary shares in the foreseeable future. Consequently, you may be unable to realize a gain on your investment except by selling such shares after price appreciation, which may never occur.

Our board of directors has sole discretion whether to pay dividends. If our board of directors decides to pay dividends, the form, frequency, and amount will depend upon its future, operations and earnings, capital requirements and surplus, general financial condition, contractual restrictions and other factors that its directors may deem relevant. The Israeli Companies Law, 5759-1999 (the “Companies Law”) imposes restrictions on our ability to declare and pay dividends. “See “Dividend and Liquidation Rights” in Exhibit 2.1 to this Annual Report for additional information. Payment of dividends may also be subject to Israeli withholding taxes. See the section titled “Taxation” for additional information.

Our actual financial results may differ materially from any guidance we may publish from time to time.

We may, from time to time, provide guidance regarding our future performance that represents our management’s estimates as of the date such guidance is provided. Any such guidance would be based upon a number of assumptions with respect to future business decisions (some of which may change) and estimates, while presented with numerical specificity, are inherently subject to significant business, economic, and competitive uncertainties and contingencies (many of which are beyond our control). Guidance is necessarily speculative in nature and it can be expected that some or all the assumptions that inform such guidance will not materialize or will vary significantly from actual results. Our ability to meet any forward-looking guidance is affected by a number of factors, including, but not limited to, our ability to complete our certain projects and business initiatives in a timely manner, changes in operating costs, the availability of financing on acceptable terms, changes in policies and regulations, the availability of raw materials, as well as the other risks to our business described in this “Risk Factors” section. Our revenues from individual customers may also fluctuate from time to time based on the timing and the terms under which further orders are received and the duration of the delivery and implementation of such orders. Therefore, if our projected sales do not close before the end of the relevant quarter, our actual results may be inconsistent with our published guidance. Accordingly, our guidance is only an estimate of what management believes is realizable as of the date such guidance is provided. Actual results may vary from such guidance and the variations may be material. Investors should also recognize the reliability of any forecasted financial data diminishes the farther into the future the data is forecast. In light of the foregoing, investors should not place undue reliance on our financial guidance and should carefully consider any guidance we may publish in context.

If securities or industry analysts do not publish or cease publishing research or reports about us, our business, or our market, or if they change their recommendations regarding our ordinary shares or warrants adversely, then the price and trading volume of our ordinary shares could decline.

The trading market for our ordinary shares and warrants will be influenced by the research and reports that industry or financial analysts publish about our business. We do not control these analysts, or the content and opinions included in their reports. As a new public company, the analysts who publish information about our ordinary shares and warrants have had relatively little experience with us, which could affect their ability to accurately forecast our results and make it more likely that we fail to meet their estimates. In the event we obtain industry or financial analyst coverage, if any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding us, our share price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our share price or trading volume to decline.

We are eligible to be treated as an emerging growth company, as defined in the Securities Act, and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our ordinary shares less attractive to investors because we may rely on these reduced disclosure requirements.

We qualify as an emerging growth company within the meaning of the Securities Act, and we take advantage of certain exemptions from disclosure requirements available to emerging growth companies, which could make our securities less attractive to investors and may make it more difficult to compare our performance with other public companies.

We are eligible to be treated as an emerging growth company, as defined in Section 2(a) of the Securities Act, as modified by the JOBS Act. Under the JOBS Act, emerging growth companies can delay adopting new or revised financial accounting standards until such time as those standards apply to private companies. We intend to take advantage of this extended transition period under the JOBS Act for adopting new or revised financial accounting standards.

For as long as we continue to be an emerging growth company, we may also take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies, including presenting only limited selected financial data and not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act. As a result, our shareholders may not have access to certain information that they may deem important. We could be an emerging growth company for up to five years, although circumstances could cause us to lose that status earlier, including if our total annual gross revenue exceeds $1.235 billion, if we issue more than $1.0 billion in non-convertible debt securities during any three-year period, or if before that time we are a “large accelerated filer” under U.S. securities laws.

We cannot predict if investors will find our ordinary shares less attractive because we may rely on these exemptions. If some investors find our ordinary shares less attractive as a result, there may be a less active trading market for our ordinary shares and our share price may be more volatile. Further, there is no guarantee that the exemptions available to us under the JOBS Act will result in significant savings. To the extent that we choose not to use exemptions from various reporting requirements under the JOBS Act, we will incur additional compliance costs, which may impact our business, financial condition, results of operations, growth prospects and reputation.

We are a foreign private issuer and, as a result, we will not be subject to U.S. proxy rules and will be subject to Exchange Act reporting obligations that, to some extent, are more lenient and less frequent than those of a U.S. domestic public company.

We report under the Exchange Act as a non-U.S. company with foreign private issuer status. We qualify as a foreign private issuer under the Exchange Act, and consequently we are exempt from certain provisions of the Exchange Act that are applicable to U.S. domestic public companies, including (1) the sections of the Exchange Act regulating the solicitation of proxies, consents or authorizations in respect of a security registered under the Exchange Act, (2) the sections of the Exchange Act requiring insiders to file public reports of their share ownership and trading activities and liability for insiders who profit from trades made in a short period of time and (3) the rules under the Exchange Act requiring the filing with the SEC of quarterly reports on Form 10-Q containing unaudited financial and other specified information, although it is subject to Israeli laws and regulations with regard to certain of these matters and intend to furnish comparable quarterly information on Form 6-K. In addition, foreign private issuers are not required to file their annual report on Form 20-F until 120 days after the end of each fiscal year, while U.S. domestic issuers that are accelerated filers are required to file their annual report on Form 10-K within 75 days after the end of each fiscal year and U.S. domestic issuers that are large accelerated filers are required to file their annual report on Form 10-K within 60 days after the end of each fiscal year. Foreign private issuers are also exempt from Regulation FD, which is intended to prevent issuers from making selective disclosures of material information. As a result of all of the above, you may not have the same protections afforded to shareholders of a company that is not a foreign private issuer.

We may lose our foreign private issuer status in the future, which could result in significant additional costs and expenses.

As discussed above, we are a foreign private issuer, and therefore are not required to comply with all of the periodic disclosure and current reporting requirements of the Exchange Act. The determination of foreign private issuer status is made annually on the last business day of an issuer’s most recently completed second fiscal quarter, and, accordingly, our next determination will be made on June 30, 2024. In the future, we would lose our foreign private issuer status if (1) more than 50% of our outstanding voting securities are owned by U.S. residents and (2) a majority of our directors or executive officers are U.S. citizens or residents, or we fail to meet additional requirements necessary to avoid loss of foreign private issuer status. If we lose our foreign private issuer status, we will be required to file with the SEC periodic reports and registration statements on U.S. domestic issuer forms, which are more detailed and extensive than the forms available to a foreign private issuer. We would also have to mandatorily comply with U.S. federal proxy requirements, and our officers, directors and principal shareholders will become subject to the short-swing profit disclosure and recovery provisions of Section 16 of the Exchange Act. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements under the listing rules of Nasdaq. As a U.S. listed public company that is not a foreign private issuer, we would incur significant additional legal, accounting and other expenses that we will not incur as a foreign private issuer.

As we are a “foreign private issuer” and follow certain home country corporate governance practices, our shareholders may not have the same protections afforded to shareholders of companies that are subject to all Nasdaq corporate governance requirements.

As a foreign private issuer we have the option to follow certain home country corporate governance practices rather than those of Nasdaq, provided that we disclose the requirements we are not following and describe the home country practices we are following. We intend to rely on this “foreign private issuer exemption” with respect to the Nasdaq rules for shareholder meeting quorums and Nasdaq rules requiring shareholder approval. We may in the future elect to follow home country practices with regard to other matters. As a result, our shareholders may not have the same protections afforded to shareholders of companies that are subject to all Nasdaq corporate governance requirements.

As a company incorporated in Israel, even though we delisted our securities from the TASE, the Israeli Securities Law shall continue to apply and we shall still be subject to certain reporting obligations in Israel unless otherwise exempt in accordance with Israeli law. We have petitioned the Israeli Securities Authority to cease our reporting requirements in Israel, given that we are no longer traded on the TASE, but the outcome of such petition remains uncertain and we may be forced to continue reporting pursuant to Israeli law requirements. In addition, as a company incorporated in the State of Israel, regardless of the outcome of the petition to cease our reporting requirements in Israel, we will remain subject to the jurisdiction of the ISA and subject to provisions of the Companies Law that apply to all Israeli incorporated companies.

Our Articles provide that unless we consent to an alternate forum, the federal district courts of the United States shall be the exclusive forum of resolution of any claims arising under the Securities Act. 

Our Articles provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States shall be the sole and exclusive forum for any claim asserting a cause of action arising under the Securities Act (for the avoidance of any doubt, such provision does not apply to any claim asserting a cause of action arising under the Exchange Act). Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both U.S. state and federal courts have jurisdiction to entertain such claims. This choice of forum provision may limit a shareholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees and may increase the costs associated with such lawsuits, which may discourage such lawsuits against us and our directors, officers and employees. However, the enforceability of similar forum provisions in other companies’ organizational documents has been challenged in legal proceedings, and there is uncertainty as to whether courts would enforce the exclusive forum provisions in the Articles. If a court were to find these provisions of the Articles inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could adversely affect our business, financial condition, results of operations, growth prospects. Any person or entity purchasing or otherwise acquiring any interest in our share capital shall be deemed to have notice of and to have consented to the choice of forum provisions of the Articles described above. This provision would not apply to suits brought to enforce a duty or liability created by the Exchange Act or any other claim for which the U.S. federal courts have exclusive jurisdiction.

The listing of our securities on Nasdaq did not benefit from the process undertaken in connection with an underwritten initial public offering, which could result in diminished investor demand, inefficiencies in pricing and a more volatile public price for our securities. 

Our ordinary shares and warrants are currently listed on Nasdaq under the symbols “HUBC,” “HUBCW” and “HUBCZ,” respectively. Unlike an underwritten initial public offering of the HUB securities, the initial listing of our securities as a result of the Business Combination did not benefit from the following:

Underwriters have liability under the U.S. securities laws for material misstatements or omissions in a registration statement pursuant to which an issuer sells securities. Section 11 of the Securities Act (“Section 11”) imposes liability on parties, including underwriters, involved in a securities offering if the registration statement contains a materially false statement or material omission. To effectively establish a due diligence defense against a cause of action brought pursuant to Section 11, a defendant, including an underwriter, carries the burden of proof to demonstrate that he or she, after reasonable investigation, believed that the statements in the registration statement were true and free of material omissions. In order to meet this burden of proof, underwriters in a registered offering typically conduct extensive due diligence of the registrant and vet the registrant’s disclosure. Due diligence entails engaging legal, financial and/or other experts to perform an investigation as to the accuracy of an issuer’s disclosure regarding, among other things, its business, prospects and financial results. Further, in an underwritten initial public offering, the use of projections and forecasts in the offering documentation, if used at all, is heavily scrutinized as part of the underwriters’ due diligence. In making their investment decision, investors have the benefit of such diligence in underwritten public offerings. Investors must rely on the information in this Annual Report and our other public filings and will not have the benefit of an independent review and investigation of the type normally performed by an independent underwriter in a public securities offering. While sponsors, private investors and management in a business combination undertook a certain level of due diligence, it is not necessarily the same level of due diligence that would have been undertaken by an underwriter in a public securities offering and, therefore, there could be a heightened risk of an incorrect valuation of our business or material misstatements or omissions in our filings with the SEC.

In addition, because there were no underwriters engaged in connection with the Business Combination, prior to the opening of trading on the trading day immediately following the closing of the Business Combination, there was no traditional “roadshow” or book building process, and no price at which underwriters initially sold shares to the public to help inform efficient and sufficient price discovery with respect to the initial post-closing trades. Therefore, buy and sell orders submitted prior to and at the opening of initial post-closing trading of our securities did not have the benefit of being informed by a published price range or a price at which the underwriters initially sold shares to the public, as would be the case in an underwritten initial public offering. There were no underwriters assuming risk in connection with an initial resale of our securities or helping to stabilize, maintain or affect the public price of our securities following the closing of the Business Combination. Moreover, neither HUB nor RNER engaged in, nor did they, directly or indirectly, request financial advisors to engage in, any special selling efforts or stabilization or price support activities in connection with our securities that are outstanding immediately following the closing of the Business Combination. In addition, since we became public through a merger, securities analysts of major brokerage firms may not provide coverage of us since there is no incentive to brokerage firms to recommend the purchase of our ordinary shares or warrants. No assurance can be given that brokerage firms will, in the future, want to conduct any offerings on our behalf. All of these differences from an underwritten public offering of our securities has resulted and could continue to result in a more volatile price for the our securities.

Such differences from an underwritten public offering may present material risks to unaffiliated investors that would not exist if we had become a U.S. publicly listed company through an underwritten initial public offering instead of upon completion of the Business Combination. Further, the lack of such processes in connection with the listing of our securities could result in diminished investor demand, inefficiencies in pricing and a more volatile public price of our securities during the period immediately following the listing than in connection with an underwritten initial public offering.

We may issue additional ordinary shares or other equity securities without seeking approval of our shareholders, which would dilute your ownership interests and may depress the market price of our ordinary shares and warrants. 

We currently have 98,110,712 ordinary shares outstanding as of July 31, 2023, most of which are freely tradable securities. In addition, we also have warrants outstanding to purchase up to an aggregate of 34,078,857 of our ordinary shares as well as 14,892,845 shares reserved for issuance upon the exercise of outstanding employee share options and the vesting of outstanding restricted share units. We may choose to seek third party financing to provide additional working capital for our business, in which event we may issue additional equity securities or take out loans convertible into equity securities. We may also issue additional HUB ordinary shares or other equity securities of equal or, subject to applicable law, of senior rank in the future for any reason or in connection with, among other things, future acquisitions, the redemption of outstanding warrants or repayment of outstanding indebtedness, without shareholder approval, in a number of circumstances.

The issuance of additional HUB ordinary shares or other equity securities of equal or, subject to any applicable law, senior rank would have the following effects:

We may also seek additional capital through debt financings. The incurrence of indebtedness would result in increased fixed payment obligations and could involve restrictive covenants, such as limitations on our ability to incur additional debt, to make capital expenditures, to create liens or to redeem shares or declare dividends, that could adversely affect our ability to conduct our business.

Future resales of our ordinary shares may cause the market price of our ordinary shares and warrants to drop significantly, even if our business is doing well. 

Certain equity holders of RNER entered into the Sponsor Support Agreement with us. Pursuant to the Sponsor Support Agreement such RNER equity holders have agreed that, for a period of 9 months after the Closing Date, they will not transfer any of our ordinary shares, subject to certain limited exceptions.

Further, concurrently with the execution of the Business Combination Agreement, certain of our equity holders and certain equity holders of RNER entered into the Registration Rights Agreement, providing such holders with customary demand registration rights and piggy-back registration rights with respect to registration statements filed by us.

Upon expiration of the applicable lockup periods set forth in the Sponsor Support Agreement and upon the effectiveness of any registration statement we file pursuant to the above-referenced Registration Rights Agreement, in a registered offering of securities pursuant to the Securities Act or otherwise in accordance with Rule 144 under the Securities Act, our shareholders may sell large amounts of ordinary shares and warrants in the open market or in privately negotiated transactions, which could have the effect of increasing the volatility in the trading price of our ordinary shares or warrants or putting significant downward pressure on the price of our ordinary shares or warrants. Additionally, downward pressure on the market price of our ordinary shares or warrants likely will result from sales of our ordinary shares issued in connection with the exercise of warrants. Further, sales of our ordinary shares or warrants upon expiration of the applicable lockup period could encourage short sales by market participants. Generally, short selling means selling a security, contract or commodity not owned by the seller. The seller is committed to eventually purchase the financial instrument previously sold. Short sales are used to capitalize on an expected decline in the security’s price. Short sales of our ordinary shares or warrants could have a tendency to depress the price of our ordinary shares or warrants, respectively, which could increase the potential for short sales.

Additionally, we agreed with the PIPE Investors to register the PIPE Shares on a resale registration statement following the closing of the Transactions. To date, we have completed $4 million of the $50 million of the expected PIPE Financing, and, while we are considering possible alternatives in order to pursue the majority of the remaining funds committed as a part of the PIPE investment from the investors, it is uncertain if we will be able to receive the remaining PIPE funds. Should any or all of the PIPE investment be completed we will be required to register the shares that we issue to them. Once registered, these shares will be freely tradable without restriction or further registration under the Securities Act, unless the shares are held by any of RNER’s or our “affiliates” as such term is defined in Rule 144 under the Securities Act. This additional liquidity in the market for our ordinary shares may lead to downward pressure on the market price of our ordinary shares.

If we or any of our subsidiaries are characterized as a Passive Foreign Investment Company (“PFIC”) for U.S. federal income tax purposes, U.S. Holders may suffer adverse tax consequences.

A non-U.S. corporation generally will be treated as a PFIC for U.S. federal income tax purposes, in any taxable year if either (1) at least 75% of its gross income for such year is passive income or (2) at least 50% of the value of its assets (generally based on an average of the quarterly values of the assets) during such year is attributable to assets that produce or are held for the production of passive income. We believe we were not a PFIC in 2022. Based on the current and anticipated composition of our and our subsidiaries’ income, assets and operations, there is a risk that we may be treated as a PFIC for future taxable years. Moreover, the application of the PFIC rules is subject to uncertainty in several respects, and we cannot assure you that the IRS will not take a contrary position or that a court will not sustain such a challenge by the IRS.

Whether we or any of our subsidiaries are a PFIC for any taxable year is a factual determination that depends on, among other things, the composition of our and our subsidiaries’ income and assets, and the market value of our and our subsidiaries’ shares and assets. Changes in the composition of our and our subsidiaries’ income, composition or composition of assets may cause us to be or become a PFIC for the current or subsequent taxable years. Whether we are treated as a PFIC for U.S. federal income tax purposes is a factual determination that must be made annually at the close of each taxable year and, thus, is subject to significant uncertainty.

If we are a PFIC for any taxable year, a U.S. Holder (as defined in “Certain Material U.S. Federal Income Tax Considerations”) of our ordinary shares may be subject to adverse tax consequences and may incur certain information reporting obligations. For a further discussion, see “Certain Material U.S. Federal Income Tax Considerations—Passive Foreign Investment Company Rules.” U.S. Holders of our ordinary shares and our warrants are strongly encouraged to consult their own advisors regarding the potential application of these rules to us and the ownership of our ordinary shares and/or warrants.

If a U.S. Holder is treated as owning at least 10% of our stock, such U.S. Holder may be subject to adverse U.S. federal income tax consequences.

For U.S. federal income tax purposes, if a U.S. Holder is treated as owning (directly, indirectly or constructively) at least 10% of the value or voting power of our stock, such person may be treated as a “United States shareholder” with respect to us, or any of our subsidiaries, if we or such subsidiary is a “controlled foreign corporation.” If, as expected, we have one or more U.S. subsidiaries, certain of our non-U.S. subsidiaries could be treated as a controlled foreign corporation regardless of whether we are treated as a controlled foreign corporation (although there are recently promulgated final and currently proposed Treasury regulations that may limit the application of these rules in certain circumstances).

Certain United States shareholders of a controlled foreign corporation may be required to report annually and include in their U.S. federal taxable income their pro rata share of the controlled foreign corporation’s “Subpart F income” and, in computing their “global intangible low-taxed income,” “tested income” and a pro rata share of the amount of certain U.S. property (including certain stock in U.S. corporations and certain tangible assets located in the United States) held by the controlled foreign corporation regardless of whether such controlled foreign corporation makes any distributions. The amount includable by a United States shareholder under these rules is based on a number of factors, including potentially, but not limited to, the controlled foreign corporation’s current earnings and profits (if any), tax basis in the controlled foreign corporation’s assets, and foreign taxes paid by the controlled foreign corporation on its underlying income. Failure to comply with these reporting obligations (or related tax payment obligations) may subject such United States shareholder to significant monetary penalties and may extend the statute of limitations with respect to such United States shareholder’s U.S. federal income tax return for the year for which reporting (or payment of tax) was due. We cannot provide any assurances that we will assist U.S. Holders in determining whether we or any of our subsidiaries are treated as a controlled foreign corporation for U.S. federal income tax purposes or whether any U.S. Holder is treated as a United States shareholder with respect to any of such controlled foreign corporations or furnish to any holder information that may be necessary to comply with reporting and tax paying obligations if we, or any of our subsidiaries, is treated as a controlled foreign corporation for U.S. federal income tax purposes.

As a result of the Business Combination, the IRS may not agree that we should be treated as a non-U.S. corporation for U.S. federal income tax purposes.

Under current U.S. federal income tax law, a corporation generally will be considered to be a U.S. corporation for U.S. federal income tax purposes if it is created or organized in the United States or under the law of the United States or of any State. Accordingly, under generally applicable U.S. federal income tax rules, we, given our incorporation and tax residency in Israel, would generally be classified as a non-U.S. corporation for U.S. federal income tax purposes. Section 7874 of the Code and the Treasury regulations promulgated thereunder, however, contain specific rules that may cause a non-U.S. corporation to be treated as a U.S. corporation for U.S. federal income tax purposes. If it were determined that we are treated as a U.S. corporation for U.S. federal income tax purposes under Section 7874 of the Code and the Treasury regulations promulgated thereunder, we would be liable for U.S. federal income tax on our income in the same manner as any other U.S. corporation and certain distributions made by us to holders that are not U.S. Holders (as defined in “Certain Material U.S. Federal Income Tax Considerations”) of our ordinary shares may be subject to U.S. withholding tax.

Based on the terms of the Business Combination and certain factual assumptions, we do not currently expect to be treated as a U.S. corporation for U.S. federal income tax purposes under Section 7874 of the Code after the Business Combination. However, the application of Section 7874 of the Code is complex, subject to detailed regulations (the application of which is uncertain in various respects and would be impacted by changes in such U.S. Treasury regulations with possible retroactive effect) and subject to certain factual uncertainties. Accordingly, there can be no assurance that the IRS will not challenge our status as a non-U.S. corporation for U.S. federal income tax purposes under Section 7874 of the Code or that such challenge would not be sustained by a court.

If the IRS were to successfully challenge under Section 7874 of the Code our status as a non-U.S. corporation for U.S. federal income tax purposes, we and certain of our shareholders may be subject to significant adverse tax consequences, including a higher effective corporate income tax rate and future withholding taxes on certain of our shareholders, depending on the application of any applicable income tax treaty that may apply to reduce such withholding taxes.

You should consult your own advisors regarding the application of Section 7874 of the Code to the Business Combination and the tax consequences if our classification as a non-U.S. corporation is not respected.

Risks Related to Our Incorporation and Operations in Israel

Conditions in Israel could materially and adversely affect our business.

Many of our employees, including certain management members operate from our offices that are located in Tel Aviv, Israel. In addition, a number of our officers and directors are residents of Israel. Accordingly, political, economic, and military conditions in Israel and the surrounding region may directly affect our business and operations. On the military front, in recent years, Israel has been engaged in sporadic armed conflicts with Hamas, an Islamist terrorist group that controls the Gaza Strip, with Hezbollah, an Islamist terrorist group that controls large portions of southern Lebanon, and with Iranian-backed military forces in Syria. In addition, Iran has threatened to attack Israel and may be developing nuclear weapons. Some of these hostilities were accompanied by missiles being fired from the Gaza Strip, Lebanon and Syria against civilian targets in various parts of Israel, including areas in which our employees are located, which negatively affected business conditions in Israel. Any hostilities involving Israel, regional political instability or the interruption or curtailment of trade between Israel and its trading partners could materially and adversely affect our operations and results of operations.

Our commercial insurance does not cover losses that may occur as a result of events associated with war and terrorism. Although the Israeli government currently covers the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained or that it will sufficiently cover our potential damages. Any losses or damages incurred by us could have a material adverse effect on its business. Any armed conflicts or political instability in the region would likely negatively affect business conditions and could harm our results of operations.

Further, in the past, the State of Israel and Israeli companies have been subjected to economic boycotts. Several countries still restrict business with the State of Israel and with Israeli companies. These restrictive laws and policies may have an adverse impact on our business, financial condition, results of operations and growth prospects. A campaign of boycotts, divestment, and sanctions has been undertaken against Israel, which could also adversely affect our business. Actual or perceived political instability in Israel or any negative changes in the political environment, may individually or in the aggregate adversely affect the Israeli economy and, in turn, our business, financial condition, results of operations, and growth prospects.

Further, the Israeli Government recently adopted the beginning stages of a broad judicial reform in Israel. In response, individuals, organizations and institutions, both within and outside of Israel, have voiced concerns that the judicial reform, if adopted, may negatively impact the business environment in Israel including due to the reluctance of foreign investors to invest or conduct business in Israel, as well as increased currency fluctuations, downgrades in credit rating, increased interest rates, increased inflation affecting payroll and other NIS based costs, increased volatility in securities markets, reduced corporate rating by rating agencies to Israeli companies, unfavorable terms for any fundraising through debt and/ or equity financial vehicles, civil unrest and other changes in macroeconomic conditions. Actual or perceived political or judicial instability in Israel or any negative changes in the political environment may adversely affect the Israeli economy and financial condition, which may include, among other things, a downgrade in Israel’s sovereign credit rating, increased interest rates, currency fluctuations, inflation, civil unrest and volatility in securities markets, which could in turn adversely affect our business, financial condition, results of operations, growth prospects, the market price of our shares, our ability to raise additional funds and the terms we will achieve for any such fundraising, if deemed necessary by our management and board of directors.

In addition, many Israeli citizens are obligated to perform several weeks of annual military reserve duty each year until they reach the age of 40 (or older, for reservists who are military officers or who have certain occupations) and, in the event of a military conflict, may be called to active duty. In response to increases in terrorist activity, there have been periods of significant call-ups of military reservists. It is possible that there will be military reserve duty call-ups in the future. Our operations could be disrupted by such call-ups, which may include the call-up of members of our management. Such disruption could materially adversely affect our business, prospects, financial condition, and results of operations.

As a public company incorporated in Israel, we may become subject to further compliance obligations and market trends or restrictions, which may strain our resources and divert management’s attention. 

Being an Israeli company publicly traded in the United States and being subject to both U.S. and Israeli rules and regulations may make it more expensive for us to obtain directors and officers liability insurance, and we may be required to continue incurring substantially higher costs for reduced coverage. In addition, as a company that had publicly offered securities in Israel via prospectus, even though we were approved by the Israeli court and delisted from the TASE, the Israeli Securities Law, 5728-1968 (the “Israeli Securities Law”) shall continue to apply and we shall still be subject to certain reporting obligations in Israel unless otherwise exempt in accordance with Israeli law. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on its audit committee, and qualified executive officers. In accordance with the provisions of the Companies Law, approval of our directors and officers insurance is limited to the terms of our duly approved compensation policy, unless otherwise approved by our shareholders.

Our Articles and Israeli law could prevent a takeover that shareholders consider favorable and could also reduce the market price of our ordinary shares. 

Certain provisions of Israeli law and the Articles could have the effect of delaying or preventing a change in control and may make it more difficult for a third party to acquire us or for our shareholders to elect different individuals to our board of directors, even if doing so would be beneficial to our shareholders, and may limit the price that investors may be willing to pay in the future for the HUB ordinary shares. Among other things:

Further, Israeli tax considerations may make certain transactions undesirable to HUB or to some of our shareholders whose country of residence does not have a tax treaty with Israel granting tax relief to such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of numerous conditions, including a holding period of two years from the date of the transaction during which certain sales and dispositions of shares of the participating companies are restricted. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires the tax becomes payable even if no disposition of the shares has occurred. See the section titled “Taxation — Taxation of Our Shareholders.”

Provisions of Israeli law and the Articles may delay, prevent or make difficult an acquisition of HUB, prevent a change of control, and negatively impact our share price. 

Israeli corporate law regulates acquisitions of shares through tender offers and mergers, requires special approvals for transactions involving directors, officers or significant shareholders, and regulates other matters that may be relevant to these types of transactions. Furthermore, Israeli tax considerations may make potential acquisition transactions unappealing to us or to some of our shareholders. For example, Israeli tax law may subject a shareholder who exchanges his or her ordinary shares for shares in a foreign corporation, to taxation before disposition of the investment in the foreign corporation. These provisions of Israeli law may delay, prevent or make an acquisition of HUB, which could prevent a change of control and, therefore, depress the price of our shares.

We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees, which could result in litigation and adversely affect our business.

A significant portion of our intellectual property has been developed by our employees in the course of their employment by us. Under the Israeli Patents Law, 5727-1967 (the “Patents Law”), inventions conceived by an employee during and as a result of his or her employment with a company are regarded as “service inventions,” which belong to the employer, absent an agreement between the employee and employer providing otherwise. The Patents Law also provides that if there is no agreement between an employer and an employee determining whether the employee is entitled to receive consideration for service inventions and on what terms, this will be determined by the Israeli Compensation and Royalties Committee (the “Committee”), a body constituted under the Patents Law. Case law clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that in certain circumstances, such waiver does not necessarily have to be explicit. The Committee will examine, on a case-by-case basis, the general contractual framework between the parties, using interpretation rules of the general Israeli contract laws. Further, the Committee has not yet determined one specific formula for calculating this remuneration, but rather uses the criteria specified in the Patents Law. Although we generally enter into agreements with our employees pursuant to which such individuals assign to us all rights to any inventions created during and as a result of their employment with us, we may face claims demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or former employees, or be forced to litigate such monetary claims (which will not affect our proprietary rights), which could negatively affect our business.

Certain tax benefits that may be available to us, if obtained, would require us to continue to meet various conditions and such benefits may be terminated or reduced in the future, which could increase our costs and taxes.

We may be eligible for certain tax benefits provided to “Preferred Technological Enterprises” under the Israeli Law for the Encouragement of Capital Investments, 5719-1959, referred to as the “Investment Law”. If we obtain tax benefits under the “Preferred Technological Enterprises” regime then, in order to remain eligible for such tax benefits, we will need to continue to meet certain conditions stipulated in the Investment Law and its regulations, as amended. If these tax benefits are reduced, canceled or discontinued, our Israeli taxable income may be subject to Israeli corporate tax rates of 23% in 2018 and thereafter. Additionally, if we increase our activities outside of Israel through acquisitions, for example, our activities might not be eligible for inclusion in future Israeli tax benefit programs. See “Taxation.”

It may be difficult to enforce a U.S. judgment against us, our officers and directors and the Israeli experts named in this Annual Report in Israel or the United States, or to assert U.S. securities laws claims in Israel or serve process on our officers and directors and these experts.

Most of our directors or officers are not residents of the United States and most of their and our assets are located outside the United States. Service of process upon us or our non-U.S. resident directors and officers and enforcement of judgments obtained in the United States against us or our non-U.S. directors and officers may be difficult to obtain within the United States. We have been informed by our legal counsel in Israel that it may be difficult to assert claims under U.S. securities laws in original actions instituted in Israel or obtain a judgment based on the civil liability provisions of U.S. federal securities laws. Israeli courts may refuse to hear a claim based on a violation of U.S. securities laws against us or our non-U.S. officers and directors because Israel may not be the most appropriate forum to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proved as a fact, which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law. There is little binding case law in Israel addressing the matters described above. Israeli courts might not enforce judgments rendered outside Israel, which may make it difficult to collect on judgments rendered against us or our non-U.S. officers and directors.

Moreover, an Israeli court will not enforce a non-Israeli judgment if (among other things) it was given in a state whose laws do not provide for the enforcement of judgments of Israeli courts (subject to exceptional cases), or if its enforcement is likely to prejudice the sovereignty or security of the State of Israel, or if it was obtained by fraud or in absence of due process, or if it is at variance with another valid judgment that was given in the same matter between the same parties, or if a suit in the same matter between the same parties was pending before a court or tribunal in Israel, at the time the foreign action was brought.

Your rights and responsibilities as a shareholder will be governed by Israeli law, which may differ in some respects from the rights and responsibilities of shareholders of U.S. corporations.

We are incorporated under Israeli law. The rights and responsibilities of holders of the ordinary shares are governed by the Articles and the Companies Law. These rights and responsibilities differ in some respects from the rights and responsibilities of shareholders in typical U.S. corporations. In particular, pursuant to the Companies Law each shareholder of an Israeli company has to act in good faith and in a customary manner in exercising his or her rights and fulfilling his or her obligations toward the company and other shareholders and to refrain from abusing his or her power in the company, including, among other things, in voting at the general meeting of shareholders and class meetings, on amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers, and transactions requiring shareholders’ approval under the Companies Law. In addition, a controlling shareholder of an Israeli company or a shareholder who knows that it possesses the power to determine the outcome of a shareholder vote or who has the power under the articles of association to appoint or prevent the appointment of a director or officer in the Company, or has other powers toward the Company has a duty of fairness toward the Company. However, Israeli law does not define the substance of this duty of fairness. There is limited case law available to assist in understanding the implications of these provisions that govern shareholder behavior.

The Articles provide that unless we consent otherwise, the competent courts of Tel Aviv, Israel shall be the sole and exclusive forum for substantially all disputes between us and our shareholders under the Companies Law and the Israeli Securities Law.

The competent courts of Tel Aviv, Israel shall, unless we consent otherwise in writing, be the exclusive forum for (i) any derivative action or proceeding brought on behalf of us, (ii) any action asserting a claim of breach of fiduciary duty owed by any director, officer or other employee of ours to us or our shareholders, or (iii) any action asserting a claim arising pursuant to any provision of the Companies Law or the Israeli Securities Law. This exclusive forum provision is intended to apply to claims arising under Israeli law and would not apply to claims brought pursuant to the Securities Act or the Exchange Act or any other claim for which federal courts would have exclusive jurisdiction. Such exclusive forum provision in the Articles will not relieve us of our duties to comply with federal securities laws and the rules and regulations thereunder, and shareholders will not be deemed to have waived our compliance with these laws, rules and regulations. This exclusive forum provision may limit a shareholders ability to bring a claim in a judicial forum of its choosing for disputes with us or our directors or other employees which may discourage lawsuits against us, our directors, officers and employees.

We may be required to take write-downs or write-offs, restructuring and impairment or other charges that could have a significant negative effect on our financial condition, results of operations and the combined company’s ordinary share price, which could cause the price of our shares to fall and shareholders to lose some or all of their investment. 

We may be forced to later write-down or write-off assets, restructure our operations, or incur impairment or other charges that could result in us reporting losses. Unexpected risks may arise and previously known risks may materialize. Even though these charges may be non-cash items and would not have an immediate impact on our liquidity, the fact that we may report charges of this nature could contribute to negative market perceptions of us or our securities. In addition, charges of this nature may cause us to violate net worth or other covenants to which we may be subject as a result of assuming pre-existing debt held by our business or by virtue of the us obtaining additional debt financing. Accordingly, any of our shareholders could suffer a reduction in the value of their shares. Such shareholders are unlikely to have a remedy for such reduction in value.

For example, as of December 31, 2022, we identified indicators of impairment for the assets acquired from Legacy since no binding purchase orders had been signed nor significant progress had been made on the purchased customer relationships as was expected upon the purchase date. As a result, as of December 31, 2022 we determined that the assets acquired should be fully impaired. As such, for the year ended December 31, 2022, the Company recorded an impairment loss of $8,738 thousand for the assets acquired from Legacy. In addition, during 2022 we also recorded an impairment in our investment in ALD and Comsec in the amount of $5,416 thousand and $9,202 thousand, respectively.

Item 4. Information on the Company.

A. History and Development of the Company

HUB Security began operations in 1984 as A.L.D. Advanced Logistics Development Ltd. (“ALD”) and is engaged in developing and marketing quality management software tools and solutions. HUB Cyber Security TLV Ltd. (“HUB TLV”) was founded in 2017 by veterans of the elite Unit 8200 and Unit 81 of the Israeli Defense Forces, with deep experience and proven track records in setting up and commercializing start-ups in a multi-disciplinary environment. On February 28, 2021, HUB TLV and ALD signed a share swap merger agreement, pursuant to which HUB Cyber Security Ltd. became a wholly owned subsidiary of HUB Security (formally ALD following a name change) and the shareholders of HUB TLV owned 51% of HUB Security’s issued and outstanding share capital (the “ALD Merger”). The ALD Merger was completed on June 21, 2021. Following the merger with ALD, we have developed unique technology and products in the field of Confidential Computing, and we intend to be a significant player in the industry by providing effective cybersecurity solutions for a broad range of government entities, enterprises and organizations. We currently operate in several countries and provide innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services. We are registered with the Israeli Registrar of Companies. Our registration number is 511029373. 

Corporate Information

Our website address is www.hubsecurity.com. Information contained on, or that can be accessed through, our website does not constitute a part of this Annual Report and is not incorporated by reference herein. We have included our website address in this Annual Report solely for informational purposes. The SEC maintains an Internet site that contains reports, proxy and information statements, and other information regarding issuers, such as we, that file electronically, with the SEC at www.sec.gov.

The main address of our principal executive offices is 17, Rothchild St., Tel Aviv, Israel and our telephone number is +972-3-924-4074. Our agent for service of process in the U.S. is Puglisi & Associates, 850 Library Avenue, Newark, Delaware 19711. For a description of our principal capital expenditures and divestitures for the two years ended December 31, 2022 and for those currently in progress, see Item 5. “Operating and Financial Review and Prospects.”

Recent Developments

Business Combination

On March 23, 2022, we entered into the Merger Agreement with RNER and Merger Sub. Pursuant to the Merger Agreement, Merger Sub merged with and into RNER, with RNER surviving the merger. Upon consummation of the Business Combination and the other transactions contemplated by the Merger Agreement on February 28, 2023, RNER became a wholly owned subsidiary of HUB Security and our Ordinary Shares and Warrants started to trade on the Nasdaq Global Market and Nasdaq Capital Market under the ticker symbols “HUBC,” “HUBCW” and “HUBCZ,” respectively on March 1, 2023. 

Internal Investigation

On August 15, 2023, the Special Committee (the “Special Committee”) of the board of directors (the “Board”) of HUB Security, comprised of independent directors Ilan Flato and Nuriel Kasbian Chirich, announced that it had substantially completed its independent internal investigation (the “Internal Investigation”) into, among other matters, the issues disclosed in the Company’s previously announced Report on Form 6-K dated April 20, 2023.

The Board authorized the Special Committee to review documents, records and information of the Company, and to conduct interviews as the Special Committee deemed appropriate in order to conduct the Internal Investigation. In addition to investigating potential misconduct involving Eyal Moshe (our former Chief Executive Officer and President of U.S. Operations and former member of our board of directors) and Ayelet Bitan (former Chief of Staff), the Special Committee also conducted a review of the Company’s financial department and relevant policies, procedures and internal controls.

In conducting the Internal Investigation, the Special Committee and its advisors reviewed documents collected from various custodians, interviewed witnesses and performed forensic accounting and data analytics testing, including an examination of the Company’s financial records.

The Special Committee believed that it found sufficient evidence to support the following findings as a result of the Internal Investigation:

Board Actions in Response to the Special Committee’s Findings

In light of the Special Committee’s findings, the Board has taken and has directed the Company to take action to implement significant remedial measures. Mr. Moshe was formally terminated as an employee of the Company as of July 24, 2023 and resigned from the Board on August 15, 2023. Additionally, the Company has commenced a legal action in Israel against Ms. Bitan to dispute her requests for severance payments in accordance with Israeli law. The Company is also evaluating all available options under applicable law to recover damages associated with Mr. Moshe’s and Ms. Bitan’s conduct.

The Company has commenced termination proceedings against the controller in accordance with Israeli law and is evaluating all available options under applicable law to recover inappropriately paid sums to such individual.

The Company is also in the process of developing and implementing a number of additional remedial measures to enhance internal controls over financial reporting and disclosure controls. The Company and its independent auditors have determined that no restatement of the Company’s previously issued financial statements is necessary or appropriate.

The Company is reporting in this Annual Report material weaknesses in internal controls over financial reporting related to these matters and also is reporting that its disclosure controls and procedures were not effective.

The Special Committee may continue to perform certain additional investigative steps if necessary or additional relevant information is discovered.

The events described above regarding the Special Committee and Internal Investigation are the subject of possible regulatory review and expose the Company and its directors and officers to possible investigations and possible enforcement actions by regulators both in Israel and the United States, including the ISA, SEC, Nasdaq and/or DOJ. The Company has provided certain information and documentation to certain regulatory authorities and is prepared to respond to any regulatory inquiry it may receive. The Company’s management and its Board do not currently believe there are any impacts on the Company’s financial statements. If the Company were to be subject to an investigation or enforcement action from a regulatory agency it could have a material adverse effect on the Company’s business, financial position and results of operations.

Director Resignation

On August 15, 2023, Eyal Moshe tendered his resignation from our board of directors and from any positions he held in the Company or any of its subsidiaries, effective immediately.

Delinquency Notices

On May 19, 2023, the Company received a letter from the Listing Qualifications Department of the Nasdaq indicating that, since the Company has not yet filed its Annual Report on Form 20-F for the fiscal year ended December 31, 2022, as previously reported by the Company on a Form 12b-25, it no longer complies with Nasdaq Listing Rule 5250(c)(1) for continued listing.

On June 9, 2023, the Company received a letter from the Listing Qualifications Department of the Nasdaq indicating that the Company’s ordinary shares are subject to potential delisting from Nasdaq because, for a period of 30 consecutive business days, the bid price of the Company’s ordinary shares has closed below the minimum $1.00 per share requirement for continued listing under Nasdaq Listing Rule 5450(a)(1) (the “Bid Price Rule”). The Nasdaq notice indicated that, in accordance with Nasdaq Listing Rule 5810(c)(3)(A), the Company will be provided 180 calendar days, or until December 6, 2023, to regain compliance. If, at any time before December 6, 2023, the bid price of the Company’s ordinary shares closes at $1.00 per share or more for a minimum of 10 consecutive business days, Nasdaq staff will provide written notification that the Company has achieved compliance with the Bid Price Rule. If the Company fails to regain compliance with the Bid Price Rule before December 6, 2023, the Company may be eligible for an additional 180-calendar day compliance period. To qualify, the Company will be required to meet the continued listing requirement for market value of publicly held shares and all other initial listing standards for Nasdaq, with the exception of the bid price requirement, and will need to provide written notice of its intention to cure the deficiency during the second compliance period, by effecting a reverse stock split, if necessary. In the event the Company is not eligible for the second grace period, Nasdaq will provide written notice that the Company’s ordinary shares are subject to delisting.

Liquidity

As a result of liquidity and cash flow concerns that have arisen due to the ongoing investigation and the delay in the filing of this Annual Report, along with other factors related to the Company’s business operations, the Company faces significant uncertainty regarding the adequacy of its liquidity and capital resources and its ability to repay its obligations as they become due.

The significant uncertainty regarding the Company’s liquidity and capital resources, its ability to repay its obligations as they become due, provides substantial doubt about our ability to continue as a going concern for the next twelve months from the date of issuance of this Annual Report. The Company’s management is closely monitoring the situation and has been attempting to alleviate the liquidity and capital resources concerns through workforce reductions, interim financing facilities, negotiations with the Company’s creditors and other capital raising efforts.

Following the filing of this Annual Report, the Company expects to be able to obtain additional sources of debt and equity financing, together with additional revenues from new business opportunities and has engaged with potential investors with regards to such financing alternatives. However, such opportunities remain uncertain and are predicated upon events and circumstances which are outside the Company’s control. The inability to borrow or raise sufficient funds on commercially reasonable terms, would have serious consequences to the Company’s business, financial condition, results of operations and growth prospects.

B. Business Overview

In this section “we,” “us”, “our” and “HUB” refer to HUB Security. 

Overview 

HUB Security focuses on two symbiotic lines of business – Confidential Computing and Cyber Security Professional Services – a trusted advisor to its customers. The symbiotic connection between the two offerings is deeply rooted in the company’s strategy.

Traditional Approaches to Cybersecurity 

Traditional cybersecurity technologies operate as a collection of unique purpose-built systems and components that mitigate different threats and risks within a network. All of these systems are being operated by expanding costly IT and cyber teams within organizations. Most organizations today have sophisticated methods for protecting data at rest (encrypted in storage), and data in transit (encrypted in transit). However, traditional approaches to cybersecurity do not address vulnerabilities to data in use, (when applications and data are processed). As a result, most companies are exposed to hacks by commercially available tools and techniques, even after investing heavily in perimeter defenses.

This common vulnerability of systems to exploit by hackers has been exacerbated by the recent shift to remote work and the increase in cell phone access to networks. This shift allows even simple devices such as phones, tablets and laptops to access networks and receive sensitive data. The connection of these simple devices to a network has created a network perimeter that is almost indefensible by traditional cybersecurity systems.

Confidential Computing 

Confidential Computing is emerging as the ultimate solution for cyber protection as it assumes that a computer has already been infiltrated by hackers and that an administrator’s credentials have been compromised. HUB’s zero trust Confidential Computing systems protect data and applications by running them within secure enclaves that are governed by policies and managed with strict, rules-based filters to prevent unauthorized access to the processor as well as by and between microservices. This unique approach ensures data security, regardless of the vulnerability of the computing infrastructure.

Confidential Computing places the network system into a “bunker” or trusted execution environment, and maintains strict control over how the system is accessed, and does not require any changes in the network operations which would otherwise be required by traditional cybersecurity solutions. More importantly, Confidential Computing allows data to remain encrypted at all times, even while in use and being processed. According to the Everest Group, the Confidential Computing market is expected to grow by up to 90-95% each year through 2026 and will help to mitigate the threat of data breaches.

The potential benefits of Confidential Computing are immense, including data protection, ensuring security on data in use in the cloud, protecting intellectual property, allowing safe collaboration with external organizations on cloud, eliminating concerns over selecting cloud providers and protecting data processes for edge computing environments, such as IoT. HUB’s zero trust Confidential Computing has a key strength in that it can minimize the vulnerability of data for all of these use cases by protecting data in use, that is, during processing or runtime.

Our Business 

HUB was founded in 2017 by veterans of the elite Unit 8200 and Unit 81 of the Israeli Defense Forces, with deep experiences and proven track records in setting up and commercializing start-ups in a multi-disciplinary environment. HUB has developed unique technology and products in the field of Confidential Computing, and it intends to be a significant market participant providing effective cybersecurity solutions for a broad range of government entities, enterprises and organizations. On February 28, 2021, HUB and ALD, a leading provider of quality and reliability certification training and services, signed a share swap merger agreement, pursuant to which HUB became a wholly owned subsidiary of ALD and the shareholders of HUB owned 51% of ALD’s issued and outstanding share capital. The ALD-HUB Merger was completed on June 21, 2021 (ALD later changed its name to HUB Cyber Security (Israel) Ltd. and later to HUB Cyber Security Ltd.) 

Today, HUB operates in several countries providing innovative cybersecurity computing solutions as well as a wide range of cybersecurity and reliability, availability, maintainability and safety (RAMS) professional services. Its zero trust Confidential Computing product has received positive initial market feedback, with detailed discussions held with interested parties in Israel, EMEA, APAC and the United States, including well established companies in the telecommunications, insurance and technology sectors.

HUB’s management team includes, amongst others, Major-General (Ret.) Uzi Moskovich (CEO, former head of the Cyber Communications and Defense Division of the Israel Defense Forces), Andrey Iaremenko (founder and Chief Technology Officer with over 13 years of experience in the elite Unit 8200 of the Israeli Defense Forces), Hugo Goldman (Chief Financial Officer with over 25 years of experience as a Chief Financial Officer, including serving as CFO of several technology based companies), Osher Partok Rheinisch (Chief Legal, Compliance and Data Protection Officer with over 20 years of experience), and Alon Saban (EVP of Cybersecurity with 23 years’ experiences in national cybersecurity agencies)

For the years ended December 31, 2022 and 2021, HUB and its divisions generated $80 million and $33 million of revenue, respectively, including one customer that contributed more than 10% of HUB’s total consolidated revenue in the year ended December 31, 2022. For the year ended December 31, 2022, the revenue HUB generated from each of the geographic markets in which it operates (Israel, America, Europe and Asia Pacific) amounted to $76,127 thousand, $339 thousand, $2,983 thousand and $294 thousand, respectively. For the year ended December 31, 2021, the revenue HUB generated from each of the geographic markets in which it operates (Israel, America, Europe and Asia Pacific) amounted to $31,049 thousand, $680 thousand, $755 thousand and $36 thousand, respectively.

HUB is a cybersecurity product company that also offers complementary trusted advisory and professional service facilitating cyber risk assessment, cyber risk mitigation, cyber incident response, quality reliability and safety of critical systems. HUB’s management believes that HUB has great potential for growth and the ability to handle large and complex projects for governments and organizations by providing reliable cybersecurity solutions for the sensitive data and critical infrastructure of these entities.

HUB will seek to capture a leading position in the cybersecurity market, based on two major strategies:

Since the start of 2021, HUB has completed two acquisitions of cybersecurity consulting services and distribution companies. This has provided HUB with an established and trusted customer base, including governmental agencies and enterprises that are prime targets for its Confidential Computing approach. As part of its business strategy, HUB is also considering additional acquisition targets, particularly those in the United States.

HUB intends to leverage the acquired companies’ professional services, expert knowledge and understanding of customers’ need to upsell its cybersecurity solution. In addition, HUB intends to use its technological abilities to transform the acquired companies’ services into products that can be sold widely, thereby accelerating HUB’s revenue growth and increasing shareholder value.

Market Opportunity 

Ever Growing Demand for Cybersecurity Consulting Services

The cybersecurity market continues to grow due to increased risks of breach and regulatory pressure. New or enhanced regulations like the NIS2 directive, privacy regulations like the GDPR and the newly enacted SEC disclosure rules that will require companies to disclose cyber incidents are expected to drive growth to bigger heights. According to estimates, the market of cybersecurity services (estimated towards $100 billion worldwide) continues to grow at an annual rate of around 10% CAGR.

As a result the demand for cybersecurity consulting services increased as well and with a shortage of people entering the cybersecurity market, our Professional Services department is positioned well for growth having served the market for over 30 years in this space and having updated our services and offerings to meet the new increased demands.

Demand for Effective Cybersecurity Solutions 

According to the Official Cybercrime Report published by Cybersecurity Ventures, global cybercrime costs are expected to reach $10.5 trillion USD annually by 2025, up from $3 trillion in 2015. Based on a 2021 Sophos report, average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761 thousand in 2020 to $1.85 million the following year. In addition, Gartner has reported that the world-wide spending on cyber-defense grew at an annual rate of 12% in 2021 to $150 billion. According to CSO Online and IBM, in 2020, large enterprises spent on average 11% of their IT budgets on cybersecurity at an average cost of $2,000 per employee.

Despite increased spending on cybersecurity, the number and frequency of malicious attacks continues to grow. This means a new approach is needed to offer effective cybersecurity protection. Organizations are facing massive challenges as they attempt to manage and secure the explosion of data created within their organizations, which are in part created by remote environments. This, coupled with the lack of visibility across dispersed networks and growing migration to the cloud, has increased the risk of cyber-attacks.

According to Thoughtlab, the average number of attacks and breaches rose sharply in 2021 — the number of incidents rose 15.1%, while the number of material breaches increased 24.5%. These figures may be underestimated because some organizations may fail to detect and under-report attacks. According to Gartner, enterprises trying to defend against those cyber threats have as many as 46 cybersecurity tools.

Healthcare breach costs have been the most expensive industry for 12 years. Material breaches — those generating a large financial loss, compromising many records or having a significant impact on business operations — increased even more, by 24.5% from 2020 to 2021.

This means that the traditional approach and tools for cybersecurity are not effective. In addition, under the current macroeconomic environment, enterprises are facing increasing pressure to control their spending and thereby rethink the strategy to cybersecurity protection. Top executives in enterprises are consistently looking for more cost effective options to secure their companies, and chief information security officers are playing an increasingly important role in business operations.

According to Gartner’s top eight cybersecurity predictions for 2022-23, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s security service edge platform by 2025. Similarly, enterprises are most likely to look for a consolidated and stronger cybersecurity solution, a solution offering a more holistic protection instead of accumulating more tools and related costs.

In the meantime, global cybersecurity regulators are strengthening their standards for data security and encryption. In a recently published report, Gartner indicates that through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP. However, more needs to be done to mitigate cybersecurity threats, especially in the post-pandemic work environment.

According to Forbes, this growing issue of cybersecurity protection is affecting a wide range of industries, from healthcare and financial services to decentralized finance (“DeFi”). Emerging technologies such as artificial intelligence (“AI”) and machine learning (“ML”) are also expected to become increasingly important to prevent widespread attacks in vulnerable industries and to secure business operations.

In particular, HUB believes that there are two mega markets — edge computing and 5G, with a combined value of over $500 billion as of 2023 according to KPMG, that urgently require more effective cybersecurity protections. According to IDC, worldwide spending on edge computing is expected to reach $176 billion in 2022, an increase of 14.8% over 2021. Enterprise and service provider spending on hardware, software and services for edge solutions is forecasted to sustain this pace of growth through 2025, by when the spending is expected to reach approximately $274 billion. In addition, according to Gartner, 75% of data will be generated outside a traditional centralized data center or cloud by 2025 (as compared to 10% in 2019). It is also expected that the global edge computing market will increase from approximately $3.6 billion in 2020 to $15.7 billion by 2025. On the other hand, the AI market is expected to reach $266.92 billion by 2027. Gartner believes that by 2025, approximately half of the large organizations will implement privacy enhancing computation to process data in untrusted environments as well as implement multiparty data analytics solutions.

The Confidential Computing Market 

Almost all of the leading technology companies are coming to recognize that Confidential Computing is a powerful trend and are investing heavily to provide their networks with this enhanced protection. They are also educating the market on the advantages of Confidential Computing.

With a projected market size of $54 billion by 2026, the long-term growth prospects for confidential computing are robust. In addition, the average data breach costs enterprises $4.35 million.

According to the Everest Research Group, although adoption of Confidential Computing is nascent, its potential is tremendous for both the enterprises that are adopting it and the technology and service providers that are enabling it. Everest estimates that the Confidential Computing market will reach $54 billion by 2026.

Their research also shows the following characteristics of the Confidential Computing market:

The Confidential Computing market is poised for exponential growth.   Total Addressable Market (“TAM”) for Confidential Computing in 2021 was about $2 billion. The Confidential Computing market is expected to grow at a CAGR of at least 40 – 45% and up to 90 – 95% through 2026. Cyber risks, regulations, and avenues for incremental revenue are positioning Confidential Computing for exponential growth.

Technology Background 

How Data Works in a Network 

In a network setting, code and data are moved and stored in structured formats called packets. Within a network, packets exist in three states:

Protecting Data in Use 

Significant progress has been made in recent years to protect sensitive data in transit and in storage. However, sensitive data is still vulnerable when it is in use. For example, while Transparent Database Encryption (“TDE”) ensures that sensitive data is protected in storage, that data must be stored in cleartext (i.e. in an unencrypted form) in the database buffer pool so that Structured Query Language (“SQL”) queries can be processed. This renders the sensitive data vulnerable because its confidentiality may be compromised in several ways, including memory-scraping malware and privileged user abuse.

This concern around protecting data in use has been the primary reason that is holding back many organizations from saving on IT infrastructure costs by delegating certain computations to the cloud and from sharing private data with their peers for collaborative analytics.

Confidential Computing and Fully Homomorphic Encryption (“FHE”) are two promising emerging technologies for addressing this concern and enabling organizations to unlock the value of sensitive data. The FHE is an emerging cryptographic technique that allows developers to perform computations on encrypted data. This represents a paradigm shift in the relationship between data processing and data privacy. Previously, if an application had to perform some computation on data that was encrypted, this application would necessarily need to decrypt the data first, perform the desired computations on the clear data, and then re-encrypt the data. FHE, in comparison, has the ability to access an encrypted database and extract a register while encrypted, as well as execute and return the register while still encrypted. In other words, FHE can remove the need for the decryption-encryption steps by the application. As a result, FHE has the potential to change the way computations are performed by preserving end-to-end privacy. For example, users would be able to offload expensive computations to cloud providers and be ascertained that cloud providers will not have access to the users’ data at all.

While it is expected to have similar functions as Confidential Computing, FHE is not ready for production yet, so it is not a realistic solution for addressing the pressing concerns in the cybersecurity space. The main hindrance for the growth and adoption of FHE has been its very poor performance. Despite significant scientific improvements, performing computations on encrypted data using FHE is still exponentially slower than performing the computation on the plaintext. In addition, converting a program that operates on unencrypted data to one that operates on encrypted data is very complicated and challenging. If not done properly, this translation can significantly increase the performance gap between computing on unencrypted data and the FHE-computation on encrypted data, thereby precluding wide adoption of the FHE technology.

Confidential Computing 

Confidential Computing is a cloud computing technology that isolates sensitive data in a protected Central Processing Unit (“CPU”) enclave during processing. Within the enclave, the data being processed, and the techniques that are used to process it, are accessible only to authorized programming code, and are invisible and unknowable to anything or anyone else, including the cloud provider.

With increasing reliance on public and hybrid cloud services, data privacy in the cloud is imperative. The primary goal of Confidential Computing is to provide greater assurance to company executives that their data in the cloud is protected and confidential, and to encourage them to move more of their sensitive data and computing workloads to public cloud services.

For years, cloud providers have offered encryption services to help protect data at rest (in storage and databases) and data in transit (moving over a network connection). Confidential Computing eliminates the remaining data security vulnerability by protecting data in use, that is, during processing or runtime.

More enterprises are realizing the benefits of Confidential Computing in today’s work environment. With constant security threats, Confidential Computing provides hardware-level security, confidentiality and privacy that gives enterprises more peace of mind. For example, Confidential Computing can help healthcare organizations in protecting sensitive data and intellectual property contained in AI algorithms, including those stored in untrusted infrastructure and public cloud. The vulnerability of data in use is a key concern in the secure implementation of AI modelling. Confidential Computing protects data while it is in use and maintains privacy, thereby overcoming the primary challenges faced by current approaches to cybersecurity protection.

HUB’s Confidential Computing Solution 

HUB believes that its Confidential Computing system is the only available model that meets today’s cybersecurity challenges. Confidential Computing protects data and applications by running them within secure enclaves to prevent unauthorized access. It protects data security, regardless of the vulnerability of the computing infrastructure. HUB’s technology has been built by cyber experts who understand the methods of attack and deal with threats that other solutions cannot address.

HUB Confidential Computing solution is a hardware-based Confidential Computing platform that secures the entire compute and network stack, leveraging the digital twin technology and a new zero-trust paradigm to provide enhanced security and privacy for customers’ most sensitive organizational applications and data, whether it’s data at rest, in transit or in use. It enables security for any computing environment, including AI, edge computing, 5G, Metaverse, ransomware protection, e-Government and quantum. Since HUB’s Confidential Computing solution completely isolates servers, it is applicable to data centers, private clouds and edge networks.

HUB’s Confidential Computing solution is built on a “zero-trust” principle which assumes that all data and network components have been hacked and cannot be trusted. Each component must therefore check and authorize all code and data packets before they reach the component’s CPU. This check must be done in a separate hardware space that is proximate to the CPU but not run by it.

The solution includes a dedicated hardware environment—root of trust, providing a higher level of security than a perimeter, a software or agent-based security solution. It automatically implements micro segmentation, web application firewall capabilities, Hardware Security Modules (“HSMs”), key management functionality, identity and access management services, interface gateway as well as stealth logging and monitoring.

HUB’s combined hardware and software check all streams of code and data packets and prevent unauthorized packets from reaching the CPU, its related memory and its software. The software that checks the stream of packets must be located in the hardware and be run by a processor other than the CPU.

HUB’s devices create a single path for data packets to enter and exit a networked component, so that no flow of unauthorized packets can reach or leave the component without being checked by the HUB device. The solution guards each layer of the software stack that is executed by a CPU or Graphics Processing Unit (“GPU”), from the data and application layer to the physical layer, and it monitors each flow of packets that reach the CPU or GPU of a component. HUB’s solution provides a significant improvement over traditional “firewall” defenses that are designed to block the penetration of a network’s perimeter but are largely ineffective at stopping hackers once they have breached into a network.

Essentially, HUB’s Confidential Computing solution is to completely isolate data from the outside world protecting data from side-channel attacks. Side-channel attacks rely on information gained from implementing a computer system rather than weaknesses in the algorithm itself (e.g., cryptanalysis and software bugs). Cyber attackers are able to exploit information from various sources, including time, energy consumption, electromagnetic leaks, and even sound.

HUB began selling its Confidential Computing solution in 2018. HUB’s solution is currently available as a stand-alone component to protect one or more servers, and as a peripheral component interconnect, or computer circuit board, card (“PCIe Card”) that is inserted into a server or other network component. HUB also has its Hub Silicon™ product which is expected to run HUB’s solution on a chip and is in development stages. While HUB remains optimistic about the future of HUB Silicon, it has halted immediate development on HUB Silicon and shifted its primary focus to immediate revenue opportunities and customer acquisition offered by HUB Vault and PCIe Card. It is unclear when, if at all, development will resume on HUB Silicon. The HUB on-chip solution is expected to include and replace the separate CPUs now used by networked processing equipment. HUB anticipates that HUB Silicon has the potential to become a standard cyber-security feature on all devices that are connected to a network. With HUB’s technology, a hacker’s breach into a network is nearly irrelevant, as the real protection is HUB’s combination of hardware and software that guards the CPU and memory of the individual network component.

HUB’s Confidential Computing solution comprises four main components — 1) cyber digital twins, 2) permission and governance policy engine, 3) cryptographic engine, and 4) physical security of an appliance. Taken together, HUB’s Confidential Computing solution offers world-class security. It provides seamless integration with existing systems and applications, which ensures no interference with work processes and can be customized to customer’s precise requirements. In addition, the solution runs on a separate execution platform, making it even more secure since the security solution will not be hacked even if the network environment is hacked. At the same time, it is not a perimeter security solution that can be bypassed. More importantly, the solution works in stealth mode and is invisible to the attacker and the applications, so there is no need to change a network’s current applications and architecture.

Permission and Governance Policy Engine 

A policy engine is a software component that allows an organization to create, monitor and enforce rules about how network resources and the organization’s data can be accessed. The policy engine authorizes users’ and entities’ access to protected resources. Its purpose is to only allow for a specific request or action, based on analysis of normal traffic and irregularities of timing and volume. HUB’s aim is to have the right level of permissions setup for each asset inside the secure zone and have the right checks and balances for the approvals.

HUB’s policy engine adopts the stealth logging feature, which offers an extra layer of support for log data integrity by further restricting attack vectors on the data itself. With stealth logging, HUB has created a highly secure authorization system for the entire network and computer stack, from hardware to layer-7 applications. Moreover, organizations can use the permission and governance policy engine to prevent privileged abuse of advanced hacking techniques with governance rules such as approval workflows and velocity checks. The approval workflows are configurable and allow for the segregation of duties.

Cryptographic Engine 

A cryptographic engine operates as an internal high-security key manager for each application and service by operating as a self-contained, redundant cryptographic module. It replaces appliance and board-level cryptographic devices and creates and manages key encryption and decryption services.

The cryptographic engine serves as a hardware based root of trust for isolation and protection of incoming data and other services. It also generates and distributes keys to external servers and to the internal applications. In addition, it adopts a bi-directional physical and logical filtering to perform automated signature verification on each incoming and outgoing data packet.

Advantages of HUB’s Solution 

HUB believes that it has a strong advantage by already having its zero trust Confidential Computing solution developed and in the market. HUB believes it has a significant lead compared to its closest competitors and that it can offer customers greater protection against cyber threats at significantly lower costs.

HUB’s solution enables secure computation and protects data across the entire compute and network stack, with an integrated hardware and software platform that is compatible across computing architectures with any CPU, GPU or field programmable gate arrays. This solution has a few unique features, including the facts that (i) it secures data in use, at rest and in transit, (ii) it ensures true isolation of the entire network stack and eliminates security hassles for customers, and (iii) it is able to integrate with existing network environment and does not need any modification to the network environment. These features will enable HUB to secure business opportunities with significant external or edge requirements such as AI collaboration, private 5G and Internet of Things (“IoT”).

With the hardware isolation set-up, HUB’s solution isolates the execution environment from network threats, thereby preventing any malicious access to stored data and applications. The cyber digital twin technique establishes a digital replica for any API to provide physical protection and threat detection and to prevent vulnerability exploitation, ensuring that the actual API is never exposed. Moreover, the governance and controls system within HUB’s solution provides highly secure authentication and authorization for the entire network and compute stack, in order to prevent privileges abuse from advanced hacking techniques. The zero-trust security method also establishes a trust-zone boundary to completely protect the network from privileged access abuse. HUB’s management believes that this solution is ready for quantum computing threats by integrating quantum key distribution and post-quantum algorithms. The solution can also be deployed quickly and at any place, from data centers to the edge, using automation and remotely secure update features.

HUB’s solution is able to protect the digital assets of external data, as the twin (i.e. the digital replica) performs a number of security checks for every request before it is forwarded to the destination. An access check is done to verify identity, filter data and evaluate rules. A simulation check is carried out to validate the incoming request’s impact on the original copy in real time. In addition, a manipulation check is conducted to proactively change the incoming requests and outgoing responses as needed, in order to keep the original application and data safe.

HUB’s management believes that its solution also has the following additional advantages over traditional firewall solutions:

 HUB’s Offerings 

HUB’s Confidential Computing solution has three configurations, two of which (HUB Vault and HUB PCIe Card) are available for commercial sale. The third configuration (HUB Silicon) is in development stages. While HUB remains optimistic about the future of HUB Silicon, it has halted immediate development on HUB Silicon and shifted its primary focus to immediate revenue opportunities and customer acquisition offered by HUB Vault and PCIe Card. It is unclear when, if at all, development will resume on HUB Silicon. In addition to technology, HUB also provides advanced professional services that enable clients to assess their vulnerability to a cybersecurity attack as well as to quickly respond should one occur.

HUB Vault

HUB Vault is a managed file transfer application (“MFT”) that protects critical data, enabling secure data storage and sharing through an application leveraging our secure compute core. Customers can use our technology for data sharing within the enterprise or supply chain, or white label the application for end users, suppliers or partners. HUB Vault is currently live with one commercial customer who intends to attempt to resell the capability to tens of thousands of end users.

HUB PCIe Card 

HUB PCIe Card provides the same confidential computing functionality for a single compute component as HUB Appliance. HUB PCIe Card is configured onto a single computer board that is inserted into a compute component. It can be installed on an original equipment manufacturer (“OEM”) basis by hardware or server manufacturers such as Hewlett-Packard and Dell. It can also be ordered separately and fitted into board slots of existing equipment. HUB PCIe Card was first offered for commercial sale in 2021 and is currently in full service in 2 installations.

HUB Silicon — The Next Generation 

HUB Silicon is HUB’s next generation device and is in the development stage. HUB Silicon, when complete, will put all of HUB’s cybersecurity functionality onto a chip, and include one or more CPUs on that same HUB chip. HUB believes that the functionality and processing power of this on-chip solution will eventually replace not just traditional cybersecurity defenses, but also the stand-alone CPU chips that are now at the heart of existing server design.

The single HUB Silicon chip will provide both processing power and cybersecurity for network and compute devices. HUB Silicon will sit directly on the motherboard of network components and will be suitable for devices as powerful as servers. HUB anticipates that HUB Silicon will be installed on an OEM basis by equipment manufacturers and will become an industry standard for the cybersecurity solution offered by component manufacturers.

HUB Silicon is expected to allow equipment manufacturers to increase the value of their component-offerings by including cybersecurity as a “built-in” capability and will enable equipment purchasers to reduce their reliance and expenditures on firewall protection systems.

While HUB remains optimistic about the future of HUB Silicon, it has halted immediate development on HUB Silicon and shifted its primary focus to immediate revenue opportunities and customer acquisition offered by HUB appliance and PCIe Card. It is unclear, when, if at all, development will resume on HUB Silicon.

HUB Professional Services

The HUB Professional Services division is built upon the acquisition of Comsec Ltd., a global leader in innovative cybersecurity services for more than 30 years to customers in Israel and across the globe. The professional services portfolio provides consulting services to identify and mitigate risks in their cybersecurity environment.

Comsec Ltd. specializes in governance risk compliance (“GRC”) and strategic consulting services. The company helps clients assess their gaps to their relevant regulatory requirements and propose solutions to mitigate the gaps and become compliant. As part of the GRC offerings, there is focus on the credit card industry which has stringent requirements in place for implementation of cybersecurity controls. The team has a large number of qualified security assessors to work on these projects. HUB provides a chief information security officer as a service to clients that do not have sufficient internal resources to manage cybersecurity in their organization. Within compliance and GRC offering services there are GDPR and other regulatory compliance assessments and remediation work.

The application security offerings help organizations assess their risk and vulnerabilities in their application landscape. The services provided are aligned with the Secure Development Lifecycle (“SDLC”) methodology and helps clients and their development departments with assessing risk (testing and threat modeling), training their developers, scanning code for vulnerabilities, recommending mitigation activities and implementation of security controls.

Offensive security offerings mimic what criminal organizations and or hackers are attempting to do to compromise organizations. The teams rely on their expertise and tooling to try and find vulnerabilities in the organization’s environment and exploit them to access critical assets and systems. This enables clients to mitigate the found exploitations and plug gaps in their cybersecurity posture before being exploited by hackers and/or criminal organizations.

Infrastructure security services provide testing services on infrastructure-related equipment and environments. The team utilizes penetration testing equipment to validate the security posture and identify potential vulnerabilities with a focus on cloud computing.

Reacting to cyber incidents in a fast and decisive manner is key to mitigating harm. HUB has incident response teams available at all times to receive calls from clients that may be experiencing a breach or ransomware attack. The experienced teams investigate the incident and assist the client with activities to minimize the impact and get their operations back to normal.

HUB professional services also provides training to organizations employees in the field of cybersecurity. A catalog of over 50 training courses is available to the client base and market.

HUB professional services division provides services to more than 100 active clients and has served over 1,000 customers across industries and geographies. Customers include some of the largest banks, insurance companies, telecommunications organizations, industrial organizations and high tech companies around the globe. HUB also partners with organizations across the globe to provide their customers with the same high quality services that the HUB professional services division provides directly to customers. Partners include large outsourcing organizations as well as specialized niche companies that value the add-on services HUB can provide. HUB has more than 10 active partners operating in Italy, Turkey, India, Sri Lanka, Spain, UK, Poland and across South America.

HUB is exploring opportunities with the large outsourcing companies in Europe and around the world which lack a number of critical security services that HUB is able to provide. These organizations struggle with the demand and to provide high-quality profiles. This is where we believe HUB can provide a lot of value.

Competition and Competitive market:

Although there are a large number of cybersecurity organizations, the market need fast outpaces the growth in our competitors. HUB stands out to the competition because its core services are developed and implemented in the Israeli market first. The Israeli market is demanding and innovative, and HUB has the opportunity to bring these innovative services to an international clientele.

Major competitors include global consulting firms. While these organizations are large, HUB stands out through innovative and cutting-edge services catered to the latest trends and threats. Other competitors are more country-specific cybersecurity services companies. Against these companies, HUB believes it can show its experience in the global market, the breadth and depth of the service portfolio and the quality of service.

Reliability Products and Services

The reliability products and services division is built upon the acquisition of ALD, a global leader in innovative Reliability, Availability, Maintainability and Safety Assessment (“RAMS”) products and services for more than 30 years to customers in Israel and across the globe.

The ALD consulting team consists of experts in the fields of RAMS, LCC and ILS. The team provides solutions in the fields of construction, infrastructure and renewable energy. Proposed solutions include preparation of RAMS and quality control plans, allocation of professional personnel to projects and establishment of quality systems and certification of standards.

Products

ALD Software Suite is a result of more than 39 years of expertise in development of safety and reliability analysis software for world-class civil and military aviation, communication, space and electronics organizations.

The software suite consists of a set of integrated tools covering reliability prediction, availability, maintainability analysis, safety assessment, quality management, safety management, industrial process control and more:

RAM Commander 

RAM Commander is the reliability and safety software that covers engineering tasks related to reliability of electronic, electro-mechanical and mechanical systems. RAM Commander modules include reliability prediction, RBD, fault tree analysis, event tree analysis, FMECA and testability analysis, FMEA process and design and more. 

Safety Commander

Safety Commander is an off-the-shelf software that provides fail-safe design for any System of System Safety Assessment (“SoSSA”) across multiple industries, including aerospace, rail, communication and energy. With the ability to perform safety analysis integration on the level of an aircraft or system-of-systems, Safety Commander sets itself apart as a unique solution in the market.

FavoWeb

FavoWeb FRACAS is ALD web-based and user-configurable Failure Reporting, Analysis and Corrective Action System (“FRACAS”) that captures information about equipment or a process throughout its life cycle, from design, production testing, and customer support.

ALD College

ALD College offers various courses in the areas of quality and reliability. Our courses are designed for different levels of students and objectives. They range from short courses on quality control to full 250-hour academic courses on quality engineering. Courses correspond to the American Society for Quality’s programming for the CQM/CQE/CRE/CSQE. Our courses are designed for both private participants and institutions. Courses for large customers can be tailored to meet specific needs and delivered at either ALD College or at the customer’s site.

Qpoint

Qpoint specializes in quality assurance software projects. Specialists assist customers from the characterization phase through system design, development and testing to full delivery. Qpoint also coordinates with partners on technological projects and the recruitment process. They provide solutions and advisory services for the establishment and operation of information and communication systems.

HUB’s Strategies 

During the next five years, HUB intends to capture a leading position in the global cybersecurity market, based on its Confidential Computing solution. HUB believes that it is ideally positioned to take advantage of the increased demand in confidential computing technology for effective protection of data.

The essential elements of HUB’s strategies include:

Strengthening HUB’s technological advantage by delivering ongoing innovation.   HUB believes that its technology is readily ahead of potential competitors as HUB’s solution has a proven working technology, while others are at earlier stages of development. HUB intends to extend its significant technological advantage over its competitors by focusing on the development of its Confidential Computing solution, enhancing its existing products and services, introducing new functionality and developing new solutions to address new use cases. HUB’s strategy includes both internal development and an active mergers and acquisition program where HUB acquires or invests in complementary businesses or technologies.

Growing HUB’s customer base.   HUB aims to acquire operating companies with established customer bases in the targeted segments, with a view to upsell HUB’s products to those customers and to convert existing services into products, in order to significantly increase revenue and shareholder value. In addition, the global threat landscape, digitalization of the enterprise, cloud migration and the broad security skills shortage are contributing to the need for cyber solutions. HUB believes that every organization, regardless of size or vertical, needs cyber protection, yet HUB’s primary focus is to pursue business with new customers in the enterprise and mid-market segments of the commercial market. HUB executes its strategy by leveraging a combination of internal marketing professionals and a network of channel partners to communicate the value proposition and differentiation for its products, generating qualified leads for its sales force and channel partners. HUB’s marketing efforts also include public relations in multiple regions and extensive content development available through its website.

HUB’s Operations 

Strategic Acquisitions 

HUB has so far completed three acquisitions, as set forth below, which match its criteria for acquisition targets. HUB intends to continue identifying acquisition targets and acquiring companies and business assets that match its criteria, especially companies with well established relationships and long term contracts with the U.S. government, and apply lessons learned from these acquisitions when approaching new ones.

HUB’s acquisition targets include companies with:

ALD 

HUB merged with ALD in 2021. ALD was founded in 1984 and became publicly traded on TASE in 2000. ALD was an engineering services provider specializing in quality, reliability and safety control for complex engineering projects and dependability of mission critical processes. ALD’s culture of exacting quality standards and superior reliability and safety is highly complementary with the cybersecurity industry’s emphasis on impenetrability and safety from external or internal threats. It also renders services, through one of its subsidiaries, Qpoint Technologies Ltd. (“Qpoint”), in the field of information systems, software testing and outsourcing of professionals and in the field of development, testing and information systems. ALD’s experience and reputation enable it to provide high-quality cybersecurity integration services to large-enterprise customers of HUB. 

In 2022 and 2021, ALD had sales of $42,623 thousand and $43,068 thousand (respectively). ALD’s customers include those in the aerospace, defense, government and transportation industries.

ALD consulting team consists of highly professional experts in the fields of RAMS, LCC, ILS. It also provides solutions in the fields of construction, infrastructure, and renewable energy. Among the proposed solutions: preparation of RAMS and quality control plans, allocation of professional personnel to projects and establishment of quality systems and certification of standards as needed.

Some of ALD customers are world leading commercial companies as well as major defense, transportation and government organizations.

Products

ALD Software Suite is a result of more than 39 years of expertise in development of safety and reliability analysis software for many world leading civil & military aviation, communication, space and electronics organizations.

The software suite consists of a set of integrated tools covering Reliability prediction, Availability, Maintainability Analysis, Safety Assessment, Quality Management, Safety Management, Industrial Process Control and more:

RAM Commander 

RAM Commander is the reliability and safety software that covers engineering tasks related to reliability of electronic, electro-mechanical and mechanical systems. RAM Commander modules: Reliability Prediction, RBD, Fault Tree Analysis, Event Tree Analysis, FMECA and Testability Analysis, Process & Design FMEA and more. 

Safety Commander 

Is an off-the-shelf software that provides fail-safe design for any SoSSA across multiple industries, including aerospace, railway, communication, and energy. With the ability to perform safety analysis integration on the level of aircraft or system-of-systems, Safety Commander sets itself apart as a unique solution in the market.

FavoWeb 

FavoWeb FRACAS is ALD Software web based and user configurable Failure Reporting, Analysis and Corrective Action System (“FRACAS”) that captures information about equipment or a process throughout its life cycle, from design, production testing, and customers support. 

Qpoint

QA software projects. From the characterization phase, system design, development, testing to full delivery to the customer. Outsource of technological projects and recruitment process. Information systems. Providing solutions and consulting for the establishment and operation of information and communication systems.

Comsec 

In 2021, HUB acquired all of the shares of the Israeli company Comsec Ltd., a distributor of cybersecurity software solutions.

In 2022 and 2021, Comsec had sales of $36,897 thousand and $34,499 thousand (respectively). Most of Comsec’s customers are large enterprises, militaries and government agencies, and Comsec has deep and long-term connections with the IT procurement departments in those organizations and is recognized by them as an approved provider.

This customer profile matches the target market of HUB’s Confidential Computing solution, so the process of integrating HUB’s proprietary products with Comsec’s existing offering has been smooth and efficient. Since the acquisition in 2021, Comsec’s experienced sales and distribution staff have emerged as the primary driver of the market’s acceptance of HUB’s cybersecurity solutions.

To summarize, HUB merged with ALD to gain immediate access to top clientele, which allowed HUB to minimize its marketing penetration efforts. It then acquired Comsec to become a prime integrator in large government and enterprise tenders. In only 12 months, HUB has transitioned from a technology-only provider to a global integration company specializing in the field of defensive cyber confidential with the potential for growth, the access to blue-chip customers, as well as the ability to take large projects with governments and organizations.

Legacy Technologies 

In May 2022, HUB announced the acquisition of the cybersecurity and data center assets of Legacy Technologies GmbH (“Legacy”), a European cyber firm that has an extensive EMEA distribution network of cyber solutions for major government and enterprise data centers. The asset acquisition closed on July 5, 2022.

HUB originally believed that the acquisition of Legacy had the potential to bring in a considerable amount of new enterprises and government customers within the EU and the Middle East. HUB also believed that the acquisition would provide direct access to a large number of blue-chip customers around the world, which would save HUB a significant amount of time otherwise needed to penetrate these markets organically.

The acquired Legacy data center business focused on edge data centers which was meant to be an important business opportunity for HUB confidential computing products. The unique cybersecurity challenges of edge data centers include the criticality of continuous operation and the protection of data in a remote location, away from the operational staff, the cyber response team and the main data centers. The potential synergy was meant to be in solving the operational technology challenges of the data centers as well as the server room cybersecurity challenges.

At the time of the Legacy acquisition, HUB’s management believed that the acquisition could have the potential to bring in a considerable amount of new enterprises and government customers within the EU and the Middle East. To date, we have yet to recognize any revenues or acquire new customers from the Legacy assets and it remains extremely uncertain as to when, if at all, we may be able to do so.

As of December 31, 2022, we determined that the assets acquired should be fully impaired. As such, for the year ended December 31, 2022, we recorded an impairment loss of $8,738 for the assets acquired from Legacy.

Operating Structure

HUB believes that in addition to developing superior technology, a cybersecurity company also needs a disciplined sales and distribution force and an experienced, customer-oriented professional service group. In particular, the sales force needs to bring established relationships with customers’ IT procurement departments, and professional services consultants must have deep experience in adapting systems to meet the individual needs of customers and to provide excellent, long-term support to keep pace with the customer’s security challenges. Through organic growth and strategic acquisitions, HUB has brought together the following three synergetic operating structures to solve client needs and efficiently take our products and solutions to market.

The professional services department is comprised of services performed by ALD and Comsec.

As of December 31, 2022 and July 31, 2023, HUB’s professional services division had 500 and 454 employees, respectively.

HUB’s management believes that in addition to serving customers with professional services, these employees are also essential for customization and integration of HUB’s technology products into customers’ networks.

As of December 31, 2022 and July 31, 2023, HUB’s confidential computing team had 80 and 60 employees, respectively,  32 and 22 of whom were dedicated to technology and product development, respectively.

The distribution organization, which originated from Comsec, is in charge of distributing HUB’s cybersecurity solutions to customers and building and enhancing market acceptance for HUB’s Confidential Computing platform. 

HUB Guard

HUB Security is positioned as a leading and trusted advisor. Customers continue utilize more services catered by HUB. By leveraging market-wide demand, HUB’s technological capabilities, HUB’s domain expertise and HUB’s growing clientele, HUB is offering a cyber resilience bundle known as HUB Guard.

HUB Guard continuously evaluates the security posture of the customer while outlining any weaknesses or threats and suggesting solutions to mitigate and remediate. HUB Guard introduces methodology for an ongoing alignment and evolvement of the cybersecurity posture.

First, enterprises require a continual and comprehensive understanding of their regulatory adherence and risk posture. HUB Guard assessments serve as systematic evaluations of processes, controls and systems to identify compliance gaps and vulnerabilities, enabling clients to proactively identify areas of non-compliance, security weaknesses and operational inefficiencies, allowing for timely remediation.

Second, enterprises have a need to proactively discover, analyze and address potential gaps in their security defenses and controls. HUB Guard allows clients to systematically identify and evaluate vulnerabilities, threats, and potential compliance gaps within their operations. By quantifying and scoring risks, organizations gain valuable insights into their risk landscape, enabling informed decision-making and resource allocation to mitigate those identified risks.

Third, enterprises require a means to monitor, respond to, and mitigate security incidents promptly while demonstrating their commitment to risk management, data protection and business continuity. The HUB Guard incident response enables rapid and transparent remediation to security events, minimizing the financial impact of incidents, protecting sensitive information, and preserving customer trust.

As part of HUB Guard, HUB intends to automate existing service offerings based on technological capabilities. The conversion relates to various professional services that are offered by HUB, where the systems can be automated and merged with other products and utilized by the services teams and be operated on an ongoing basis. Moreover, There is continuous exploration to broaden the offerings of HUB Guard with new technologies and capabilities and thus expand coverage of customer needs. Both new offerings and existing ones are bundled into the dashboard and reflected in real time to the end customer. providing value and offering more and more service bundles to the customer. HUB Guard is offered in a one-to-three year subscription model and is marketed via partners and directly to both existing and new end customers.

Paid Proof of Concept, Pilots & Pipelines 

Following the acquisition of Comsec, HUB has added a number of products and services to its portfolio and established a solid customer base of hundreds of leading enterprises and organizations in Israel, the Netherlands and the UK, including several government departments, banks and military branches.

HUB currently has a number of proof of concept activities, including having recently run trials with (i) a defense contractor in an Asian country regarding secure compute for military systems, who is currently offering HUB’s products and solutions for resale, (ii) a large U.S. based financial institution for secure digital asset transactions and QKD, who chose not to continue with HUB’s offerings and (iii) a secure file storage system bundled with cyber insurance offered in the Middle East and Europe to SMBs, which remains on going.  

HUB’s current pipeline includes signed agreements with enterprises and organizations in the “InsureTech,” defense and government sectors. HUB is also in discussions regarding potential proof of concept trials.

At the time of the Legacy acquisition, HUB’s management believed that the acquisition could have the potential to bring in a considerable amount of new enterprises and government customers within the EU and the Middle East. To date, we have yet to recognize any revenues or acquire new customers from the Legacy assets and it remains extremely uncertain as to when, if at all, we may be able to do so.

As of December 31, 2022, we determined that the assets acquired should be fully impaired. As such, for the year ended December 31, 2022, we recorded an impairment loss of $8,738 for the assets acquired from Legacy.

Target Markets 

HUB’s primary target markets are large entities that handle highly sensitive data. These include, but are not limited to:

Telecommunication and cellular operators who are ramping up to 5G service also present enormous market potential for HUB devices. The speed and data-handling capabilities of 5G services will take advantage of HUB’s high throughput speed and protection. A HUB device installed in a cellular tower can provide cybersecurity for all data flowing in and out of the tower’s 5G equipment.

In addition, the fast-growing market for IoT sensors and edge computing will be particularly amenable to HUB Silicon. The number of simple IoT and edge devices that will be concurrently connected to a network and the steady flow of data from these devices will severely challenge traditional firewall cyber protection. By contrast, HUB Silicon, when commercially available, will provide IoT and edge computing devices with both cyber defense and processing power on a chip so that data flowing to and from these components will be secured.

Case Study — Edge Computing 

Edge computing is a distributed computing paradigm that brings computation and data storage closer to the sources of data. Edge computing is expected to improve response times and save bandwidth. It is an architecture rather than a specific technology. It is a topology- and location-sensitive form of distributed computing.

As edge computing grows at a CAGR of 38.9% according to grandviewresearch.com, supplementing the cloud with data processing closer to the source, organizations are challenged to defend the massive number of new servers at those edge locations. With HUB Security solutions, the server that runs the application is built in the hardware. Standard networking architectures require separate boxes for HSMs, firewalls, web applications, and more. The cost of those boxes and associated maintenance and management can quickly get out of control, and the semiconductor supply shortage has made this market even more cumbersome to navigate.

HUB’s PCIe solution, for instance, can be installed quickly and is simpler to use than industry-standard combination of solutions. It not only acts as the fortified gateway to the servers’ computation parts, but it also protects data at rest, in transit, and in use. The superior performance and full computation stack are ideal for edge computing use cases and reduces the total cost of ownership up to 80% compared to standard solutions.

As cyber threats become more sophisticated, confidential computing has gained traction because it allows data to remain encrypted at all times. By implementing the smallest inclusive trust zone, an isolated computing environment with an end-to-end security stack, enterprises can rest assured that their edge environments are safe with centralized management and monitoring. HUB’s solution includes a dedicated hardware environment, providing a higher level of security than a perimeter or agent-based security solution. It automatically implements micro segmentation, web application firewall capabilities, HSMs, key management functionality, identity and access management services, as well as stealth logging and monitoring.

Many cybersecurity tools do not work well together, yet tool sprawl is a real issue as enterprises continue to bolt on more systems with the hope to create a patchwork defense. The cost of maintenance and hiring new skilled workers is becoming more expensive year after year. By adopting HUB’s solution, companies’ chief information security officers can effectively manage costs incurred by the business to address cybersecurity challenges.

The HUB Confidential Computing platform takes the place of existing perimeter security and agent-based security software in data centers and critical edge cyber infrastructure. HUB’s solution creates a protective shield that simplifies the cybersecurity approach while reducing enterprises’ annual spending on capital expenditure and operating expenses.

Case Study — Critical Infrastructure & AI 

According to a Gartner report released in December 2021, by 2025, 30% of critical infrastructure organizations will experience a security breach resulting in the shutdown of an operation, or mission-critical, cyber-physical system. As more critical infrastructures are connected to the internet or accessible to staff by remote desktop protocols and VPNs, they are increasingly targeted by nation-state backed hackers and cyber-criminal gangs interested in breaching and examining operational technology (“OT”) networks to lay the groundwork for future campaigns. According to a Gartner survey, 38% of executives expected to increase spending on OT security by 5% to 10% in 2021, with another 8% expecting an increase of more than 10%.

In general, hackers start their attacks by installing malware that targets the utility companies’ Supervisory Control and Data Acquisition (“SCADA”) systems. Following these actions, the infrastructure may experience a power outage. The primary goal of AI for critical infrastructures is to maximize efficiency, eliminate errors, and reduce risks to the greatest extent possible. Innovations powered by AI, edge computing, 5G, IoT, and quantum computing provide enterprises and nations with a competitive advantage. This also applies to critical infrastructure, as these innovations will transform lives and lead to massive economic growth with the deployment of fully integrated Cyber-Physical Systems (“CPS”) for critical infrastructure. However, as more scalable and automated systems are deployed, the attack surface for bad actors expands, resulting in new threats.

HUB’s Confidential Computing solution is designed to secure AI-driven applications across critical infrastructures, allowing for faster and safer workflow. It creates secure enclaves for AI models and data, giving critical infrastructures working with machine learning and AI a competitive advantage. This approach enables multi-party analytics and collaboration by providing secure, isolated environments to protect the integrity and privacy of AI models and data. The platform can securely connect and run apps and data across critical infrastructure, ensuring it is protected against quantum and AI-based cyber-attacks.

Case Study — Healthcare 

Although the healthcare industry generates approximately 30% of global data, healthcare providers continue to struggle with data security. The U.S. Department of Health and Human Services reported data breaches in the healthcare sector affecting more than 40 million people in 2021, with over 3.7 million people affected in the first two months of 2022. All estimates predict that data breaches in healthcare will continue to rise in the near future.

The following issues must be addressed:

Multiple hospitals, for example, may need to share MRI data with research institutions. In this case, a hacker may sit between the hospital and the research center, waiting for that data to appear and breach it at the appropriate time. The use of AI in healthcare is also rapidly expanding for the use of medical devices and other technologies. Healthcare is becoming more automated in order to improve efficiency (for both physicians and medical facilities), as medical applications commonly use AI as a diagnostic or treatment advisor to medical practitioners. However, combining healthcare and AI can be a double-edged sword: the more accurate a data needs to be, the more vulnerable the system is. If there is a data breach, surgeons will be unable to accurately predict MRI results, and patients will suffer greatly.

The solution HUB offers is the Confidential Computing platform, which is built to secure health data in AI-driven applications across the healthcare industry, so doctors can make faster and more accurate diagnoses. HUB utilizes confidential computing to create a secure enclave for AI models and data that brings a competitive advantage to healthcare providers working with machine learning and AI. By providing secure, isolated environments to protect the integrity and privacy of the AI models and data, this approach also allows for multi-party analytics and collaboration.

Material Contracts

A-Labs Agreement

In July 2021, we entered into a Financial Advisory Services Agreement (the “A-Labs Agreement”) with A-Labs Finance and Advisory Ltd. (“A-Labs”), pursuant to which, we engaged A-Labs to perform, on an exclusive basis, certain consultation services in the domain of fundraising from investors and capital markets activities. In return for these services we committed to pay A-Labs a fee amounting to 5% of any funds raised from investors named on a specified schedule thereto, along with warrants to purchase our ordinary shares computed as 5% of the raised amount divided by the price per share as determined in the relevant fundraising transaction. During the term of the A-Labs Agreement, we have paid a total of $4.2 million to A-Labs as commission for funds raised and issued to A-Labs a total of 4,076,923 warrants to purchase our ordinary shares.

In addition, pursuant to the A-Labs Agreement, we agreed to pay to A-Labs a monthly payment of $70,000 and an additional sum designated as a “Marketing Budget” (in the sense of Capital markets fundraising activities), of up to $280,000. The Marketing Budget was aimed for attracting investors to buy HUB shares, for capital fundraising and capital markets activities and is to be reviewed monthly based on the activities and efforts conducted by A-Labs for us.

Additionally, pursuant to the A-Labs Agreement, for the period of 12 months following the specification of such business partner in an annex to the A-Labs Agreement, we are obligated to pay to A-Labs a fee equal to 5% of any non-refundable and recognized revenues that we received from such specified business partners. To date, A-Labs has not pursued any efforts related to the development of these business relationships and as a result no fees have been paid to A-Labs pursuant to this provision of the A-Labs Agreement.

During the period from July 2021 through March 2023, we paid to A-Labs a total of $4,200,000 in cash. Additionally, in March 2023, a total amount of $2.2 million that was owed to A-Labs pursuant to the A-Labs Agreement was converted into our ordinary shares at a conversion price of $10 per ordinary share. This conversion of amounts we owed to A-Labs under the A-Labs Agreement, was effected to partially satisfy the commitment that A-Labs made to purchase $20 million of our ordinary shares in the PIPE Financing (set forth under the section — PIPE Subscription Agreements).

In December 2022, we amended the A-Labs Agreement to provide for each financing transaction closed that, in addition to paying a commission to A-Labs in cash, we would be required to issue warrants to purchase ordinary shares in an amount equal to the cash consideration that would otherwise be payable under the A-Labs Agreement divided by 4.81, which warrants shall be exercisable for 4 years and at an exercise price of NIS 4.81 (regardless of the price per share paid by investors in the relevant financing transaction). Additionally, we committed to provide compensation under the A-Labs Agreement for all investors with whom we would enter into a financing transaction prior to our shares being listed for trading on the Nasdaq regardless of whether such investors were introduced to us by A-Labs.

In each of September 2022 and January 2023, we paid to A-Labs an additional commission of $50,000 in exchange for extra services provided by A-Labs over the course of certain fund raising efforts and loan issuances. Additionally, as part of the Shayna Loans (as defined below), we paid to A-Labs commissions totaling $140,000 for services provided as part of the fund raising efforts.

The term of the A-Labs Agreement was for 12 months following the execution in July 2021, provided that the A-Labs Agreement will automatically renew for additional 12 month terms unless either party provides written notice to the other party of its intention not to renew at least 30 days prior to the end of such initial 12 month term or any renewed terms. Additionally, the A-Labs Agreement may be terminated by either party upon a minimum of 30 days prior written notice.

As of the date of this Annual Report, the Company has provided A-Labs a termination notice for the A-Labs Agreement, so pursuant to its terms, the A-Labs Agreement will terminate 30 days from the date hereof.

Competition 

The cybersecurity market in which HUB operates is characterized by intense competition, constant innovation, rapid adoption of different technological solutions and services, and evolving security threats. HUB competes with a multitude of companies that offer a broad array of cybersecurity products and services that employ different approaches and delivery models to address these evolving threats.

HUB may face competition due to changes in the manner that organizations utilize IT assets and the security solutions applied to them. Cybersecurity spending is spread across a wide variety of solutions and strategies, including, for example, endpoint, network and cloud security, vulnerability management and identity and access management. Organizations continually evaluate their security priorities and investments and may allocate their cybersecurity budgets to other solutions and strategies and may not adopt or expand use of HUB’s solution. Accordingly, HUB may also compete for budgetary reasons, to a certain extent, with additional vendors that offer threat protection solutions in adjacent or complementary markets to HUB’s.

The principal competitive factors in HUB’s market include:

HUB believes it competes favorably with its competitors based on these factors. However, some of HUB’s current competitors may enjoy one or some combination of potential competitive advantages, such as greater name recognition, longer operating history, larger market share, larger existing user base and greater financial, technical, and operational capabilities.

HUB primarily competes with other cybersecurity products that offer a trusted execution environment that designates an area of hardware, such as a processor or memory, to execute sensitive application data. The two products that HUB’s Confidential Computing solution currently competes against are (i) Secure Encrypted Virtualization (“SEV”) from Advanced Micro Devices, Inc. (“AMD”) and (ii) Software Guard Extensions (“SGX”) from Intel Corporation. Other examples are the IBM Data Shield offering on IBM Cloud or the Always Encrypted database on Microsoft Azure.

Each of SEV and SGX only runs on specifically enabled CPUs made by AMD or Intel, respectively. In contrast, HUB’s solution runs from a hardware that is separate from a component’s CPU and is CPU agnostic, so it can be installed with and protects any CPU. While the solutions offered by HUB, AMD and Intel all protect data that are in use, only HUB’s Confidential Computing solution is able to protect data that are at rest and in transit. Also, HUB’s solution can protect all operating systems, the virtual machine management system and the intelligent platform management interface, while SEV and SGX are not able to protect any such software layers and also cannot protect GPUs. In addition, HUB’s solution provides an automated alert and erasing response to attempts to physically tamper a network device and hijack data, SEV and SGX cannot protect or alarm against such physical tampering.

To work with SEV or SGX, legacy programs and applications will generally have to be altered. However, HUB’s solution does not require any alteration, so programs and applications can run in their existing versions without having to accommodate HUB’s cybersecurity defenses. HUB’s solution also includes a built-in HSM that generates and distributes access keys, as well as an internal encryption/decryption engine for fast encryption performed directly in-line of the flow of packets into a CPU. With HUB’s solution, access control policies are separately secured and will continue to operate even if the CPU is compromised. SEV and SGX do not contain any HSM and thus are not able to prevent access control policies from being penetrated if an execution environment is compromised.

Intellectual Property 

HUB considers its trademarks, trade dress, copyrights, trade secrets, patent and other intellectual property rights, including those in its know-how and the software code of its proprietary solution, to be, in the aggregate, material to its business. HUB protects its intellectual property rights by relying on federal and state statutory and common law rights, foreign laws where applicable, as well as contractual restrictions.

As of December 31, 2021, we owned six registered patents in the United States and one registered patent in Europe, as well as two U.S. patent applications. In addition, HUB owns and uses trademarks and service marks on or in connection with its proprietary solution, including both unregistered common law marks and issued trademark registrations. Finally, HUB has registered domain names for websites that it uses in its business, such as https://hubsecurity.com/.

HUB designs, tests and updates its products, services and websites regularly, and it has developed its proprietary solutions in-house. HUB’s know-how is an important element of its intellectual property. The development and management of its solution requires sophisticated coordination among many specialized employees. HUB takes steps to protect its know-how, trade secrets and other confidential information, in part, by entering into confidentiality agreements with its employees, consultants, developers and vendors who have access to confidential information, and generally limiting access to and distribution of HUB’s confidential information.

While most of the intellectual property HUB uses is developed and owned by HUB, it has obtained rights to use intellectual property of third parties through licenses and services agreements. Although HUB believes these licenses are sufficient for the operation of its business, these licenses typically limit HUB’s use of the third parties’ intellectual property to specific uses and for specific time periods.

HUB intends to pursue additional intellectual property protection to the extent it believes would advance its business objectives and maintain its competitive position. Notwithstanding these efforts, there can be no assurance that HUB will adequately protect its intellectual property or that it will provide any competitive advantage. From time to time, HUB expects to face in the future allegations by third parties, including its competitors, that HUB has infringed their trademarks, copyrights, patents and other intellectual property rights or challenging the validity or enforceability of HUB’s intellectual property rights. HUB is not presently a party to any such legal proceedings that, in the opinion of HUB’s management, would individually or taken together have a material adverse effect on HUB’s business, financial condition, results of operations or cash flows.

Government Regulation and Compliance 

Data Protection Laws and Regulations 

HUB is subject to various federal, state, and international laws and regulations that affect companies conducting business on digital platforms, including those relating to privacy, data protection, the Internet, mobile applications, content, advertising and marketing activities. New and evolving laws and regulations, and changes in their enforcement and interpretation, may require changes to HUB’s technology, solutions, or business practices, which may significantly limit the ways in which HUB collects and processes data of individuals, communicate with users, serve advertisements and generally operate HUB’s business. This may increase HUB’s compliance costs and otherwise adversely affect HUB’s business and results of operations. As HUB’s business expands to include additional solutions and industries, and HUB’s operations continue to expand internationally, HUB’s compliance requirements and costs may increase and HUB may be subject to increased regulatory scrutiny.

The data HUB collects and otherwise processes is integral to HUB’s business, technology, solutions and services, providing HUB with insights to improve its solution and customization and integration of its solution to customers’ network. HUB’s collection, use, receipt, storage and other processing of data in its business subjects it to numerous U.S. state and federal laws and regulations, and foreign laws and regulations, addressing privacy, data protection and the collection, storing, sharing, use, transfer, disclosure, protection and processing of certain types of data. Such regulations include, for example, the European Union General Data Protection Regulation 2016/679 (the “GDPR”) as implemented by EU member states, the Privacy and Electronic Communications Directive 2002/58/EC, the UK Data Protection Act 2018 (which retains the GDPR under UK law), the Israeli Privacy Protection Regulations (Data Security) 2017, the Children’s Online Privacy Protection Act, Section 5(a) of the Federal Trade Commission Act, and other applicable laws globally.

HUB also may be subject to the California Consumer Privacy Act, or the CCPA, which imposes heightened transparency obligations, creates new data privacy rights for California residents, and carries the potential for significant enforcement penalties for non-compliance as well as a private right of action for certain data breaches. We also may be subject to the California Privacy Act, or CPRA, which took effect on January 1, 2023 and created obligations with respect to certain data relating to consumers, significantly expanded the CCPA, including by introducing additional obligations such as data minimization and storage limitations, granting additional rights to consumers, such as correction of personal information and additional opt-out rights, and created a new entity, the California Privacy Protection Agency, to implement and enforce the law. Similar laws coming into effect in U.S. states, adoption of a comprehensive U.S. federal data privacy law, and new legislation in international jurisdictions may continue to change the data protection landscape globally and could result in us expending considerable resources to meet these requirements.

Non-compliance with these laws could result in fines, regulatory investigations, reputational damage, orders to cease or change HUB’s processing of data, enforcement notices or assessment notices for a compulsory audit, civil claims for damages, as well as associated costs, diversion of internal resources and reputational harm. Although HUB takes extensive efforts to comply with all applicable laws and regulations, HUB can provide no assurance that it will not be subject to regulatory and/or private action, including fines for non-compliance with data protection and privacy laws, including in the event of a security incident.

HUB works to comply with, and to support customers and partners in their efforts to comply with, applicable laws and regulations relating to privacy, data protection and information security. HUB maintains privacy information notices for individuals whose personal data is processed, enters into data processing agreements, conducts data protection impact assessments, product and feature reviews, maintains a reasonably exhaustive list of data collected and processed, and responds to privacy-related queries and requests. HUB takes a variety of technical and organizational security measures and other procedures and protocols to protect data, including data pertaining to users and employees. Despite measures HUB puts in place, HUB may be unable to anticipate or prevent unauthorized access to or disclosure of such data.

To read more about HUB’s approach to laws and regulations relating to privacy, data protection, and information security, please see the section titled “Risk Factors — Risks Related to Our Legal and Regulatory Environment.”

Anti-Bribery, Anti-Corruption and Sanctions Laws and Regulations 

Our operations are subject to anti-bribery and anti-corruption laws and regulations, including the Foreign Corrupt Practices Act (“FCPA”), and economic and trade sanctions, including those administered by the Office of Foreign Assets Control of the U.S. Treasury, the U.S. Department of State and the EU. These statutes generally prohibit providing anything of value to foreign officials for the purposes of obtaining or retaining business or securing any improper business advantage. HUB may deal with both governments and state-owned business enterprises, the employees of which are considered foreign officials for purposes of these laws.

Data Privacy and Data Protection Laws

Our activities in the cybersecurity market require that we comply with laws and regulations in the area of data privacy and data protection governing the collection, use, retention, sharing and security of personal data. For example, the GDPR and UK DP Laws (each as referenced above), include operational requirements for companies that receive or process personal data of residents of the EU and the UK, and non-compliance will result in significant penalties. Many other countries in which we operate have their own data protection and data security laws that we need to comply with in collecting, utilizing, or otherwise processing personal data from our customers and/or visitors to their websites and others.

Cybersecurity

In July 2023, the U.S. Securities and Exchange Commission adopted the Risk Management, Strategy, Governance, and Incident Disclosure Final Rule (the “Cybersecurity Final Rule”) enhancing disclosure requirements for registered companies covering cybersecurity risk and management. The Cybersecurity Final Rule requires registrants to disclose material cybersecurity incidents on Form 8-K within four business days of a determination that a cybersecurity incident is material, and such materiality determination must be made without unreasonable delay. The rule also requires periodic disclosures of, among other things, details on the company’s processes to assess, identify, and manage cybersecurity risks, cybersecurity governance, and management’s role in overseeing such a compliance program, including the board of directors’ oversight of cybersecurity risks. Certain reporting requirements under the Cybersecurity Final Rule become effective as early as December 2023.

We are in the process of designing and implementing a security program consisting of policies, procedures, and technology intended to maintain the privacy, security and integrity of our information, systems, and networks. Among other things, the program includes controls designed to limit and monitor access to authorized systems, networks, and data, prevent inappropriate access or modification, and monitor for threats or vulnerability. See “Risk Factors—Risks Related to Our Systems and Technology—As a cybersecurity provider, if any of our systems, our customers’ cloud or on-premises environments, or our internal systems are breached or if unauthorized access to customer or third-party data is otherwise obtained, public perception of our business may be harmed, and we may lose business and incur losses or liabilities.”

Other Regulations 

In addition, HUB is subject to laws and regulations relating to antitrust, competition, intellectual property and other matters. HUB has implemented internal controls designed to minimize and detect potential violations of laws and regulations in a timely manner, but can provide no assurance that such policies and procedures will be followed at all times or will effectively detect and prevent violations of the applicable laws by one or more of its employees, consultants, agents, or partners.

Human Capital Resources

HUB has always strived to foster a culture that emphasizes the importance of its team and that values creativity, professionalism, transparency, obligation to dissent and responsibility. HUB believes that its hiring decisions reflect this culture.

Through multiple growth phases, HUB has drawn talent and leadership from the technology and cybersecurity industries to achieve its vision. As of December 31, 2022 and July 31, 2023 HUB, had approximately 589 and 516 employees, respectively worldwide. None of its employees are represented by a labor union, and HUB considers its employee relations to be in good standing. To date, HUB has not experienced any work stoppages.

Legal Proceedings 

HUB Security is subject to claims and legal proceedings that have arisen both as a result of the Business Combination and the Company’s commencement of trading in the United States and in the ordinary course of its business. Such matters are inherently uncertain, and there can be no guarantee that the outcome of any such matter will be decided favorably to the Company or that the resolution of any such matter will not have a material adverse effect upon the HUB Security’s business, financial condition, results of operation, cash flows and reputation. HUB Security does not believe that any of such pending claims and legal proceedings will have a material adverse effect on its results of operations. HUB Security records a liability in its consolidated financial statements for such matters when a loss is known or considered probable and the amount can be reasonably estimated. HUB Security reviews these estimates each accounting period as additional information is known and adjusts the loss provision when appropriate. If a matter is both probable to result in a liability and the amounts of loss can be reasonably estimated, HUB Security estimates, provides the appropriate accrual and discloses the possible loss or range of loss to the extent necessary for its consolidated financial statements not to be misleading. If the loss is not probable or cannot be reasonably estimated, a liability is not recorded in its consolidated financial statements.

For a description of the Company’s current legal proceedings, see Item 8. “Financial Information—Consolidated Statements and Other Financial Information—Legal and Arbitration Proceedings.” Inclusion of the such proceedings by HUB Security is not an admission that these proceedings, if determined adversely to HUB Security, would have a material adverse effect on HUB Security’s results of operations.

C. Organizational Structure

HUB Cyber Security Ltd. was incorporated in 2017 under the Israel Companies Law of the State of Israel and commenced operations on that date.

The following table sets forth our key subsidiaries, all of which are wholly owned, directly or indirectly, with the exception of ALD Software Ltd, Qpoint Technologies Ltd., Qpoint Solutions Ltd, and AeroTitan LLC, of which we own 98.63%, 46.52%, 46.52% and 49%, respectively.

D. Property, Plants and Equipment

Our principal facilities are located in Tel Aviv, Israel which consist of approximately 1,500 square meters (approximately 16,145 square feet) of leased office space and additional facilities in Or Yehuda (near Tel Aviv) which consist of approximately 1,600 square meters (approximately 17,222 square feet) of leased office space. These facilities currently accommodate our principal executive offices, research and development, account management, marketing, business development, sales, finance, information technology, customer support and other administrative activities. HUB’s employees are located in these two facilities. The lease for these facilities expires in August 2026 and March 2028 (respectively), and HUB Security has the option to extend the lease for an additional five years beyond the current term. HUB also currently leases offices in the United Kingdom and the Netherlands and expects to lease office space in the United States in the near term. HUB believes that its facilities are adequate to meet its needs for the immediate future, and that, should it be needed, suitable additional space will be available to accommodate any such expansion of its operations.

Item 4A. Unresolved Staff Comments

None.

Item 5.  Operating and Financial Review and Prospects

A. Operating Results

You should read the following discussion together with the consolidated financial statements and related notes included elsewhere in this Annual Report. The statements in this discussion regarding industry outlook, our expectations regarding our future performance, planned investments in our expansion into additional geographies, research and development, sales and marketing and general and administrative functions as well as other non-historical statements in this discussion are forward-looking statements. These forward-looking statements are subject to numerous risks and uncertainties, including, but not limited to, the risks and uncertainties described in Item 3.D entitled “Risk Factors” and “Cautionary Statement Regarding Forward-Looking Statements” included elsewhere in this Annual Report. Our actual results may differ materially from those contained in or implied by any forward-looking statements.

Certain information called for by this Item 5, including a discussion of the year ended December 31, 2021 compared to the year ended December 31, 2020 has been reported previously in our final prospectus filed pursuant to Rule 424(b)(3) on December 9, 2022 under the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

Overview

HUB Security began operations in 1984 as A.L.D. Advanced Logistics Development Ltd. (“ALD”) and is engaged in developing and marketing quality management software tools and solutions. The Company’s software tools aim to allow their users to scientifically predict system failures and prevent them during the design stage. The Company and its subsidiaries (“the Group”) are engaged in developing reliable quality assurance systems that support process and product enhancement. The Group’s main customers are organizations and institutions operating in the security, electronics, aviation, telecommunications, banking and other sectors in Israel and worldwide. On January 23, 2000, ALD became a publicly traded company on TASE. HUB Cyber Security Ltd. was founded in 2017 by veterans of the elite Unit 8200 and Unit 81 of the Israeli Defense Forces, with deep experiences and proven track records in setting up and commercializing start-ups in a multi-disciplinary environment. HUB Security merged with ALD in June 2021. Following the merger with ALD, HUB Security has developed unique technology and products in the field of confidential computing, and it intends to be a significant player providing effective cybersecurity solutions for a broad range of government entities, enterprises and organizations. As of March 1, 2023, HUB Security began trading on Nasdaq following its Business Combination with Mount Rainier Acquisition Corp.

HUB Security is seeking to redefine cybersecurity through its Confidential Computing solution, the only available technology model that HUB Security believes is able to address today’s cybersecurity challenges. HUB Security’s Confidential Computing solution so far exists in three configurations, two of which (HUB Vault and HUB PCIe Card) are already available for commercial sale. While HUB remains optimistic about the future of HUB Silicon, it has halted immediate development on HUB Silicon and shifted its primary focus to immediate revenue opportunities and customer acquisition offered by HUB Vault and PCIe Card. It is unclear when, if at all, development will resume on HUB Silicon. In addition to technology, HUB also provides advanced professional services that enable clients to assess their vulnerability to a cybersecurity attack as well as to quickly respond should one occur.

Confidential computing is emerging as the ultimate solution for cyber protection. Confidential computing protects data and applications by running them within secure enclaves to prevent unauthorized access. This protects data security, regardless of the vulnerability of the computing infrastructure.

Confidential computing aims to place the network system into a “bunker” or trusted execution environment, and maintains strict control over how the system is accessed, and does not require any changes in the network operations which would otherwise be required by traditional cyber solutions. More importantly, confidential computing allows data to remain encrypted at all times, even while in use and being processed. According to the Everest Group, the confidential computing market is expected to grow by up to 90-95% each year through 2026 and will be able to mitigate the threat of data breaches.

Basis of presentation

On June 21, 2021 a share swap agreement was consummated, whereby the Company acquired Hub TLV in exchange for 51% of the issued and outstanding share capital of the Company. Pursuant to the share swap agreement, HUB TLV became a wholly owned subsidiary of the Company. From an accounting and economic perspective, because the Share Swap consisted of a reverse acquisition whereby HUB TLV’s shareholders acquired the controlling interests in the Company, HUB TLV is treated as the acquirer for accounting purposes and the Company as the acquiree. The financial statements included herein therefore reflect the financial results of HUB TLV prior to the consummation of the Share Swap. All references to “HUB Security” prior to June 21, 2021 refer to HUB TLV and subsequent to June 21, 2021 refer to HUB Cyber Security Ltd.

The Company’s financial statements are prepared in accordance with International Financial Reporting Standards, or IFRS as issued by the International Accounting Standards Board (“IASB”).

Business Combination

On March 23, 2022, HUB Security entered into the Business Combination Agreement with RNER and Merger Sub. Pursuant to the Business Combination Agreement, Merger Sub merged with and into RNER, with RNER surviving the merger. Upon the consummation of the Business Combination on February 28, 2023, RNER became a wholly owned subsidiary of HUB Security.

Our Segments

We organize our business into two reporting segments:

(i) Product and Technology Segment - we develop and market integrated cybersecurity hardware/software solutions that allow organizations to protect their RAM or confidential computing data to create a reliable work environment we offer data and cybersecurity and system security and reliability solutions and related services such as consulting, planning, training, integrating and ongoing servicing of cybersecurity, risk management, system quality, reliability and security projects and fully managed corporate cybersecurity services.

(ii) Professional Services Segment – we offer data and cybersecurity and system security and reliability solutions and related services such as consulting, planning, training, integrating and ongoing servicing of cybersecurity, risk management, system quality, reliability and security projects and fully managed corporate cybersecurity services.

These segments share a unified product development, operations, and administrative resources. The chief operating decision maker (the “CODM”), which is our chief executive officer, evaluates segment operating performance using revenue and cost of revenue and gross revenue from reportable segments to make resource allocation decisions and evaluate segment performance.

Key Factors Affecting Our Results of Operations

Retention and Expansion of Existing Customers

HUB Security’s results of operations are driven by its ability to retain customers, increase revenue generated from existing customers and expand its customer base. The retention of customers is a measure of the long-term value of customer agreements and HUB Security’s ability to establish and maintain deep, long-term relationships with customers. A number of factors drive HUB Security’s ability to attract and retain customers, particularly large enterprise customers (which HUB Security defines as customers that represent 10% or more of total revenue), including customers’ satisfaction with HUB Security’s solutions provided by its technical staff, services and pricing, customers’ technology budgets, and the effectiveness of HUB Security’s efforts to help its customers realize the benefits of its solutions.

HUB Security’s growth in revenue has been driven by strategic acquisitions which significantly increased its customer base. For the year ended December 31, 2022, HUB Security, annual revenue increased by 145% from $32,520 thousand for the year ended December 31, 2021 to $79,743 thousand for the year ended December 31, 2022. In addition to onboarding new customers and revenue streams, we invested in the growth of our sales team, coupled with the ability of account managers and other sales personnel to establish and develop close relationships with customers’ IT managers (or other relevant purchasing decision makers), so that HUB Security becomes their preferred network security solutions provider.

HUB Security achieved a gross retention rate of 92% and 84% as of December 31, 2021 and 2022, respectively, for customers who generated over $79,743 thousand revenue over the trailing 12 months. HUB Security’s increasingly large base of customers represents a significant opportunity for further growth and adoption of HUB Security’s solutions.

HUB Security’s increasingly large customer base also represents a significant opportunity for further growth and adoption of a larger range of HUB Security’s solutions and services. HUB Security also plans to continue investing in growing its large enterprise customers and providing new solutions to increase its market share.

Following the acquisition of Comsec, HUB Security has established a solid customer base comprised of hundreds of leading enterprises and organizations in Israel, the UK and the Netherlands, including several government departments, banks and military branches. HUB Security is also adopting a two-prong strategy to further build and enhance market acceptance for HUB Security’s solution. As a first step, HUB Security’s solutions are marketed to government entities, militaries, research institutions and large enterprises, with the goal of expanding HUB Security’s penetration into these industries. The second prong of the strategy involves marketing effort that targets OEMs and manufacturers of network components to encourage them to integrate the HUB PCIe card into their hardware, either as an optional add-on or as a standard equipment. By concurrently educating manufacturers and OEMs about HUB Security’s solution, HUB Security believes that the market will be anticipating the upcoming release of HUB Silicon, which will greatly improve the value of equipment offerings to end users.

Technologically Advanced Solutions

We developed a unique hardware and software combined solution that provides end-to-end data protection across all phases of data storage and processing. HUB Security’s solution seeks to enable secure computation and protects data across the entire compute and network stack, with an integrated hardware and software platform that is compatible across computing architectures with any CPU, GPU or field programmable gate arrays. HUB Security’s Confidential Computing solution so far exists in three configurations, two of which (HUB Vault and HUB PCIe Card) are already available for commercial sale. While HUB remains optimistic about the future of HUB Silicon, it has halted immediate development on HUB Silicon and shifted its primary focus to immediate revenue opportunities and customer acquisition offered by HUB Vault and PCIe Card. It is unclear when, if at all, development will resume on HUB Silicon. In addition to technology, HUB also provides advanced professional services that enable clients to assess their vulnerability to a cybersecurity attack as well as to quickly respond should one occur.

Market Trends

HUB Security believes there will be a transformation in the network cybersecurity industry over the next decade, as traditional network security solutions, such as firewall protections, are becoming less secure as new technologies develop and as remote working and cell phone access increase. HUB Security anticipates that there will be robust demand for its products as consumers, businesses and governments across all geographies and industries will need to replace the existing traditional network security solutions used in almost all electronic interfaces in order to maintain cybersecurity and that, as a result, there is significant market opportunity for HUB Security’s more secure confidential computing systems. Everest Group Inc. estimates that the sale of Confidential Computing solutions will grow at a compound annual growth rate (“CAGR”) of 40 – 45% (in the worst-case scenario) to 90 – 95% (in the best-case scenario) over the next five years, reaching approximately USD 52 billion in 2026. Therefore, HUB Security believes that it is well positioned to take advantage of this market opportunity. HUB Security’s future growth and financial performance is highly dependent on the continued demand for its solutions and on its ability to successfully compete with any current or new competitors.

Impact of Acquisitions

HUB Security has historically grown through selected acquisitions and, in addition to efforts to grow its confidential computing business organically, expects to continue to pursue potential new acquisitions on a targeted basis in order to expand its technical competencies and to expand its presence in strategic geographies. HUB Security’s results of operations have been, and are expected to continue to be, affected by such acquisitions.

On September 27, 2021, HUB Security signed an agreement for the purchase of the entire issued and outstanding share capital of Comsec Ltd. Comsec is a private company that provides cybersecurity consulting, design, testing and control services and sells data security and cybersecurity software and hardware solutions (the “Comsec Acquisition”). The purchase price of this acquisition was NIS 70 million and the transaction was completed on November 17, 2021.

In addition, on February 28, 2021, HUB TLV and ALD signed a share swap merger agreement, pursuant to which HUB TLV became a wholly owned subsidiary of HUB Security (formally ALD) and the shareholders of HUB Security Ltd. owned 51% of HUB Security’s issued and outstanding share capital. The ALD Merger was completed on June 21, 2021.

In May 2022, the Company entered into an Asset Purchase Agreement with Legacy Technologies Gmbh, a European cyber firm that has an extensive EMEA distribution network of cyber solutions for major government and enterprise data centers. The acquired assets were mainly comprised of customer relationships of Legacy. The asset acquisition was completed on July 5, 2022. As of December 31, 2022, we identified indicators of impairment since no binding purchase orders had been signed nor significant progress had been made on the purchased customer relationships as was expected upon the purchase date. As a result, we determined that the assets acquired should be fully impaired. As such, for the year ended December 31, 2022, the Company recorded an impairment loss of $8,738 for the assets acquired from Legacy.

During the period from the respective date of acquisition to December 31, 2021, and 2022, ALD and Comsec contributed together $32,347 thousand and $79,521 thousand in revenue, (respectively), and $2,456 thousand and $36,660 thousand in net loss (respectively) to the Company’s results of operations.

The ALD and Comsec acquisitions have been a significant driver of HUB Security’s growth in revenue and expenses during the years ended December 31, 2021 and December 31, 2022. The impact of future acquisitions on HUB Security’s financial condition and results of operations will depend on HUB Security’s success in identifying and acquiring target businesses and assets that fulfil these criteria, integrating them into HUB Security’s business, and realizing the targeted synergies and other expected benefits of the transactions.

Continued Innovation

HUB Security’s success and continued growth are dependent on sustaining innovation in order to deliver a superior product and customer experience, allowing it to maintain a competitive advantage. Since inception, HUB Security has experienced continue and accelerating growth as a result of ongoing technological innovations. HUB Security intends to continue to invest in research and development to maintain solution differentiation and grow the community of large enterprise customers. In the short-term, HUB Security anticipates making continual investments in upgrading technology to continue providing customers a reliable and effective solution.

As a result, HUB Security expects research and development expenses to increase on an absolute basis in future periods. HUB Security foresees that such investment in research and development will contribute to long-term growth but will also negatively impact short-term profitability. For the year ended December 31, 2022, HUB’s research and development expenses as a percentage of revenue were approximately 7%.

Continued Investment in Growth

HUB Security believes the market opportunity is substantial, and, although HUB Security currently has limited cash resources, it expects to continue to make significant investments across all aspects of the business in the future in order to continue to attract new customers, expand relationships with existing customers, and develop technology to address customers’ evolving needs, thereby prioritizing long-term growth over short-term profitability.

HUB Security intends to invest in growth in Europe, Asia and North America. HUB Security’s management believes that when combined with risk management, its Confidential Computing solution has significant opportunities for further growth in Europe, as it provides a cost-effective security solution for enterprises and small and medium-sized businesses. In Asia, HUB Security’s management believes that there’s a strong demand for its platforms as a secure method for paperless government projects.

As a result, HUB expects sales and marketing expenses to increase on an absolute basis in future periods. HUB expects that such investment in selling and marketing will contribute to long-term growth but may negatively impact short-term profitability, as they drive an increase in operating expenses in advance of revenues attributable to such investments, as well as a decrease in free cash flow.

For the year ended December 31, 2022, selling and marketing expenses as a percentage of revenue were approximately 29%. While investments in sales and marketing can take time before generating revenue and driving long-term growth and efficiency.

HUB Security’s Impacts of being a U.S. listed public company

We expect our general and administrative expenses will increase as we incur additional costs to support our operations as a U.S. listed public company. These additional costs include upgraded director and officer insurance coverage to be commensurate with other publicly listed companies, costs related to audit, legal, and tax-related services associated with maintaining compliance with exchange listing and SEC requirements, and investor and public relations expenses.

Components of our Results of Operations

Revenue

Revenue is primarily generated from rendering professional services, including consulting, planning, training, integrating and servicing our cybersecurity, risk management, system quality, reliability and security projects. This revenue is recognized in the period in which the services are provided. Revenue will also be generated from the sales of our Confidential Computing solutions, which includes cybersecurity hardware/ software solutions and confidential computing.

Cost of Revenue

Cost of revenue primarily consists of salaries and related expenses associated with teams integral in providing HUB Security’s service, subcontractors and consultant expenses, share-based compensation, as well as depreciation and material costs and amortization of intangible assets.

Research and Development Expenses

Research and development expenses include costs incurred in developing, maintaining, and enhancing our products and technology. Additional expenses include costs related to development, consulting, including share-based compensation, travel and other related costs. Part of these expenses are partially offset by government grants received from the Israel Innovation Authority. HUB Security believes that continuing to invest in research and development efforts is essential to maintaining its competitive position. HUB Security expects research and development expenses, net from government grants, to increase in the future as it continues to broaden its product portfolio.

Selling and Marketing Expenses

Selling and marketing expenses consist primarily of salaries and other related costs including share-based compensation, sales and sales support functions, as well as advertising and promotional personnel. Selling and marketing expenses also include depreciation and amortization and impairment of intangible assets.

General and Administrative Expenses

General and administrative expenses include costs incurred to support and operate our business. These costs primarily include personnel-related salary costs including share-based compensation, professional services related to finance, legal, IT consulting, outsourcing, expenses related to the SPAC Merger and other general overheads. These costs also include depreciation and amounts found by our Special Committee in its Internal Investigation to have been allegedly misappropriated by our former Chief Executive Officer.

Additionally, we expect to continue to incur increased expenses associated with being a public company, including costs of additional personnel, accounting, audit, legal, regulatory and tax-related services associated with maintaining compliance with exchange listing and SEC requirements, director and officer insurance costs, and investor and public relations costs.

Finance Income and Finance Expenses

Finance income and finance expenses primarily consists of income and expenses associated with fluctuations in foreign exchange rates, interest payable or received and bank fees.

Taxes on Income

Taxes on income consists primarily of income taxes related to the jurisdictions in which HUB Security conducts business. HUB Security’s effective tax rate is affected by non-deductible expenses, utilization of tax losses from prior years for which deferred taxes was not recognized, effect on deferred taxes at a rate different from the primary tax rate and differences in previous tax assessments.

Results of Operations

The following table sets forth HUB Security’s operating results for the years ended December 31, 2022 and 2021. We have derived this data from our consolidated financial statements included elsewhere in this Annual Report. This information should be read in conjunction with our consolidated financial statements and related notes included elsewhere in this Annual Report. The results of historical periods are not necessarily indicative of the results of operations for any future period.

Results for the year ended December 31, 2021 reflect the results of HUB TLV and partially of the result of Comsec and ALD, because we completed the HUB-ALD Merger and the Comsec Acquisition in June 2021 and in November 2021, respectively, as discussed above and in Note 1(b) to our consolidated financial statements included elsewhere in this Annual Report. As a result, the results of operations for the year ended December 31, 2022, are not comparable with the results for the year ended December 31, 2021.