Darktrace (LSE: DARK) shares were admitted to trading on the London Stock Exchange on 6 May 2021. The stock opened at 320p, and at the time of writing, sits around 366p. That’s not bad at all. Things look even better when considering the initial IPO offer price was 250p, and during conditional trading, Darktrace shares were changing hands for up to 360p. The IPO was a success. That’s not a surprise for a company with an exciting and on-trend product, with robust revenue growth, going public with a conservatively priced IPO.
Darktrace markets itself as a cybersecurity company that uses artificial intelligence to spot intrusions and threats to its customer’s networks and systems. Cybersecurity is becoming more crucial to businesses as operations increasingly move online. The coronavirus pandemic has accelerated the trend towards online working. Darktrace has positioned itself as a complement to traditional point defence protection. This means things like antivirus and malware software, firewalls and the like that detect known threats and act accordingly. What Darktrace claims is that its product learns what the normal digital operations of a customer look like. Deviations from normality might represent a cyber threat and can be flagged or fixed. Detecting a different pattern of behaviour does not require knowledge of an attack vector or attack plan. Thus Darkrace can deal with new, previously unimagined cyber assaults as they arise.
Darktrace revenue growth and path to profit
Revenue growth at Darktrace is undeniably impressive. In 2016 revenues of £17m were reported. 2020 revenues came in at £199m. That’s a compound average growth rate of 85% per year. But, it’s worth pointing out that 2017 to 2018 saw the highest year on the year growth rate of 158%. Since then, yearly growth has declined to 73% for 2019 and 45% for 2020. The fiscal year 2018 also saw the highest spend on sales and marketing as a percentage of revenue at 115%, which might help explain the bumper revenue growth. I will have more to say on Darktrace’s sales and marketing expenses later.
Despite making both operating and net losses every year since 2016 and beyond, Darktrace does appear to be on a path to profit. Gross margins have been steady at around 90% since 2018. Expenses relative to revenue have been falling. As a result operating losses have decresed from $41m in 2018 to $24m in 2020. Darktrace has relatively little debt, and so net losses of $42m in 2018 and $29m in 2020 were reported. If Darktrace continues to grow its revenue, holds gross margins and expenses steady there is a an obvious path to profit for the company.
Darktrace market
Darktrace states that it can help companies of almost any size across any sector and geography. However, the company has narrowed its market down to roughly 150,000 global companies with more than 250 employees. These were identified from OECD, Eurostat, and US Bureau of Labour Statistics, UK Office for National Statistics databases but excludes China and Russia.
At the end of June 2020, Darktrace had roughly 4,000 companies as customers. To get to a dollar value for its total addressable market (TAM), Darktrace divides 150,000 (potential customers) by 4,000 its current customers, giving a multiple of 37.5x. It then takes its annualised recurring revenue (ARR) of $236m for June 2020 and applies this multiple, giving $8,850m.
ARR is a key performance indicator of particular importance to Darktrace. On a per-customer basis, ARR is:
“the annual committed subscription value for each order booked for which it will be entitled to recognise revenue, assuming the customer continues to renew all contracted subscriptions”.
Darktrace annual report
For example, a $3m contract over three years has an ARR of $1m. Darktrace does not recognise any ARR on the contract in cases where an opt-out period exists until the opt-out period has passed.
After arriving at the figure of $,850m Darktarce applies other multiples to arrive at its addressable market size. The first reflects the cross-selling opportunities within the existing product offering and is 2.0x. The second multiple of 1.5x reflects an up-sell opportunity to deploy products across customers entire digital estates. A final multiple of 1.5x reflects the potential adoption by customers of planned product offerings, including prevention and cyber compliance, self-healing and self-remediating technologies. A figure of $39,825m is the result of this exercise, which is rounded up to $40bn and given as an estimate of Darktrace’s total addressable market.
| Multiple | $m | |
| ARR June 2020 | 236 | |
| Total Potential Customers | 37.0x | 8,850 |
| Cross-Sell Opportunities Within Existing Product Offering | 2.0x | 17,700 |
| Reflect Up-Sell Opportunity to Deploy Products Across Entire Digital Estate | 1.5x | 26,550 |
| Reflect Potential Adoption of Planned Product Offerings (Prevention and Cyber Compliance, Self-Healing and Self-Remediating Technologies) | 1.5x | 39,825 |
| Total Addressable Market | $40bn |
In the IPO prospectus, Darktrace contrasts this with an estimate from Gartner, a research firm, for the entire information security and risk management market of $125bn for 2020. The broader market includes cloud security, network security equipment, data security, integrated risk management, security services, infrastructure protection, identity access management, application security and other security software. Gartner estimates that the information security and risk management market will grow at 8.2% annually on a constant currency basis from 2019 to 2024.
Gartner’s market growth rate estimate is encouraging. If true, then Darktrace is at least competing in a market that is growing faster than trend nominal GDP growth in its target geographies. Also, as previously stated, Darktrace does state that its product can be considered complementary to traditional point defence solutions. At least average value creation should be possible for Darktrace by gaining market share in a fast-growing market and offering a complimentary product rather than going head-to-head with established competitors. Of course, competitors will respond, and multiple other cybersecurity providers are releasing AI-based solutions.
Darktrace and Mike Lynch links
If there is a dark cloud hanging over Darktrace, it comes in the form of the connections between Darktrace and Mike Lynch. The question is, how deeply rooted are these links?
Mike Lynch founded and was the CEO of Autonomy. Autonomy was bought by Hewlett-Packard in 2011. Mike Lynch used the cash from the sale to set up Invoke Capital Partners. Invoke was an early and significant backer of Darktrace. Invoke also provided managerial and operational support until fairly recently, and Darktrace even worked out of Invoke’s premises for a while. Mike Lynch himself was a director of Darktrace until November 2018, when he resigned. As Dartktrace went public, Mike Lynch was still listing himself as a member of Darktrace’s science and technology committee on LinkedIn.
Hewlett-Packard reported accounting irregularities at Autonomy after it bought it and wrote most of the investment off. Mike Lynch has been charged with 14 counts of conspiracy and fraud linked to the sale of Autonomy to Hewlett-Packard and is currently battling an extradition request by the US. A colleague of Mr Lynch’s at Autonomy, involved with Invoke, and a former (until 2016) director of Darktrace, Sushovan Hussain. Mr Hussain was jailed for five years and fined around $10.1m for financial fraud committed during his time as CFO of Autonomy. Mr Hussain sold a stake worth some $100m in Darktrace last year.
Darktrace acknowledges that the connections to Mike Lynch, Sushovan Hussain, Autonomy, and Invoke are potentially problematic. In the IPO prospectus, Darktrace identified the following potential risks:
- The Group may face reputational risk arising out of unlawful and allegedly unlawful activities in connection with the sale of Autonomy Corporation plc (“Autonomy”) and related matters.
- The Group may face potential liability in relation to possible money laundering offences arising out of its historic funding by Invoke.
- The Group may face potential liability arising out of unlawful and allegedly unlawful activities in connection with the sale of Autonomy and related matters.
The Darktrace IPO was forecasted to be priced at £2.5-3bn. It was actually priced at £1.7bn. Yes, recent high-profile IPO disasters may have tempered expectations. But, those Mike Lynch associations got a lot of attention in the run-up to the IPO. Pricing in the potential risks from such an association probably had a lot to do with cutting the IPO price. The company must be anxious to put the association behind it, is doing its best to distance itself from Mike Lynch, his associates and companies. But in its eagerness, it is making mistakes. As previously mentioned, Mike Lynch claimed membership of an advisory committee in May 2020. Darktrace previously stated Mr Lynch left the role in 2018 when he also vacated his directorship. The IPO prospectus indicates Mr Lynch stepped down from the advisory committee in March 2012. There is not much Darkrace can do about being funded off the back of the Autonomy sale now. However, when Darktrace was founded in 2013, Hewlett-Packard had made its discovery of accounting irregularities public. An entity distinct from Mike Lynch and Invoke might have looked elsewhere for support when it was starting up.
Despite various directors associated with Autonomy and Invoke leaving Darktrace, a link remains. Darktraces CEO worked at Autonomy as a corporate control officer. There is a two-year gap in their Linkedin CV from 2011 until 2013 before they joined Darktrace. These years were spent at Invoke. This could be a simple oversight made recently, but it might be a deliberate attempt to remove an obvious link to Invoke. If convictions are secured against Mike Lync, investors might take issue with Darktrace’s CEO having worked at two Mike Lynch controlled entities. There might also be an inquiry into whether some of the corporate cultures at Autonomy and Invoke has been transferred to Darktrace.
Culture comes from the top
Now, to be clear, there is no evidence that Darktrace or its current management have engaged in any fraudulent activity. However, Autonomy was accused of having an aggressive and cutthroat sales culture. A brief look at Glassdoor reviews for sales positions at Darktrace hints at something similar. In addition, a comparison of the sales and marketing expense as a percentage of revenue is illuminating.
| Darktrace | Avast | Norton | |
| Revenue | 199,076 | 892,900 | 2,490,000 |
| Cost of Revenues | 17,477 | 196,000 | 393,000 |
| Gross Profit | 181,599 | 696,900 | 2,097,000 |
| Sales and Marketing Expense | 163,052 | 134,700 | 701,000 |
| Research and Development Expense | 12,030 | 86,100 | 328,000 |
| General and Administrative Expense | 26,887 | 140,700 | 368,000 |
| Other Expenses | 4,533 | 0 | 345,000 |
| Operating Profit | (24,903) | 335,400 | 355,000 |
| Gross Margin | 91% | 78% | 84% |
| Cost of Sales as a Percentage of Revenue | 9% | 22% | 16% |
| Sales and Marketing Expense as a Percentage of Revenue | 82% | 15% | 28% |
| Research and Development Expense as a Percentage of Revenue | 6% | 10% | 13% |
| General and Administrative Expense as a Percentage of Revenue | 14% | 16% | 15% |
Darktrace spends 82% of its revenues on sales and marketing. Competitors like <b>Avast</b> and Norton spend 15% and 28% respectively. Darktrace’s sales spend been coming down, and it’s worth pointing out that Avast and Norton have been around for much longer. As it is not unusual to have disgruntled current or former employees, it’s not all that odd for a new company to spend a lot selling and marketing its product as it seeks to establish itself. Darktrace makes a point of saying it goes after university graduates for sales roles. Considering the product, an educated and capable sales force makes sense. But, graduates might cost a bit more than non-graduates to employ, which might contribute to the relatively high sales expense.
Final thoughts on Darktrace
A few things are bothering me about Darktrace. The connections both past and present to Mike Lynch and his companies are one. It is not hard to imagine that if convictions are secured against Mike Lynch then investors will start taking a hard look at those risks which have been disclosed by Darktrace around the connections. But, they might also start digging deeper and uncover links that have not been flagged quite so explicitly.
Another concern is around Darktraces path to profit. Assuming cost structures improve or maintain, further revenue growth should lead to the company turning a profit. Assuming that $40bn market estimate is accurate, then Darktrace has plenty of room to grow. But the assumption of stable cost structures might be a stretch. Customers access Darktrace’s product through a physcial appliance or the cloud. Historically the majority of customers have opted for the physical option. But times are changing, and the expectation is that companies will continue to shift work into the cloud. The problem is that Darktrace has flagged up greater demand for cloud based offerings as potentially damaging to margins. Cloud based offerings include variable hosting costs. If Darktrace does not accurately asses custoemr requirements before signing them up to a contract and hosting costs come in higher than expected, a mismatch could sqeeze margins.
There are of course other concerns I could raise, but i will finish with my suspicion that Darktraces software might be cumbsersome and cost-hungry to deploy. Now, of course the fact that the company is adding customers at some rate—1,659 to 3,858 at the end of the 2018 and 2020 fiscal years respectively—does suggest that the cost-benefit tradeoff is deemed satisfactory. However, Darktraces product learns the normal digital behaviour of an enterpirse to detect deviations that might represent a threat. At present, as I understand it, an sophisticated IT team needs to be on hand to interpret the output of the threat assesment. That is one problem as I would wager a proportion of the 150,000 companies identified do not have the neccesary human resources. Darktrace is addressing this issue with various automated threat rememdy solutions in the works.
Setting the limits of normal digital debaviour for an entire bussiness would result in warnings being generated all the time if too tight, and if too loose, threats would slip by. I suspect that Darktrace would divide the bussiness up, and monitor each section seperately, on a case by case basis. If true thats a lot of work, and this is not a generic product. But also, deployment costs might be relatively high for a business, particularly if it is complex.
DISCLAIMER: James J. McCombie does not own shares in Darktrace. The Storied Investor has no beneficial ownership interests in Darktrace.
The Storied Investor 