Darktrace: Too much too young? | #cybersecurity | #cyberattack


Darktrace might sound more like a Marvel comics superhero, but instead it is a recently floated cyber security business that has seen a meteoric rise in its first few months as a public company. Already large at IPO (starting at £1.7bn or £2.3bn at the end of the first day’s trading), it was already in the upper reaches of the FTSE 250 index and after a concerted surge in its share price, it is today valued higher than 20 stocks already in the FTSE 100 index, at over £6bn. That’s an impressive stock market debut, but is this the start of something beautiful or, as per 1980’s SKA band The Specials would have it, ‘Too much too young?’

 

What does Darktrace do?

This is a cyber security software and services provider, but one offering a different approach. Most cyber security is what is known as perimeter defence using predominantly firewall type mechanisms aimed at preventing hackers or attackers from gaining entry into a network. Think of a house with very strong locks on all entry points, cameras, floodlights, alarms and feedback mechanisms to alert that someone is trying to enter. This is a well-established and reasonably robust set-up, but it has weaknesses in operation and requires a lot of human input to maintain security levels. 

Unlike building security where attacks might be periodic and infrequent, cyber attacks are relentless, trying all entry points to networks and systems hundreds, or even thousands, of times a day. Breaches are commonplace. Home working has made many business networks inherently weaker by allowing staff to use their own poorly defended home wifi networks or even their own computers, which might already be infected with viruses. Also, the Internet of Things or IoT (such as connected appliances, vehicles tracking or environmental sensors) has introduced new, weak entry points to networks. There is an infamous case of a Las Vegas casino that was almost robbed by hackers gaining entry through a web-connected, remotely monitored lobby fish tank.

Once the perimeter has been breached, basic cyber security can do little to prevent files being deleted/stolen/forcibly encrypted or ransomware being installed. Human intervention is typically required to repair the damage. Darktrace has a different approach using Artificial Intelligence (AI) that works within a network to prevent damage or theft after the perimeter has been breached. The AI it has designed is autonomous and self-learning so does not require updates, databases or reference libraries and is largely free of human intervention. This approach is required because hackers increasingly use AI themselves and it is ever more important to deal with the practicality of defending against attacks from within because perimeters have become too easy to breach. 

Darktrace has four main product areas, and increasingly customers (which in June 2021 numbered over 5,600 in 15 countries) have been purchasing more than one product suite or variant, which augurs well for sales when its full range of solutions is available. 

Detect – longest established (since 2014), this AI software learns ‘normals’ within a network and responds to subtle changes in operating patterns. It learns and is ‘self-aware’ and is not rules-based like traditional security products .

Respond –  the Antigena  product (launched in 2018) springs on from the detection function to neutralise threats in the event of perimeter breach of a network or email system. 

Prevent – AI-bots that probe and test a network for weaknesses from within which is potentially more comprehensive than ‘white hat hacker’ testing, externally seeking typical and common weaknesses. This is in its beta test phase. 

Heal – still in development, this is for fixing networks and repairing damage after an attack. This is work now carried out by humans. 

 

A look under the hood

Growth in revenue has been impressive (see chart below) but not so exceptional for a still relatively early-stage technology business. The group is not profitable at the pre-tax or earning levels but does make a gross profit with a margin of just over 90 per cent (again fairly typical for software products with material IP). However, selling, R&D and general expenses are considerable such that $281m of revenues to June 2021 distilled down to an adjusted, normalised loss of c.$35m (Investors’ Chronicle’s adjusted estimate not company numbers: backing out IPO and related costs; adding in normalised travel and entertainment costs sharply lowered by Covid). 

 

Darktrace revenues and growth rates – £m

Sources: Company data, Factset

 

Brokers’ forecasts are widely spread over the next three financial years but across the piece, losses are expected at the pre-tax level throughout this period and, broadly, losses look set  to remain at close to current, adjusted levels through to 2024. In that time revenues are forecast to more than double (up 127 per cent vs 2021) to c.£450m/$560m. 

For context, Gartner (a technology markets forecaster) reckons the cyber security industry produces annual revenues of $372bn and Darktrace estimates its own narrower part of this (its ‘addressable market’) to be worth between $40bn (bottom-up) and $125bn (top-down). 

Although custom numbers have risen by 33 per cent compound since 2018, the average revenue per customer has dropped by 11 per cent, despite significantly more customers buying more than one product from Darktrace (86 per cent of customer vs 27 per cent in 2018). This suggests that Darktrace’s early pricing power could already be waning.

 

Darktrace pricing model

Class

Definition

Cost 12 months

Small

Up to 300 Mbps of average bandwidth. 200 Hosts

$30,000

Medium

Up to 2 Gbps average bandwidth. 1000 Hosts

$60,000

Large

Up to 5Gbps average bandwidth. 10,000 hosts

$100,000

Source: Amazon AWS

 

 

While sales are rising, costs are also rising quickly. General expenses and R&D both doubled in the last financial year (excluding IPO related costs) while sales & marketing rose by 25 per cent. Staff costs in the premier league of the IT industry are rising sharply with in-vogue areas such as cyber security at the sharp end. Many jobs currently attract double digit percentage increases, some getting as high as 25 per cent. Staff poaching and staff churn are also unusually higher in this field.  

R&D spend feels low at just 10 per cent of revenue while sales cost equal 67 per cent and general administrative costs stand at 20 per cent. This feels wrong for a business developing products in a rapidly evolving market segment and is likely to need to be expanded. 

 

The share price

The  shares got off to a strong start as a quoted company, rising by one-third immediately following the 250p IPO and then exhibiting an additional three-fold increase in the following 20 weeks to peak at almost 1,000p. It has been dropping back more recently. Such a performance can indicate a number of things: 

The shares were too cheap, fundamentally mispriced by advisors at the IPO; there was a poor market climate at the time of the IPO, the valuation was impacted by problems with other IPOs (Deliveroo’s IPO was a month before Darktrace) or there was very strong demand for stock not satisfied in the IPO.

A popular view is that the poor performance of Deliveroo post-IPO (it fell from 390p to 228p within a month) influenced the pricing of Darktrace. Before the IPO, valuation had been expected to be c.£3.6bn, but right before the launch this had dropped to a range of £1.6bn to £1.9bn, finally debuting towards the low end at £1.7bn. Drawing parallels with Deliveroo is dangerous. Darktrace is a pure technology business with substantial and unique IP. It is a solutions provider whereas Deliveroo is a service company that uses applied IT to execute what is essentially an old world business model: there is little to read across. 

It is more likely that the business was underpriced at the IPO, either because institutions pushed back hard on the asking price, possibly because some disliked the presence of Autonomy’s Mike Lynch as a major founding shareholder (sixth largest investor) or perhaps a consciously low price was set in order to harvest a marketing opportunity that would inevitably arise following a surging share price: this has been done a number of times before (e.g. BeyondMeat in the US) and is a trick of the investment banking trade. A stock that soars after its debut will attract a lot of attention and could help gain new customers. Given that relatively little new money (£171m) needed to be raised, the IPO could afford to be priced cheaply.

 

Was the stock too cheap at the IPO price? 

We have the advantage of seeing how the valuation of this business progressed since its early funding rounds as details of private investments and implied valuations are in the public domain (see table 2). The shares were offered in the IPO at close to half their valuation achieved at the last private funding round in 2018, coming to the public markets with a rating of 8½ times forward revenues (the only feasible way to value a business before profitability). This is low in both the stock’s own history and for a fast-growing pure technology stock and probably made a strong post-IPO performance almost inevitable.

In contrast, we can see that today, the business stands at its highest valuation relative to sales. Notably, the valuation is at its highest but the rate of revenue expansion is well past the peak seen in 2017 and is heading down, based on brokers’ forecasts. Also we can see that in the later private funding rounds, the price-to-sales ratio had also been declining. 

 

Darktrace valuation at historic funding points

Date of external investment

Implied valuation $m

 

Revenues $m

Price to sales

Private

       

Mar 2015

80

 

20

4.0x

Jul 2015

100

 

20

5.0x

Jul 2016

400

 

24

16.3x

Jul 2017

825

 

39

21.1x

May 2018

1,300

 

80

16.2x

Sep 2018

1,700

 

111

15.4x

Quoted

Market valuation £m

Revenues £m

 

Price to sales

At IPO – historic revenues

1,700

158

 

10.8x

At IPO – forecast revenues

1,700

203

 

8.4x

Today – Historic revenues

6,342

203

 

31.2x

Today – forecast revenues

6,342

279

 

22.7x

Source: Darktrace PLC, TechNation    

 

So, did the share price surge after IPO because the stock is highly attractive, because there was an excess of demand or did it simply come at a valuation known to be low which created its own flurry of momentum? It does feel a lot like the latter. Surging share prices after IPO (whatever the driver) can generate self-fulfilling momentum. Some buying interest will arise simply through investors chasing stocks that are rising while others may have had to invest, such as index funds, creating a wall of demand that begets additional and so on. Share prices can easily become over-extended.   

Having risen close to 1000p, the valuation looks stretched against the rest of the sector with sales growth slowing (while remaining well above market averages) and still no profit expected within the forecast window. The AI cyber security sub-sector does look attractive and Darktrace looks to be a star within it but it is impossible to tell whether this business will remain in a dominant position or whether it will lose market share and pricing power. There is already a lot of direct competition, new players are sure to arise and businesses now specialist in perimeter security will dauntless expand into the AI space. 

Also there are so many fast-growing, attractive, ground-breaking technology stocks waiting in the wings, meaning that investor’s interest (and money) could easily be drawn away towards the IPO of the next so-called ‘unicorn’ (private businesses worth more than $1bn). Investors should probably look at Darktrace’s own valuation history and might conclude that a fairer value for this business is, for now, closer to a forward sales multiple in the teens rather than the 20-30 times range. The stock was cheap at the IPO, but does not look that way today. 



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

seventy seven + = 78