U.S. Markets close in 2 hrs 38 mins

Edited Transcript of FSC1V.HE earnings conference call or presentation 30-Oct-19 12:00pm GMT

Q3 2019 F-Secure Oyj Earnings Call

Helsinki Nov 6, 2019 (Thomson StreetEvents) -- Edited Transcript of F-Secure Oyj earnings conference call or presentation Wednesday, October 30, 2019 at 12:00:00pm GMT

TEXT version of Transcript

================================================================================

Corporate Participants

================================================================================

* Henri Kiili

F-Secure Oyj - IR Manager

* Samu Konttinen

F-Secure Oyj - President, CEO & MD

================================================================================

Presentation

--------------------------------------------------------------------------------

Henri Kiili, F-Secure Oyj - IR Manager [1]

--------------------------------------------------------------------------------

Hello, everybody, and welcome to F-Secure's Q3 2019 Interim Report Webcast. I'm Henri Kiili, F-Secure's Investor Relations Manager. But without further ado, Samu Konttinen, President and CEO, please, take it away.

--------------------------------------------------------------------------------

Samu Konttinen, F-Secure Oyj - President, CEO & MD [2]

--------------------------------------------------------------------------------

Thank you, Henri, and thanks for joining our earnings call. So I will be now going through the Q3 results from F-Secure Corporation.

So really starting with the key takeaways from Q3, is that we had a really solid quarter with our corporate security that we grew 14% compared to the previous year given that a bit more than a year ago, we finalized a significant acquisition by acquiring MWR InfoSecurity. So this Q3 now represents the first quarter after the acquisition when all the reported numbers are organic. So there is no inorganic composition with the reported numbers.

So 14% growth in corporate security. So we are relatively happy with that performance. The breakdown of that growth really goes into endpoint security. It is the core, the biggest part of our B2B business being on the stable growth track. We continue liking the opportunities that we see in the endpoint protection space. It's a market that is not as fast growing as some other areas where we are investing, but definitely it continues being a growth opportunity. And I'm very happy with the trajectory we see in that front.

Then moving on to managed detection and response, which is one of our main investment areas. So on that front, we really delivered a stellar quarter. So we, as an example, won 2 very significant deals. And what makes me particularly happy with these 2 flagship deals is not just that we continue winning deals from very demanding industry verticals, we continue winning deals from a very significant size organization, but most of all, we continue winning deals also against the very top competitors in our field. So it is obviously a true test to our competitiveness when we go and win against guys like CrowdStrike, Cyber, Carbon Black and stuff like that. So great delivery from our sales team on the MDR front in Q3.

Then moving on to cyber security consulting. So we saw again a very strong growth quarter in cyber security consulting, overall growing 18%. So we are very happy with that. And I will be talking a bit more about the services and the types of customers we are winning further on in the presentation.

And then last, but not the least, is the consumer security, which we've guided being at the previous year's level. So there, we are delivering according to that guidance, and it was very much expected result in consumer security.

On the profitability side, adjusted EBITDA, definitely according to our expectations, now landed at 13% margin of revenue. So we are quite happy on that front with the adjusted EBITDA.

Then last but not the least, definitely one of the key takeaways from Q3 is that in the beginning of the quarter, we announced a company restructuring really to capture synergies from the MWR InfoSecurity acquisition. So making sure that we run a tight ship, making sure that we remove all those overlapping parts of the organization, so really finalizing the integration of the acquisition. And at the same time, we are reorganizing our operations to better reflect the focus on different customer segments and how do we best serve those customers, how do we best operate with the given go-to-market model and really optimizing F-Secure to best meet the market opportunity, reflecting the value creation and the industrial logic that varies from business to business. So really trying to find the right focus for our entire business mix going forward.

Looking at the numbers here. So the total revenue growing 7%; consumer security, minus 1%; corporate security, 14%; and adjusted EBITDA, as I explained already earlier. And I will be looking into -- deep diving into these different business-related topics further in the presentation.

I'll talk a bit more about corporate security. So our endpoint protection, which is predominantly a cloud-based solution, we continue seeing a very strong performance from our recurring revenue teams. The customer lifetime value continues to be tracking well with the very healthy renewal rates and keeping the renewals at a very high level, obviously, is a backbone for this business. So I'm very happy with the recurring revenue performance from our team, and this is growing double digits.

Then we have the new sales and which continues being a very important part of our business mix going forward. And on the new sales side, in endpoint protection, we saw a quarter that, overall, was somewhat behind our own expectations. And you can isolate that predominantly to 2 of our main markets, Finland and Japan, where the new sales is weaker than the year before. And it is also impacted that we have now discontinued a couple of our nonstrategic products that are part of the EPP suite. So that also impacts the outlook going forward, whereas we expect to be bouncing back to a stronger new sales performance towards the year-end and going forward to 2020.

Then moving on with -- towards the EDR, which is a very important capability that we have in addition to endpoint protection. So really, being able to service our customers with a solution that is also meeting the requirements for what comes to detection and response. So overall, the development is going to a right direction. We are onboarding more and more service partners to deliver that part of their overall services that they address to their end customers. And the business is growing, although compared to the overall business mix in the corporate security, the absolute numbers here are still small. But as I stated, this is very strategic for F-Secure. It is very important and great fit together with our EPP solution, and we are very confident that this business is going to a right direction, although still small in absolute size.

Then moving on to managed detection and response, which I already mentioned that we delivered a very strong quarter. So I'm very happy with the performance. So both for new sales, where we landed deals that are very significant size to us, continue winning against other leading vendors in this space, as I mentioned earlier, but also like how are we keeping the existing customers. So the renewal rates are extremely high, which speaks very highly of our service delivery. And it's a great testimony how customers appreciate the value we are managing to provide them in terms of managing the detection for them and making sure that whenever there is an incident that you need to be responding to, that we have the right tools and right skills in place and ready for the customers immediately when the incidents occur.

And overall, looking at our MDR performance. So the 2 very significant deals are coming from U.S. and U.K. But in addition, we are seeing a quite healthy, broad geographical coverage, winning MDR deals in Germany, Poland, Finland, South Africa, in addition to U.K. and U.S. And the customers' verticals typically fall into finance, critical infrastructure and different variety of technology companies, really those companies who accept nothing but best and the companies to whom cyber resilience and cyber defense is absolutely critical. And these are exactly the types of customers we want to be serving.

And then a bit more, I think a very proud moment for F-Secure. So a couple of weeks ago, MITRE published their results for F-Secure attending their tests in the detection space. And as the MITRE, as an organization, they are themselves not publishing any ranking lists, any points. So then there is a third-party company, Forrester Research, that has developed their own way of interpreting their MITRE ATT&CK evaluation results, now looking at how Forrester rates the results from different companies and looking how F-Secure really comes as a top performer against companies like Palo Altos or CrowdStrike, CyberReach and Carbon Black, and Microsoft here being the weakest in this leg. So I think this speaks a very, very strong language and really is a great testimony to technical capabilities we have achieved over the years, building this detection and response platform and really underscores our ability to service the most demanding industry verticals and most demanding customers. So this is a great, great result for F-Secure, and I'm very proud of the teams from F-Secure achieving this.

And then moving on to cyber security consulting. So we saw a very good quarter, growing 18% compared to the same quarter a year ago. So this continues to be driving our top line growth. And really, the strongest markets for F-Secure in consulting would be U.K., Nordics and special mention in going into Singapore, where we absolutely see a stellar growth. So growing much, much faster than the 18%. So overall, very, very happy with the consulting performance, driving top line and driving profitability. So this is a very important part of our overall business mix at the F-Secure being able to offer a much broader set of capabilities to our customers, not just products, but those services that are really complementing the product business and services that are addressing the key pain points that customers have in their cyber capabilities.

And in Q3, we also finalized the MWR integration in terms of now really combining the previous F-Secure consulting organization with the consulting organization from MWR and now being able to operate a global consulting organization capable of addressing a broad variety of customer needs in a multidisciplinary fashion.

And offering a bit more color, so the types of assignments that we deliver in consulting. So again, our team -- the global consulting organization starts to be a good-sized team. So we currently have more than 300 cyber security consultants. And there are not many other pure-play cyber security specialists, who has that capability and that scale in place, really being able to service customers across several different countries and across 4 different continents. So it is a rare -- very rare capability to have in place. We have many international customers, who don't expect us to service them, not only in their headquarters or in any given single country, but expects us to deliver service system in U.S., in Europe, in Asia. And we are one of the very few companies in this industry being able to meet that demand.

And now a little bit looking at what sort of assignments we typically deliver. So here, we wanted to highlight some of the cases that we delivered in Q3. This is obviously anonymous as customers very rarely want to be referenced here. So we are talking about industry verticals and not customers specifically.

So if I start from U.K. So in U.K., we have delivered defense practice enhancements. We have delivered Attack Path Mapping. We have delivered threat hunting assignments. We have delivered a lot of incident response case. And looking at the verticals that we have covered, so there are multinational insurance group, there are several finance institutions. We are working with critical infrastructure companies. We are working with international manufacturing companies. So really, a good set of different variety of industry verticals that we serve.

Then another good examples would be that in the U.S., U.K., Germany, Japan, we work with finance institutes. We work with many of the leading automotive companies, gathering IoT assessments for them. So the motor cars are more and more becoming actually computers on wheels and the cars having that Internet and connectivity capability. So the car makers want to be sure that certain components that connects the car to Internet are designed in a secured fashion and are deployed in a secured fashion, so that they're giving as much difficulties for cybercriminals as possible to be hacking into those cars. It's very, very important that those measures are in place.

And then we are working with many maritime companies with assessments in red teaming and also incident response. And just overall, a very, very broad rate of trains of different services that require a really in-depth, best-in-class technical capability and delivered to the multiple customer verticals around the world.

And then moving on to consumer security, where the revenue was at the previous year's level. So we continue seeing a moderate increase in product activation rates, which is a very, very healthy sign, showing that the business is moving in the right direction. And we are actually very happy with the sentiment that we are witnessing around F-Secure SENSE, our router security solution, and especially with the upcoming product launch in identity products -- identity protection. So we are in talks with a lot of telecom operators how could they better enhance the security services for their consumer customers, how could they better be equipping the routers, securing really all Internet-connected devices at their customers' home. And then this identity protection, this is clearly an area which is increasing awareness. And general requirements for more and more operator are pointing to this direction, that they want to be offering something to their consumer customers that helps their consumers to manage their identity online and really to understand if there has been a breach, where a consumer credentials are possibly leaked. So it is kind of like a fire alarm, making sure that the consumers are kept up-to-date for what comes to keeping their online identity safe. So it's a great story. It resonates really well with our operator partners, and we are very positive with the sentiment and expecting to be announcing deals in this front going forward.

And then a few words about our direct sales. So there, we saw revenue in a slight decline. And this is something that we are very, very committed and putting in a lot of effort to turn this business around. So we continue thinking that there is the market opportunity to grow in this business, although the realistic growth opportunity is rather in single digits than double digits. But we think that our performance in Q3 really wasn't exactly meeting the market with what we should be doing and what we could be doing. So we continue thinking that this really wasn't our best quarter in this front, and we expect us to be able to improve our run here going forward.

Overall, the outlook and the industrial dynamics continue being what we have seen, what we have witnessed several quarters down the road already. So the customers are more and more gravitating towards really looking at that one cyber security solution that would cover all their cyber security needs. So not purchasing Internet security or password manager or privacy solution or VPN solution independently and separately, but really looking at that combo product that does it all. And this is F-Secure TOTAL, which is the solution for those customers. So we continue pushing F-Secure TOTAL, which, again, combines all F-Secure key assets in consumer security space, and that really is the commercial driver going forward. And it drives a stronger average revenue per customer as the price points with these outmost premium solutions are quite, quite high.

But as a summary perhaps, consumer security, minus 1%. So not a strong quarter as we expected, whereas our outlook in this business, as we've said, this business being at the previous year's level. So outlook on that front is definitely unchanged.

Then a few words about the restructuring that we announced a couple of weeks ago. So the driver really is, first, to make sure that we operate an efficient and healthy organization, taking into account the acquisitions we've done, so really finalizing the MWR acquisition integration. So that is one of the key drivers here.

And the second driver is really making sure that we are organized in an optimal way to address different customer segments, different go-to-market models, different competitive rivalries and different value creation and industrial logic that we see across different business areas where we operate.

So here, you see the business mix like where corporate security products, they represent about 34% of our overall business mix; cyber security consulting, 22%; consumer security products, 44%. So this being the complete business mix, and now we are reshaping the company to best tap into individual opportunities and growth opportunities and really, in the best possible way, understand the market and customer requirements in these different fields.

And the new structure that we have announced goes into 4 different business areas. So we have consumer security, business security that carries our EPP and EDR solution, managed detection and response is rather self-explanatory, similarly as is consulting. So these are the 4 business areas where we are operating.

And then in addition to these 4 business areas, we have a lot of very important common services, common technologies that these business areas are using, giving us the needed speed and needed scale, so -- and needed operating leverage across support functions like finance or HR, et cetera. So the new model going forward is very, very simple to understand, and we believe that this best addresses the varying customer needs and market requirements, allowing us to be really fast, really focused and really customer-oriented going forward.

And the new leadership team that we have also put in place, which is effective 7th of October onwards. So I'm highlighting here a couple of new roles. So first would be Jyrki Tulokas, who was previously Head of Products and Services. So now Jyrki is doing a parallel lateral move, taking the helm of CTO for the F-Secure.

The next one to highlight would be Juha Kivikoski, who really is an industry veteran, having a lot of executive roles and in many internationally operating cyber security companies. So Juha, previously being Head of our Enterprise Sales & Channel, so now Juha taking the helm of running Cyber Security business area, which incorporates our EPP and EDR solution and all the related sales and marketing activities.

Ian Shaw, the next one, who was previously CEO of MWR InfoSecurity. So now Ian will lead the entire consulting organization for F-Secure worldwide. So that's a new role for Ian.

And then last one to mention, Tim Orchard, who will be responsible of F-Secure Managed Detection & Response business area, an area where we expect high growth going forward, an area that is extremely strategic for F-Secure, an area where we are placing a lot of growth-driving investments.

And predominantly, the other roles are CFO, CIO, People Operations & Culture, Consumer Security and EVP of Strategy. These roles are practically the same as they were before. So very glad to have this team in place to continue driving F-Secure journey and continue addressing the customer needs and requirements we have and winning market share in this very demanding market environment.

And finishing off, the outlook for the rest of the year, 1 quarter to go. So we are keeping the outlook -- the guidance unchanged. So we continue guiding our revenue from corporate security to grow by over 30% compared to a year ago. Revenue in consumer, we continue guiding it to stay approximately at the previous year's level. And we continue guiding our adjusted EBITDA being above EUR 21 million, including the accounting change impact deriving from IFRS 16 regulation.

And then the long-term outlook stays the same. So we are guiding our B2B business growing annually above 15%. And on the profitability, we are -- we continue guiding that the Board and the management continues to seek to balance growth investments and profitability to optimize for the best possible long-term value creation mix for the shareholders.

So that's all I had today, briefly going through the Q3 results. A little bit insights from each of our businesses: consumer business, endpoint security business, endpoint detection and response business, managed detection and response business and consulting business.

So that's all I had. We had a good quarter. We are keeping the outlook for the year unchanged, and we are very excited about the future opportunities going forward for F-Secure. Thank you.

--------------------------------------------------------------------------------

Henri Kiili, F-Secure Oyj - IR Manager [3]

--------------------------------------------------------------------------------

Thank you, all. Talk to you soon after Q4 with full year financials.