Arqit Quantum Inc. (ARQQ) Earnings Call Transcript & Summary

Good morning, everyone. My name is Scott Buck. I'm a technology research analyst here at H.C. Wainwright. I want to welcome everyone joining us for our conversation with Arqit Quantum Chief Executive Officer, Andy Leaver. Before we get started, I want to read through the company's safe harbor statement. Please note that this webcast includes forward-looking statements. Statements about Arqit's beliefs and expectations containing words such as may, will, could, believe, expect, anticipate, and similar expressions are forward-looking statements and are based on assumptions and beliefs as of today. The company encourages you to review the safe harbor statements, risk factors and other disclaimers contained in the company's filings with the Securities and Exchange Commission, which identify specific risk factors that may cause actual results or events to differ materially from those described in our forward-looking statements. The company does not undertake to publicly update or revise any forward-looking statements after this webcast. So, Andy, welcome.

Thank you. Thanks for inviting me, Scott.

So I think a great place to start for folks on the line, maybe help describe the problem that Arqit is trying to solve? What is the threat to traditional encryption methods? And what is the rise -- what is the risk that with the rise of quantum computing brings to the table?

Yes. Well, a good question. And I think things are moving really quickly right now in the world of quantum. So anybody on here is obviously aware of quantum, thinking about quantum, I would say. So in today's world, we're using some very kind of previously trusted and widely-used encryption code, PKC, which is effectively public-key cryptography public-key encryption. And that's what's in use today. What's happening right now though is the quantum is maturing very, very rapidly. In fact, just last night, I was watching CNBC and I saw the IBM reported that they booked just over -- cumulatively just over $1 billion in their quantum practice. So you can see that this is really becoming material right now. So all the public-key cryptography today relies on mathematical formulas and with quantum advancing the way that it is, it's not going to be long before they can actually decrypt anything that's encrypted using today's public-key cryptography. Now nobody thinks that they've done it today with a supercomputer, okay? But with the rise and speed the quantum is progressing, so anybody who follows the news listen, even Google announced their Willow chip, which is 4 qubits, by the way, which is pretty significant processing power. They think that certainly within this year that it will be able to break all known encryption. And on that day, that day they're labeling as QD, the day that all known encryption will be broken by quantum. So what we do at Arqit is provide an enhanced security layer with symmetric keys that addresses the shortcomings of public key cryptography and delivers a host of new authentication benefits to customers and to protect against the possibility of quantum attack. So really future proofing. There really is a call to arms going on right now with the speed that quantum is progressing.

So if Google is getting there with a supercomputer this year, more broadly, how should we think about the time line for quantum computing and the threat? When do bad guys get a hold of the ability to break the current encryption, right? Is it 5 years? Is it 10 years? Is it even 15 years out?

Yes, it's a really good question. So what's the timing of this? So what I would say is very recently in January, there was a national security memorandum published, NSM-10, which is basically setting out that organizations, particularly federal government need to start laying out how they're going to become quantum secure ideally in the next 90 days, okay? Now there are different standards and different bodies, and they give different views of this. Some of them go out to 2035, some of them go out to 2030. We certainly think for critical infrastructure and for federal government and defense use cases, they need to be thinking about this sooner rather than later. As I said, this is advancing quickly. So we are seeing more and more people saying, "Hey, we need to understand the risk. We need to understand how quickly quantum computer is going to be available at scale," i.e., is there enough computing power for them to actually start decrypting at volume messages because a lot of people are worried about the store now, decrypt later problem, i.e., there may be a finite amount of quantum computing power available today, but even if that decrypts just a part of your sensitive data, they may well have stored the rest of it a way to decrypt later. And again, National Security Memorandum 10 was off the back of the recently disclosed Salt Typhoon breach of major telecommunications networks, which released vast amounts of data. And I think now the White House executive orders are trying to say, we need to get ahead of this problem. Again, it's an arms race. This year is the year of quantum. It was launched just this week, actually the year of quantum. So it's 100 years since quantum physics and mechanics were first observed and people started to really talk about quantum. It's a hard thing to describe when you talk about qubits and entanglement and super position. There's a lot of acronyms and a lot of big words in there.

It's pretty abstract to most people, yes.

Once you get into it and you start to realize kind of how it's so different to binary and bits and bytes, you realize the power of what's available. And when Google talk about Willow, IBM talked about their new Kookaburra device that could come along that could be anything up to 5 qubits is the rumor. And then you have the emerging companies like D-Wave are also producing devices that could be anything into 4 or 5 qubits as well. So this is very, very significant computing power that is literally on the horizon right now.

Great. And now Arqit's technology specifically, how does it protect against the threat of quantum computing? And how do we characterize the product? Is it quantum resistant? Is it quantum proof? How should we think about that?

Again, there's a lot of acronyms in this, okay, by the way, so just to warn you, 3-letter and 4 letter, yes. So the event that people talk about is they call it CRQC, which is when is the first cryptographically, I'm tripping of one word, cryptographically relevant quantum computer going to be available, i.e., the one that can actually break, as I said, all known current algorithms. So we make communication technologies that are quantum safe. So our Symmetric Key Agreement or SKA platform adds a layer of protection to the keys used to encrypt data between endpoints, connecting endpoints, by removing the risk of private keys being derived by a quantum computer. So that's what we do to make you quantum safe. So it increases the grid of authentication undertaken between components. to create what is now known as Zero Trust environment. So you're trying to create an environment where you don't trust any actors unless the 2 endpoints is secured by our symmetric key agreement. So it reduces the risk of what's referred to as man in the middle attacks and device roofing and symmetric key agreement cryptography is what's used by all the leading national security and military organizations today due to its Zero Trust architecture. So organizations such as the NSA and the White House really do encourage the use of symmetric key cryptography, which is exactly what Arqit use in their solutions.

That's really helpful. The potential customers you speak with, there are government agencies, there are corporate enterprises, how seriously are they taking the threat?

Yes. So I think now -- as you saw from the memorandums coming out from the White House even just last month and the security memos coming out, there's significantly increased understanding of the threat posed by quantum computers. And as I said, the UN has declared 2025 the International Year of Quantum Science and Technology. In fact, it was just this week released at CI in Switzerland. So if you go Google that, you'll see there was a lot of events around that as well. And if you do a simple search for memorandums, papers, blogs on quantum safe threats, it will unveil a serious of the threat and who's discussing it. So understandably, as I talked about, who's at risk in the most immediate time line on this. The leading sectors of the first movers in this space are government, security agencies, defense, critical national infrastructure organizations and financial institutions. So these are the people we're seeing are now bringing this to the table to say, hey, we need to be advised on this. We need to know how to make ourselves secure, and we need to create that Zero Trust architecture.

Great. And then I was hoping you could provide a little bit of color on maybe what some of the alternatives or what the competition looks like out there? Who else is competing in this space? How does their technology differ? And ultimately, is this a winner-take-all situation or are there room for multiple providers?

Yes. So again, good question because there's multiple alternatives and approaches to addressing the vulnerabilities exposed by quant computers. So there are existing agreements, which you -- existing solutions, should I say, that use hardware and software cryptographic solutions. The hardware ones, I think, are being less favored because they're very clunky, hard to carry around and carrying roof cases, et cetera, around the world is not an easy thing to do. So the new ones, the primary approaches fit into broadly quantum key distribution, QKD, post-quantum cryptography, PQC, which includes both post-quantum algorithms and symmetric key cryptography. So if you think of kind of that spectrum of solutions. So symmetric key usage is already recognized as a robust protection against the quantum threat. But as up until now, the secure distribution of symmetric keys has proved to be very expensive and a logistical challenge. So the market to -- mechanisms to create and distribute keys for quantum-safe solutions remains kind of a younger market, but the growth of QKD and PQC markets and associated options are now really what the industry analysts are leaning into. So there's room in the industry for multiple players for sure. That said, Arqit is the only company with a proven symmetric key solution that's commercially available and compliant with the NSA standards. So I want to stress that it's commercially available now and compliant with the NSA standard. So we can talk kind of who's doing that and who's using it, but it's ready today.

I see. That's helpful. Does AI play a part in the quantum safe story? Does it impact your technology?

Yes. Listen, I think it would be hard not to use AI in today's world. For us, from pretty much early inception, we were always thinking about where will AI play a role. I mean it's worth stating as well that AI is a double-edged sword. So you think about it, it's very powerful for us to analyze large data sets, identify patents, make data-driven decisions, but it can also be used by the bad actors as well to impersonate users and systems. So we use AI to both defend against adversaries using AI-hardened authentication strategies. So we do that a lot, but also for detecting and advising on cryptography risks and vulnerabilities within organizations. So we just launched last year a tool called Encryption Intelligence. that uses AI to simplify the detection and remediation strategies for vulnerabilities. And we see AI as very, very useful in that remediation side. So if you think about encryption intelligence, what it's doing is saying, hey, here's your vulnerabilities and then starting a dialogue to say, how do you fix those vulnerabilities and what's the remediation for those vulnerabilities. So that's how we think about the use of AI.

I see. What does the sales process look like? Do you guys have an internal sales team? Are you working with certain distribution partners? And what does the typical sales cycle look like as you talk to customers?

So we have our own direct sales team in-house. That said, we do like to work with the channel partners, okay? So although we do work directly with end customers, we like to work with systems integrators, SIs, VARs, the value-added resellers and the OEMs, the original equipment manufacturers and prime such as defense contractors, telecom service providers. So we've got a reseller model, a distribution model and allows service providers to build our tech stack into their tech stack and sell that as a value-added service. So to us, we like to think about that partner network and how they weave it into their technology as well to provide the end solution. So we tend to like using those channel partners to get to market.

It makes sense, give yourself a little more leverage across the selling process. When you sell a new customer, are you doing a proof of concept with them. What is that kind of cycle like from the initial conversation to actually signing a contract?

Yes, good question. So we find a lot of the customers they like to do some sort of proof of value proof of concept early on. And then what we do then is we prove out typically the use case and then we move quite quickly into the -- we find quite quickly then into the contracting phase. That's -- I'm losing my lights here. Let me...

We still see you okay. So...

There we go. I should have thought of that before I sat still. So we move into contracting there. And they're just -- what many people recognize as software subscription license agreements. So they're typically annual agreements. Many people go for multiyear. Interestingly, they can be delivered as a PaaS, so platform-as-a-service for endpoint licenses or some people go for a private instance. So you can imagine in the defense world, critical infrastructure world, they'll think more about, hey, we'd look to do a private license to manage it ourselves or maybe in a private data center as well. So we're flexible there depending upon the situation.

You talk a little bit about the difference in the economics to you guys between a private instance situation versus a company or a customer on a subscription model? I mean, what -- how do those economics change for you?

Well, it's -- we're flexible. So we're trying to be flexible to the customer, but the economics are such that we want to make it such that they're paying for the value that they get at the end of the day, okay? So what I mean by that is if they want to do a private instance, they might be a little bit more in terms of, hey, they want to set up the hardware, they want us to advise on that, how would this be configured? If they do -- if they consume it through the cloud, so if it's platform as a service, then we can be more flexible in terms of as a kind of pay-as-you-use type model. So everything we do in pricing, people would recognize. So if you're a user of the traditional Amazon Web Services or something like Snowflake, you'll recognize very much the model that we use.

Okay. That's helpful. Where are you seeing the most customer traction today? Is it on the government agency side? Is it on the commercial side? And does one typically lead the other?

Yes. So I think what we're seeing right now is, I think the -- I mentioned it earlier, kind of which parts of industry are coming to us first. But really, right now, it's critical national infrastructure, defense, federal or government as we would say. Behind that, though, we're seeing a lot more on financial services and energy sector, energy sector being tied into, obviously, national infrastructure. transport, I would say, anybody really that has high-value data and lots of intellectual property, so like research and academic networks, big pharma, high-tech, space tech, wider medical tech. So if you think about it, critical infrastructure, thinking about IP, but that infrastructure is -- so when people think about data in motion as we call it, it's like how do we ensure that from endpoint to endpoint to make sure that is a secured link. So if you think about hacks that are going on right now, even things like undersea cables, we're seeing them being tapped into. So that's the critical infrastructure type problems that we're trying to address.

I see. So beyond government and telecom, defense, what other verticals may be coming into focus in 2025?

I think for us, it's really going to be -- I think in order of what we're seeing is it's really the government defense, federal, very closely followed by telco, the telecoms like that, financial services is also coming in. And then behind that, those rich IP sectors. So we are seeing the early adopters like the telcos and financial services over and above what we see in the kind of government sector. So we've seen those people being early adopters. So just within those sectors alone within government, telco and enterprises, we've done well into the 20s numbers of proof of concepts with them. And then you'll see that a lot of those then are thinking about how to deploy what infrastructure it goes into before they move into production type environments.

I see. So it makes sense for really any business where the risk of breach is catastrophic, right? I mean, that's the best way to think about it. It's -- got it. No, that's helpful. Now recently, you guys signed a 7-figure contract in the EMEA region. Can you provide a little bit of additional color there? I mean, if you can, who is the customer or at least give us some kind of context around the deal?

Yes. Let me tell you what I can, okay?

I know it's delicate. So I don't want to get into trouble.

Yes. So we've signed a contract. It's a major systems integrator and data center operator in the Middle East, okay? And this is for the deployment and supply of secure network services using our symmetric key agreement platform. So they've built a sovereign private instance for use to support a number of key government and enterprise customer networks wherever they need to better protect themselves against current and future cyber threats, including obviously the post-quantum threat. So the good news is the partner is going to act as a regional reseller for us in the Middle East with the ability to sell private instances to create further independent sovereign network architectures for their customers across government security and defense. What I would say is there are parts of the world where certain governments have mandated the use of quantum secure security. And in the Middle East, you'll find some of those countries. So this for them is being mandated to actually move to post-quantum algorithms as we just talked about. So having that ability to have a local reseller, local partner who's using it themselves and they can also provide is a real big bonus for us.

So it sounds like this contract could be a real catalyst for some additional deals or additional monetization in the region.

Yes. So it's like second private incidence in the region. We're expecting that repeat deployments across the region. And so we've got a strong interest in the growing pipeline I think also with the worsening trend of cyber attacks, they are, as I said, legislating in that region and also moving rapidly to protect against that. So for us, we're really happy with the conversations and the interest in the Middle East, for sure.

And to be clear, are you generating revenue from this contract today?

I'll have to wait until the results come out before I can comment on that.

Okay. That's fair. Perfect. And then we talked a little bit about before the call started about the D.C. office you have. Can you talk a little bit about what kind of business traction you're seeing here within North America?

Yes. So we -- I literally took a 2-week tour of the U.S. So I'm standing in London now, but we have a very nice office in Crystal City. I was in last week, and we have a fabulous team there. So if they're watching hello. They are driving or spearheading, should I say, for the U.S. opportunity for us. We've got a high concentration of partners and potential prospects out there as well. So a lot of our early traction with the partner ecosystem is there. So I've got to call out Intel. Intel is a really good partner of ours. We're very, very pleased with how our relationship is developing with Intel, and we couldn't be happier with the partnership there. I spent time with Fortinet and Juniper, strong partners of ours as well. What you're seeing in the U.S. right now is that we're in the early days of what is, I think, widely anticipated to be a 2-year refresh cycle on firewalls for enterprises. So a lot of people are saying, "Hey, if we're going to do that, we want to make sure they're quantum safe," because as I said, depending upon whose guidance you look at, you certainly need to do that in this refresh cycle to make sure that you're quantum safe in that firewall refresh. And then the reseller distribution networks, and I would call out Carahsoft as one that we've signed recently as well as a partner. So that's that puts us in a great position. So we're focusing on our target key accounts across telco, defense. And then as we get into fiscal year '25, we -- I'm excited about what we'll be doing in the U.S. because to me, certainly with this new administration, I can see a renewed impetus to actually get moving on this.

That's a great kind of follow-up there. General thoughts on the new administration and how it not just plays into your technology, but AI and maybe some of the other industries that you look to view as customers generally a net positive? Or how are you guys thinking about it from your perspective?

I think for us, as I said, we like to work through partners. So the work that Fortinet, Juniper are doing in terms of that firewall refresh and the fact that the government now is proactively trying to defend critical national infrastructure, and that's why you saw the NSM-10, National Security Memorandum come out to say, you need to have a position on this. I think that strengthens what's happening in the U.S. right now. But also I think they're worried about the fact that there has been breaches in the past as well. And I talked about that store now decrypt later. Is that going to kick in, in the next couple of years as the bad actors and maybe rogue states are saying, "Hey, we now have quantum computing. We have no capacity to go and decrypt a lot of that information. Now if you're -- everybody thinks about, hey, well, surely, data in motion is more critical in terms of the here and now. But if you think about it, a lot of data that's already stored, if that's compromised as well and it's been harvested, that's going to put people in a difficult position if it is actually critical level or defense level security required on them.

Yes. No, that makes a ton of sense. Andy, how quickly can this business scale? If you add a couple of large reseller partners or start to see some traction. I mean, can 1 or 2 large customers make a meaningful difference?

Yes. Good question. So let me give an example in telco. So if you think about telco, we are very lucky that one of our earlier partners and customers in this is Sparkle. So if you think about Sparkle, they're using it as a value add for their end customers as well. So what happens here is -- so they will then wrap it into their service and offer it to their customers, which means that, that one customer gives us opportunity to hundreds, maybe thousands of potential end customers as well, if you think about that community. So that multiplies that knock-on effect of opening doors to additional programs. So we kind of expect to have a mix of revenue sources, some large private instance contracts with telcos that I just talked about or governments or resellers and then some through Sparkle that then allow us to scale up. So if you think it's a magnifying effect the way that we're thinking about this. So don't just think about it, hey, one customer equals one opportunity, it can equal many opportunities behind that.

And Andy, for our investors here in the States, in North America who may not be familiar, Sparkle is Italian correct?

It is, yes. It's going through a divestiture process and was previously an affiliate to Telecom Italia.

Great. Now over the past several quarters, the company has worked to reduce its cash operating expense. Can you tell us what that run rate looks like maybe as of the last quarter?And as revenue begins to scale, how should investors think about you needing to potentially add in new operating costs?

Yes. Good question. So we have really done a good job of coming out of last fiscal is reducing our spend and burn rate. So we are really happy with that. And a part of that is the fact that customers are choosing to deploy more in cloud rather than private data center, the maturity of our technology and also the fact now that people are choosing to take our technology on a smaller footprint. So they're actually saying, hey, we believe we can run this in a kind of tighter technology environment. So we believe that we're driving the cost in the right way, which is down, which is good for our customers as well, okay? So we're performing completely in line with our budget for 2025. The good news is that the software business model allows us to scale revenue materially without any real big growth in our cost structure. So we've built it in such a way, and I've been involved in many software businesses, so I'm very familiar with the model is we need to drive the top line, but we need to make sure that, that doesn't push up the bottom line in line with that. So if you think about the way we can scale through -- I just talked about the Sparkle model, I talked about working through distributors, and I also talked about the fact that we have mature software ready to go now. It means that we incurred a lot of the costs that we've built ourselves in terms of a structure that can grow without materially growing the bottom line as well.

Yes. I just want investors to understand what kind of operating leverage there is in the business model. It's been kind of early in the company's maturation, but there's a significant opportunity there to generate positive income and cash over time as the business scales A bit of a follow-up. I mean, can you talk about your comfort level with your current capitalization?

So I mean, that's something we constantly monitor the situation. But at this moment, we're comfortable. So I think as we -- as I just talked about in our cash burn and where we are as a business, we feel comfortable with that.

I can appreciate that. And more of, I guess, a theoretical, but how do you think about the profitability? And as revenue begins to scale, do you want to show the model can be profitable? Or would you prefer to reinvest any kind of incremental dollars back into the business and help drive the top line. It's kind of a delicate balance. So just kind of curious from a strategic standpoint where you guys stand?

Yes. Again, another good question. We're a growth business, okay? So we want to take every dollar and put that into the growth of the business. So I think we're focused today of coming out of the kind of deep tech build that we've been in, proving the business, revenue generation is our key objective. So that putting the software model through the partners and resellers I talked about. So we want to grow without materially adding additional investment. So it may make sense at some point to think about profitability. But right now, we're just very, very focused on growing the business and the top line.

Great. And then obviously, the levers for profitability are there over time as we just discussed. So ARQQ shares increased meaningfully in 2024 versus -- up almost 200% versus the Russell, which is up kind of 10% or so. What do you attribute the increase in investor demand to? And what might be driving new investor attention that we haven't discussed today or that we have discussed?

I think at the very top of the call, the very top of our chat, it's -- quantum computing is real. It's coming, yes. So this is -- I say it again, it's a call to arms. So we're the only public company that addresses this quantum risk to current encryption. So we're the people out there to do it. So there's been a tremendous round stocks on quantum computing. So I talked about D-Wave earlier. You will have seen that as well. And I think that's driven by company news, broader news in the marketplace. I talked about Google's Willow chip AWS, so that's Amazon, have talked about their Quantum Advisory service. And I think it brings us more into focus, and we benefit from that market awareness right now. So we're seeing -- as I say, I think previously, we felt like it was kind of more market education as we're developing a lot of our technology. I really feel now the market is educated. So the level of knowledge in the market has gone up substantially, hence, the understanding of the threat and the understanding of us being -- I kind of call it, we're the antidote to that, okay? That's how we like to think of ourselves.

How should investors be thinking or what should investors be thinking about or calendar 2025 in terms of the business?

Yes. So I think I said revenue is the key. Revenue is primarily what we're thinking about. And I think our measure of success is as we start to think about those contract wins and getting those names out there is how we're going to judge ourselves. And I hope investors would look at that as well as, hey, what's the progress we're making. We talked about some relationships already and we think about how we monetize those, how do we turn those into results. And we really hope very shortly to be talking about winning contracts defense and with additional telco operators. So I talked about Sparkle, and I talked about the number of proof of concepts that we've been doing. So how do we think about those? So just reach my water here. And also then we have opportunities, we have opportunities, as I said, in U.S., U.K., Middle East. So globally, these are really starting to come alive. So I think right now, if people are watching anything like Bloomberg or CNBC, they will see that almost daily, they're talking about quantum stocks, and they're helping us really kind of educate the market. And you'll see the CEO of some of those quantum companies on there talking about the opportunity. But as I said, it's a positive opportunity and negative opportunity for the bad actors. And I think, again, the government has made it very clear, this is coming, you need to act, you need to do something.

In terms of a driver of the stock, do you think that kind of industry chatter or at least bringing quantum, the risk of quantum to the forefront is almost as important as any kind of news flow coming directly from the company at this point, just in kind of bringing more investors under the umbrella?

Yes. It's a good question. It's a good question. I think for us, we are -- we're creating an ecosystem, if you think about it, and a network. So I talked about the partners in terms of route to market, there's the quantum computing companies. There's the industry standard bodies of which there are many, by the way, but the ones that we kind of predominantly in the Western world think about. That ecosystem is just getting stronger and stronger, and we like to think that we're a central part of that. And as I said, it's the only public company that provides this, it just puts more and more spotlight on us at the moment. So I'd like to think if we have this conversation 1 year from now, all those verticals in all those geos at different sizes, we'll be having more detailed conversations about the uptick in adoption for those organizations.

Great. Well, I think this is probably a good place to stop for today. I want to ask any investors on the line to please direct any questions or follow-up to me. And Andy, on behalf of myself and H.C. Wainright, I want to thank you for your time today.

Thanks, Scott. I really enjoyed that. Thanks for the questions.