Gen Digital Inc. (GEN) Earnings Call Transcript & Summary

Hi, everybody. This is Nikolay Beliov, one of the software research analysts here at Bank of America Technology Research team. I'm happy to moderate today a panel with NortonLifeLock. The company is represented by Vincent Pilette, the Chief Executive Officer. And also, we have an unexpected guest. Samir, the President, will be with us today. Thank you, guys, for joining us. Thanks for taking the time.

Sure. Thanks for inviting us.

Just to kick off the conversation, Vincent. It has been a little over 6 months since the sale of the Enterprise business, and where do we stand today? Just like take a minute to do the rearview analysis of the situation. And maybe to -- as a follow-up, how has COVID changed your strategy in any way over the next 12 to 48 -- or 24 months?

Yes. Let me go back to November 4 when we sold the Symantec Enterprise business to Broadcom. We see that as the birthday of NortonLifeLock, a cyber safety company focused entirely on consumer, with a mission to build a cyber safety plan, enabling consumer to operate safely their life digitally. So that's our overall mission. The division of the company NortonLifeLock comes from the mix of Norton Security products, merged with identity products from LifeLock. And the team build up an integrated platform, Norton 360, that offers cyber safety features for a membership fee. At different level of memberships, you have access from basic core security and privacy features all the way to full identity restorations and insurance services. The company, up to now, had been focusing on integrating that platform, launched it on April 2019. As we became fully focused on the consumer market, we started to increase our marketing spend to where it was in the past. And as you know, we're 90% a business that sells directly to consumers through our e-commerce platform, and so marketing is basically our sales engine. So coupled with the Norton 360 platform, reinvigorated sales engine or marketing engine, we've seen our first 2 quarters good early traction on both adoption of Norton 360, a stabilization of the customer count that had been declining in the past and, basically, a return to growth with booking growth in the range of around 4% to 5% in the last quarter. So we're very excited by those early steps. Our underlying structural growth opportunity is the fact that consumers in the past had one digital device, then they moved to multiple devices, then multiple operating systems, from desktop to mobile, from windows to multiple operating systems. With the acquisition of LifeLock, we became very user-centric. And from a user perspective, then your applications and digital identity also started to grow. If today, maybe a consumer has an average 15 to 20 digital identities, within the next 5 years, they'll have 50 digital identities. And operating there digitally in a cyber-safe environment is very important. COVID-19 was basically a shot in the arm, validating this long-term hypothesis, that more and more your life will move digitally, not only you working from home, but now your kids are studying online or my mother who's over 70 now shopping online, which she never did before. And so that basically has opened also a bigger platform for cybercriminals to operate in, and our mission is to protect consumer against that cybercriminality.

So Vincent, how does COVID change in any way the strategic priorities over the next 12 to 24 months? Any changes to your product road map, go-to-market strategy, et cetera, purely based on COVID?

Well, I think, COVID has accelerated the underlying move of consumer doing more and more online. Along with that, we've accelerated what we're doing. So we didn't change what we did, but we accelerated in certain aspects. As you know, Nikolay, in November, we announced that we're going to invest $100 million in marketing on an annual basis to reinvigorate our growth and to support the launch of Norton 360. With that, of course, we've tweaked some of those marketing messages towards more educational messages as new cohorts came online with the need for cyber safety. Same on the product side. We reinvigorated our family plan that allows parents now to track kids' online activities and maybe better frame those activities. And you'll see more and more of both new messages and new features coming up as we build towards our long-term vision.

Okay. Okay. Just taking a step back, now that the Enterprise business is gone, you, Vincent as the leader of NortonLifeLock, what cultural changes are you instituting inside the company? I mean can you describe the culture of NortonLifeLock now as a stand-alone entity? And I would imagine there's a lot of changes going on internally. Would you like to talk about that change?

100%. There's been a lot of changes. There are multiple cultures for those who come from the Norton side, those would come from the identity Lifelock side, the U.S. versus international. And then at Symantec, they had a mix of enterprise and consumer-centric cultures, which, as you know, have different attributes. As we became NortonLifeLock, we really focused on becoming a consumer pure-play, so consumer-centric culture. And the 3 key things that Samir and I are really focusing on is being more scrappy. And in the enterprise, there's a lot of overhead and infrastructure costs to support talking to CIOs and others. Here in our company, every employee is a consumer. Every employee is both in sales and using the product as a customer. And the scrappiness, the ability to do things yourself, is a very important aspect that we've started to build. And you've seen in us lowering our G&A from 7%, 8%, now down to less than 5%. We continue to do that. Speed is the second element that we really value. Again, in the enterprise, you may need to have a longer process to make sure that the high quality is there. In the consumer side, you need to have a high velocity and move by trial and error. And if things work, then you double down. If things don't work, you roll back. So speed of execution is absolutely an important one. And the third one is being innovative to make sure we can launch new features, and don't only see this as a security and a privacy angle but a broad vision of cyber safety, which can include many elements and new areas around privacy and right to be forgotten, et cetera. And that needs to be integrated into the culture as opposed to be just security and identity being overall cyber safety. Samir and I are definitely finding those values in common and play like almost brothers here at the helm of the company. I don't know, Samir, if you want to add anything on that one.

I think you hit it well. And if I would just take it to the next part of the question one could ask is what's the outcome of the culture. And taking what Vincent shared, it's quick to changing and adapting, hence, the speed. It's becoming customer-centric, so to make sure everything we invest in building is creating new value based on our trust brand with our customers. And it's also ensuring that we have a diversity of point of views and people that are contributing to all of this. Given the fact that the attackers out there don't discriminate between age, race and color, part of our contribution to innovations, making sure we have a good cross-section of inclusion.

And Samir, maybe just to double-click on the innovation engine. Going from 10, 15 digital identities to 50-plus in a few years, that's a lot to manage. This just gives more attack surface for the bad guys, right? And just tying that to the strategy around Norton 360, what are the 3, 4 key products right now? And where are you taking this over the next 12 to 24 months in terms of product functionality in the context of what's happening out there, the massive increase in digital identities, et cetera, et cetera?

It's a great question. So if I look at it from the lens of the attacker, and that's where part of our innovation is driven; and then the second lens is the lens of the victim, the customer, and that's another pool of where our innovation is focused. So from an attacker standpoint, you're creating identities, you're transferring identities, you're storing them, and you're managing and using them. Each of those areas, to use your term, is a surface area that can be attacked on. And that is traversing everything from telehealth to gaming, to all facets of life across the spectrum. And each of those things has a commensurate solution area that we're targeting. And so how do we frame it? We look at the prevent, the detect, the respond and the recover. So prevention is something that security often has a key attribute related to. When it comes to detection, that's where identity monitoring, things like the Dark Web Monitoring solution that we started with. We're expanding other areas we can monitor and alert if someone's identity is being abused or misused. And then when it comes to restoration and recovery, there's a whole gamut of things that we're looking at from privacy-enabled solutions to new capabilities around creating pseudo identities for customers. So the way we're looking at it, from both the attacker and the customer lens, is how do we look at the life cycle of an identity, which now all of us are adopting throughout our lives to enable; and then how do we look at how we prevent, detect, respond and recover each of those, taking the scale and advantage we have in terms of having a strong security identity restoration, privacy and home and family footprint as a starting point.

Got it. Got it. I think you guys launched a dark web product in Japan. How is that going? And is that going to become part of Norton 360?

The...

Yes. We...

Go ahead, Samir.

Go ahead.

Yes. We started in Japan. And in essence, it is something that we've expanded to the U.S., and we're also expanding to other countries. It's been received really well. I mean if you think about what the dark web is, it's part of the Internet that isn't visible to search engines. And when there's a major data breach, it's where your information gets sold between the attackers. And so part of the Japanese focus was there was a lot of information that, that culture and that market would like to know if they had already been breached. In the rollout of that program and that capability, it definitely led to a lot of success and new customer adoption and allowed us to parlay them into a broader Norton 360 capability around cyber safety. With that as one element of identity, there was also of the elements of security to prevent it and as well as privacy. So it is something that we're taking the learnings from and will be expanding to other countries that we'll share in the near future.

And if I can add one thing, and this is a perfect example linking back to the culture and the Norton 360 platform that we've launched, right? So we have an innovation engine. We have over 1,000 engineers. We spend about 10% of our R&D -- 10% of revenue on R&D. And we want to increase the rate at which we launch new functionalities, all integrating to one common architecture. When something works well, like Dark Web Monitoring that we integrated into our Norton 360 and has good reception in the market, then we can double down, both on the marketing message and then on the expansion and rollout into new countries. And you'll see us doing more and more of those launching new functionalities to build up cyber safety. Sometimes those functionalities enable us also to offset some commoditization at the bottom of the portfolio, and we leave that into the Norton 360. But we add new functionality for the same membership, and that has helped us maintain a very high retention rate of slightly over 85%, as you know.

Got it. Vincent, how do you look -- I mean you guys made a conscious choice to keep the LifeLock name, and it's NortonLifeLock. How do you manage 2 different brands?

Yes.

Why did you make the decision to go with 2 brands? How do you manage 2 different brands? How do you create the impression in the market that it is actually 1 brand? And what are the risks of that strategy?

Yes. As you know, I spent 7 years in the consumer world, and managing a multibrand company for consumers is not something unique. Now we have 3 brands. We have the Checkmark, which is universal and very well-received. It has an element and value of trust. When you see the Checkmark, you know it's from NortonLifeLock and it's secure. We have the Norton brand that comes a little bit from early on, from the roots of security but expanding into new functionalities, globally very well-received. And then we have the LifeLock brand that basically identify or create an identification towards safety for your identity. And that's very strong in North America. At this point in time, we felt that keeping the values of all of the brands was a very important one, building on what's that core, which is that Checkmark embodying like trust. And you'll see us, where it makes sense, use multi brands and be able to leverage that as an asset for us.

Got it. Got it. Just wanted to circle back on Norton 360. I think you launched it April last year, and I think you said it's 25% of the base now. Question here is, is the 25% comparable to a number you guys used to give, call it, consumer digital safety adoption, which was 17% in fiscal year '19 and 11% in fiscal year '18? Are these comparable metrics, the 11% and 17% and the 25%?

Somehow. So that metric was basically made of customers that has more than 1 product, so 2 products in the product line, was closer to a bundle. Norton 360 offered an integrated platform in which the customer has access, of course, to more than one functionality, multiple functionality. So in a sense, you could. I think Norton 360 is more stringent. And despite that, we now move 25% of our installed base into that architecture. The new customer coming in over the last 2 quarters were, in the vast majority, on Norton 360. And as you know, we've been pushing that as the overall strategy. Some investors are asking me, "Hey, will you be more than 25%? Do you see, in the 3 years, will you be 100%." My answer to that is the vast majority of our installed base, over time, will be on Norton 360. We may have a few cases where it makes sense to maintain just one single product line to attract some customers who still want just one simple product simplicity and just that functionality. And then we would have a bridge, if you want, for the customer to experience a broader set of features from our portfolio by migrating to Norton 360. So let's say, in the next 3 to 5 years, I would say, 2/3 or 3/4 of the installed base, we predict, would be on Norton 360 platform.

So Vincent, what does this mean? What is the price uplift to you guys from a customer moving to Norton 360, an installed base customer moving to Norton 360?

Well, so at this point in time, the 2 ways of moving to Norton 360, one is to move to a membership that's equal to the customer's current adoption of products 1, 2 or more that he has, and then to move into 1 single membership for the same price. And the other path, of course, is to upgrade towards the Norton 360. At this point in time, we've realigned the price to favor if you want to bridge from multiple products you would have into Norton 360. And then the value creation from that is not only to be on one integrated platform. It's also what we've observed is, when you're on that platform, we can have more positive engagement with the consumers. It's not only about an antivirus and engaging when something negative happen, but it's also positively engaging on VPN when you're on an unsecured area, on storing new passwords or other things. And what we've observed is that customers on Norton 360 would have a slightly higher retention rate than the overall. And so the first value on Norton 360 is the engagement and higher retention. And then moving forward, of course, we hope to continue to delight every customers on their membership and offer a high-level membership by continuing to building up the features of cyber safety.

So as Norton 360 moves from 1/4 of the business to 2/3 and maybe even more than that, how should we think about ARPU growth trends going forward? ARPU has been growing 2%, 3% in the last 4 quarters. Is ARPU going to accelerate?

Yes. So the team, as you know, in the past, for a couple of years, has been integrating LifeLock into Norton. The team focused really on building Norton 360 and did not fully invest into the marketing engine. As they did that, they saw an improved engagement with the customers, and the retention rates that moved up to 85% was a very good achievement. At the same time, they moved the ARPU, as you mentioned, up to $9 per month or $108 per year, crossing the $100 view. As we became Norton LifeLock for the last 2 quarters, we've rebalanced the objective. And we have as objective #1, as Samir mentioned, the voice of the customer, customer satisfaction. So the Net Promoter Score is our #1 internal metric. And the derivative of being are we successful is, are we growing the customer count? Our objective is to really bring as many people as possible to experience that cyber safety plan, an integrated platform for a membership fee that gives you access to multiple safety features. And that's the goal #1. And then, of course, we continue to try to engage more with our customer to maintain the 85% retention, maybe increasing in the Norton 360. And then, of course, the ASP is a function of the value we provide. In our road map, in our development plan, we see new features that would lead to higher level of memberships and so continue to increase the value -- forget the price for a minute. The value we deliver to consumers is a huge focus for us. And with that, it can drive the ARPU up. But frankly, at this point in time, it's customer growth, even if they come at a lower level of membership, bringing them to experience this integrated platform is our objective #1.

Okay. So just to summarize, it's a little bit more like ARPU versus unit growth. Let's say, if you guys are growing 5% at some point, would it be like equally split between new customer growth and ARPU? Or ARPU might be higher than new customer growth?

Yes. As you said, right, so the company was -- or the division was kind of flattish, declining customer count and improving ARPU and retention. We want to find a better balance. We want to, number one, increase customer count even if that means that they join just at the first level of membership for a lower ARPU. And then, when the customer is in, we want to improve the first-year experience, which would then increase the retention. And then we want to offer more and more functionalities that would increase the ARPU. It's in that order of priority that we want to drive and qualify our growth. I think, overnight, I could try to grow 5%, but I would not do it in a sustainable way. The way we've done it here, the way we're approaching it is really to grow for the long-term, building that vision of cyber safety.

This is -- next question is also mine and also just got it from an investor here. But it has to do with -- Vincent, how do you think about growth versus margin overall? Why keep the business at 50% and grow low single digits? Why not lower margins to 45% and start growing mid-single digits or high single digits? How do you think about this trade-off? Wouldn't the story become more appealing to investors if you lower already high-margin profile a little bit but then reaccelerate significantly the revenue growth rate? How do you think about that?

No. 100%. I'm 100% with you that it would be more attractive to grow. We believe we have a huge opportunity. But as always, it's a matter of credibility, training and time. We -- as I mentioned, we became NortonLifeLock on November 4, 6 months ago. At that point in time, Nikolay, as you remember vividly, people did not even believe we could become lean and mean and that some of the stranded costs would be staying in the company forever. 6 months later, that totally evaporated, and people understand that we have made significant progress in building up credibility in operational excellence. Then we said we're going to return to growth. And as you know, in fiscal year '20, last year, Q1 had a customer decline growth and a booking decline growth if you normalize for the first week. And then in the first quarter of our last -- Q3 and Q4 of last year, we grew bookings around 4%, we stabilized customer count, even grew sequentially customer count. We're not there where we want to be, but we're definitely making good progress. And revenue will catch up to bookings over the next now remaining 2 quarters, but it takes about 4 quarters or 12 months to really align bookings and revenue in a subscription business. Delivering that is very important. In the meantime, we did deliver, while we were returning to growth and operating profit margin slightly above 50%. And at that time, 6 months ago, customer -- investors were saying, "Hey, I don't think you can both grow and maintain 50%." And we've proven that. And so before we say, "Hey, do we want to grow at 9% at a lower operating margin," let's first get there where we said we would be. And frankly, Nikolay, I don't know yet if I would have to give up operating margin points to be able to grow faster. Because it's really a mix of your innovation, the value you provide to customers and your operational excellence. And it's a delicate balance to find, and we are aggressively pursuing it with, again, objective #1, bringing more customers to experience cyber safety.

Got it. That makes sense. I have a few questions coming in from investors here that are getting deeper into the financials. One is, does the guidance of $900 million in free cash flow include the $70 million, 7-0, annual payment for the repatriation tax?

I'm not sure. So what we said in long-term metrics is that we're going to get to a low- to mid-single-digit guidance for the top line. We'd operate the business at 50% operating profit margin. We would then, at that point in time, with share count reduction, deliver $1.50 EPS. And at that level of business structure set, we would deliver $900 million of free cash flow. The tax rate is using that. I think we've disclosed in one of the slides on the IR deck is around 24% onetime specialized payments from the past of -- financial history, if you want. It's not including that overall long-term or short -- mid-term, short-term, long-term business structure that we've highlighted.

Okay. Any update on the real estate situation? Are you still confident that you can get the main campus sold by August?

Oh, August is your date. I never mentioned August, but okay, got it. Look, here's what we said. We said that, hey, by the end of the year, when we had initially planned the transition to last all the way to the end of the year, we would have both eliminated all stranded costs and we'd have sold our underutilized assets. Since then, we reduced the stranded cash cost to around $750 million, and we've generated $750 million of cash from the sales of 2 small businesses. We're now left with the real estate for value about equivalent of another $750 million. Right pre COVID-19, we were on round 2 of offers for each of the buildings we have vacated. And we are very close to close those transactions. Obviously, when COVID-19 happened, both the commercial real estate investors have paused, and the strategic potential buyers have paused as well. And then past March, we saw reengagement with the investor side, not yet the strategic side, the investor side. And we said we would be confident that we'll be able to sell the real estate within the range we've given. It might take a little bit longer than expected so I might not be able to close it by August, but we will be able to do it within a reasonable time frame. That's our current view. That has not changed, and we're working. We're vacating the building. A sub-question I get from investors also is, does the delay or slowdown in the sales of the building impact the elimination of stranded costs on P&L? And the answer is no. Those buildings have been vacated, put on the balance sheet as asset held for sales. And our -- again, a little bit like the long-term model with the EPS, our business, if you want, is now consumer only and focusing on that.

Got it. Here's another investor question. What's your assumption for TSA income for the upcoming quarter?

Okay. That would be too detailed. We've not shared that. Happy to have a follow-up online to see if there is a more technical question. But we finished all of the TSAs with Broadcom at the end of April. The cost -- the stranded cost, overall, as we explained many times, are all over the P&L between continued operations, OpEx, OI&E or discontinued operations. And depending on the activity, there are different places. For the TSA cost, if someone works on a TSA and goes in OI&E, then comes back in the P&L when you finish that TSA. In Q1 here, this current quarter, we will still receive payment for the TSA that finished at the end of April. The payment of those TSA, or reimbursement of those TSA cost, goes into OI&E. We're not providing a guidance on that line, but obviously, all payments as well as costs have been built into our EPS guidance for the quarter.

Got it. Another detailed question from investor, how much cash taxes are left to pay from the enterprise and other asset sales?

Sorry, I didn't hear the question, Nikolay. Can you repeat the question?

How much cash taxes are left to pay from enterprise and other asset sales?

Cash what? I didn't hear. Sorry, the cash...

Cash taxes. Cash taxes.

Okay. I do not know that answer. And then, again, happy to follow up. I think we've paid the vast majority in Q4. I don't remember the exact amount. It's in our IR deck. Top of mind would be $1.9-something billion, and that would be, I think, almost it. So if something is remaining, it would be almost immaterial.

Got it. One more question from investor. You guys are popular today. You used to talk about 3x net debt target. You're well below that this year. How do you think about that going forward? Would you leverage to buy stock and get back to the 3x net debt target that you originally set?

That's a good question. That's a good question. So I mentioned our long-term target around the EPS, right, growing at low- to mid-single digit, 50% operating margin and then, through share count reduction, getting to $1.50 EPS. We -- right after earnings 2 or 3 weeks ago now, we bought back a convertible debt, which eliminated about 30 million of share dilution, so part of our objective to reduce share count and get to $1.50 EPS. With that, obviously, debt went down. It was about $625 million. And then we used some cash. We have today a net debt at around $2 billion. As we generate $900 million of free cash flow on an annual basis, that net leverage will continue to go down. In terms of capital allocation, structure, policy or strategy, I'm not sure what I should use. We want to continue to run lean and return cash to shareholders. We have 2 objectives. The first one, as we start to grow organically and have launched Norton 360, is to use our cash to continue to invest in the business and accelerate the growth. We can look at tuck-in acquisition functionality we may not have that may be financially interesting to add to the portfolio to build that cyber safety vision. And the second objective is to continue to retire shares or reduce the share count. And that's the current assigned use of strategic cash, if you want. Obviously, we have our regular dividend in place. I believe that, that 2x net leverage, we have a very resilient business model, very profitable business model. We can continue to do and contemplate different things. And when or if we have update, as we discuss quarterly this topic with the Board, we'll make sure our shareholders know. But just make no mistake, our objective is definitely to use the cash to both grow the business and return it to shareholders.

Got it. I guess questions for you both, Samir and Vincent, how do you think about Microsoft? The threat from Microsoft with embedded security, which seems to be their Defender product seems to have been -- gotten better. And what are you seeing, broadly speaking, on the marketplace and market share shift between you guys, McAfee, Trend Micro, Avast, et cetera?

Do you want to take it, Samir? If not, I'll take it. So again, it goes back to our overall strategy, right? Norton started with security products to upgrade, if you want, the security features of the core operating systems. And of course, the operating system, in terms of security, continues to improve as we move forward. Our focus has shifted from being device-centric -- then being multiple device and multiple OS-centric to now being user-centric. And as we discussed, right, we have ID restorations. We're going to focus on enablement and protection of the digital identities, offering security or supplemental security options but, on top of that, offering new and new functionalities, offering ID restorations for special cases, moving internationally. So that's with the strategy, building up the portfolio towards a cyber safety plan, if you want, as opposed to upgrading the functionality of a device.

Got it. We're almost out of time, Vincent, would you like to share any closing remarks with investors?

No, I can. Absolutely. So I want everyone to know that we really view our company as kind of 2 quarters' old. We have $2.5 billion start-up. We are running up the management team, building up our operational processes, and our entire objective is to develop this portfolio to build a cyber safety vision or plan, which is something new. We'll try a lot of things. Most of the time, we have a good handle on our consumers because 90% of them comes from our e-commerce platform, which is a huge advantage. We have a brand that means trust and gives us the right to play in many adjacent markets. And every quarter, we'll give you progress towards that vision.

Thank you, Samir and Vincent, for joining us today. Enjoy the rest of our conference and your conversations with investors. And everybody on the line today, stay safe and healthy. This concludes our presentation with NortonLifeLock. Thank you.

Thank you, Nikolay.