Gen Digital Inc. (GEN) Earnings Call Transcript & Summary

Well, good morning, everybody. Thank you for joining us, and welcome to the Nasdaq Conference in association with Morgan Stanley. My name is Hamza Fodderwala. I'm the cybersecurity analyst here at Morgan Stanley. And we are very pleased this morning to have the team from Gen Digital. We have the CEO of Gen Digital, Vincent Pilette; as well as the President, Ondrej Vlcek, who is also the former CEO of Avast. Thank you so much for joining us, gentlemen. Before we begin, I do have to read a brief disclosure. For important disclosures, please visit the Morgan Stanley research disclosure website at www.morganstanley.com/researchdisclosures. So with that, we'll kick it off.

So Vincent, maybe I'll start with you to kind of level set everybody here who may not have been following the story as closely in the last couple of years. Can you give us sort of a quick recap of some of the major changes that have gone on to really evolve what was once NortonLifeLock into Gen Digital? And how do you feel that the company today is appropriately prepared for where the consumer security market is evolving into for the next 10 years?

Yes. Thanks for your question, and good morning, everyone. This is actually the first time I'm doing conference in person since COVID. So I'm as excited as the first time I did that 15 years ago as a CFO, same goosebumps. It's also the beginning of a new chapter, as you mentioned, as we just launched Gen Digital as a new company coming from the merger of Avast and NortonLifeLock. Three years ago, NortonLifeLock, which was a division of Symantec, realized there were 3 trends that were happening in market. The first one is that consumers were spending more and more time online in many different ways, not just banking or shopping but also learning and socializing, and that created an exposure for themselves. The second trend is that the hacking activities were becoming more and more sophisticated. It was not just being a malware on a device to log the device and do other things. It was about phishing, scamming and taking data in multiple areas to really create a risk for the users, not for your device. And the third one is that hacking was becoming a profession. It was not anymore a fun activity to lock computers and be in the news, but it was really about now having tools, even renting tools, to do some damages and get some proceeds and then using the dark web as kind of the gray market to reselling those proceeds. And those 3 trends were increasing the risks for consumers. So at that time, 3 years ago, we decided to sell the Symantec enterprise business and set up NortonLifeLock as a stand-alone company dedicated to the protection -- digital protection of the consumer's life. We set a strategy to be just the best cyber safety platform for consumers, full stop, and then build adjacent services on top of that, that would increase in value because they would be in a trusted environment. We launched 3 years ago Norton 360, the first integrated cyber safety protection for the users, for the human being, that for a membership fee, you could benefit from all of the innovation and the evolution of the environment. We accelerated our marketing activities to really drive that notion. Over the last 3 years, we returned the company to a mid- to high single-digit growth rate, turned about, at the time, 23 million consumers, paid consumers, to adopt 60% ratio this Norton 360 membership concept and really focused on that. Strong from our success, we looked at other companies say, "Okay, what are we missing to be able to be that best cyber safety platform for consumers?" And that's when we met with Ondrej, who had similar views, and he will tell you about the strategy and say, "Hey, if we come together, we're going to increase the scale of that platform from about 23 million paid customers to 65 million paid customers and from roughly 80 million free users to over 0.5 billion users." The scale would give us the advantage to increase our innovation, be more global, expand what is still known as cybersecurity into cyber safety, which includes identity, privacy and other elements of that protection. And early September, that's what we did. We closed the acquisition of Avast, which we really positioned as a merger, bringing the best of both company and be really well positioned to tackle this new challenge, which is building adjacent trust-based services on top of the cyber safety platform.

Got it. So this is no longer your grandfather's antivirus market, if you will. This is a holistic consumer cybersecurity platform that's protecting not only your device but your online identity, your online footprint in general. Ondrej, I want to bring you in the conversation. So you started Avast long after McAfee and what was formerly known as Norton began. And you saw this sort of shift towards wanting to have more consumer security as more and more people were using the Internet. Can you just give us a sense of where you see the market heading? And what made you want to start a consumer security company in the first place?

Yes, absolutely. Thank you. Well, first of all, what I think is that the situation has really changed compared to when we started. When this company started, obviously, cybersecurity was a really niche thing, and also technology was a niche thing kind of for IT specialists, et cetera. Today, we are totally surrounded by technology. In fact, technology or software, shall we say, is the elementary basic fabric from which our society is built and born. And so that has some far-reaching consequences when it comes to risk related to cyber. The way Avast was built with the freemium model in the first place was to disrupt the kind of muddy waters of the Symantecs and McAfees of this world back then in the early 2000s. The freemium model has proven to be very viable, in fact, today has become sort of standard for all sorts of categories of software, including mobile, where you see probably more software titles being offered initially for free and then upgrade it to paid versions. That model in security was novel though when we introduced it and has kind of led to the success of the company. Now moving forward, to Vincent's point, we absolutely see that the set of problems that consumers are facing cyber-wise has extended well beyond antivirus, binary threats. In fact, this year, it's probably the first year we are seeing a slight decline in the number of threats, binary threats, such as viruses, et cetera. I mean, for many years, they have -- for 30 years, consecutively, they've grown. At the same time, the number of threats that are more cognitive threats or that are using social engineering tricks that are somehow trying to trick people into doing something have grown substantially. So overall, the cyber problem has become much worse, but the way these attackers work has changed dramatically, from binary malware to more social engineering to more phishing threats and all sorts of other things that technical details that we probably don't have the time to discuss. But for us, the elementary -- the basic thing is to figure out how to protect consumers against all these kind of threats independent of how they are happening, when they are happening or what other means the attackers are engaging, so really being proactive and understanding those and giving it as a service to the consumer with no real expectation that the consumer understands this stuff. For us, our promise to the consumer is that we'll take care of their security needs, privacy needs, safety needs. And it's our job to come up with all the solutions in a holistic way and bundle them in such a way which is kind of, through the membership, people can get a real peace of mind. That kind of is the brand promise that we have here.

Got it. Got it. So the name Gen Digital stands for Generation Digital, which is basically every generation, whether it's Gen X to Gen Y, et cetera, needs to have some sort of consumer cybersecurity. I think the one pushback I get from investors is, well, you have native security features in a Microsoft or a Google or Apple, and you touched on this a little bit already, but why pay sort of the premium, let's say, for a solution like Gen Digital?

And I think all of the applications today have some sort of security or safety of some form, but the primary mission is to deliver the value of their services, whatever that is. And security is kind of a minimum table stake that you have -- you need to have. Our sole mission is to provide that consumer cyber safety, wherever it's coming from. Our entire 2,000 engineers and overall budget is dedicated to really focusing on all the threats, wherever they're coming from, without biases, and providing that overall safety umbrella that consumer would want to have.

Got it. Okay. So when you think about sort of the market opportunity, so you mentioned you had about 25 million subscribers that were directly paying you. And then I think you guys had about 15 million or 20 million. But there's probably like over 100 million households in the U.S. alone. There's billions of users. Where do you think you can get to from a paid customer penetration standpoint as a combined company over time?

I think we first look at -- rather than looking at where we're starting from, first, look at whoever is connected to the digital world would have some sort of risk or exposure. And there are 5 billion people that have some sort of digital lives and, consciously or unconsciously, are leaving digital footprint here and there and are creating exposure. Our view is that normally 5 billion users should use an overall cyber safety umbrella of protection if they don't want to carry some risks. That's where the freemium model becomes very interesting for us, is kind of the top of the funnel, where we can give a first taste of a total cyber safety protection to consumers and then add value as we go. You mentioned we have about 65 million paid customers. Some are direct customers. Some are through indirect solutions. And then we have 40 million paid customers that directly benefit from our total portfolio. And I think, again, our goal and ambition is that 5 billion Internet users can say, yes, I have peace of mind. If I have an issue in the digital world, I know what to do and where to go.

That's kind of the main idea behind the new name, Generation Digital, as in everyone who's connected to the Internet really is -- I mean the aspiration for us is to ultimately serve all these people.

Got it. Got it. So if we look at the last 12 to 18 months, Vincent, so Gen Digital's growth is not as correlated to PC demand as some of your other competitors, right? You don't sell to the OEMs. That being said, we have seen a bit of a decline in the subscription additions. How do you think about the demand environment normalizing going forward post what was likely a COVID tailwind for everybody?

Yes. So there's definitely today macro level headwinds, whether it's the inflation; the consumer sentiments; for us, the currencies; some political volatility in Europe, as you know. All of that is playing an overview on the demand. And we've seen it through the e-commerce traffic that we have. But we have today a well-positioned portfolio where we can really grow and focus in the short term as we integrate the 2 companies, growing the value per user. So in addition to continue to grow new members, we're already focusing on moving members from basic security, which they have, to have a full cyber safety protection. At NortonLifeLock, we had taken that mission, and we moved from almost everybody on just a product and, in over 2 years, moved 60% of people through a membership. As we bring the Avast customers, we have the opportunity to enrich the cyber safety membership and then move it up to the value that we sell to consumers. As we brought the 2 companies together, we're back down to 30% membership. And when we enter into a membership plan, we see a higher engagement, a higher retention, a higher ARPU. And so that's a big vector of the growth in the short term. And then as Ondrej mentioned, we'll continue to innovate. The threat environment is dynamic. It's evolving all the time, and constantly evolving through innovation is a primary vector of long-term growth.

Got it. And that's a good segue into the next question. So starters, congrats on finally closing the transaction a couple of months ago. So you spoke to the synergies, right, both on the cost and the revenue synergies. And when I talk to investors, I don't think that there's too much pushback on the cost side. On the revenue side, you mentioned $200 million of revenue synergies. You identified 6 initiatives there, things like cross-sell, upsell, things like improving the Avast retention rate. Can you talk a little bit about what are the major drivers of that $200 million? Are there 2 or 3 things that make up the majority of that? And how do you -- what's sort of the time frame to get there?

Yes. So not to totally underlook the cost synergies, we've identified $300 million of cost synergies. The 2 business models were almost identical in operations. And it's a business that, if it grows in member, doesn't scale in operating activities. And so we go through the step of reidentifying all of the overlapping activities, whether they're jobs or assets or contracts and we're driving them. The reason you underlooked it is because we've gained the credibility of delivering on what we said and have very, very high confidence that we will deliver, of course, those synergies and maybe more. And we say, as we identify more, we'll use that as reinvestment to support the growth. In the acquisition model, we had not identified revenue synergies for many reasons. We knew there were some, but we did not bake them into the financial transaction. And so as soon as we closed on September 12, we started to look at, one by one, the revenue synergies, about 6 initiatives of those. The #1 of them is to increase the retention on the Avast side. NortonLifeLock was an 85% retention, Avast about 65%. We've identified the source of the different gaps, and we have a plan to drive back to a model that is realizing the differences, geographic differences, our business model differences. So half of that, I have pretty good confidence on what to do and where to go. The second one is really about the cross-sell, upsell. We mentioned that NortonLifeLock is strong in identity. Avast had a strong push around privacy. Together, a more comprehensive cyber safety, security being the bottom, then having some privacy and then some identity protections and providing a full portfolio to our entire installed base over 500 million users and 65 million paid customers, as I mentioned. The third one is really about expanding geographically. Avast was really strong in some regions like Latin America, where we are in North America. In Europe, we had a good mix. Strong in Asia. We're strong in Japan. And I think overall, we can bring a set of trusted brands and rich portfolio across all geographies. The fourth one was to expand new go-to-market initiatives, such as, for example, our push into the SMB, which Avast had a small start, into a small [ beach ] into and then we're going to push from there. The fourth (sic) [ fifth ] one is the e-commerce activities, where Avast was outsourced. We had in-house. And we have a good mix merging all into one platform. And then the sixth activity is about the marketing optimizations where the freemium model was essentially of convert free to paid. We're all about driving our message for a premium offering. When you combine the 2, we see a lot of marketing efficiency we can gain.

So no one denies yours and Ondrej's track record as operators, but a 20-point improvement in retention is a lot, right, from 65 to 85. So could you give us a little bit more color as to how you actually plan to close that gap?

So we didn't promise 20 points of retention. We recognize that differences in business model. NortonLifeLock is at 85. Avast is 65. We believe we can bring Avast from 65 to 75. And on a merger basis, we'll be somewhere around high 70s. We definitely understand the activities that we've done on our side and what has happened on the Avast side. To be able to drive higher engagement, to move to the membership platform, move to the common e-commerce platform, that will be the source of the improvement. There will be remaining about 10 points of structural delta between the 2 businesses linked to either the geography, in -- by geography, retention can change or to the business model as a freemium to a premium model. It's a different dynamic.

Got it. So on the cost synergy side of the equation, you outlined $300 million of annual savings. And by the way, that alone gets you to $3 of EPS exiting fiscal '25. Can you talk us -- what are some of the low-hanging fruits of that $300 million? And how do you get to those cost savings while still having enough flexibility to invest in some of those longer-term growth initiatives that you've outlined?

Yes. And starting with the end, clearly, everybody said, "Oh my God, you're pushing $300 million cost savings to the bottom line." The reality is those business are very duplicative in activities, and you can really merge the entire set of operations to serve a bigger user base without growing your cost. And so it's really a time to efficiency, and we are balancing reinvestment of the excess savings, if you want, into growth activities, with the drive to the bottom line for better efficiencies. Overall, we started with the easy one. In G&A, nobody would doubt that there's a lot of savings. We know how we're doing that. We have a lot of track record in both companies in doing it. And we've already deployed on November 1, 6 weeks after the close of the activities, we were on 1 full set of applications, whether it's Workday or ERP systems, and transacting as 1 company. So very fast activity based on the experience. Then you have the normal activities that are a little bit more like around marketing activities where we have now a go-to-market that's addressing all set of brands as one channel in each country or in each activities. So we've merged those teams. The savings still there have to be produced because it goes over time, but the structure is there, [ equalized ], deployed on a combined basis. And then the longer tail is all around the product. Avast, when they bought AVG, developed a white label model, one set of common architecture, Lego box that you build and then drive the brand strategy on top or inside, if you want. That has a longer pole. It's 12 to 18 months. We have a very strong team, a CPO from NortonLifeLock, a Head of Development from Avast combined. They're really working on developing an aggressive plan there. And we feel very, very confident. Do you want to add anything there?

No. I would just say that about half of the cost synergies come from headcount. The other half comes from systems and kind of infrastructure rationalization, and we feel pretty comfortable on both sides.

We call those in our company conditioned to be in the job. So this is not our objective. We're not rewarded on those. It's all about, guys, to be able to deliver and innovate on our agenda, we've got to be lean and integrate fully. So we're really running that as a condition to be able to address our agenda moving forward.

So Ondrej, how would you say the integration is going so far?

I would say very well. I'm very pleased, especially about the cultural aspect. I have to say that my biggest worry in deals like this is not getting the spreadsheet right. I think that actually is the easier part. The harder part is the people component. That is the question of how the teams will be able to work together where there is still -- we had the kind of yellow shirts and orange shirts or jerseys. Is that still going to be an issue kind of 2 months in, 6 months, et cetera? And I have to say from what I'm seeing so far, none of that is happening. People are really -- the teams have been working very well together, the executive team. We have kind of taken the approach of full integration here, that is, it's important to say that some companies when they acquire other companies, take the approach of kind of keeping it separate and operating it as a stand-alone subsidiary or a stand-alone unit. That's not the case in our situation. We immediately set up a new leadership team for the combined company that had representatives from both sides. And these people are overall responsible for all the brands and all the entire business. So the chief -- I don't know, Chief Product Officer is responsible for all products, Chief Commercial Officer for all sales of all products or all brands, et cetera. And so making it work on the cultural level and making sure that people can work together from both sides, absolutely essential to make this model work. And again, so far, so good.

Got it. Any questions in the audience? We have one over here.

Just a quick one. I remember I think it was early this year as Avast, you started to invest in the kind of digital trust assets or identification. I think it was SecureKey was one of them. How should we think about areas like digital trust or next-generation identity? Is this a revenue generator? Or is it a retention kind of improver? How should we think about that?

Yes. Well, let me say also, kind of taking a step back, I'll get to the question -- to the answer to your question. But when we kind of defined the purpose of Gen, we used the word powering digital freedom. And powering here is important to point out as in building new systems. It's not just about protection. It's not about security. It's actually a building system that will be inherently more secure but will enable new businesses or new things to happen in the digital world. And so the identity thing may be a good example of that where it's not necessarily about building systems that are protecting or providing more security. But it's more kind of building infrastructure on which then is -- I mean it's more private and more secure by definition, but then new things can happen. We are going through all the products right now as in all the assets that we have in the combined company. The digital trust services as we call it internally, the digital identity group definitely is one of them. We feel like it is the right space for us. We are definitely investing in it, but we don't have any product in the market yet. And we will, of course, be communicating that as we go.

I think you may recall in our Analyst Day 1.5 years ago, we said, "Hey, we want to be the best cyber safety platform and then build trust-based services on top." I think Ondrej stole our name. And when he bought those 2 companies, and actually it's more than buying those 2 small companies, which he discussed with us. It was really about bringing also inside R&D to enable and build the technology that would enable us to deliver those trust-based services in the long term. And that's what Ondrej said, that we see it as an enabler.

[ Stefan ]. A quick question. Could you elaborate one more time on your competitive environment, how you compete and like how you differ in terms of your technology stack? And from the outside, sometimes it's really difficult to see the differences in technology and where you're further ahead.

I'll pass it to Ondrej for the technology side. But let me first explain to you from [ how I perceive ], how I see it. First, you have to recognize that we're not talking anymore about device security or even data security. It's about cyber safety around the human being. So it's about providing you peace of mind for your entire digital life so you can benefit from the digital world safely, privately if you choose so and protecting your identity. And we see 3 set of competitors on the spectrum. First, there is the, on one side, the small startup. There is a lot of innovation actually happening in this space because it's in a transformational space. It's not anymore just device security. It can include many different aspects, and you're going to have a lot of startups trying to build, from a different angle, a broader portfolio, that cyber safety that we've defined. In the middle, you have the competitors that they were a direct compare to our NortonLifeLock, Avast. You would have a McAfee. You could have NordVPN. You can have other companies that are there trying to also do the same thing, provide a total comprehensive protection for your digital life. And then on the other end of the spectrum, you have bigger companies that, from a different angle, are also interested to understand that overall cyber safety for the users. So you could have the credit bureaus that are trying to say, "Okay, but we also [ would like ] digital identity of some elements. How do we provide that broader digital protection?" You could have insurance companies that are buying some of that identity protections. And so the dynamic can come from many different angles, all building the same idea, which is how do I give you peace of mind? It could be technology-driven. It could be service-driven. That's why we call it solution from us. It's not just technology. It's also, what is the service? Could be an insurance service. It could be just a telesales services that helps you understand how to protect your digital life. And then underlying that, we always see it is the big tech companies. You have a Microsoft. You have Google. You have an Apple that have different angle but have some sort of trying to broader, whether it's a privacy angle or a security angle or something else. So that's the spectrum. Let me...

I'll just say on the technology side, really, since like 10, 15 years ago, security and safety has become very much a game of big data. That is the more that you can see, the more that you can understand what's really happening, how the attackers are behaving, what new tricks of trade they are engaging, et cetera, the better you get. And so that's where the 0.5 billion footprint that this company has really comes into play because these users not only work as some sort of top of funnel for cross-sells, upsells, but they also provide those valuable security data firsthand in real time. So that's number one. If you realize like there's not very many companies in this world that have similar footprint that we have, and we're really benefiting from that. The only companies that have this kind of footprint are big tech. So Microsoft arguably has even bigger footprint. Google, Apple, same thing. Their problem, though, is that in their security efforts, if you look at what they are doing quite carefully, they still are keeping that mindset of closed gardens. That is walled gardens, where Microsoft really is focused on protecting the security of the Windows endpoint. Same for Google, Apple. I mean I don't have to mention how Apple is protective about their own ecosystem and kind of ignoring everything that's happening outside of it. So that notion of Gen, which is very, very independent and very agnostic of all the platforms, realizing that consumers today live in a totally heterogeneous environment where they are using a plethora of devices across all different platforms coming from all these big tech companies, and we are providing security no matter what the device is. Really focused on the individual is what makes us different.

All right. I guess with that, we'll wrap it up. Ondrej, Vincent, thank you so much for your time.

Thank you.

Thank you.

Thank you for joining.