Infotrust Ltd (ITS) Earnings Call Transcript & Summary

Well, good morning. It looks like everybody is in. So, this morning, myself, Julian Challingsworth, the CEO; Simon McKay, the CEO of the cyber team; and Paul Miller, our CFO, are going to present through what I think is a culmination of a number of years' work to get Infotrust into the position it is now to go forward as a leading cybersecurity practice. Next slide, please. The half that we've just closed out has been transformational for Infotrust. I think it was capped off at the most recent period, a week or so ago, with the disposal of Nexgen, our cloud and communication business. This team was a fantastic contributor to the business over a number of years, a strong business, but not a strategic fit with the organization with our cyber-first strategy going first. So, the team is moving to Aussie Broadband, which I think is an exceptional fit for them and helps us realize the value of that business. It's a transaction of up to $50 million that will enable us to recycle those proceeds into scaling up our cyber business and completing a number of acquisitions that are in our pipeline to really focus on being a cyber-first business, building an organization that has strong recurring revenues, has a national footprint and delivers to more than 1,000 customers and growing at the moment. A key part of that transaction is $44.1 million on completion, with completion expected around the end of March. So, we would look to see cash inflow at the end of March, early April, and then a second payment of up to $5.9 million based on achievement of targets in FY '26 and/or FY '27. So, I think absolutely transformational for us. It enables us to reduce our debt overhang. It enables us to reduce or to lean now into the acquisition pipeline and more rapidly scale up the business in areas where we've had geographic gaps, or we need new cyber capabilities that will complement the organic and internal ones that we're creating but perhaps offer us some different capabilities to take to market. Fundamentally, I think key highlights there, requirements for the acquisitions will be typically cash and a portion of equity. The immediate pipeline can be filled with proceeds from the sale of Nexgen. As we now complete the divestment of non-core assets, we'll be consolidating into a single business unit. And the end result of this makes us the largest sovereign pure security player in Australia. I think this has been enhanced by the fact that 3 of our key competitors have been acquired over the last 6 months. I think the market would have seen Accenture acquire CyberCX at 20, but also 20x earnings. Also, 2 of our other competitors, the Missing Link, was acquired by Infosys at an estimated 18x, and Sekuro has also been acquired by an American software distribution firm. So, we see real market movement around organizations wanting to have a strong cyber presence in Australia. We are building for scale. Today, we're building to be the #1. We're building a strong culture that supports customers. But as you can see here, the largest pure-play sovereign organization on the ASX, something that we're proud of. But also, this divestment and this rightsizing of the balance sheet really is the firing of the starting gun for us to scale up both organically and inorganically across Australia, and real emphasis this year on uplifting our brand and uplifting the capabilities and the size of projects that we undertake with our customers. Next slide, please. Some very pleasing ongoing results in there. Some of the highlights. Cyber organic EBITDA growth year-on-year, we are expecting to see between 15% and 20%. Our managed technology team, albeit coming from a lower base, where in FY '25, they broke even plus a few hundred thousand. We are seeing very strong growth in that team, very much focused on selling managed technology that correlates with the security offers that we undertake. So, everything within that team is very complementary and aligned with our cyber-first strategy. Across the business, 41 new logos were signed in the half, is a testament to the sales team that's coming together. The offers that they're taking to market, and how they're being received, but that is absolutely the strongest growth we've had in a number of years. I think importantly, close to 90% of our sales in half 1 were recurring in nature. So, not one-off projects, not individual pen tests, but engagement with customers for multiyear projects, either multiyear managed services, multiyear managed product deals, and even some of the services that were historically sold as one-offs that are now being bundled as multiyear services, are starting to gain traction within the customer base. The SOC up in Brisbane, this has been a core part of the security offer for Infotrust. It has really started to hit its straps in customer acquisition. It's taken some significant investment, and Simon will talk to the ongoing investment in uplifting the capabilities there. But we are starting to see very reasonable growth out of there. I think potentially 1 to 2 new customers a month, and something that historically has been a slow grower but a valuable contributor because they're multiyear deals, but really starting to see the acceleration of that and finding some good niche offers that will extend that going forward. And then to wrap it up, guidance for the second half. I do understand that our results are a little bit messy with the divestment of Nexgen and the accounting standard of holding assets for sale. They are a little bit more complex than normal sets of accounts, and Paul Miller is on the phone. He can take questions and guide anybody through that process. But I think, importantly, for the second half, we are providing guidance at $3 million for underlying EBITDA, which is up from the first half. And also acknowledging by divesting Nexgen, we have fixed the debt overhang. We've increased our firepower to do acquisitions, but we are still not at a scale that reflects some of the costs. We do plan to fill that in the very near-term with some high-quality acquisitions that we have been evaluating. And as we get more certainty on those, we will be very much updating the market. But that is something that is an absolute focus for the team at the moment. Next slide. So, I hand over to Simon here really to draw out some of the highlights from the team, but to focus on some of the high-growth organic areas that we're seeing.

Yes. Thanks, Julian, and good morning, everyone. So, my role is really to drive the cyber business, which is really a role I've had for 11 years now, but just on a larger scale. Exciting time for us. I think the divestment of Nexgen really now gives us an opportunity, as Julian said, to right size the balance sheet and focus on bringing high-quality, good margin cyber-focused businesses into our organization, and we're well connected in that space as well. So, in terms of that sovereign cyber-first, it's an important part of our messaging given the acquisitions that have happened and the businesses that Julian had mentioned in Australia, we are in the top 4 cyber practices that are sort of known within our industry. So, Sekuro, Missing Link and Infotrust, all sit around the same sort of size in terms of reputation, number of people and products and services. So exciting times in terms of some of the market movement but definitely puts us in a position now to really leverage that sovereign-first Australian go-to-market, especially as we look to build into new geographies like Canberra and some of the states further West. And the branding has been a big one. We've collapsed the house of brands now and retired some of the older legacy MSP and telco associated branding. And so, bringing everyone into the Infotrust fold gives us a really clear message to our partners, to our investors and to our customers as well critically. But what it also does is enable us to bring those traditional managed -- IT managed services aligned to a cyber-first focused offering. And so, behind the scenes, what we've been doing for the past while is building out security-focused managed service offerings that are more profitable for us and larger in deal size. So less of the one-off transactional deals that Julian spoke about earlier and more of the programmatic higher-value, higher-margin multiyear contracts. And I think that's best demonstrated by the number of SOC deals that we've closed. So, our SOC is our security operations center, very well established, but so much white space with 1,000 customers in our base and around 30 SOC customers, there's huge opportunity just for us to drive that product into our own customer base. And we've had some really good success this year. The pipeline is very strong. And that's given us the ability now to reinvest in a SOC uplift program that will enable us to lower cost and drive more margins into those opportunities. So, the deals we do going forward will deliver a better value and result to our customers, happier customers, which will drive stronger retention, but also mean that they're far more profitable for us as well, so we can scale in a more meaningful way. We are now 250 people, which, again, in the Australian cyber ecosystem puts us in that top 4 in terms of capability, technical expertise and velocity of people that can go and service these customers. So, we're winning a lot. We aim to bring on 100 new customers this year. We've brought on 41 so far, and that continues to expand as we grow the sales team out. We've brought on a couple of more sellers in January. And so, as they get up to speed over the years, we'll expect that to continue to grow. We are a big, heavy new logo-focused team. And so, we split ourselves to be hunter farmer focused. So, we farm into the 1,000 customers, bringing more products and services that they continue to consume, but we have a keen eye on making sure that we're also driving new customer acquisition to continue to feed engine. In terms of the key high-growth areas that we are focused on, the SOC uplift program I've touched on, and that's really important for us to drive more profitability into a very good service line that is mature. We've brought in new leadership across the board and a higher level of skills to drive more of an enterprise focus. So, our product deals will be -- our SOC deals will be larger just by virtue of the fact that the customer sizes are bigger. We can solve more difficult challenges and so continue to grow from SMB all the way through to enterprise. The 2 newer areas, we started -- we had a data practice a couple of years ago, and we've really now accelerated that. The world of data privacy and protection or data security is a huge growth area and very problematic, more regulatory oversight, more governance, and more liability at a Board level and an exec and company level is driving businesses to make sure they understand how they manage, control and who has access to their data. And so that for us is a big area that we've already built a significant pipeline and are winning a lot of deals. We're one of a few cyber practices in Australia that have moved quickly with this. And so, we are seeing significant 7-figure pipeline being built and executed on already. And we expect that to grow as we continue through the year. The newer practice is identity. So, identity has been around for a long time. This isn't a new area of cybersecurity. But again, it's very problematic. And we sort of go through waves through the whole threat landscape as the as the industry evolves. Identity very much is dig for the bad actors. If you listen to any cybersecurity experts or any panels, conference or go to any conferences, everyone will talk about trying to get hold of identities as the easiest way for a breach to occur. And so, our role in that is to help organizations to understand a good identity strategy, put governance in place and then sell the products and the controls to manage that part of the environment. And then not just sell the tools, but also help customers run the tools as a managed service. And that's where our managed technology team has joined to help make sure that we've got multiple go-to-market annuity revenue streams when we're selling these offerings to our customers. Next slide. Paul?

We seem to have lost Paul right as we go into. Sorry, technical -- was disconnected there. We seem to have lost Paul right at the finance slides, but you can see that there are some significant changes. We've had to recognize some impairment under the accounting standard AASB 5, which required us to, as at 31 December, hold the Nexgen communication and cloud assets as discontinued operation. You can see there sort of high single-digit growth across our revenue from the continuing operation. I think that is really underpinned by high growth within the cyber practice and very good growth in managed tech but also recognizing that half 2 is really the largest period for us in cyber. Traditionally, Q4 is the strongest, but half 2 typically represents 60-plus percent of the business for that practice. Underlying -- Sorry, Paul?

Yes. Sorry, Julian, my apologies, I dropped off. So, I'm not quite sure where you got to, but maybe I'll just sort of jump in from the top, if that's okay. So look, I guess, as Julian sort of referenced previously, the key point to note when reviewing the H1 results is that the financial performance has been separated into continuing operations, which is our cybersecurity segment and our discontinued operations, which is our cloud and communications segment, which if you look in the financial statements has been classified as held for sale as at 31 December 2025. The impact of that classification was a noncash write-down to bring the carrying values in line with the $50 million maximum consideration that Julian has previously outlined. Other key callouts, which, again, apologies, which I think Julian started to go through was that we have moved to that single reporting segment being cybersecurity. So, security is now inseparable from managed technology and all the offerings are aligned to delivering that secure business outcomes to our customers. The top line revenue from our cyber segment improved half-on-half by 9%, as we've shown on the slide. So full group and full group being continuing and discontinued, underlying EBITDA was also up by 7%. Underlying adjustments are now largely just share-based payments and M&A-related costs. So, we're moving to that basis. As noted on the slide, growth in H1 was curtailed to a degree by some cash constraints within the business, which held back growth initiatives in the various business lines. And those constraints will be lifted following completion of the divestment in Q4. The other point that's worth noting in regards to the bottom line result for the half is that it's net of finance costs of $1.2 million. So that is -- that finance cost is obviously the cost associated with our interest and our facility fees on the debt layer. So, following the receipt of the divestment proceeds, there will be a rebalancing and a lowering of that expense line in H2, which will flow through. So next slide, please.

Sorry, I think Paul is having some technical issues. I think these slides are relatively straightforward to understand. You can see that there's been a debt overhang within the balance sheet with net debt sitting at just over $26 million. This will clearly be resolved as we receive proceeds from ABB towards the end of March. I think the main drivers in here is actually resolving the balance sheet debt overhang and enabling us to have the firepower to undertake the acquisitions in the pipeline. And we plan to keep the debt facilities in line with what we think is a good target at ongoing EBITDA to 2. Prior to that, it's been high. We've received feedback from shareholders and others that over 2 is high. We've really considered that and think that under 2 is definitely our position as we move forward, but we'll keep everybody updated on that as we undertake the acquisitions over the next couple of months, but I think you will fundamentally see an organically strong business going into '27 with a number of acquisitions really building the scale of the organization across the cyber landscape and the geographies that we want to be in. Next slide. So, I think as sort of wrapping up before we take some questions, FY '26 has been transformational after a couple of years of restructuring to organize the business, the rebranding and putting the foundations in place. Through half 2, you'll see ongoing profitability growth. The half is a very strong half for the business. We've got all the building blocks in place to really scale up in the second half, but with a desire to really grow across '27 and '28 year as a consequence of the investments that we've made into improving the business and now the divestment of Nexgen really fixing the balance sheet issues that we've had. The team focused on margin accretive opportunities, really improving the margin across the customers we work with and the average deal size. As our brand and reputation gets stronger in the market, we are trusted with much bigger deals, things that are strategic within our customer base, and that drives bigger deals, happier team members working on more interesting things and happier customers as we deliver strategic outcomes for them. Proceeds eliminate the cash constraint that Paul reflected on in regard to half 1, which is positive. And then sort of really wrapping up that underlying EBITDA guidance for half 2 to exceed $3 million and become the foundation for us going into '27 to be a high-growth cybersecurity business in Australia. So, I will stop now. We've had a couple of questions come in. So, I'll get those. But look, if anybody else has any questions, please log them in there, and we'd be happy to spend some time on them.

So I have one question. Following the capital infusion from the Nexgen divestment, how is the company prioritizing cash flow sustainability? Could you provide specific examples of initiatives aimed at strengthening the cash flow position? Yes, I can. So there's 2 sides to that. One is on our cost base side. We have invested very heavily over the last 2 years in core platforms in the business centered around Microsoft and ServiceNow. We are really starting to see the benefits of those now in automation and improving processes within the business that have historically been very manual. That is allowing us to scale faster without adding headcount. And in some instances, redeploying headcount in processes that have been automated into new areas that are more value-adding to customers. So Simon also discussed the SOC uplift program, which has a focus on improving margin for our customers there. I think that will be twofold. I -- it will enable us to improve margin or it will enable us to take a similar margin, but make the SOC offer more attractive to a customer segment that may not have had a SOC previously. So to give us more scale, which then creates ongoing synergies. So I think it's the sustainability of cash flow is hugely important. We would like to turn the cash into strong organic growth and use it to fund inorganic growth through some of the acquisitions. So I think we are very conscious of maintaining discipline in that and putting it into the activities. Having come through 2, 3 years of very tight cash flow, we have built a lot of muscle memory in how to do that. So I think we're well-positioned. There's another question. The company keeps changing directions as well as names. I think I ask the Board and management are they going to be consistent? Well, I think we've been very consistent actually for over 2 years, we've said it's a cyber-first strategy. Our key actions have been to rebrand around our primary cybersecurity segment. I think the Infotrust name is very well-received in the market. It's very well known within the security community across Australia. It has over 11 years of legacy in the market with quality outcomes and quality people associated with it. So I see the rebranding as very positive. And I think all of the activities that we've undertaken to date have been to streamline the business, make it more sustainable, make it cyber-first and build a platform for scale across the Australian market as the largest sovereign player. So I think, yes, we promise good things, but we're also delivering good things. And see that the opportunity now with the restructured balance sheet is right in front of us to scale up and achieve our mission to be that #1 player in the Australian cyber market. Guidance for sales is 15% to 20% versus 9%. So the guidance for sales is 15% to 20%. That was actually guidance for EBITDA within the cyber segment, not for sales. We haven't provided any guidance for sales. What are the key drivers behind the acceleration? I think there's a number of things. One is scale. Two is the fact that we've had the opportunity to build a full team. I think Simon can chime in and talk to the fact that over the last year, he's been able to rebuild parts of the business and bring in some senior leadership that has now meant that we have the right team in the top layers of the business and now are really focused on adding billable resources underneath there to scale up around those areas. But Simon, do you want to talk just quickly on why you see earnings growth being so strong at sort of 15% to 20%?

Yes. Thank you. I have a number of reasons. But as you've alluded to, a lot of our cost has gone into the early part of this financial year to build or bring in the right people to grow the new practices or help us invest in improving what we've already got. Our business is seasonal anyway, and a lot of our more profitable business happens in H2, as Julian said earlier, and especially in Q4. So 60-odd percent of our business and our earnings happened in H2 and 40% across the year happened in Q4. And so it is a seasonal business. The good news about that is a significant portion is contracted. So it's already recurring revenue. It's renewals that happen in the business. The growth that we deliver is based on a small percentage of the new logos or the new revenue that we bring in.

Thank you. There's a question here that we get quite a lot actually, not just from investors, is AI an opportunity or a threat? So well, I think it's an opportunity for us. And on a number of fronts, it's an opportunity for us to improve our business internally. It's an opportunity with our GRC practice and our managed tech who are actually generating more work working with organizations and boards to write AI strategies around security. Our data privacy practice is seen as very foundational for organizations who want to undertake AI work, getting your data structures right, securing your data, making sure your LLMs are learning from the right data is a huge opportunity. It's not without risks, and we sort of keep an eye on them. Certainly, the threat actors are leveraging AI. The attacks are becoming faster, more prevalent and higher quality than we would have seen a couple of years ago. So responding to that at scale is something that we've been good at because our key business partners are incorporating defensive AI into their product stack and being one of the stronger partners for the key people we work with and having an engineering capability to be able to digest the new capability, understand what it means for our customers and then go and have sensible conversations with our customers on how the defensive posture can be improved, the controls can be improved by leveraging some of the new capability within their product stack is a core part of our business.

So, can I add to that, Julian, as well?

Yes.

So, we're not a software company. And I think the write-down that you've seen globally has been very much based around AI being able to replicate or supposedly replicate software that exists from a security perspective. We work on the other side of that. So, we see it as a huge opportunity in that we can leverage those AI technologies to reduce our own cost, as we've spoken about. And we're doing that across our core platforms, our SOC certainly, reducing the people that we need to do the more manual tasks and actually respond quicker to threats and breaches when they occur with our customers. So, really leveraging the benefits of the AI technologies. So, we'll get the internal benefits, but the more the bad actors use AI, the velocity of attacks increases, and therefore, breaches. And so the reliance on us from a consulting strategy and even governance, helping boards and executive teams understand how they can leverage AI in a secure way, is a lot of the work that we do right now. We didn't put it on the slides, but we are building an AI practice as well. And so that's already happening. Where the revenues will come from initially is the consulting piece and helping customers' government around controls or AI controls that are already being used within their organization. So huge opportunity for us and something we're building a plan around already.

Thank you. The next question is, will the acquisitions we're working on fill the EBIT gap left by the divestment? I can't talk to individual acquisitions until they firm up. And when they do, of course, we will announce them. But the goal is, yes, to quickly fill the gap. We've been well aware that this is coming through the divestment process, which has run for many, many months. We were well aware of the gap. We always had a strong plan for inorganic growth. We just needed to be in a position to fund it in the most capital-efficient way. And we didn't think that was by going to the market and raising cash. We thought that a better alternative was to divest Nexgen. Now that, that's happened, we can accelerate the process on those acquisitions that we have been working on. But yes, the plan definitely fill the gap and beyond. We would like to be a high-growth firm, ambition to be organically growing over 15% organically and potentially 15% inorganically a year. The market is there for us. Cyber is getting strong investment from customers. We have a great brand and a great team. We now have an opportunity with a strong balance sheet to pin our ears back and dive right into that market and be the firm that we all want to build as a leadership team. There's a question now. Are we looking to provide services to the defense industry, or grow this area? The government will always spend big dollars on defense. I know Tesan had a big defense practice. This is definitely a growth area for us, probably first of all, Canberra as a geography. Canberra is sort of a very unique geography in that it's very parochial, for want of a better word. They really like people with local experience who live there, who understand the requirements, who understand the unique needs of government. It's a difficult market to just enter from Sydney or Melbourne. We have a plan around that. We have identified some strong candidates within our acquisition pipeline. So, I see that as an area that we would definitely like to grow into. In the background, we have been preparing to do that. We have a dis application in, so that we can sell through the defense industry service panel. We have a number of our team members who are security cleared and who are providing work in the sector. So, we're starting to be able to scale up. But I think one of the early ambitions for closing our acquisition pipeline will hopefully be something in that geography. But as soon as it's announceable, I'll let you know. But over the next couple of years, Canberra and the defense industry supply chain, both in Queensland and South Australia, are very attractive areas that are making a lot of investment that do need strong security posture, and that's something our team can deliver to them.

There was a question separately that came in earlier, whether the group is aware of or has assessed emerging secure digital identity and wallet technologies, and whether these types of products and services could be relevant or complementary to our cybersecurity offering. I'd say our assessment of products and services coming into market and beneficial to our go-to-market is something that we've really built a lot of maturity around. So, we now have internal product teams led by our CTO. We're constantly assessing the market, and identity is definitely a space that we've outlined as a huge growth area. It's a big portion of the cyber landscape now, and it's been around for 20 years, but incredibly difficult. So, the answer is not specifically a yes or no on that component, but more broadly, we're always looking at newer areas of cyber that aren't being addressed well. And the legacy or the history of Infotrust has always been identifying tricky areas that aren't resourced well, or customers need help where we can drive higher-margin services or bring newer products or controls to market from the U.S. or Europe that aren't known here. And so, we've done that with the likes of CrowdStrike and Netskope and abnormal security, most recently, Cyera. So, Cyera, for those that aren't aware, sits in the data security space. It's the unicorn of the cyber world right now, one of the most heavily invested cyber products globally ever. And so, we're the first go-to-market partner that they have here. And again, we've got an acceleration of the pipeline that isn't just built around products, but service governance strategy, and then a managed service to deliver ongoing annuity revenues and profitable margins. There was another one there might be for me. Is there a certain level of scale required in order to improve margins using AI? And is this an option available to your competitors? I'm not sure about a certain level of scale. I think we're already using AI, and most businesses are in some form. And so, I think it's more about improving margins using AI for us are very prescriptive. And so, we have experts in the business who are trained on using AI models and AI tools. So, we probably have an advantage just by virtue of the fact of the industry that we're in and where we play. But our plans do include implementation of AI tools or leveraging more of the components that we have access to for our own benefit and our own efficiency, which will drive improvement and reduce cost in the way that we work anyway, but also in terms of the offerings that we take to market. And I'll use our SOC as an example because we're evaluating a bunch of AI technologies now that will automate up to 60% of the manual work that happens within our SOC. And so that isn't about reducing headcount. That's actually about being able to scale without having to continue to bring on or rely on finding experts in the industry. If we can automate as much as possible and drive a better outcome for these customers, the people that we have can focus on higher-value tasks, which means we retain them because they're growing their own skills, and they've got a career path for themselves as well. In terms of is this an option for our competitors? Of course, if we're leveraging the benefits, then no doubt our competitors will be as well.

I think logically, it's available to competitors. I think our big 3 competitors are going through integration with large companies, earn-outs, and complexity related to their transactions. So, whether it's a priority for them, we'll see. But it is for us to build a sustainable business that we want to grow. So, we'll continue to invest. Questions just come through there. Is the market for cybersecurity acquisitions such that you can acquire at less than the 7x multiple, you sold Nexgen for? Yes. Look, valuations in the businesses vary based on the mix of recurring revenue, mix of scale, and type of customers. But across the portfolio of things that we are looking at, at the moment, the average multiple would be less than 7. So, we are replacing the earnings at a slightly lower multiple across the portfolio. Now I don't know which ones exactly will drop in that mix. But yes, they are less than 7. So positive there in terms of replacing the EBIT at slightly lower than 7 multiples. I think the questions have started to slow or grind to a halt. So look, I want to thank everybody for joining. This is our first use of Investor Hub, and it seems to have gone quite well. Any feedback is welcome. I think the details are available on our announcements, and we welcome the opportunity to have conversations and talk more about the business, and definitely welcome the opportunity to talk to you about your cyber requirements for any organization that has those as well. But thank you for your time this morning. We look forward to updating you on the acquisitions in the near-term as we progress through those. Thank you very much.

Thanks, all.