WhiteHawk Limited (WHK.AX) Earnings Call Transcript & Summary

[Audio Gap] The Board has resolved to hold the meeting virtually. My name is Terry Roberts, CEO and Chair of the company. I would like to note my fellow directors and guests in attendance. Mr. Phil George, Non-Executive Director; Ms. Melissa King, Non-Executive Director; Mr. Brian Hibbeln, Non-Executive Director; Mr. Kevin Kye, Company's Secretary; Mr. Kevin Goodale, Chief Financial Officer; Mr. Cameron Hume, from RSM Australia, the company's external auditors. And also with us is our Chief Operating Officer, Ms. Soo Kim. The format of this meeting will be comprised of 2 parts. We will first start with formal business of the meeting. Once we have completed the formal business of the meeting, we will give a presentation on the company, which is being released to the ASX and then also via our website. So with the formal part of the meeting, it should be relatively short. After which, we will get into the progress of the company over the past year and outlook of the business in 2022 and ahead. Visitors and media are reminded that whilst we welcome you to this meeting, it is a shareholder meeting and you may not make comments nor ask questions. For shareholders, there will be opportunities to ask questions. [Operator Instructions] For any questions relating to resolutions of the meeting and questions relating to business operations and other matters, those will be answered at the end of the presentation on the company. Please start your question with resolution for us so that we can address questions at the appropriate time. Regarding voting procedures. All resolutions will be decided by way of a poll. Shareholders, proxies and attorneys participating in the Annual General Meeting will be able to vote using the live voting platform supported by the company's registry Atomic between commencement of the meeting and the closure of voting as announced by the Chair during the meeting. The results of the meeting will be published via the ASX announcement platform after the meeting. Please refer to the Notice of Meeting and/or company's website for links to live voting. Should you have any issues and/or not being able to access live voting, please contact via chat functionality of Zoom app or Zoom website or [email protected]. I am advised that we have a quorum, and I declare this meeting open, and live voting is now open. Notice of this Annual General Meeting has been given to shareholders in accordance with the company's constitution, the listing rules of the Australian Securities Exchange Limited, ASX, and the Corporations Act. A copy of the Notice of the Meeting has been lodged with the ASX and posted to all shareholders. I table the Notice of Meeting dated 31 March 2022, which is taken as read. I will disclose to the meeting how many proxies have been received for each resolution, and we'll invite questions prior to declaring passing of the resolutions at the end. We will now turn to the business of the meeting. Receipt and consideration of financial statements and reports for the period ended 31 December 2021. This agenda item is intended to provide shareholders with the opportunity to raise questions on the consolidated financial statements, the directors' report and the auditor's report and on the performance of the company generally. It is not the purpose and there is no requirement either in the Corporations Act nor in the constitution of the company for shareholders to approve the financial report, the director's report or the auditor's report of the meeting or that the financial statements and reports be accepted, rejected or modified in any way. No written questions to the auditor under Section 250PA of the Corporations Act were received by the cutoff date, 5 business days before this meeting. So I will now turn to the resolutions to be considered. I will follow the procedure for conducting shareholder meetings described in the company's constitution. Resolution 1, adoption of remuneration report, nonbinding resolution. Under the Corporations Act, the company must put the adoption of its remuneration report to the vote at the Annual General Meeting and must allow the shareholders a reasonable opportunity to ask questions about or make comments on the remuneration report, which was included in the company's annual report for the year ended 31 December 2021, lodged with the ASX on 28 March 2022. Although the vote to adopt the remuneration report is advisory only, it must still be put to members at this Annual General Meeting. The resolution before you is to consider, and if thought fit, to pass the following resolution as a nonbinding resolution. That for the purposes of Section 250R of the Corporations Act and for all other purposes, approval is given for the adoption of the remuneration report as contained in the company's annual financial report for the financial year ended 31 December 2021. I now disclose to the meaning how many proxies have been received concerning this resolution and how the proxy votes are to be cast on the resolution. In total, 40,210,937 valid proxies were received; of which 38,261,031 votes were in favor of the resolution; 1,442,262 sic [ 1,442,162 ] votes were against the resolution; 18,645 abstained; 507,744 discretionary. Resolution 2, replacement of constitution, special resolution. The resolution before you is to consider, and if thought fit, to pass the following resolution as a special resolution. And for the purpose of Section 1362 of the Corporations Act and for all other purposes, approval is given for the company to repeal its existing constitution and adopt a new constitution in its place in the form as signed by the Chairman of the meeting for identification purposes. I now disclose to the meeting how many proxies have been received concerning this resolution and how the proxy votes are to be cast on the resolution. In total, 66,227,056 valid proxies were received; of which 64,464,077 votes were in favor of the resolution; 1,267,235 votes were against the resolution; 181,125 abstained; and 495,744 discretionary. Resolution 3, election of Director Brian Hibbeln, ordinary resolution. The resolution before you is to consider, and if thought fit, to pass the following resolution as an ordinary resolution. That for the purpose of Clause 14.4 of the constitution, Listing Rule 14.4 and for all other purposes, Brian Hibbeln, a director who was appointed casually on 31 August 2021, retires and being eligible, is elected as a director. I now disclose to the meeting how many proxies have been received concerning this resolution and how the proxy votes are to be cast on the resolution. In total, 62,233,537 (sic) [ 66,233,537 ] valid proxies were received; of which 65,554,593 votes were in favor of the resolution; 197,200 (sic) [ 193,200 ] votes were against the resolution; 174,645 abstained; and 485,744 discretionary. Resolution 4, reelection of Director Philip George. The resolution before you is to consider, and if thought fit, to pass the following resolution as an ordinary resolution. That for the purpose of Clause 14.2 of the Constitution, Listing Rule 14.4 and all other purposes, Phil George, a director, retires by rotation and being eligible, is reelected as director. I now disclose to the meeting how many proxies have been received concerning this resolution and how the proxy votes are to be cast on the resolution. In total, 66,233,538 valid proxies were received; of which 65,132,319 votes were in favor of the resolution; 615,475 votes were against the resolution; 174,645 abstained; 485,744 discretionary. Resolution 5, issue of incentive performance rights to Director Brian Hibbeln. The resolution before you is to consider, and if thought fit, to pass the following resolution as an ordinary resolution. That for the purposes of Listing Rule 10.14 and for all other purposes, approval is given for the company to issue 1 million performance rights to Brian Hibbeln or their nominee under the incentive performance rights plan on the terms and conditions set out in the explanatory statement. I now disclose to the meeting how many proxies have been received concerning this resolution and how the proxy votes are to be cast on the resolution. In total, 40,224,954 valid proxies were received; of which 37,868,773 votes were in favor of the resolution; 1,873,767 votes were against the resolution; 94,632 abstained; and 482,414 discretionary. Resolution 6, approval of 10% placement capacity, special resolution. The resolution before you is to consider, and if thought fit, to pass the following resolution as a special resolution. That for the purpose of Listing Rule 7.1A and for all other purposes, approval is given for the company to issue up to that number of equity securities equal to 10% of the issued capital of the company at the time of issue, calculated in accordance with the formula prescribed in the ASX Listing Rule 7.1A.2 and otherwise on the terms and conditions set out in the explanatory statement. I now disclose to the meeting how many proxies have been received concerning this resolution and how the proxy votes are to be cast on the resolution. In total, 65,742,560 valid proxies were received; of which 63,812,613 votes were in favor of the resolution; 1,427,533 votes were against the resolution; 665,625 abstained; and 502,414 discretionary. For all resolutions, the company received over 94% in favor. We had strong participation and support from the top 10 holders, of which 7 holders have voted and all voted in favor for all. I now invite for any questions on the resolutions of the meeting. If you have not submitted proxy votes and/or require to submit the live votes, please do so now as the voting will close in a few minutes. [Voting]

Did we receive any questions?

No.

Okay. Just checking on the questions there. Okay. Ladies and gentlemen, that concludes the business of this meeting. I declare the formal business of meeting is closed. We will now move on to the presentation about the company's progress over the past year and the outlook of the business in 2022 and beyond. And we'll address any other questions at the end of that presentation. Well, welcome. Hopefully, we're entering a time of where the pandemic becomes endemic, both from a social and a business standpoint. I know everyone has been through a great deal over the past year. And I'm sorry -- very sorry that we're not with you in person. As I was preparing for this meeting, it really brought to mind that it was just over 4 years ago that we listed on the ASX, and that during those 4 years, we have, in fact, come a long way. Thanks to all of your support and especially during the last year or 2. We always knew that we had a vision for a company that we could actually service any company or organization in the world via an online platform that was powered both by our capabilities and those of our innovative partners. And thanks to Soo Kim and our amazing technical and cyber team. We achieved that platform capability. We have honed it. We have advanced it using 2 main principles: leveraging all global publicly available data sets and leveraging AI-based risk analytics. The combination of the 2 brought to bear in our platform really has borne fruit, especially over the past year, where we have continued to take the lessons learned from our clients and bake them back into our product lines. And I'm going to give you a quick update on each of those later in the presentation so that then if you have questions on any of it, feel free to bring those up at the end. So let's start with our high-level objectives for the next couple of years. We continue to hone, sell and advance 2 of our primary product lines, the Cyber Risk Radar and the Cyber Risk Program, both with current clients and with additional -- with new clients. They have proven to be an important rock bed, but they are not everything that we're focused on for our future. We also have an amazing partnership that we put in place last year during COVID through the December time frame of 2021 with Dun & Bradstreet, the public sector, which is a global public sector, and are now starting to transition that partnership to the commercial side of Dun & Bradstreet, working with a partner that has been in business for almost 200 years and reports on over 450 million companies globally. We're also positioning our cyber risk platform with -- to provide cyber resilience services for financial institutions, insurance groups and credit card business -- credit card providers. And some conversations that we had, had before COVID are now being reignited, which we're very excited about. And then we did do a little bit of a strategic pivot back to federal during COVID because of the slowdown in major companies globally as a result of dealing with the global pandemic, undergoing acquisitions, organizational alignments. And so we have put in place some new partnerships with federal prime contractors focusing on our capabilities on the supply chain risk management side and the cyber risk analytics side. And we'll show you a little bit of the RFIs, the request for information and the request for proposals that we have responded to as a result of that pivot. We have delivered year after year on doubling our revenue, except for last year. But already through this first quarter, we have exceeded our entire revenue of last year. And I'm going to go into some of the further initiatives and areas of focus that we have to continue that drive. So what are some of our specific objectives? We're -- as we stated, we're on track with some -- with our initial revenue projections. We have built the pipeline to be able to match our growth benchmarks and continue to grow that pipeline every day, every week. We're also working on growing organic growth with our current clients. We actually did a deep dive on one of them today. And then we're really stepping up our marketing and branding to the next level, bringing in some new talent so that we can work both in the online marketing, social media side and global PR. So the way that we break out our sales pipeline and sales channel is, as I've mentioned, obviously, current clients and organic growth upsells both of our own products, but remember, we also have a marketplace of amazing partners. So it's also bringing those capabilities to mitigate the key risks of our clients. And then we have our sales channel that is really starting to take off with Dun & Bradstreet cyber compliance assessment powered by WhiteHawk, each of which comes with our traditional virtual consult. There's usually a 10% pickup rate there. We have been able to sell our initial tranche of 2,500 licenses and are working the pipeline accordingly. And then we're always focused on a future embed model where business clients not only get their credit rating, but they can get their cyber rating both on themselves or on their partners and suppliers, and starting to work to see how we can make that systemic capability that everyone is going to need to have to do business going forward. In our fourth quarter of last year, we were further delayed by the CMMC, the Cybersecurity Maturity Model Certification -- Management Certification that had been implemented by the previous administration -- U.S. government administration and then has not been readily picked up under the new administration until just recently. And a lot of us on the -- focus on the defense industrial base side. We all had to kind of regroup based on the regulatory environment. And now we are continuing to engage with Amazon Web Services federal as our key partner and are starting to meet with the Office of the Secretary of Defense leads so that we can help drive how they think about implementing this very important regulatory environment for the entire defense industrial base supply chain and contractors. So there was a little bit -- I know we got everybody excited about CMMC because we were excited. And then yes, there was a delay. But it's not over. It's being restarted. And then so as a result, we did pivot to the government RFIs, RFPs, requests for information, request for proposals, that map to our solutions, but partnering with companies that wrap their services around our solutions. And so we've noted some of them here, both at the state and local level, which is something that we started last year, so specifically, Virginia, Florida and Wisconsin. And we have one of those with a proof-of-concept that we're working to kick off very soon. With -- we also responded to an overarching civil sector RFI related right up our alley on cyber supply chain risk management and are preparing for an RFP from Department of Energy and responded to one for the intelligence community side and engaging on the Department of Homeland Security side as well. Our corporate snapshot overview. So our current share price, our cap capitalization -- sorry, I've got to put my glasses back on. Our official listing date, our top shareholders. Next. So let's go a little bit into just an update on our key product lines. So our Cyber Risk Radar, which is focused on cyber supply chain management. We really are both a thought leader and a product line leader in this space. We discovered 4 years ago that there really wasn't a platform that brought cyber and business risks together into one platform. We have now implemented in the financial sector, defense industrial base, federal sector and now with the managed service provider. As you'll see with each of our product lines, we provide different levels of service. Here, we're showing essential, balanced and premium. That is so that we can tailor our platforms to meet the budgets of our -- we're seeing a slide that I'm not sure we're supposed to see. Okay. Sorry. Sorry. Okay. Okay. No, that was my mistake, so I apologize. Okay. So with the different levels, what we're trying to show is that we can tailor our platforms, our Software as a Service platforms and annual subscriptions to any client's needs and budgets and with relative ease. And we can deploy these platforms literally within 30 to 60 days. The Cyber Risk Program is for an enterprise. So where the Cyber Risk Radar is across an entire supply chain. So it could be hundreds of companies, thousands of companies. This is all about one large enterprise. And the beauty of this approach is it's really meant to be a hacker view, a type of outside-in audit for any executive team or Board on their insight team or their managed service provider. And again, we tier it so that we can tailor it for a law firm all the way up to a global manufacturer. So each of those levels then can be tailored to the budget and to the needs of that particular business or organization. Our scorecards are still proving to be really foundational to everything we do. This is just the executive summary of our automated scorecards that now we can produce on any legal company or organization in the world within 24 to 48 hours. And the reports go from 14 to 20 pages in length. And again, there are 2 different levels. But the comprehensiveness of our approach is something that actually Dun & Bradstreet just did a shout out with us on cybersecurity TV here in the U.S., saying that no one else produce such a comprehensive assessment with the fidelity that we have. And again, the beauty is through Soo Kim's in-house development and data science team that we're continually looking on how we can improve them and add new features. Right now, we're looking at adding cyber threat information to those reports, which would enrich them beyond compliance, maturity and risk. And remember that we also can always do a virtual consult with those companies. So while we can sell our services through a global consulting group or through Dun & Bradstreet or with Amazon Web Services, a company can also come straight to us and we can service them through our online platform in a 360-way with an online active account and then either annual or quarterly cyber risk scorecards. We've -- as the result of several requests, we have packaged over the last year our Platform as a Service so that it could be used by a financial institution, by an insurance group, by a credit card company to service their business clients and being tailored to how they want to use it. We're in 2 current conversations about that capability today. And then, frankly, we still remain fairly unique in the cyber marketplace arena. And the beauty of bringing together via one online platform, everything that we've discussed so that you can truly go from risk to threat, to maturity, to compliance, to an action plan, to going shopping. And we're teeing this up at the state level of how it could be tailored and provide that platform in support of state and local organizations at scale and, frankly, at a very competitive cost that state and local entities can afford. As we pivoted to -- back to government during this COVID transition, we did map all of our product lines to both federal and state and local and are going to market accordingly. And then we've also been working hard to elevate our ideas to the thought leadership level and discuss them at national and international forums on how you can take our outside-in automated, scalable approaches and create frameworks across an entire state, an entire city, an entire sector like the energy sector, which we have worked on previously. Our partnership with Amazon, we did the technical integration over the past year. We now can sell via their online marketplace. We are also one of their chosen vendors to participate in some of their special programs and projects. And as I mentioned, we're also going to market with them with the U.S. federal sector, especially on the Department of Defense side. And then Dun & Bradstreet. So Soo's team also worked the integration of our Cyber Risk Scorecard in a Dun & Bradstreet tailored approach so that it's the Dun & Bradstreet cyber compliance powered by WhiteHawk. We are now fully integrated into their investigate platform. They are also teeing us up to be integrated into their risk analytics platform, which is sold on the commercial and the government side. So that will broaden our reach. They also made me a member of their Dun & Bradstreet Partner Advisory Board, which gives me a great deal of insight into their thinking and how we can better sell together. So the go-to-market sales channel alignment. We have the new partnerships that we've -- strategic partnerships that we've put in place with Dun & Bradstreet and Amazon Web Services. We have the product lines that map to that and the targets -- the client targets that map. We have expanded our partnerships with consulting groups and have another one that we're working on around the corner. We also have broadened our reach with Board governance side of things with our cyber risk program and how that can be used as a cyber audit vehicle for governance boards. And then obviously, what we discussed with our proofs-of-concept, which we have been conducting throughout COVID and now are starting to come to fruition to include the major contract that we got at the end of last year, early this year and then the request for proposals that we outlined previously. And a critical part of us being staying abreast of what is going on in the cyber risk, cyber maturity, cyber compliance, cyber intelligence, cybersecurity arena is our continued vetting of innovative solution partners. At least a couple of months now, we're at over 200 partnerships right now across all the Gartner functional categories within the cyber arena. This allows us to also work those upsells with our current clients so that we can show that we don't productize, that we focus on their key gaps and vulnerabilities and that we know who is cutting edge and who we can tee up for them to address those risks. Our executive team, thank goodness, remains stable. And we, frankly, work extremely well as a team, and I'm very grateful for that every day. And then we do have new membership over the past year with Brian Hibbeln joining us. Brian's extensive background -- we're actually meeting tomorrow, and he's bringing some connections in for us to deep dive on some opportunities across the federal sector. And we so have enjoyed having Melissa King with her global and international view and Phil George with his innovative background in entrepreneurship. So with that, I wanted to close it up, give you our list of our key product lines and capabilities. And I am available to answer your questions. I see. I'll pull up the Q&A. Okay.

Hi, Matt. Good to hear from you. Okay. So the -- we still have one major POC still ongoing. It was actually signed at the end of last year. And so it's -- frankly, they wanted to do more than we originally thought, which is always good. So we're doing both a piece on the Cyber Risk Radar, Cyber Risk Scorecard side on their vendors and then a Cyber Risk Program as well. We're getting ready to wind that up. And then we do have a POC, I think that I had mentioned, with a state that is coming up as well that I think we had mentioned previously in our quarterly reports as we're talking about state and local. And then we also have a -- the POC that we were going to be kicking off with a university, which is kind of caught up in some of their budget roles. So things are moving, but haven't closed. And then an update on the DHS CISA contract. We were on a contract to be the lead developer under the prime who is Guidehouse. It was meant to be for a period of time, for about 2 years. And so that contract closed, okay? It was meant to close. It transitioned to a new prime, ECS. And actually, we have been working with that prime on new RFPs and new opportunities. The great thing about working that contract was it gave us experience in building a federally focused cybersecurity marketplace, which we're also using as past performance as we're doing the engagements with state and local. And all of the folks that worked on that contract are still with us and bring that body of knowledge to us for future opportunities.

[indiscernible]

Oh, I'm so sorry. They don't see them. I am so sorry. I'm so sorry. Okay. Please provide an update -- so the first question from Matt was, please provide an update on the 3 recently completed POCs and their progress towards becoming new signed contracts. So the one was it got signed, right? That was the global social media. The two, with a product manufacturer is ongoing. And the third is lost in budgets. And then we have this, the state and local one, is actually being worked right now to kick off. It was delayed. The kickoff was delayed. Okay? And then the second question was, please provide an update on the DHS. So Department of Homeland Security, CISA, Cyber Infrastructure -- sorry, something -- software update is popping up on my computer. Okay. On the DHS contract that we were on for 2 years, okay? And so that's what I answered, which was we were the lead developer. It was meant to be for a point in time, and that contract ended and transitioned to a new prime, but we are working with that prime on new opportunities. Okay. And I just lost. I don't know what just happened.

Do you want to read the question?

No, no, no. I clicked on something and -- hold on. Sorry. Can you help me? I'm so sorry. My screen -- no. It's here, but it's just not working properly. I don't know. It's minimized. Sorry. Do you want to read the next question?

Well, I think it's very straightforward. So it is from [ Jeremiah ]. [ Jeremiah ], welcome. How well is WHK, WhiteHawk, positioned resource-wise to act on any request for products and services?

So because we have an amazing in-house team, we are ever ready to respond to new requirements. Now what I will say, and we've always said, is if we were to get the type -- some of the types of contracts that we're working where we're truly scaling where we're in -- so let's say we're embedded our assessments across tens of thousands of companies. And if the pickup rate for virtual consults is -- runs about the 10% that it has historically, then yes, we would need additional resources to scale, but we would have what we needed initially to launch the platform and to handle the initial deployment. So it's really about if you're getting from -- beyond what our current projections are, which we would love to see, of course, then there might need to be an additional raise. But we have done all the math, and we know what we would need to put into place in order to make that happen. And so because we've done this review several times with a global insurance group, with a large manufacturing association, so we've done all the math and the planning, and we know how to execute if we need to and know the level of resources and the type of resources that we would need.

There's another question. So...

So the recent contract with the social media company, what is the prospect for this one beyond 1 year and the $1.5 million value? Did this factor into the very positive last quarter result? Yes. So it is an initial 1 year, but with multiple year options. So the ability to pick -- as most of our contracts are, the ability to renew it at the end of the option year. Yes, that did impact the first quarter, but we are also in current. They are actually one of our POCs for some of our other offerings as well, are ongoing right now. And also, there is interest in our partners. So at this point in time, we have an excellent relationship with the client. The program is rolling out very well, as we've shown in our last quarterly report. And so we intend to work hard to grow the contract. Right now, it's focused on one portion of the company. And they are interested in showcasing the capability to the other parts of the company. So that will also help with the growth of the annual revenue as well. Soo, is there anything that I missed?

No, [indiscernible] opportunity for the next follow on.

Yes. They -- our platform is really -- has really raised the bar for them. And so now we're integral to everything that they're doing on a vendor risk management side of the house. Let me see. Okay. Great. Any other questions? We can pause for a minute or so and see if anyone else. Okay.

Kevin Kye, as secretary, do we need to formally announce the close of the voting?

No. Terry has already done that.

Thank you.

Okay. Great. Okay. Those were great questions. I really appreciate everyone joining in. And fingers crossed that I can come in person without fear of having to be quarantined or change of things. Know that I am fully double boosted with the intent of being able to travel and have some quality face-to-face time with all of you. Please continue your positive engagement with us, and look forward to a great year.