WithSecure Oyj (WITH) Earnings Call Transcript & Summary

Hello, everyone, and welcome to F-Secure Interim Report of First Quarter of 2020. My name is Samu Konttinen, and I'm the CEO of F-Secure. So to start off, I think we had a very solid quarter overall. So we are reasonably happy pretty much with all our business areas, and we are especially happy with improving profitability, reaching EBITDA margin of 13%. So obviously, the COVID-19 is something that is impacting, I would say, pretty much all industries and definitely impacting F-Secure as well. Although in the big picture, I believe that many of our business areas should be rather resilient in the special circumstances such as COVID-19, but it definitely is impacting F-Secure as well, and I'll talk about that a bit more throughout the presentation. For Q1, our corporate security, which combines our endpoint security and endpoint detection and response product lines grew -- and also managed detection and response service grew 4%. Cybersecurity consulting grew 3%. The consumer business was roughly at the previous year's level, growing by 1%. And as I said before, so the adjusted EBITDA reached a very high end of our expectations at margin 13%. So overall, very, very happy with the results and solid performance across all business areas. And I will now give a bit more light and color to these business areas and the surrounding market environment, which impacts F-Secure. So a bit more about the COVID-19, this pandemic and our consideration to the matter. So obviously, of highest importance is the health and safety of our own employees. I'm very happy how we have managed to move to a full remote working mode already several weeks ago. It's a very different setup, obviously, for all of us. But high level, I'm extremely satisfied how we have managed to keep all our business-critical systems, be it internal environments and also external production environments, sticking exactly as we planned, being able to continue protecting our customer as if nothing has happened. So overall, the transition to remote work at F-Secure was very smooth. So the business continuity has definitely been of a very, very good level. For what comes to business impact, a couple of weeks ago, we withdrew our financial outlook for the year. That is largely because of the market uncertainties and how it is impacting F-Secure environment. It's definitely impacting mostly our consulting business, which is a bit less than 25% of our overall revenue mix. So that part is the one where we see already some impact. We saw some impact already in Q1, not significantly, but some. But definitely, the outlook going forward in consulting business is very uncertain. And we are seeing customers are making fast decisions, either continuing with some projects, starting some new projects or canceling existing projects. So the overall uncertainty hovering around consulting business is just quite significant, and that was the primary reason why we wanted to withdraw the guidance for the year. We also see an increasing risk for what comes to slowdown in sales for -- with more advanced cybersecurity solutions, like EPP-EDR combination to a little bit bigger customers and definitely around managed detection and response. But I want to emphasize that this is more of a elevated risk rather than a slowdown that we would already be experiencing. So so far, we have not seen the slowdown in these areas, we just see a heightened risk in these areas. To mitigate with the situation, so we have obviously done a lot of different scenario planning, just making sure we are prepared for different COVID-19 outcomes. No one really knows how long this will impact the economy overall, so you just have to have your sensors out being able to detect those early signals that would give you some clues how it is possibly impacting your business positively or negatively. And we are very ready to implement potential needed -- mitigating actions when needed. And in couple of countries, for what comes to our consulting business because of the softened outlook going forward, we have already taken some actions. As an example, we have furloughed a small amount of our people just to make sure that we try to cope with the situation and adjust costs accordingly. And overall, we have, I believe, done a really good job of just managing the cash flows, managing the costs, and we've also done some good moves to secure our liquidity and working capital situation. So overall, I think we are in a good shape to counter potential COVID impact for F-Secure. And here, we have a bit more color about our liquidity and about the financing position at F-Secure. So first, looking at the debt financing part. So we have a 35 --sorry, EUR 31 million term loan that we took almost 2 years ago when we acquired MWR InfoSecurity. And in addition to that, we have a revolving credit facility agreed for EUR 23 million. And about a week ago, we withdrew EUR 10 million out of that just to make sure that we strengthen our liquidity even further. Looking at the outgoing payments for what comes to financing. So we have 6-year, EUR 6 million annual payments with the term loan with EUR 2 million, EUR 3 million installments. So that just gives you an idea on the outgoing cash flows related to financing components. So that is something very, very manageable with our current cash flow and liquidity. And then something that we're very, very happy with looking at the Q1 performance is that our cash flow from the operating activities is improving. We landed to EUR 8.4 million at the end of the quarter, and this is a result from, I would say, a very good job from our field organization for what comes to collection from the customers, but also due to improved profitability. So that gives also a very solid stance for F-Secure. And then last but not the least, looking at the overall liquid assets. So we have EUR 26.3 million, which is on a very good level in our own opinion, especially looking at that we did pay the last part of MWR InfoSecurity acquisition-related earn-out payment EUR 3.7 million in Q1. So despite that, I would say, somewhat extraordinary payment. We are still looking at a better liquidity situation that we have had for a long time. So overall, I guess, the point is that we are very, very confident with our liquidity and financing position overall. Now a little bit talking about the market and what does this COVID mean for F-Secure and for our industry. So I guess, the headlines would be that the need for cybersecurity is constant. And we are unfortunately seeing that the situation around COVID-19 is also very interesting for threat actors. We are seeing unprecedented amount of new attacks -- new attacking vectors being developed to take benefits from the people working from home, which expose many people for more threats than what would be the case if they would be working in the office. And we also see, obviously, themes around COVID-19 being used in social engineering in phishing attempts and many source of different attacking angles. So the threats are not going away. The cybercriminals are not taking a pause, but the opposite. And then looking at the long-term market drivers. So why the cybersecurity, in our opinion, continues being a growth market is that as world is digitalizing, so the impact of cyberattacks to companies continues being adverse, very severe. So we are seeing like an average cost of an attack per day almost EUR 20,000. And in the past, we've seen cases where companies have suffered from these cyberattacks worth of millions or even hundreds of millions. So the costs of cyberattacks to companies can be tremendous. It also still is very much the case that the average time to detect a breach is too long. And this is obviously one of the key investment areas for F-Secure, how we would help those organization to detect the breaches earlier and then to start the right counter measures earlier. So many of these, I would say, significant main cornerstone market drivers are absolutely unchanged, and our long-term outlook at F-Secure remains very, very attractive. Here is a very interesting case that we just thought that would be perhaps fascinating to give a bit additional color on what sort of incidents we run into when we help companies to fight cyberattacks. So in this particular case, so if you read from the slide, if you start from day 1, so day 1 was the day when the client contacted F-Secure. They had themselves figured out that they are now under the attack, that something has happened. So then they contacted F-Secure and asked our help for incident response. Very quickly, our teams understood that we are looking at something very serious, something very severe. So we started to deploy F-Secure Countercept, which is our managed detection and response service. And in this case, obviously, the attack had already happened. So we used F-Secure Countercept not for detection, but initially for response. So that then started on day 2. On day 4, something very interesting happened. So our teams until day 4 were under the understanding that we are fighting a global cybercrime group. So this was the task given for F-Secure. And on day 4, we figured out that there's something else. It's not just the global cybercrime group that is attacking the customer, but there is also a breach from a nation-state actor. So kind of a double whammy. And the nation-state actor had been in stealth mode for a long, long time. In about 2 weeks' time, on the slide, you see days 12 to 19, we managed to contain the global cybercrime group. And in about a week after, 19 to 25 days, we managed to contain the nation-state actor. But very interesting is that containing these attacks and investigating the breach, we later realized that the global cybercrime group had attacked the company's 24 days before they contacted us. So again, it's a good example that for this particular company, it didn't take the average 100 days to detect the attack, but it took more than 3 weeks. But our investigation showed that the nation-state attacker had been infiltrated the company almost 2 years ago. So I think that a little bit gives an idea on the breadth of the service that we are providing with F-Secure Countercept in the areas of detecting these stealth mode most advanced attacks and how to respond to them. So a great testimony about our skills, and I'm sure you can all imagine that the customer was quite amazed once they realized that it's not just a cybercriminal who was after them, but it was also a nation-state attacker additionally. So very surprised. But at the end, a very happy customer for our service. Then jumping back to actual Q1 results. So as I said, so overall, very pleased with the performance across all our business areas. Group revenue growing 3%. Consumer security, steady as she goes, 1% growth. Corporate security 4%, which now includes all our B2B solution areas, so endpoint software, managed detection and response and also consulting. So it's a combination of all these 3 different business areas. And on the EBITDA, as I said, so 13% of revenue. So very happy with that margin. EBIT, 7% of revenue, a good result there as well. And then you see that the net debt now EUR 13.6 million. Cash flow from operating activities EUR 8.4 million. Earnings per share $0.01. And the personnel 1,688 at the end of the period. So perhaps key metrics from F-Secure financials from Q1 2020. Now a bit more on these different business areas. So starting with corporate security, so our B2B technology side of things. So revenue from endpoint security continued slight and steady growth. So good renewals performance, which obviously is the backbone of this business. We had a quite positive quarter in new sales across -- I would say, across almost all our locations. So quite a broadly distributed good performance from the sales side. And one thing, I would say, specifically to mention here is that the part of this endpoint suite kind of a endpoint platform, we also have cloud security components and vulnerability management. So there, we are seeing very encouraging signs. And especially, I would say, with our cloud detection for Salesforce environment being one of the areas where we are seeing very good traction, and we landed a couple of really great flagship customers. And as is the case very often in our industry, unfortunately, not able to disclose the names of those companies, but great wins. And overall, I would say, solid performance. Then moving on to managed detection and response. So there, we continued fast growth, and I'm very happy with the momentum we see in F-Secure Countercept. So some very considerable size deals, and they really continue coming from demanding customer verticals, those industry verticals also who don't want to take any chances for what comes to cybersecurity, companies in industrial manufacturing, finance, critical infrastructure, so companies who don't just want something, but they are willing to pay premium. They want best what money can buy. And a real milestone, I think, from Q1 was a very significant win in telecom and media sector. And what makes me specially proud of this particular win is that not only that it was a very significant size deal for F-Secure, but also that, that particular customer was previously served by one of the leading managed security service providers of the world. So really a Tier 1 MSSP. And still, that customer chose F-Secure over that incumbent, believed that we would be the best, the most skilled company looking after their backs. So that's a great example, great testimony about our capabilities and the trust that we are seeing from the marketplace. And then obviously, these cases, we have already talked about that before. So the sales cycles are often quite long, which makes this business overall quite lumpy. So we continue seeing significant month-over-month or even quarter-over-quarter variations for when it comes to how many new deals we're bringing in each quarter. But COVID-19, obviously, is something that we are observing very closely. And as I said in the beginning, there is a risk that the COVID, this pandemic may start prolonging sales cycles. But it's something that we have not yet seen, but it's an increased risk that we have to take into account with our forward-looking forecasts. Then a few words about the consulting. And here, I guess, the key is to understand that although the consulting revenue grew only 3%, but a lot of that is explained with the fact that we had a very significant size, large project in the Nordics that we've been working with for quite some time. And that significant size, large project is now coming to a finalization phase. And the scope of that large project is smaller. If you look at the consumer business, that one particular large project excluded, we are seeing that we continue growing pretty much the same growth rates as we've seen during the last quarters of 2019. Q3 '19, we grew 18%. Q4 '19, we grew 16%, just to remind you, giving you an idea of what sort of a growth base we see if we compare to those levels, that one project excluded. And this consulting environment, this is currently very difficult to read. So we clearly see that the COVID is impacting us. We started to see a little bit of that already in Q1. But definitely, the outlook going forward is very uncertain. And as I said, we've already taken some cost mitigation actions with furloughs in a couple of countries. But at the same time, we are also seeing that we are starting new projects and even winning new customers. The summary is that the long-term outlook in the consulting continues being very, very interesting for us. The demand is there. But short term, because of the COVID, this is very difficult to read, and we wanted to be very cautious and careful with our estimates. And this was the key reason why we wanted to withdrew our guidance for the year. Then last but not the least, our consumer security. So as guided previously, so we are seeing this business being very, very robust, and it keeps on rolling very steadily. So 1% growth is what we expected. The operator channel is very resilient. And if I'm looking at the overall F-Secure business mix, it's definitely the operator channel that practically is 100% recurring revenue SaaS business. We don't believe that being impacted much at all because of the COVID. So this definitely is the most resilient part of our business. Highlights from Q1 definitely was an operator in Japan, Nifty, being now the first operator to launch our new identity protection solution. And this new product area is something that we are very much looking forward and very hopeful to see more operators also following the steps of Nifty and launching identity protection as a new value-added service for their customers. In the direct consumer sales, so the renewals performance continued being at a good level. So similarly, as in our endpoint security, this is really the backbone of the business. And the beginning of the year was very good especially for when it comes to e-commerce. And we see that this remote working is something that is rather driving more demand for consumer-type solutions rather than the opposite, but we -- as a balancing viewpoint, so we have started to see some slowdown in our retail sales at the end of the quarter. But overall, I think we have a very good view on our consumer business, a good confidence this business being very robust and very capable to withstand the COVID challenges, and our thinking around consumer business has not really changed at all. A good start of the year, a good quarter. Very, very happy with the first operator going online with identity protection. And now just summarizing things. So looking at the business mix. So here you see, again, the same numbers that we already went through. Cybersecurity growing 3%, corporate products 4%, consumer 1%. So that being the business mix, then you see how the geographical split currently is for F-Secure. Here, the Nordics minus 6%. That is fully explained with the same topic that I explained being the reason for the consulting business growing only 3%. So you see here also the impact of that one very significant size project now coming to a finalization stage, meaning that the comparable number Q1 last year is just different. And last year, adjusted EBITDA significantly improving from Q1 2019. And as is our strategic thinking for what comes to value creation, so we are very, very happy that we see profitability of F-Secure improving, and that's going to be the thinking going forward mid to long term. Obviously, now the COVID gives us some uncertainties, and the visibility to even the short term is not what we would like it to be. So perhaps as a summary, pretty solid Q1, very happy across the board. And just COVID is -- makes, especially the consulting business, very difficult to read even short term. So I guess that concludes the presentation, and we have some time for questions.

Thank you, Samu. So now let's dive into the questions that we have got from the line. To start off, we have Matti Riikonen asking, when you talk about EPP suite, does that include EDR product as well?

Yes. It does.

And could you, Samu, elaborate what are the other products included in the endpoint suite?

So the endpoint suite is high level. It's the endpoint protection that goes with the acronym EPP and then endpoint detection and response, as was your question, so EDR. These are most of the time sold as a bundle. But in the suite, we also have some cloud solutions, so like cloud protection for Salesforce. And then we have some gateway security solutions, which always has been the case. Often customers want to buy this as a suite of products rather than selecting individual products. But the bulk of the revenue is in the EPP today. EDR is new, still small, growing and the other components like the gateway and the cloud security. So they are size-wise insignificant compared to EPP size. But we are very hopeful that they could be a new revenue growth stream for us going forward.

Yes. Thanks a lot for the answer. Matti also wanted to confirm that also EDR had growth in Q1.

Absolutely. Yes.

Next up. Question related to how was your consulting business capacity utilization in Q1, taking into account less work for the large Nordic project?

The large Nordic project -- the team that has been engaged with that project, so that team has always been a bit of a special task force. And we have moved that team to other assignments, other jobs within F-Secure as we started to see that this large project scope is going to be diminishing. So we saw that already late last year and have started to move people to other jobs. So overall, I think consulting utilization rates are quite good. We are not entirely happy with it. So there is always room to improve. So -- but I guess, the large Nordic project was the key question there. So I hope I answered that.

Yes, I think so. Next one from Mr. [ Oriel Alanta ]. So you no longer mention Rapid Detection & Response Service. Is the merging of RDS and Countercept now finished?

Good question. So merging Rapid Detection Service and Countercept technically is not 100% ready yet, so the integration work is ongoing. But brand-wise, we -- when we talk about our managed detection and response solution, brand-wise, we call it F-Secure Countercept. We have still deployed now technically a Rapid Detection Service to some customers. So that technology breach is fully supported, so the technology is alive and kicking and doing well. But behind the scenes, we are integrating the Countercept that we got from the MWR acquisition and the Rapidly Detection Service that we had ourselves, so these are being integrated as we speak.

All right. Thank you. Next one from Atte Riikola from Inderes. So overall, are you happy with the product -- B2B product business growing at 4%?

Quite happy. I think that there are always areas where you believe that you could have done more, but I would say relatively happy. And there, definitely, key is to remember that if your sales performance is on the good side, very often still today, you sign multiyear contracts with customers. So then the revenue impact is not as good in -- within the quarter compared as an example, in consulting, where everything practically comes straight through. So overall, relatively happy, but I see room to improve as always.

Yes. So what about -- how do you -- could you please elaborate a little bit how will the negative effects from COVID-19 be seen in the consulting business?

Well, in the consulting business, we see customers -- some customers taking a stance that whatever was their cybersecurity road map for the year, so these were the projects and initiatives that they wanted to do and these were the projects that they wanted F-Secure doing for them, we see some customers being absolutely committed to those road maps and not wanting to postpone anything, not wanted to slowdown anything. We see those customers. But then we also see customers who had very similar-looking road map for different cybersecurity-related projects, where they wanted F-Secure helping them. Some customers are postponing the project. They are telling us that, hey, the priorities have changed within them, and they don't want to do these projects now. They want to move the projects for autumn. They want to move the project for the rest of the year. And some customers are just saying that their own business environment visibility is so weak and they don't want to commit to anything. And obviously, we know that there are companies who are fighting for their survival. And in this moment, new cybersecurity initiatives might not be top of mind. So we see a myriad of different customer profiles. And how it's going to be impacting to F-Secure? It's a good question. And as I said, I hope that we would have much better visibility. And currently, it's more like we need to observe, looking at country-by-country, customer-by-customer, project-by-project even within customer. And just make sure that we make the right calls for what comes to managing costs. And one of the difficulties in this area is to find the right balance that you don't want to manage your costs too aggressively if this is a short-term dent and then if you believe that there is enough of projects and assignments available towards the end of the year. So it would probably not be wise that you start offloading a lot of people now, and then you go to hiring mode again in November. So that's a difficult balance that we are trying to strike. And asset visibility is not greatest at the moment. So we will just have to be very alerted to all signals and adjusting the cost profile to match the outlook.

All right. Continuing from the COVID-19 impact on consulting, so do you see that the impact will be most severe during Q2? Or will that also be impacted in the H2 new sales?

In the current thinking, we believe that the impact will be most severe in second quarter. So that's as much we can currently see.

What about do we yet see anything for the H2?

We don't see much for H2. And I think if you look at the consulting business, industrial logic even in a normal circumstance, so the sales cycles and the planning cycles with customers are often quite short. So even if we wouldn't have COVID-19 type of a situation, it would be very difficult to predict the revenue levels and all these things, as an example, for Q4. So the visibility in this project business is always more shortsighted. So -- but the current thinking is that Q2 in consulting will be very challenging.

Yes. Next up, still continuing with consulting. So could you a little bit elaborate how much room for improvement do you have in the cost structure? So is there some actions that can be done in the shorter period of time?

Yes. So we are looking at costs. And obviously, one cannot travel currently. So there is some level of cost adjustment that is just happening. So -- but cost is something that we are looking at. And the difficulty, what I tried to explain already, in consulting currently is that customers are acting very, I would say, randomly. So there's no common pattern that we would see all companies in same industry making same type of decision. So we see customers that on the surface look very much like one another, they are still making very different decisions. And this has happened very quickly. So the whole COVID-19 impact happened very quickly. And then for what comes to managing costs in consulting business, it's very difficult to manage cost sometimes as quickly down as quickly the revenue might go down. So some short-term profitability weakening because of the consulting is definitely a risk that we are looking at.

Okay. Then a somewhat broader question. Who is the current market leader in desktop and mobile device security business?

It's a good question. So desktop and mobile security is an example of a very broad industry area. But if I narrow the question a bit more looking at the areas where F-Secure is operating, so the leader definitely would be NortonLifeLock, which is the -- NortonLifeLock on the consumer side and Avast also on the consumer side. So these 2 would be the leaders in desktop and mobile security for consumers. And then for enterprise side of things, there would be the -- a longer list of companies like Symantec, McAfee, Trend Micro, Kaspersky and definitely some newcomers like Carbon Black, CrowdStrike and absolutely also Microsoft. So although Microsoft's business model and industrial logic for them is somewhat different as the cybersecurity solutions are very often part of a larger licensing agreement, more rarely sold stand-alone similarly as what the pure-play security vendors are doing. But if you just look at the raw number of installations and device activations, most probably, Microsoft starts to be one of the largest cybersecurity companies in endpoint security.

So overall, pretty dispersed market.

Very dispersed market. And that has always been the case. So this is very, very fragmented.

Right. And what is then the way for F-Secure to sow its strength in this market?

Well, we have our own specialty areas. So if I take consumer first, so obviously, the economic engine for F-Secure is the operator channel. We have roughly 200 operator channels who are practically exclusively offering F-Secure solutions to their consumer customers. So it's really the go-to-market that makes us unique in this aspect. On the enterprise side, most of the competitors are focusing on the large enterprises, which is not our sweet spot. We are focusing on small and medium-sized companies, if we talk about mid-market. And our go-to-market model, where we are combining in the endpoint suite not only EPP and EDR, but things like vulnerability management, cloud protection and really packaging that conveniently for the channel, I think that's really something that makes F-Secure a very unique and very well positioned in the mid-market. On the enterprise side, it's a whole different ball game. And we are not focusing on the enterprise. It's a blood bath, in our opinion.

Thank you. Then coming back to the consulting side. Now that we are in this -- middle of this global pandemic, is there a way for F-Secure to make the business more scalable?

Yes. Good question. So we have actually developed several new interesting concepts around the consulting. So as an example, how do you approach things like web or pen testing. So we are developing more like a modern assurance type of approach there, where we are looking this more from a subscription perspective rather than time and material-based projects. So there are a lot of, I would say, cool new initiatives cooking. Some of them we started already before COVID-19 and being -- those are already being rolled out to the first customers. And now, obviously, I think this COVID-19, where like on-site delivery in some cases is becoming difficult or impossible, we've innovated a lot of new delivery measures together with our customers. So how would you best enable and facilitate remote delivery of the work that used to be done only on-site.

Thank you. I think that was all. We don't have any more questions. So thanks a lot for you, Samu.

Thank you for the questions. And thank you. Have a good day. Happy Vappu.