Darktrace PLC

LSE:DARK

Hello, ladies and gentlemen, and welcome to Darktrace plc's Half Year 2023 Results. I'm Luk Janssens, Head of Investor Relations. I'm joined by Poppy Gustafsson, our CEO; Cathy Graham, our CFO; and Max Heinemeyer, our Chief Product Officer. Together they will present for about 35 minutes, after which we will conduct a question-and-answer session. We welcome questions from participants using the chat function, and you can start submitting questions throughout the presentation.

Here is a disclaimer which you can review. But now let me hand over to the CEO of Darktrace, Poppy Gustafsson to open the presentation. Over to you, Poppy.

Thank you Luk, and welcome everyone to this call.

We are rapidly approaching our 10-year anniversary as a business and our second anniversary as a public company. The past six months have been another characteristically busy period for Darktrace, notwithstanding some of the more recent distractions we've had to deal with, and I'm here to talk you through what have been up to since we last spoke.

In terms of the performance headlines, I'm pleased to say that admits challenging macro headwinds, we've delivered a strong set of results in the first half, and we are reiterating the guidance we set for FY2023 at our Trading Update in January. We now have over 8,000 customers globally, and we are growing fast, with revenue and ARR growing at least 36% year-on-year.

We're also delivering on our profitability and adjusted EBITDA margin of 23%. In a challenging macroeconomic climate, Cathy has done a fantastic job of managing costs prudently and preserving profitability. While we are seeing a slowdown in our new customer additions, as we flagged with our January Trading Update, we have continued to invest in our existing customers and this is paying off. We are generating cash, which enables us to continue investing in our product pipeline and go-to-market strategy. Much like our technology, we are resilient and we expect to emerge from this period of uncertainty even stronger than before.

Our product offering has never been stronger. Our Chief Product Officer, Max Heinemeyer, will be updating you on all of our latest product developments from the launch in Darktrace PREVENT in the summer and beyond, and none of this will be possible without the fantastic people we have in the business. Our teams are proud to be protecting some of the most high profile organizations on the modern stage from the Football World Cup to society's most critical assets such as hospitals, transport networks and energy grids.

Investing in and building our teams is important, and we continue to recruit and attract top talent with new senior hires across every area of the business. Personally, I'm particularly excited about Denise Walter joining the executive teams, our new Chief Revenue Officer, and I'll talk a little bit more about her remit later.

Darktrace has built the most advanced cyber AI engine in the world with the goal of freeing the world from cyber disruption. Every day, our technology protects our customers from threats that others have missed. And we can do this because we have turned the traditional problem on its head. We learn from the business not from the breach.

Our AI engine is powered by learning your organization from the inside out to build up a deep understanding of your enterprise, a learning that is unique to you, your business, your infrastructure, your digital culture. No other security vendor is doing this. Using its knowledge of your business, our self-learning AI can then spot the subtle variations that indicator cyber breach at its earliest stages whether it's insider threat, zero day exploit, or a never seen before attack. The ripples of disturbance will trigger an immediate response for our technology, stopping attack in its tracks. We refer to our technology offerings as this Darktrace Cyber AI Loop. It is the first ever adaptive feedback system that can not only react to an in progress cyber-attack, but thanks the launch of Darktrace PREVENT this summer, it can proactively harden defenses based on its unique understanding of your enterprise and how you may be vulnerable.

We're actively developing Darktrace Heal, which is a fourth component of the loop and supports security teams to recover the business back to a healthy state. Each of these components provide valuable solutions to overstretch security teams, but taken together, they create a feedback loop where the hole is so much more than the sum of the parts.

Darktrace's Cyber AI Loop does not work in silos. It's the only cybersecurity system designed from the start to protect every digital touchpoint in your organization from machinery on the factory floor through to the corporate network, whether that's employee laptops, e-mail or data in the cloud or sporting arenas through to self-service checkouts, Darktrace protects it all and it is complementary to the rest of the security tech stack integrating with other security tools which focus unknown threats.

So what do we think the attacks of the future will be? Honestly, I don't know. And that is why we built Darktrace. None of us know for sure what the threat of tomorrow will be, which is why we designed our self-learning AI in the way that we did. We learn from the business rather than the breach. So we don't need to predict the breach for tomorrow in order to protect you from it, whether it's malware, ransomware, chat bots, or something else. Evolving threats called for evolved thinking and threats are evolving.

The Russia-Ukraine conflict has continued to drive shifts in attacker behavior. For example, in the form of hacktivism as groups such as Killnet, the pro-Russia hacktivist group, which launched attacks on JP Morgan and U.S. airports a few months ago, they've dominated the headlines. The conflict has been a huge disruptor in the ransomware marketplace with the LION's share of attacks now being conducted by a single brand LockBit.

Ransomware as-a-service is now the dominant ransomware operating model with ransomware tools being sold by LockBit online to would-be threat actors globally. Ransomware is big business for the bad guys and they are building on tactics that generate the greatest return on investment at scale.

One critical organization impacted by ransomware here in the UK was Royal Mail our national postal service. LockBit demanded a £65 million ransom and Royal Mail was unable to send any mail outside of the British Isles for some time.

And of course, Generative AI has emerged as another hot topic, specifically ChatGPT, the online AI powered chat bot that everyone is talking about. Using an AI language model trained on a huge amount of text data ChatGPT generates human-like text based on the input that it is given. Now ChatGPT isn't the first chat bot to hit the market, and nor will it be the last, but it has shown a spotlight on the possibilities in this space. And security teams are now questioning how cyber criminals might use Generative AI to improve their attack campaigns and whether it will lower the barrier to entry for threat actors.

At Darktrace, we have built our product set around the notion of defending against threats never seen before. So from ransomware to the rise of Generative AI, our customers are protected not only from today's threats but also the emerging threats of tomorrow. But before we get too carried away with the attacks for tomorrow, let's remind ourselves that many organizations still don't feel prepared to cope with the attacks of today.

Security teams are overstretched and they're contending with a digital territory that is far bigger and more complex than ever before. We recently commissioned some research from IDC, a global market intelligence firm, which surveyed 3,000 organizations outside of our customer base. The survey found that only 29% of respondents were highly confident that they have a robust mechanism to evaluate their environments against the most common threat factors. In other words, that means that less than a third of security professionals feel they have the right tools to evaluate their security controls.

At the same time, we are seeing a paradigm shift occurring across the globe, most notably in the U.S. and EU, where governments are putting the more onus onto the private sector to ensure that it has a robust cybersecurity protections in place. Whether it's the Biden Administration's National Cybersecurity or NIS2 and the Cyber Resilience Act in the EU, the message is clear. Greater responsibility is being placed on both end users and technology providers to promote a more resilient cyber landscape.

Whilst I don't want to understate the challenge that cybersecurity professionals face in protecting their organizations, I do want to emphasize the confidence and conviction we have in our approach. And today we are helping more than 8,000 organizations around the world to feel cyber resilient.

As I mentioned, we launched Darktrace PREVENT in the summer and we have continue to see strong demand for Darktrace PREVENT in the early phase of its release.

I'll hand over to Max now to talk about how Darktrace PREVENT is bringing value to our customers and the exciting announcements we've made recently.

Thanks, Poppy.

Before I delve in a quick reminder on what Darktrace PREVENT is and how it works. Darktrace PREVENT builds on the understanding of self for a business that Poppy talked about earlier. It identifies the critical assets and applies an attacker perspective and this knowledge allows organizations to prioritize security efforts most efficiently and rep protections around these issues by feeding back into Darktrace DETECT and RESPOND.

When launching Darktrace PREVENT, we didn't know which customer segment of what resonate most strongly with. It seems to be resonating in all segments, but a particular sweet spot is the high end enterprise market. The mid-sized organizations at the upper end of the bracket, they have a complex set of cyber challenges to deal with, but don't yet have the in-house tools that a much larger organization has. They make a massive maturity jump when using Darktrace PREVENT in terms of automation and value provided.

An example here is a U.S. customer of ours in the healthcare sector. This critical infrastructure organization has a lean team but faces a lot of complexity in their IT infrastructure. The security team was struggling to identify the most significant risks. They had a difficult time trying to prioritize their risk, CORS vulnerability reports, penetration testing results, awareness training outcomes, and the many visibility gaps they had, for example, from the external attack surface. They are now using Darktrace PREVENT tells their security team every morning exactly what the most critical attack paths are and what to do about it. While also enriching Darktrace DETECT, this is precisely what Darktrace is best at, understanding the organization inside and out and augmenting the human team.

We are also finding that the Darktrace Cyber AI Loop interactions are key, customers and prospects really like the idea of Darktrace PREVENT interactions with Darktrace DETECT and RESPOND. That is something they haven't seen anywhere else. This is great validation for our loop vision.

Darktrace PREVENT get the most glowing feedback when customers are using all of it both via Attack Surface Management, ASM and end-to-end each week capabilities combined. We look forward to hearing more on the benefits of this as the list of customers using both capabilities continues to grow.

We've also found that Darktrace PREVENT has helped to open up conversations with organizations that previously weren't looking at Darktrace DETECT and RESPOND. It's been great to see the positive impact of Darktrace PREVENT driving upsells across our product set. We are really excited of the strong demand we've seen so far for Darktrace PREVENT, which we believe reflects a shift in our customer base to more proactive approach to cybersecurity. Our teams are working hard to keep rolling it out to new and existing customers and the record list of opt-ins we have seen in these early stages continues to grow.

As Poppy mentioned, we also recently announced some new capabilities within the Darktrace PREVENT product set. In February, we announced the availability of Darktrace PREVENT for OT, which identifies the path that attackers could take to disrupt critical infrastructure. Protecting these complex industrial environments is absolutely critical in today's environment and this new capability and some new set of tools to security teams protecting equipment and machinery that is notoriously challenging to secure.

In one of early adopters for example, Darktrace PREVENT/OT found an attack path from a public e-mail account to deeply protected and active production PLC or programmable logic controller, which is basically a vital component of all industrial control systems. The organization was not aware that this path existed, even though it spent both IT and OT systems. A committed attacker could have followed this path and manipulated the controller logic, sound alarms, or even worse start and stop processes impacting the operation of the entire facility. Early examples like this make us excited about the impact that Darktrace PREVENT will have on critical infrastructure in the long-term.

Also, in February, we announced general availability of Darktrace Newsroom, a system that continuously monitors a multitude of sources for vulnerability intelligence, and then assesses an organization's exposure through its knowledge of their unique attack surface. When new vulnerabilities such as Log4j and Proxy Log On emerge, security teams need to quickly understand how they are affected, are they at risk? And if so where? Newsroom, which also sets under Darktrace PREVENT enables them to do that in record time where previously it might have taken days by automating steps that have always been very human intense. Newsroom enables organizations to quickly action any issues and ultimately Darktrace PREVENT helps to stop server disruption.

With that, I pass back over to Poppy.

Thank you. Max.

Products like Darktrace PREVENT the outcome of the hard work from our teams in our AI research center in Cambridge and our second European R&D center in The Hague, our R&D team bodes over 150 experts in disciplines from mathematics and astrophysics through to linguistics and data science. Today, we have filed more than 130 patent applications thanks to their efforts. The R&D team is working hard on several projects and without wanting to give too much away, I'm very excited for some of the product developments we'll expect to see in the remainder of the calendar year.

One of those will be the launcher Darktrace Heal, which I'll come on to you later.

The end users of these brilliant innovations are of course our customers and we are proud to be protecting over 8,000 organizations today. We continue to expand our customer base in the first half, adding 741 new customers to our roster across a huge range of sectors. We closed our biggest ever deal to-date with a major critical infrastructure organization. We protected global events such as the Football World Cup, and we secured significant deals across industries such as utilities, financial services, and manufacturing.

Our mission is to free the world of cyber disruption and it is always a pleasure when we hear from our customers on how we have supported them. CISO, they don't want a crisis. They don't want drama in their job and ideally they want each day to be as uneventful as possible. We have an engineering customer in the U.S. whose IT director was recently at a concert that evening; he got an alert on his Darktrace mobile app that Darktrace DETECT was seeing something suspicious. He simply put his phone away and carried on enjoying the concert. Darktrace detected and responded to the threat autonomously, and when he got online the next morning, all he had to do was download the report of the incident to see what is happened and what Darktrace had done to stop it. This is exactly how we want our technology to work, taking the drama out of security. But don't just listen to me. You can hear it from the horse's map.

Let me pass over to a happy customer that we are incredibly proud to be protecting the Royal Mint.

[Video Presentation]

Thank you to Richard for that.

I'll now pass over to Cathy to talk you through the financials.

Thanks, Poppy.

I'm pleased to be here sharing more first half results detail and reiterating our FY2023 expectations for ARR, net ARR added, revenue and adjusted EBITDA.

The first half saw us continue to deliver strong growth across ARR revenue and the customer base. Despite the noticeable second quarter slowdown in new customer additions related ARR added driven by the current macroeconomic environment.

A $259.3 million first half 2023 revenue grew by 35.8% over the prior year period. 99.3% of first half revenue was subscription-based; of the $1.7 million in non-subscription revenue, only $200,000 came from the sale of deployment specific appliances primarily to governments and other regulated entities who must own all equipment in their data centers.

We sell appliances infrequently, but when we do, we recognize the full revenue and cost at sale. We don't sell hardware or peripherals that are not specifically required to deploy our software solutions.

36% of first half revenue was with a referral or reseller partner up slightly from our direct versus indirect revenue splits in the past periods.

In line with the policies, processes, and controls, we strengthened pre-IPO and continued to revolve to support our growth. We require resellers to have signed back-to-back end user contracts, reflecting the same products, start and end dates and other material terms. We do not allow sales into channel partners for inventory or speculative purposes.

We use a combination of methods to ensure the integrity of our channel sourced revenue, including pre-onboarding partner credit checks, pre-booking confirmation or attestation of signed back-to-back end customer contracts and post-sale confirmation of terms directly with samples to end customers. We focus on expanding constant currency ARR to drive top-line growth. By period end, we increased ARR to $556.6 million, up 36.6% from the prior year. Continued high ARR growth was underpinned by our multi-year contract model, which in this period muted the second quarter slowdown in net ARR added related to a slowdown in new customer signs.

In the half, we added net ARR of $71.7 million, up 7.3% from the $66.9 million added in the prior year period. However, growth slowed across the half, with expect -- with year-over-year growth of 13.4% in the first quarter, but only 3.9% in the second. We continue to expect a challenging economic environment and believe that new customer acquisitions may stay low or trend further downward at least through the end of our financial year. These expectations were reflected in the guidance updates we gave in our January Trading Update.

Our multi-year subscription-based contracts create significant RPO or contracted backlog, which at $1.1 billion was up 26.9% over the prior year. RPO amounts are fully committed, so not subject to any form of opt-out or cancellation for convenience. We no longer sign many contracts with cancellation rights, and those we do, are primarily with government entities that require non-appropriations clauses.

Both our ARR and RPO balances and their ultimate conversion to revenue continue to be pressured by comparatively strong U.S. dollar when converting Pound, Sterling, Euro and other invoice currencies to U.S. dollar revenue. However, unlike in the first quarter, when we caution the further erosion from rates at September levels could have a significant FY2023 revenue impact. Having the rate environment return to the range of our FY2023 constant currency rates has eased that pressure somewhat.

Growth in our ARR measures continue to be driven primarily by the addition of new customers. Year-over-year, we added 1,605 net new customers, a 24.4% year-over-year increase, reflecting slowness in our first half, with 741 net new customer adds. As we saw in second quarter, the current macroeconomic environment is a challenge to winning new customers, with prospects more reluctant to run product trials and in regions with historically higher conversion rates those rates declining slightly.

A year-over-year increase in average contract ARR of 9.8% across our customer base helped to partially offset the lower addition of ARR from new customers. Our focus on larger account and upsell opportunities drove a 17.7% period over period increase in average new contract ARR and the average ARR of existing customer contracts aged one year or more was up 12.4%.

Our focus on larger accounts in upsells also showed up in deepened product penetration. At period end, 47.5% of our customers had four or more of our products reflecting a period over period shift towards four plus products of 4.4 percentage points.

In late summer 2022, we launched the first two PREVENT products, bringing our products set to 12. While it's still too early for these products to have moved product penetration significantly, they should further support both upfront and upsell product penetration across our customer base.

We sell across a broad range of customers and contract sizes with a higher average new and existing contract values, our account distribution again shifted towards slightly larger accounts. For the first half, 52% of ARR came from the 16% of customers with ARR of more than a $100,000 compared with 47% of ARR from 14% of customers in the first half of the prior year.

By leveraging our multi-year investments in customer success, we've maintained relative stability in our ARR and customer bases despite the challenging economic environment. At 6.5%, one year gross ARR churn was up two-tenths of a percentage point over the prior December, but down one-tenth of a percentage point from March year-end.

While our ability to sell the same products to customers across all sizes and sectors, gives us a large addressable market and long sales runway. It does mean we have a higher proportion of smaller customers and therefore higher churn rates than many other security vendors. We believe that one year gross ARR churn in sixes is appropriate for the profile of our customer base.

Looking at churn over a period more closely reflecting our average contract term three-year gross ARR churn has been running in the low to mid-20% over the past 18-month post-COVID period. With relatively steady one year gross churn and a continued focus on upsell activities, we're reporting net ARR retention rates at 31st of December of 105.1% down just one-tenth of a percentage point from December 2021, and two-tenths of a percentage point from our June 2022 year-end.

Moving down the income statement, let's talk about cost trends and their impact on profitability. First half gross margin was 89.7% within our expected range and reflecting normal period-to-period variances. Our cost of sales is made up of four main components: direct labor costs for services provided to customers, hosting costs for cloud-based deployments, depreciation for appliances at on-prem deployments, and shipping and other direct costs, including the full cost of any appliances sold. The relative composition of our direct costs has changed significantly over the past few years, largely because of cloud replacing appliances in an increasing number of deployments. While we expect this shift to continue currently and likely for the near-term, you should expect 90% of our cost of sales to be split fairly evenly between labor, hosting, and appliance depreciation costs.

Within our operating cost categories, we look at our largest cost employment, both with and without share-based payments and related employer tax costs, in part because the tax component can be volatile and is out of our control. We also break out other key costs and large allocated cost categories so we can more readily assess whether our recurring cost movements are supporting our goals.

In the half, employment costs, excluding stock-based compensation and related taxes made up 62.6% of the total sales and marketing expense. Of the $22.3 million increase in employment costs, $6.3 million or 28.3% of the increase was from the first time inclusion of salaries, commissions, and other employment charges related to us now reflecting a portion of full-time equivalent headcount for the customer success team in sales and marketing.

Previously, all CS costs were in G&A as the role was non-commercial. However, at the start of this financial year, that team took on renewal and upsell responsibilities and accelerated hiring to accommodate their expanded role. To reflect this, we are now a portion both headcount and employment costs between sales and marketing and G&A.

Our other material sales and marketing costs is direct marketing spend. In dollar terms, this spend stayed relatively flat between periods, but declined to 6.9% of revenue from 9.5% in the prior year. This was driven by better analyzing the effectiveness of individual marketing activities to increase the efficiency of overall marketing spend.

R&D employment costs increased by 41.1%, primarily driven by a 36.4% increase in the average number of R&D employees, of this headcount increase 8.9 percentage points was directly attributable to the acquisition of Cybersprint in March 2022. The increase in employment costs also resulted from an increase in average salaries across the R&D team. This was driven by increases in both the number of senior roles and salaries for existing employees as we continue to expand our focus on fundamental research and new product development.

In the half, total G&A costs increased by 62.8% versus prior year period. The largest increase was employment costs, which grew by 53.3% despite the category only seeing an average headcount increase of 29.7%. This disproportionate increase was primarily the result of bonus costs increasing by $5.7 million between periods. The increase was driven by growth in CSM bonus costs as a part of their transition to dual support and commercial responsibilities. All other employment costs increased in line with headcount growth.

Professional, legal, and consulting fees also saw a large increase of $6.3 million between the periods. This was the result of consulting fees related to the ongoing deployment of a new ERP system and the expansion of Darktrace's recently established federal entity as well as to project specific legal costs. A third notable cost increase in the G&A category was in the bad debt provision, which though still small, increased by $1.1 million between periods. This is less a reflection of experience than it is our -- of our acknowledgement of the potential impact of ongoing macroeconomic uncertainty on our collections expectations.

Relative to the prior year period, share-based payment related tax charges almost doubled in the first half. The reason for this was that in the second half of FY2022, the Board of Directors modified the terms of certain employee equity grants made at IPO, and that modification increased the expense related to those grants by $6.1 million in the first half. As these IPO-related grants are now fully vested and have been converted to shares, additional modification costs will not carry-forward into the second half of FY2023. Further, shares issued alongside the March 2022 acquisition of Cybersprint created $3.2 million worth of charges in this first half that were not in the prior.

We've presented adjusting items broken out by cost category that we use to calculate our Alternative Performance Measures. I want to make sure you've noted the one change we've made to our definitions of adjusted EBIT and EBITDA, which is to add back certain non-recurring charges currently including only the impairment of right-of-use assets. We're adding this to our definitions now because in the first half, we impaired the lease value of our former London office by $1.1 million, as we continue attempting to dispose of that space. While the $1.1 million charge is not material or would not require separate reporting, we believe that there could be additional leases we might consider exiting over the next year or so. These would likely be longer-term higher value leases. So especially in the current economic environment, the impairment charges could be higher. Given this possibility and to ensure future period-to-period comparability, we've decided to begin breaking out and excluding those charges from our adjusted measures now.

Relative to the 2021 period, EBITDA increased by 9.1% to $36.1 million, and adjusted EBITDA increased by 32.8% to $59.7 million. At 23% first half 2023 suggested EBITDA margin was just a half percentage point lower than the same period of FY2022, despite relatively lower revenue growth in the FY2023 period.

When we first set FY2023 guidance, we tried to account for uncertainty in the broader economic environment. As we moved through the first half however, and particularly in the second quarter, it became clear that the impact on new customer acquisition was larger than expected.

Based on first half results, and our expectation that first half trends would continue, in our January Trading Update, we lowered FY2023 guidance for constant currency ARR and net ARR added as well as for revenue. However, because we continue to operate efficiently and despite expecting increasing levels of investment in technology and go-to-market in the second half, we raised our expectations for full-year adjusted EBITDA margin. For each of these measures and in the case of adjusted EBITDA, despite now expecting previously unanticipated one-time review, legal and communications costs, we're reiterating that guidance today.

The one change we're making to our expectations for FY2023 is around free cash flow. In the first half, there was a large vesting of employee equity grants made at the time of IPO. For Poppy and I, the company decided to net settle the related tax obligations rather than have us do open market sell to cover transactions with all of the related filings and questions. As part of the first half closed process, we re-class those amounts from finance into operating cash outflows. Based on our definition, this reduces our expectation for FY2023 free cash flow to 50% to 55% of adjusted EBITDA from 60% to 65% previously. The offset to this is an equal reduction in dilution as by net settling Darktrace issued fewer than the full number of shares related to these grants.

As a reminder, we were already expecting FY2023 free cash flow to be lower than usual because of the high tax payments associated with this entire IPO-related grant vesting. With these awards now fully vested and converted to shares, employer tax payment should normalize and we expect our annual free cash flow to back to its more typical 75% to 105% of adjusted EBITDA range beyond FY2023.

In summary, we're pleased to have delivered strong results in what continues to be a challenging global economic environment. Though new customer adds have clearly become more difficult, our ability to partially offset the impact with higher new and existing contract values is a win. Further, with our high cash balances and continuing cash generation, we don't have to stop investing in valuable product and go-to-market initiatives. These are the things that will allow us to emerge from the current economic environment even stronger and well-positioned to capitalize on what we still believe is a very large market opportunity.

And with that, I'm going to hand back to Poppy to talk about how we're building Darktrace for the future.

Thank you, Cathy.

So we've covered the first half of the year, and now I want to look ahead some of the things that we are excited about. I touched earlier on our Darktrace Cyber AI Loop, which represents a fundamental shift in cybersecurity and allows security teams to get out in front of attackers.

With the rollout of Darktrace PREVENT well underway, the next build in the loop will be the release of Darktrace HEAL. HEAL will ensure the organization is prepared for a cyber-incident and will adapt its capability when that incident occurs based on its understanding of the business. It will recover that business to a healthy state and then feedback information to strengthen the whole ecosystem. HEAL is on track to be launched this calendar year and is currently with early adopters. Initial feedback is positive and has confirmed to us that there is a lot of value in this often human intensive space. Together, Darktrace PREVENT, DETECT, RESPOND, and HEAL will reinforce each other continuously learning, adapting, and strengthening security across the entire digital ecosystem.

None of this would be possible without the people at Darktrace who are relentlessly committed to delivering new innovations for our customers and getting our technology into the hands of organizations every day. It hasn't gone unnoticed by us that we are talking on International Women's Day, and Cathy and I are proud to lead an organization that champions women in technology.

At Darktrace, our executive team is almost half women and we want to help ensure that our sector is accessible to all, which is why we have made a commitment to partner with two organizations which support underrepresented groups in the tech industry before June 2023. Internally, we have taken steps to ensure our recruitments and progression processes are as transparent and inclusive as possible. We are seeing the early signs of improved staff retention and we continue to attract top talent in the business.

Skills is another area of focus for us both within our business and at macro level. We've continued to rollout our coaching and leadership programs globally. Outside of Darktrace, we are exploring a partnership with the UK University and hope to soon be sponsoring a cohort of Ph.D. students every year.

Now, I'd like to cover some more operational updates before I wrap up. In February, I was delighted to have Denise Walter join the Darktrace executive team as Chief Revenue Officer. Denise brings over 25 years of experience to the role. She's responsible for all aspects of revenue generation globally, including new business growth and deepening Darktrace's relationships with existing customers around the world.

Darktrace will also be responsible for maturing Darktrace's sales force evolution strategy so that we're in the strongest position possible to go after the 150,000 companies out there that could benefit from our AI. This large addressable market is the primary driver of our revenue growth and will remain so in the coming years. The beauty of Darktrace's AI is that it can be applied to companies of almost all sizes across all sectors and geographies and is complementary to traditional cybersecurity solutions.

So to conclude, we've had a strong first half against a difficult macroeconomic backdrop. We have bought new innovations to our customers and closed our largest ever deal. We have moved at pace to deliver our ambitious technology vision of a Darktrace Cyber AI Loop and I'm hugely excited for the launch of HEAL.

Our R&D team is working on exciting projects, which we'll be talking about soon. We remain laser-focused on our mission to free the world from cyber disruption. This is becoming all the more important as we enter this new era of Generative AI. We have a huge market opportunity ahead of us and we are going after it.

With that, I'll pass back to Luk, who will open up the floor for questions.

Thank you to Poppy, Cathy and Max for that presentation. We're now ready to take questions. Thank you to our coverage analysts who have already submitted questions in the chat function and I encourage others to do so now.

Our first question comes from Charlie Brennan at Jefferies. And his question is, it's great to see you delivering on the product roadmap with PREVENT and HEAL. In the prepared remarks, Poppy referred to new product launches coming. Should we assume these are within the four families of PREVENT, DETECT, RESPOND and HEAL, or are we getting closer to a fifth product category or even products beyond cyber. Poppy, could you comment on that for us, please?

Yes, of course, and thank you very much Charlie for the question.

Just as a reminder for those of you that are new to the Darktrace story, at the IPO, which obviously now nearly two years ago, we had what we referred to as two product with the families in terms of DETECT and then also RESPOND. Now at the time of the IPO, we wanted to give our investors a look into that future product roadmap. And so we talked about the fact that we were intending to launch onto family of products called PREVENT, which we wanted to bring out to early adopt customers in 2021, with the full launch in 2022. And that HEAL family of products was going to follow a similar cadence but starting during 2023.

We have done exactly that. So we delivered PREVENT on time and on budget and it represents a good part of our upsell and go-to-market motion during the second half of this year. HEAL that went to earlier adopter customers around Christmas time and the feedback has been very good. Now, what I can't be more specific about upcoming product releases, would do like to keep some sort of product surprises available to you. I will say that the R&D team have been working very, very hard. So yes, there are absolutely new products coming. I think it's appropriate to think about those sort of four families of products that we laid out at the IPO. So now don't think of them single products. They are very much families of products that exist under that umbrella and we look forward to updating you in due course about what the R&D team have been up to since then.

Thanks for that, Poppy. Charlie's follow-up question was the proportion of ARR from large customers has ticked higher. That's presumably a function of SMEs being more hesitant in the growth in new contract ARR, however, it looks like Denise comes more from an enterprise software background. So looking forward, do you think it's likely that this trend of large customers continues? And I know you don't guide on net dollar retention, but is this theoretically positive for NRR development? Cathy, can you take that one for us?

Of course, and thanks for the question, Charlie.

I would say that the uptick is more from a continuing focus that we have on larger opportunities as well as working to upsell our existing customers than it is from SMEs being more hesitant. I think that's a factor we will see, but it's probably recent enough that it hasn't been an impact to-date.

But with Denise coming from that background, it helps us build on the fact that we have been looking to expand our capabilities in larger accounts. So I would expect that you should look to see that continue.

When you look into net dollar retention from that, it has always been our intention to move that net dollar retention number up over time. So yes, well, I think there may be some flattening and less movement in the short run given the macroeconomic environment and any potential impact on churn at the smaller end of our customer base, we do and I would think that there is the potential for NRR development over more medium-term.

Thank you, Cathy. Our next question comes from Will Wallis at Numis. He asks, your ARR added guidance of minus 2% to plus 6% for the full-year implies minus 10% to plus 5% for the second half. When modeling for Q3 and Q4, should we expect any particular skew in ARR added year-on-year growth between the two quarters? Cathy, if you can take that one?

Certainly. Well, we have not modeled any skew in our various scenarios that we run and continue to run and that we ran for guidance. But I think that begs the question or the point that I would like to make that is our expectation is when you move beyond the second half and into FY2024 that we'd like to have you think more about skew on ARR added and margins and other things like that as not coming off of the second half, but coming off of the full-year as opposed to the second half of FY2023.

Thanks, Cathy. And Will Wallis had a follow-up question, which is also for you actually, can you update us on the likely stock-based charge we should expect in the second half of 2023 and beyond? And what level of annual equity dilution due to stock-based comp should we be expecting over the medium-term?

Sure. So there is an unusual level of stock-based compensation related charges in this first half. And that comes from something that we have been talking about over the past year, which is a group of grants that were made at the time of the IPO vested in this first half. So what we would say is that, what you need to do to look at this is to remove that from the baseline that is not the size of grant or the compactness. So many people and grants at the same time is unlikely to occur again or any time in the near future. So if you remove that to get a baseline, then think about dilution in terms of what we've said before, which is probably 1% to 1.5% per year. Of course, the value of that is going to be dependent on where the -- what price the shares are issued.

But the other piece that I would remind you of is typically we vest our equity grants over three years. So if you think about 1% to 1.5% annual dilution with the cost or expense related to that being spread over a three-year period of time, I think you'll come to the right numbers.

Thank you. Our next question comes from George Webb from Morgan Stanley. With a keen eye on costs in 2023, as you navigate the demand environment, do you foresee some element of cost investment catch-up in FY2024 if the demand environment strengthens i.e. a further year of flatter margin development?

So, no, we actually don't. We're talking about starting or accelerating, we've been investing all along and we're in the fortunate position that we have significant cash balances and we're cash generative and we have positive adjusted EBITDA margins. So we are continuing on the path of accelerating our investment just as we have been doing after that -- just as we have been doing on an ongoing basis. The way we've been doing this in order to keep our sort of cash generation in level of profitability is that frankly more than a year ago when we saw the first hints of economic issues largely coming out in terms of foreign exchange rate volatility, we started tamping down on discretionary spend, so that we could continue to invest in the things that are going to drive our business going forward. So I don't see us having an inflection point or any form of catch-up here. We are just going to continue to invest as we have, have always done, and to make sure that we are running our business efficiently in order to be able to do so.

Thanks, Cathy. And his follow-up question, the second half implied guidance on constant currency ARR added was relatively wide implying down low-single-digit up mid-single-digit. Can you give any color on where within that implied guide you are trending?

So I don't think at this point in the second half, we're willing to give any sort of crystal ball moment here, mine happens to be in the shop at the moment. However, what we can say is that January and February came in pretty much within our expectations. And in this environment, not having downside surprises is a very comforting place to be.

Thank you. Our next question comes from Rob Owens at Piper Sandler, who asks public sector opportunity with the new head of federal in the seat now for a few months, clearly lots of directives and spending intentions. What are your expectations for how this ramps? Poppy, can you take that, please?

Yes, of course. And I think I see a huge opportunity, I think within U.S. Federal, which is why we've been making the investments that we have. It's a large market and it's only getting bigger as we see sort of big initiatives coming out of the U.S. to really encourage and better cybersecurity posture against public and private companies.

We invested in that probably at the start of this fiscal year, and we have been building out the team there, but I warn you that this isn't a quick exercise. A lot of these processes do take a significant amount of time and a big part of that is getting FedRAMP. FedRAMP is very much underway is on schedule. It is some, an opportunity that we want to be able to tap into by caution you that this isn't going to be something that moves quickly.

Great. Thank you very much. We've had a number of questions about Generative AI. Max, why don't you take this? Generative AI gives factors an ability to scale and improve the quality of attack, especially phishing. Can you comment on this as a driver for the severity and volume of attacks?

Absolutely. It's a great question and we completely agree that recent innovations that we've seen like ChatGPT, but also DALL·E 2 or deep fake videos or voice fakes are hitting the mainstream. And we absolutely have to assume that attackers are picking up these things, playing around with it and trying to increase their own return on invest.

The impact is not going to be a big bang. It's going to be adopted by attackers left, right, and center. And we have looked very carefully across our large base of e-mail customers to see if we find any indications of that. And we've seen some interesting data points where there's correlation between a slide shift and attacker techniques leaning more on sophistication and e-mails and linguistic complexity instead of using more traditional approaches of using malicious attachments and links.

The bad news is that it is almost indistinguishable for the human to detect any type of Generative AI generated social engineering in written forms like over traditional fishing in e-mail. Well, the good news, however, is for Darktrace that is not a problem at all. We've been doing research into offensive AI as we call it, and how machine learning can and were used by attackers for over a decade now almost.

So we are set up to deal exactly with this whatever the attack is going to look like, new phishing scams, Generative AI, chat bots, new methods by attackers, Darktrace doesn't care. We learn you an external large language model might know a lot about you can write very bespoke attacks, but the AI learning you from the inside out across all of your data will always know you better and will be able to protect you against these types of attacks.

Thanks for that Max. Poppy, we are getting a number of questions about the appointment of Ernst & Young, the review they're doing and the timing and scope of their work. Could you please comment on that for us?

Look, QCM have made some very serious allegations about our business, and on the 1st of February, the management and our Board refuted any unfounded inferences about the business and we pushed back in the strongest of terms. I want to reiterate that Darktrace is a business that is run with the greatest integrity. And whilst we recognize that management and the Board, of course, standing together on this external stakeholders have been clear that they would value an external opinion.

So on the 20th of February, we announced that we'd appointed Ernst & Young to provide an additional independent third-party review of all of those key financial processes and controls as we laid out in the statement that we made by management on the 1st of February. When we appointed them, we were clear that they would not be in a position to provide the update to us by today, by the interim results. Ernst & Young was clear to us about exactly what their review would entail, and we are giving them the scope and the time to be able to complete their work thoroughly. When that review is complete, they will report directly to the Chair of Audit and Risk Committee who is Mr. Paul Harrison.

Thanks, Poppy, because that covers a number of the questions I'm getting on timing and scope, so that's very useful. Our next question comes from Patrick O'Donnell at Goodbody, who asks, can you give some further color on where you are feeling the headwinds most acutely both by geography or by sector? And how are you positioned to counter these trends? Is it, for example, possible to offer better pricing options for smaller customers who are feeling the macro effects more acutely and especially interested in the longer-term trends to specifically counter new customer slowdown outside of the ARR growth in existing customers and the enterprise focus? Cathy, can you give us some thoughts on that?

Certainly. Patrick, it is really evident that it is not a by geography issue. It is global across our regions. It is however a size issue. It is clear that smaller companies particularly who are more hesitant to trial the product at this point. And it's understandable if you're getting pressure to cut your budgets, trialing something that you may want but is you're not going to be able to buy is something you may not spend time on. So definitely it is a piece of the impact is really customer size.

From a countering the trends, I think we continue to look at obviously larger opportunities. We are also looking at opportunities in places where we think there are fewer of those problems. One of the things that has been talked about is the amount of government regulation that is being put towards particularly critical infrastructure and in areas like critical infrastructure, we certainly are devoting resources to those so that we can capitalize on what we know is required spend.

We are planning to leverage all of those things to counter a slowdown more generalized slowdown at the smaller end of the customer base. But to be clear, we believe that this is a macroeconomic trend that will reverse when the economy begin -- economic situation begins to reverse as well. So we are not thinking in any way that a slowdown in adding new customers is a permanent or long-term trend.

Thanks, Cathy. And Patrick O'Donnell had a follow-up question, which is around the Darktrace HEAL product. How quickly do you see HEAL contributing pre-launch? Do you see this being a strong add-on to existing customer bundles and what's the initial feedback? In fact, what is out already that might compete with HEAL? Max, can you talk a bit about that for us?

Sure. Thank you for the question. Let me first reiterate what Poppy said earlier to remind everybody. HEAL will be looking at the late stages of an attack, what's typically the incident response or incident and readiness process. That is a very human intense process at the moment that is ripe for automation.

We think with our self-learning AI, we can have a real impact on this and use our AI to drive change in this area and augment the human teams. HEAL would build on that understanding of self by knowing every single data point about you and what the regular state of your business looks like, the known healthy state will be in a very strong position to get you back on the previous state of known good. And of course, there will be interactions with DETECT and RESPOND and also with PREVENT that's a very idea of the loop one plus one equals three. It's all about the synergies, not looking at these things in isolation.

HEAL has been wrote out to early adopters. We've delivered this as we promised, and I can tell you this far, it's been getting glowing feedback. It's a very thorough process for us, but we go in various iterations with the early adopters, get their feedback, work through the product with them, see where they see the value, and we'll communicate more when the time comes and we are ready for it.

Thanks, Max. And whilst we're on the topic of new products, we have a question now from Victor Chan from Bank of America, who asks, with more new products in the pipe, can you give us some clues in which sub-segment it might be? Will it be in-house R&D or through more tuck-in acquisitions? And secondly, can you help us understand at exactly which market HEAL operates in and who you see as competitors. But I think Max covered that second part. Maybe Poppy, you can cover the first part.

Yes, of course. I mean, I think in terms of will it be in-house R&D or through tuck-in acquisitions, I think a lot of our product set has -- we've done both in the past, so think about e-mail. When we brought our DETECT and RESPOND capabilities into the e-mail environment, we very quickly brought -- built one of the largest e-mail defense capabilities in the world. That has got one of the highest ratings on Gartner that we're incredibly proud of. And we are hugely ambitious to be able to continue our ability to bring that technology to a wide range of digital environments. And so I think you can expect to see that sort of real broadening of where we deploy technology as well as those four capabilities that we've talked about within that Cyber AI Loop in terms of PROTECT, DETECT, RESPOND, and HEAL, which Max has just been talking about.

Whenever we are thinking about this product roadmap, we always think which is the best way to be able to deliver this at this pace that we want to and whether that's through sort of organic R&D or through acquisitions such as we when we acquired Cybersprint. But for the time being, I think we're very content with the path that we're on and we're satisfied that we are going to be able to meet all of the R&D expectations that we're expecting with the team that we have available to us.

Great. Thank you, Poppy. Our next question comes from Patrick Basiewicz from finnCap, who asks, the deferred revenues being low this half at around 3% of revenues. Can you give us some indication what's driving this figure? Is it just timing in invoicing and payments and likely to reverse in age two or are there other factors at play? Cathy, that's for you, please.

Certainly. Patrick, typically we would see this -- the December balance sheet as having a seasonally low -- seasonally lower deferred revenue than in other periods. And this does indeed, as you suggest, have to do with the timing of invoicing -- largely invoicing of renewals. So yes, you will see some reversal in the second half. However, that's particularly amplified in this period because as we've been talking about the lower new customer adds and therefore lower net new ARR added, particularly driven by new customers with that down you're going to have lower invoicing and that is a sort of compounding factor in this period.

Thank you for that, Cathy. Our next question comes from Alex Henderson at Needham, who asks, I'd love a bit more info on how your pipeline is behaving and in -- and if you're seeing much additional pressure should we see on new customers. And then, secondly, can you quantify the new products as a group growth rate and size? Who would like to take that one?

Should I make a start there? So in terms of that product pipeline, obviously it's a growing organization. We are at any given time, we are in the joyous position as having a record pipeline available to us, as you would expect for an organization that's growing at the size that we are.

In terms of where I see the opportunity ahead of us, Cathy's talked about the fact that the smaller side of the organization, we perhaps anticipate to feel the sort of economic pressures more so than the large and being able to explore those large customers in that strategic business is a really exciting opportunity for us.

But then let's not understate the fact that we have over the last year brought out an entire new product family with PREVENT, and we are seeing really high-levels of engagement across our customer base, but not just our customer base across new prospects as well. And I've been really pleased with the fact that we've been able to drive up the average amount of ARR that we are generating from that customer base.

I've talked about the fact we've got a whole other collection of new products coming up in the pipeline ahead of us, so I'm really excited about those. But I'm conscious that already with the breadth of products that we have, we've still got a big opportunity both in upsells and new business across that sort of medium and large customer base ahead of us.

Thank you very much, Poppy. Our next question comes from Ben May at Berenberg. The first question is for you, Max. Salesforce and Microsoft, they're both announced in recent weeks that they'll be integrating more AI functionality into many of their price. How do you envisage Darktrace's AI integrating with other core applications of AI? Will there be a clash of any sort in detecting attacks? Over to you, Max.

Great. Thank you. We don't see any clashes at all. Let's remind ourselves that the majority approach in the industry with existing AI and upcoming AI is focused on what's called supervised machine learning. It's learning the breach, not the business. So the other players are looking at historic attack trends. They're looking to understand and dissect attacker behavior, attacks they've seen in their customer base and learn and look for similar things looking forward. And that's great. That's a needed approach. That's been the next iteration of the traditional approach, and it's good to see those things progress, but that's vastly different to what we do, right?

We learn the business. We understand from the ground-up every single data point, and nobody knows the business better in the cybersecurity area than we do. So we can find the things you cannot predefine, you cannot learn from the past, the novel attacks, the insider threats, the new AI driven attacks, the supply chain attacks, the targeted ransomware, the zero day exploits. So it's an absolutely complementary approach, and actually we're working very closely with many of the other big players out there to make sure our customers have the best defense from the existing stack, but also from the novel approach that we champion.

Thank you, Max. And Ben May's second question is to you Poppy. What are you most excited about with regard to your new CRO hire?

Goodness, me. How long have we got? I think I'm really -- I'm genuinely really excited. I think Denise is one of those fantastic and rare people that has seen organization at phenomenal scale, but is still at a point where she's able to sort of roll up her sleeves, get stuck in and get involved with the business the scale that we are as well. So I'm really excited about going through to the $1 billion, $2 billion of ARR ahead of her with Denise.

I'm also conscious as well that Denise is very much an add. So this CRO appointment is something that is additional to the executive team. It's not about replacing; it's not about changing that sales structure that we have today. It's really about layering on top and building those additional capabilities.

We talked about the facts that we have and segmented our sales force in terms of thinking about which size of organization that they are selling into, and she's really going to be building on that segmentation as well as thinking about the opportunities ahead of us, both in terms of sort of upsells as well as the U.S. market, as well as the strategic customers that she has got extensive experience in. So very excited about working alongside her from all of those areas.

Thanks for that, Poppy, and it was great to have Denise here last week with all of us and get to spend time with us, so that's brilliant. So I think we share your enthusiasm. And finally, Ben has a question for you, Cathy, within the different cost line items, where do you see the greatest need for additional investment? And importantly, has your long-term guidance for mid-20s adjusted EBIT margin changed as you think about this investment?

Ben, I think that the investment areas are the same investment areas we've been talking about, for a long time, we've been talking about investing and continuing to even drive up the percentage of revenue that we spend on R&D, and that certainly remains our intention.

More recently, we've been talking about investment in the go-to-market strategy, which Poppy just discussed with regard to Denise and investing in Denise's plans and her capabilities and the people that she will bring with her, along that journey is probably the next biggest place that we will start investing and is the biggest change for us from a step function standpoint.

I'll use that as an opportunity to remind you that while you think about margins, please think about moving out of this year on the full-year margins that we'll be presenting not on second half. We think that's a much more realistic place to be.

Relative to our IPO, however, we're a lot closer to our steady state margins than anyone thought we were going to be a year-and-a-half, almost two years into that. And we have not changed our expectations for long-term steady state at all.

Great. Thank you, team, and thank you to everyone for joining us this afternoon. That concludes our first half 2023 earnings call. If anyone has a follow-up question, feel free to get in touch with the IR team on luk.janssens@darktrace.com.

Thank you all for your time and interest.