Magnet Forensics Inc

TSX:MAGT

Good morning, ladies and gentlemen, thank you for standing by. Welcome to the Magnet Forensics 2022 First Quarter Results Conference Call. [Operator Instructions] Listeners are reminded the portions of today's discussion contain forward-looking information. In some cases, forward-looking information can be identified by the use of forward-looking terminology such as plan, target, expect, estimate, forecast, strategy, intend, believes or variations of such words and phrases. In addition, any statements that refers to expectations, inventions, projections or other characterizations of future events or consensus contain forward-looking information. Statements containing forward-looking information are not a source of facts but instead represent management's current expectations, estimates and instructions regarding future events or consensus. Any such statements are subject to risk and uncertainties that could cause actual results to differ materially than those projected in the forward-looking information. For more information on the company's risk and uncertainties related to the forward-looking information, please refer to the factors described in the summary of factors affecting our fulfillment section of the company's MD&A for the 3 months ended March 31, 2022. And the risk factors section of the company's annual information form dated March 9, 2022, posted on SEDAR. Although the company has attempted to identify important risk factors that could cause actual results to differ materially from those contained in forward-looking information, there remain the other risk factors are not presently known to the company or that the company present presently believes are not material, but could also cause actual results or future events to differ materially from those expressed in such forward-looking information. No forward-looking statement is a guarantee of future results. Accordingly, you should not place undue reliance on forward-looking information, which speaks only as of the date be met. The forward-looking information referenced in today's discussion represents the company's expectation as of the date hereof and is subject to change after such day without obligation to update any forward-looking information. Except as required under applicable securities laws, the company reports its financial results under IFRS and all values are U.S. dollars unless stated otherwise. This morning's call is being recorded on Thursday, May 5, 2022, at 8:00 a.m. Eastern Time. I would now like to turn the call over to Adam Belsher, Chief Executive Officer of Magnet Forensics. Please go ahead, sir.

Good morning, and thank you for joining us today. With me today is Peter Vreeswyk, our CFO. This morning, we released our 2022 first quarter results, which you can find on our website at magnetforensics.com. We had a great start to 2022. Q1 revenue was $19.8 million, up 35% from the same period last year. ARR was up 49% to $66 million at the end of Q1 compared to the same point last year. ARR is an important metric that we monitor to evaluate how the company is performing. Customers that use our technology like it. Our net revenue retention was 136% in 2021. This demonstrates our ability to expand and grow with the customer once we land them. This level of retention underpins the consistency and predictability of our recurring revenue-based business model and we continue to enhance our capabilities and solutions. This morning, we announced the acquisition of strategic IP assets from Comae Technologies, a cybersecurity firm headquartered in the UAE that specializes in incident response and memory analysis. This tuck-in acquisition will accelerate the development of our memory analysis capabilities. Comae's IP and team provides us with the capabilities to recover strategic evidence to understand what happened on a device before the incident occurred. This acquisition will have value for both our public and private sector customers. We will look to accelerate the development and commercialization of Comae's platform and integrate the capabilities into our other solutions. The markets we address are growing with multiple significant tailwinds supporting continued investment in digital investigation technologies like ours. Digital evidence is everywhere, and it's growing exponentially. More than 90% of criminal cases involve digital evidence. We each, on average, create 1.7 megabytes of data per second, and it's growing. In 2021, there were approximately 850,000 complaints from the public with estimated losses of more than 6.9 billion according to the Internet crime report published by the FBI. Ransomware, business e-mail compromise and the criminal use of cryptocurrency are among the top incidences reported. As the level of awareness for cybercrime increases, the funding environment for law enforcement agencies is improving. In the U.S. for instance, the 2023 budget committed $30 billion in mandatory resources to support law enforcement, crime prevention and community violence intervention. It also committed an additional $3.2 billion to state and local government to hire more police officers. This funding is in addition to the $350 billion allocated to state and local governments as part of the 2021 American rescue plan that can be used to support new public safety approaches over a 3-year period. So there is more funding flowing into public safety organizations with a focus on cybercrime. That's a great start. But one of the biggest challenges facing agencies is talent retention and recruitment. Law enforcement agencies reported an 18% increase in resignations and a 45% increase in retirements compared to the previous year according to the 2021 survey by the Police Executive Research Forum. The public sector is faced with investigating more frequent incidence of cybercrime with more funding, but less people to do the actual investigative work. A backlog of case work is building. A freedom of information request in the U.K. found that more than 21,000 digital devices were waiting for examination across 45 police forces. These devices include mobile phones, tablets and computers, each could be an integral to an investigation and the pursuit of Justice. We've designed and expanded our Magnet Digital Investigation Suite or MDIS offering to address this growing global challenge. Magnet AUTOMATE uses automation to keep the processing of digital evidence running 24/7 by 365 without human intervention. The sheer volume of data and evidence continues to be a primary driver for our AUTOMATE product, specifically when it comes to investigations with large volumes of digital evidence such as child exploitation cases. Magnet sales team is seeing increased interest in AUTOMATE within our existing AXIOM account base as a natural extension that can drive efficiencies and improve outcomes. Strong interest is coming out of Europe, including Germany, and a new account win in Northern England at a police service in a major urban center. These opportunities are coming to light because of the growing need to reduce the backlog of cases and improve case closure rates. In another instance, a national agency in Europe is looking to enhance police capabilities and deliver innovation to address the increasing volume of digital evidence. Their focus is on the end-to-end workflows, victims and stronger collaboration between the digital forensics lab and the investigating officers right through to the prosecution service. This is exactly what AXIOM and to a greater extent, Magnet REVIEW solved for. We have designed our platform to be the hub for the digital investigation. It is part of the digital evidence solution along every step of the case. Our platform has the sophistication and power required by the highest caliber technical user. It's also purpose-built to be intuitive, so technical users like case officers, investigators and prosecutors can collaborate, review digital evidence and advance case work efficiently, securely and in a manner that preserves the chain of evidence. Last month, we were recognized by IDC MarketScape and named as a leader for Worldwide Digital Forensics in Public Safety. And our platform is winning over customers. We won a new North American federal level agency that specializes in training. Our core AXIOM offering will be used as a centerpiece of their digital forensics curriculum to support education across multiple federal agencies. In Asia Pacific, 2 national law enforcement agencies acquired AXIOM Cyber to improve their capabilities to conduct remote and mobile investigations. In another instance, we expanded our offering with an existing public sector account in Asia Pacific that added more licenses of DVR Examiner to expand their investigative capabilities for video. In the enterprise market, the rise of cybercrime and insider threats continues and the importance of safeguarding corporate assets and managing risk is an organizational priority. It is estimated that an organization suffered a ransomware attack every 11 seconds in 2021 according to cybersecurity ventures. By 2031, they expect a new attack every 2 seconds. The average cost of a data breach is now estimated at $4.2 million according to IBM and the Ponemon Institute. The average cost of a ransomware attack is even higher than a data breach reaching $4.6 million per incident. Enterprises are also faced with a growing risk level within their organizations from malicious insiders. 57% of respondents surveyed by cybersecurity insiders say that insider attacks became more frequent in 2021. What's worse, 63% of organizations surveyed said they couldn't effectively monitor, detect and respond to insider threats. The organizations with the largest cybersecurity budget still get hacked. There is no such thing as 100% breach prevention. The market leader in endpoint detection and prevention has only achieved an 85% prevention rate on external attacks, and they do not address insider threats. In the face of these challenges, enterprises are increasingly taking an assume-you-have-been-breached posture. This has led more and more enterprises to focus on cyber resilience and building out their digital forensics and incident response capabilities. This plays directly into our product offerings. Our technology helps analysts understand what happened, how it happened and how to get better. We recently launched Magnet IGNITE, a cloud-based triage solution that enables businesses to perform rapid remote scans of target computers to uncover potential malicious activity. This triage approach to the market is a greenfield opportunity that expands our addressable market. Magnet IGNITE offers internal incident response teams and external service providers and initial compromise assessment that will guide the next steps of their investigation. The conventional approach is a full digital forensic analysis after an incident has occurred. That standard approach can take dozens or even hundreds of hours to complete on multiple endpoints. Security teams can't afford to waste time and resources on multiple endpoints that haven't been impacted by an attack. By quickly gathering intelligence and assessing a potential compromise or an insider's exfiltration of intellectual property, Magnet IGNITE helps enterprises understand where and when they need to deploy full forensic analysis rather than attempting a broad application across thousands of endpoints that pose little to no threat. Earlier this quarter, we announced the launch of Magnet AUTOMATE Enterprise. Designed for the private sector, this offering synchronizes detection and incident response solutions to immediately trigger investigations, automates basic and repetitive tasks, and enables analysts to simultaneously recover and process evidence from multiple endpoints, and perform targeted collections. It's an approach that reduces the time enterprises need to respond and recover from cybersecurity incidents. Private enterprises are not only under increased threat of cyberattacks and data breaches, but policymakers are calling for increased accountability and transparency. To strengthen the financial market's resilience to online attacks, the SEC is considering mandating that public companies disclose data breaches within 4 days of an incident. The U.S. cybersecurity and infrastructure agency requires notice of a data breach within 72 hours for companies operating critical infrastructure, such as power plants, water systems, pipelines, financial services, health care facilities and emergency services. In the event it's a ransomware attack, the notice must be given within 24 hours. In India, the response time is even shorter. The India Computer Emergency Response Team just announced it requires notifications within 6 hours of an incident. They're implementing that deadline within the next 60 days. As you can see, we address a market that is rapidly evolving with increased threat levels and higher scrutiny on boards, executives and security managers in the enterprise. We believe there's a tremendous opportunity to grow within both the public and private sector. We have a strong pipeline of potential customers and existing customers that we are engaged with on new modules or licenses. We won several new Fortune 500 companies during the quarter. These wins include a global pharmaceutical company based in Europe. They're using AXIOM Cyber to confront cyberattacks across one of their major divisions. A recognized global hardware technology player out of the U.S. that acquired AXIOM Cyber, they are a global organization with approximately 40,000 employees. They are using AXIOM Cyber to support a new arm of the business. AXIOM Cyber assists with a new forward way of thinking to execute ad hoc remote collections. AXIOM Cyber is used throughout the SOC and the incident response teams. Our strength in both the public and private sector addressable markets was illuminated last month when we held our annual customer summit. This is a seminal event for us every year. We split the event into 2 parts. We returned to an in-person stage in Nashville, Tennessee early in April and then held a series of virtual sessions through the back half of the month. We were very pleased with the engagement that it had over 4,000 attendees across the in-person and virtual sessions. It's an opportunity for existing customers and strategic prospects to come together and share their experiences and learn about the exciting new innovations we're bringing to market. At the summit, we launched major new versions of AXIOM and AXIOM Cyber. We highlighted our innovations across the Magnet Digital Investigation Suite, including upgrades of Magnet AUTOMATE and Magnet ATLAS, and a major new upcoming release of Magnet REVIEW. The upgrades to AXIOM Cyber are driving conversions from AXIOM. The new AXIOM Cyber upgrades allow investigators to target multiple endpoints for analysis and consolidate the evidence into one case file as well as detect and classify malware to rules-based matching. The investigators benefit from the improved functionality and greater efficiency in the face of increasing complex threat landscape. We bring a compelling value proposition to a large and growing market. We continue to attract new customers, expand with existing customers and introduce new innovations into the market. With that, I'll turn it over to Peter to outline the financial impact it's having on our business.

Thank you, Adam, and good morning, everyone. Total revenue was $19.8 million in Q1, an increase of $5.1 million or 35% compared to the same period in 2021. Our continued strong performance was a result of our land and expand strategy, where we acquire new accounts and expand within our customer base. Revenue for the period was comprised of the following: Software license revenue of $5.1 million, an increase of $800,000 or 19%; software maintenance and support revenue of $12.6 million, an increase of $3.8 million or 44%; and professional services revenue of $2.1 million, an increase of $500,000 or 30%, each compared to the same period in 2021. Total recurring revenue was $17.3 million in the quarter, representing 87% of total revenue. This is an increase from 81% in the same quarter in 2021. The growth in recurring revenue is in line with our expectations as we see more customers adopt term licenses of our products. On a quarterly basis, the percentage of recurring revenue can fluctuate depending on the mix of term versus perpetual licensing that is sold in the period. Adjusted EBITDA was $2.4 million in Q1, a decrease of $2.4 million compared to the same period in 2021. This change is primarily due to increased investments that we made in sales and marketing, and research and development in the back half of last year and in Q1 of this year. Our adjusted EBITDA margin profile was 12% in Q1 compared to 33% in the same period in 2021. The 2021 margin was bolstered by reduced expenses due to limitations on travel and in-person marketing programs as a result of COVID-19 restrictions. Moving on to cash flow. We have demonstrated a track record of positive cash flows on an annual basis, which has been a key factor in our growth. Cash flow varies quarter-to-quarter based on timing of payments, receipt of accounts receivable as well as the impact of certain large transactions. Cash flows from operations were $1.6 million in Q1, an improvement of $5.6 million compared to cash used in operations of $4 million in the same period in 2020. The change was primarily due to income tax payments of $5.1 million in the prior period relating to fiscal 2020. On an annual basis, we expect to continue to generate positive cash flows from operations. This demonstrates our ability to both invest ahead for future growth and still demonstrate meaningful profitability. As of March 31, 2022, cash and cash equivalents stood at $117.1 million compared to $118.1 million at the end of fiscal 2021. We are reiterating our outlook for fiscal 2022 with this morning's announcement. We expect revenue for fiscal 2022 to be in a range of $91.5 million to $93.5 million, which represents growth of approximately 30% to 33%. We expect our seasonality for 2022 to be generally similar to what we saw in 2021, namely our strong quarters are Q3 and Q4. Q4, as it's the year-end for public agencies in Europe as well as the year-end for many private enterprises, and Q3 in large part due to it being the fiscal calendar in many North American public sector organizations. We expect adjusted EBITDA for fiscal 2022 to be in a range of $13 million to $15 million, which represents a margin of 14% to 16% for the year. This is a more normalized range for the business based on our expectation that some of the cost savings experienced during the pandemic will no longer persist in 2022. Based on our ability to continue to fuel top line growth, we believe a mid-teens EBITDA profile represents an appropriate balance between revenue growth and further investment in the business, together with a continued focus on unit economics to ensure we're growing in a sustainable fashion. Thank you again to everyone for participating in today's call. And with that, I'll pass it back to Adam.

Thanks, Peter. The cybersecurity market is fast growing and evolving. We believe the role we play as important as cybercrimes and other digitally-enabled crimes, coupled with the shortage of talent, continues to grow at unprecedented rates. We are passionate about assisting public safety agencies in the pursuit of justice and the support of victims. Equally important is our work supporting private enterprises to safeguard their corporate assets and reduce organizational risk. We appreciate the trust that shareholders have shown in us, and I look forward to updating you further on our progress during our Q2 call in August. With that, I'll turn it back to the operator to open up the call for questions. Thank you.

[Operator Instructions] Your first question comes from the line of Doug Taylor with Canaccord.

A number of product announcement recently around your user conference. They contain a lot of features, seem targeted for the enterprise, including the Magnet IGNITE product. Can you speak more broadly to the uptake and the mix shift you're seeing in the relative growth rates within your enterprise customer base versus the public sector clients?

Yes. I mean, the real key product for us today in terms of revenue contribution is AXIOM Cyber. And we see that product is really the wedge into these large enterprises. So it's a product that we win new logos with, and certainly, we're seeing great adoption of that product. But that's not the end for us in terms of how we think about the enterprise. So what we have been doing kind of on the back of AXIOM Cyber as the initial entry into the enterprise is introduce new solutions. So AUTOMATE Enterprise, which we announced fairly recently as well is, again, another product to impact the enterprise and make it easier for them to respond to cyber-attacks or insider type of incidents. So we're doing more and more with AUTOMATE enterprise. And then we -- to your point, we recently announced Magnet IGNITE, and that for us is a total greenfield opportunity because it really plays between the digital forensic kind of deep dive investigation and then the endpoint detection solutions that have a lot of different types of alerts. So that's really focused on how do they -- how do you determine which computers have been compromised quickly. As you can imagine, when there is some kind of incident, the response time and understanding the impact is really critical and to be able to do that in an efficient manner. So, yes, we're doing much more focused products around the enterprise, and we see that obviously as a big growth sector for us.

And so not having the percentage of revenue from either side, but should we look at the higher mix of term versus perpetual that was evident this quarter as suggesting that enterprise versus public sector, given their preference for the type -- the method which they buy the software. Is that evidence of that trend?

Yes. I would say we're definitely seeing -- I mean for enterprise customers, the way that they consume our products is term, and we're seeing a good uptake in that. But more and more for public safety customers, they're more accustomed to buying term licenses. So a high percentage of new licenses in public safety or term as well as the team has done a good job converting perpetual license within the public safety market to term. So it's really a function of both of those moving more to term, Doug, in terms of the growth we're seeing around term licensing and ARR.

Okay. One last question for Peter perhaps. I noticed that you provided some additional granularity breaking out the contributors to the support maintenance line. Is that an attempt to highlight any difference in the behavior of those 2 different subsegments? Or is there any other -- anything you can provide about the rationale for giving us that?

Yes. There was nothing significant there. It was more just to align the disclosure on maintenance and support with what we were showing on the license revenue side. And we thought it was important that for people looking at our business, if we're showing licensing for both term and perpetual that we show the relative contribution on the maintenance and support as well and how much of that is coming from term licensing and how much of that is coming from the perpetual model. So that was effectively just more clarity on the contribution.

Your next question comes from the line of Thanos Moschopoulos with BMO Capital Markets.

Adam, you provided the long list of demand tailwinds. So just to be explicitly clear, I gather you're not seeing any signs of a macro slowdown at this point, be it due to Ukraine or rising interest rates or any other factors?

Yes, that's correct, Thanos. Yes, I would say it's actually the opposite. We're seeing better funding levels. We're seeing kind of more regulation and policies that's driving enterprises and other kind of critical infrastructure operators to either build out their forensic and instant response capabilities or add those capabilities.

Now in terms of the private sector, if we think about the upsell opportunity amongst the existing base is there a lot more runway left in terms of upgrading AXIOM clients to AXIOM Cyber? Or is the upsell opportunity now more focused on some of the dual products you mentioned?

Yes. I don't have the specific number in front of me in terms of like how far we're into that conversion cycle with existing enterprise customers. But I mean, what I can say is that the team has actually done a really good job of converting those customers from AXIOM to Cyber. And what we also see when that happens is typically add more licenses as well as they're making that conversion. And certainly, the average selling price when you move them from AXIOM to Cyber, in most cases, almost doubled. So it's a great thing for us to convert those customers and move into Cyber.

Okay. And then on the gross margins, they obviously strong, but they did this quarter due to some incremental investment. Just remind us in terms of how we should think about the gross margin trajectory over the next while?

Yes, I can take that one. So a 90-plus gross margin profile is really what we're looking for in the next -- in the foreseeable future, the decline in gross margin to 92%. I think we mentioned that in our MD&A. That's really a function of returning back to in-person training and it was driven by our professional services group. But for the foreseeable future, that margin profile of being over 90% is really where we're planning on being.

And then finally, just in terms of the M&A pipeline following today's acquisition, are there still a number of opportunities that you're exploring? And how active do you tend to be on that front?

Yes, exactly. We're actually quite active. We've got -- we're in discussions with a number of targets currently. So -- and I think we've talked about it before, perhaps on this call, but we actually have a leader that's been in place for about a year or so and his team. So we have a lot of focus now on looking for those kind of tuck-in acquisitions that can bolster our platform or give us inroads to new or adjacent segments that we're looking at. So pretty active in that space.

Your next question comes from the line of John Shao with National Bank.

I just have a question on the acquisition. Can I assume there's no revenue contribution given just the asset acquisition? And also, would you be able to tell us the total consideration for the deal?

Yes. So on the first one, yes, the Comae acquisition, our plan -- we don't have anything in terms of revenue for this year in that acquisition. It's the product is currently in beta. So we are kind of extending that beta and then looking at the integration points into our existing solutions. So no revenue contribution just an IP and technology tuck-in for Comae.

And I just have a question on your investment going to 2022. I know 2021 was a big year for additions. So how should we think about your in priority for the rest of 2022?

Yes. I mean 2022 is another big year for us in terms of -- especially on the headcount front. I think our goal is 130 or 140 people that we're looking to add this year. And that's really across R&D, back office like business systems, legal, finance and then our go-to-market around sales and marketing. So it's another big invest yea similar to last year. We've introduced new products over the last couple of years, a lot of new products and even over the last 6 months. So for us, it's like making sure that we have the teams and the go-to-market to support the adoption of those new products. So we continue to invest to make sure that we're at the front end of those products and driving adoption. So it will be another big year for us in terms of investment.

And the last question for me is related to the sales cycle. Given the reopenings across your major markets, how should we think about the impact on your sales cycle? And when it comes to selling into enterprise clients, would the sales cycle be any different for your public sector clients?

Yes. I mean our average sale -- our blended sales cycle between private and public is about 60 days. I'd say that's still holding true, certainly, for AXIOM and AXIOM Cyber. The sales cycle becomes a bit longer with things like Magnet basically our Magnet Digital Investigation Suite, AUTOMATION and our REVIEW, primarily because they're bigger solutions, they impact really an entire enterprise. So there's more stakeholders involved in betting the solution and working through that. I mean, the upside is the value of those deals are much bigger and they're much stickier when you land those customers. But I don't know the exact length of sales cycle, but it's certainly more than on AXIOM or AXIOM Cyber.

[Operator Instructions] Your next question comes from the line of Salman Rana with Laurentian Bank Security.

Adam, my first question is on the Comae acquisition. So does that acquisition in any form change your onboarding plans? You just mentioned that you're looking to onboard around 130 to 140 people this year. Does that acquisition change your organic hiring plans?

No, no, not at all. It would be supplemental to kind of the people we are trying to hire kind of direct in the magnet.

And as far as with regards to guidance and keeping Q1 results in mind, if I look at the top end of that range, it does suggest that the company will need to exceed that 14% to 16% EBITDA margin range in a quarter or 2 -- for a quarter or 2 at least. How comfortable are you with that?

Very comfortable.

And any commentary on staffing and wage inflation pressures? How much of a contributor was that for the EBITDA margin going below the 14% to 16% range for this quarter?

Yes. There's -- I mean, the market -- it's a tight labor market. I think any company operating tech or otherwise would say that. So there's definitely pressure on wages in general. We factored that in as part of how we do our annual planning. So yes, we don't expect pressure beyond our guidance, let's call it, from wage increases. So we've done, I think, a pretty good job planning for that as part of our annual planning process.

Just one last question at my end. I did notice that there was some R&D government assistance expense in this quarter as well. Are you expecting to receive those offsetting benefits in the coming quarters as well?

So we have a program currently going with IRAP, which is a Canadian Federal Agency. I believe that, that program does end at the end of June. So currently, that's when we would expect that line to end.

And your last question comes from the line of Scott Fletcher with CIBC.

Lots of good information on the call this morning. I wanted to ask a question about the competitive environment and how you're seeing win rates track, maybe both on the private and public sector, especially as you're rolling out these new products and whether it's having an impact?

Yes, sure. Yes. I mean, to your point, we compete really in 2 major markets, like the 2 major sectors, I should say, private and public. I would say, in the public sector, we have products like AXIOM, which really stand out with our customers because we have an integrated approach in terms of how we bring all the digital evidence together, which is unique in the market, and you're certainly showing up in our financial results. With our new products like Magnet REVIEW and Magnet AUTOMATE, we're essentially creating new categories, right? We are the innovators that pushing these products into the different customers. So that's going well. Really, we have very little competition today around those products and customer traction is going well. In the private sector, AXIOM Cyber is really the flagship product that we're selling into enterprises and service providers. And the competitive set there are legacy players that, frankly, haven't kept up in terms of innovation and the different data sources to collect and really kind of modernize their platform. So we have a -- we're on a journey, I would say, in the private sector, but AXIOM Cyber is kind of the first step on that enterprise journey. And we're winning new customers. We're upgrading existing customers. We're in a really good spot from a competitive context perspective.

Thank you. There are no further questions at this time. I'll hand the call back to Adam Belsher, Chief Executive Officer of Magnet Forensics.

All right. Thanks, everyone. Have a great day.

Great. Thank you. And that concludes Magnet Forensics 2022 First Quarter Results Conference Call. You may now disconnect.