Plurilock Security Inc

XTSX:PLUR

Good morning, and thank you for joining us for Plurilock Securities conference call to discuss its financial results for the quarter ending March 31, 2025. I'm Sean Peasgood, from Sophic Capital. We handle Plurilock's Investor Relations.

On the call today, we have Plurilock's CEO, Ian Paterson. [Operator Instruction]

Before Ian discusses the results, I'd like to remind everyone that certain statements in this call may be forward-looking in nature. These include statements involving known and unknown risks, uncertainties and other factors that could cause actual results to differ materially from those expressed or implied in our forward-looking statements. For caveats about forward-looking statements and risk factors, please see Plurilock's MD&A for the quarter ending March 31, 2025, which can be found on our company profile at SEDAR+. Unless otherwise stated, all dollar amounts referred to on this call are Canadian dollars, the company's reporting currency.

I'll now pass the call over to Ian Paterson, CEO of Plurilock. Ian?

Thank you, Sean, and thanks, everybody, for joining us today. I will say good evening from Europe, which is where I am today, and also good morning to everybody else in North America. And welcome to Plurilock's financial results conference call for the first quarter of 2025.

My name is Ian L. Paterson, I am CEO of Plurilock. Today, as we review quarterly results, I'll provide some highlights along with the business update. We'll go through the financial results, and then we'll conclude the prepared portion talking a little bit about our outlook and we'll leave some time at the end for Q&A.

Before we get into the financials, I'd actually like to highlight a few trends in the evolving cybersecurity landscape. In the first quarter of 2025, we saw cyber threats escalate significantly with an almost 50% increase in weekly attacks per organization and more than 120% rise in ransomware incidents compared to the prior year. These attacks largely driven by AI, nation state actors and supply chain vulnerabilities are increasingly targeting high-impact sectors like government, manufacturing and others that we focus on here at Plurilock.

Against this backdrop, cybersecurity has very much become a boardroom and national security priority. Plurilock continues to respond with discipline and focus, delivering real-world solutions to organizations that cannot afford a failure. Our role as a trusted partner to North American and NATO allied public and private institutions has never been more critical, and our work remains grounded in securing what matters most in this high-risk environment.

Now during this conversation today, we'll be talking about 2 interconnected business segments. The first is our solutions division. This is a core unit which provides technology and cybersecurity products through an extensive network of partners and customers. And it also serves as a key entry point for both critical services as well as follow-on portions of business.

The Critical Services portion or segment of the business is a specialized team that delivers tailored cybersecurity services, which help clients address urgent security challenges and build long-term resilience. While both segments are contributing to overall progress, Critical Services, which we formally launched in February of 2024 has become a strategic priority due to its significantly higher margin profile and its ability to create long-lasting client relationships.

Acting as a trusted cybersecurity adviser, Plurilock brings deep domain expertise and regulatory compliance, security architecture, and technology integration to support government agencies in Canada and the U.S. as well as large global enterprises. Our strategy is to build on existing customer engagements and transition them into recurring managed services by introducing adjacent high-value offerings through our reseller network. We help clients solve more of their cybersecurity challenges, deepening relationships, increasing retention and ultimately enhancing profitability.

Let me walk you through a few highlights from the quarter. So the first part is that with the implementation of our new accounting policy in -- at the end of Q4 2024, which we talked about during our last investor call. This focuses on recognizing revenue from software and services over time rather than upfront. And so recognized revenue for the first quarter of 2025 was $19 million, which was an increase of 48% over the new adjusted Q1 2024 revenue of $12.8 million. Gross sales bookings of $11.7 million for the first quarter of 2025, and this is an increase of 4.1% from our previously reported $11.2 million revenue in Q1 2024.

Now gross sales bookings are unaudited numbers, but reflect what our revenue would have been had we continued to report with the same accounting policies as we had, had in the past. Our Critical Services business grew 178% year-over-year to $3.9 million. This area of the business has been central to our strategy and we intend to maintain focus here.

Now this focus aims to strengthen margins over time by expanding our revenue mix and building deeper recurring services relationships, and we're already seeing positive results. Gross profit increased 28% year-over-year to $2.3 million, with a slight dip in gross margin percentage to 12.2%, down from 14.2%. Now this is due to the increase in resale revenue for the quarter and a higher revenue overall compared to the comparative period. It's important to note that getting a foot in the door opens the flywheel with clients, whereby we begin to penetrate deeper and expand capabilities. So the increased resell has strong potential to lead to further cross-sell and upsell opportunities.

And lastly, in the first quarter of 2025, we announced nearly $10 million in new business across a range of high-value clients, and this included multiyear critical services contracts in both the U.S. commercial and public sector markets. These contracts reflect growing demand for high trust recurring cybersecurity services and validate our strategy of deepening customer relationships through hands-on technical leadership.

Now Plurilock's recent wins are not just financial. They reflect our strategic position in the market. As threats become more sophisticated, customers are turning to partners who can deliver and implement advanced security solutions. And that's where we stand out. Plurilock's partners remain vital to expanding market reach and meeting diverse client needs across government and enterprise sectors through trusted relationships with U.S. and Canadian government agencies, we're now expanding into commercial sector, bringing our proven capabilities to enterprise clients with similarly complex needs.

Partner-driven opportunities continue to support ongoing customer acquisition and service delivery. Our partnerships with leaders like CrowdStrike and Forcepoint help extend our reach, reinforce our credibility and have already resulted in direct referrals and closed business. As we scale, our sales efforts are focused on higher-margin offerings and supported by targeted tools and incentives with stronger capabilities, deeper client ties and growing recurring revenue, we're beginning to see a flywheel effect momentum we expect to build as we carry out our 2025 strategy.

At this point, I'd like to move on to reviewing our first quarter results ending March 31, 2025. And again, as Sean mentioned, all dollar amounts, I'll refer to our Canadian dollars, which is Plurilock's reporting currency. For more detailed information, please refer to the financial statements and management discussion and analysis documents that we have filed on SEDAR+.

In our effort to explore a possible listing or other corporate activities in the U.S. the company last year appointed new auditors, MNP to streamline the process of doing an audit under both Canadian and U.S. standards. Under review with the company's new auditors, the company changed how it recognized revenue. and the changes were predominantly as follows: Resell software is now recognized over the life of the contract as opposed to at a single point in time. This change reflects the nature of most modern software offerings that have some sort of ongoing service component attached to the software. Secondarily, the vendor maintenance and support is now treated as an agent transaction as opposed to a principal transaction. Agent transactions recognize only the net amount of revenue, which is revenue less costs as revenue. Principal transactions recognized gross revenue as revenue and the costs as cost of goods sold or COGS.

Now turning to our first quarter financial results for the 3 months ending March 31, 2025. Total revenue for Q1 2025 increased 48% to $19 million as compared to $12.8 million for the first quarter ended March 31, 2024. Comparable gross sales under previous accounting interpretations would have been $11.7 million for 2024 and $11.2 million in 2023, which was a 4% increase year-over-year.

Now the gross sales bookings is the gross value of all contracts signed and delivered within a given fiscal year and is an unaudited number. And I believe I've actually just misspoken there. What I intended to say was $11.7 million for 2025 versus $11.2 million for 2024. So I apologize for that misspoke.

Hardware and system sales revenue for Q1 2025 totaled $2.7 million compared to $1.4 million in Q1 of 2024. Accounting for 14.3% of total revenues compared to 10.6% in Q1 2024.

Software license and maintenance sales revenue for Q1 2025 totaled $12.4 million compared to $10.1 million in -- $10.1 million in Q1 2024. Which accounted for 65.2% of total revenues compared to 78.4% in Q1 2024.

Lastly, professional services revenue for Q1 2025 was $3.9 million compared to $1.4 million in the prior quarter ended March 31, 2024, accounting to 14.7% of total revenues compared to 5.8% in 2023. Gross margin for Q1 2025 was 12.2% compared to 14.2% in Q1 2024. Despite a small decline in gross profit, gross profit increased 28% to $2.3 million.

Adjusted EBITDA, which is a non-GAAP measure, declined 24% for Q1 2025 to a loss of $1.3 million compared to a loss of $1 million in Q1 2024. Cash and cash equivalents and restricted cash on March 31, 2025, was $2.7 million compared to $1.4 million on March 31, 2024. And also worth noting the company has an additional $7.8 million of unused credit facilities at the end of March 31, 2025. This concludes the financial summary for the first quarter of fiscal 2025. And moving on to the outlook for the year.

Plurilock reiterates the outlook provided on May 1, 2025, during our fiscal 2024 results webinar approximately a month ago. Plurilock began 2025 with strong momentum and a clear focus on scaling high-margin services and delivering long-term value after investing in sales in 2024. With strong relationships across some of the most security-conscious institutions in North America, our Critical Services business continues to expand, and our pipeline reflects real demand for practical and effective cybersecurity solutions.

Plurilock expects continued progress in our critical services business, supported by strong interest from both partners and customers. Following recent successful engagements, the company is experiencing a notable increase and word-of-mouth referrals and inbound inquiries. This growing demand highlights the value of Plurilock's hands-on cybersecurity expertise and the team remains focused on converting these opportunities into long-term customer relationships.

This year, Plurilock is focused on expanding in the North American market, while responding to select inbound international opportunities. As cyber threats grow more frequent and more severe Organizations are under increasing pressure to improve visibility, strength in cyber defense and respond swiftly. At Plurilock, we're positioned to help meet that demand and deliver consistent performance with tailored operational cybersecurity support.

And with that, I'd like to open the call to any questions.

[Operator Instructions] Okay, first question. Can you talk about your use of cash in Q1?

Yes. Thanks, Sean. So when we're talking about cash, there's really -- we tend to put cash to work really as quickly as we had it. And the more that we can use the cash on the balance sheet, we can actually reduce the -- any interest expense that we have. I think with our business, we really have 2 working capital loops. And I'll talk about both of these 2 loops, and then I'll talk a little bit about what that looked like for Q1.

So the first working capital loop is within our solutions division, and that's where we're providing resell, whether it's hardware or software, but we're providing third-party products to customers. And so typically, the way that, that works is a customer will come to us, they'll place a purchase order with us. We'll then go to a distributor or directly to the vendor we'll then purchase those products. we'll provide them to the customer, and then we will collect payments and then remit payments throughout the cycle.

So that working capital loop is pretty straightforward. It's one that we've had in place for the last 4 years, and we have good -- we have kind of good repeatability around that working capital loop. The second working capital loop is similar to that, but that's where we're providing Critical Services. And so in that case, we might have a customer who approaches us. We have a project to work on or potentially a recurring contracts that we're working on with them. we're going to perform services then at the end of that services work, then we'll bill the customer and then collect funds.

Depending on who the customer is, we might bill some amount ahead of time, so we might actually be funded ahead of time for the work that we are about to be doing, or in some cases, particularly with public sector, for instance, we will need to be paid in arrears. So the change in the business for us is that we've seen a very strong uptick in Critical Services, as we've talked about over the last several investor calls.

And so where we found the best kind of allocation of capital is towards the working capital for Critical Services. And to the extent that we can do that, we don't need to tap the line of credit and ultimately we don't incur as much interest expense. So 2 different working capital loops, 1 of them growing quite a bit faster, which again is critical services. And we certainly saw that in Q1.

Okay. Great. A question coming from the same person. What do you expect your burn rate to be for the balance of the year? And can you tie that into operating expenses at all?

Yes. So I may look at this on an annualized basis. So in 2024, on a full year basis, what we saw as compared to 2023 was that OpEx was sort of in the $14 million-ish neighborhood. Gross profit grew year-over-year, but those lines did not yet intersect. What we're looking at for the balance of this year is we're very focused on margin expansion, which, again, as we've talked about, the largest driver for that is going to be Critical Services.

We also expect OpEx to decrease. And so some of the activities that we have in place, which includes leveraging our -- some of our offshore hiring centers as well, frankly, as adopting some of the initiatives around our own internal adoption of AI, we expect to be able to reduce the OpEx amount as well.

The 1 thing that I would say for Q1 as compared to the balance of the year is we did front-load some of the projects that we have. So for instance, we've talked about the PCAOB audit and some of the corporate activities that we wanted to do. And those expenses were landing in the first half of the year as opposed to the second. But there not necessarily expenses that flow the full way through. So we were pretty intentional about wanting to make some specific investments in the first part of the year.

And then we're also expecting some of those initiatives to bear fruit later on. So all that having been said, we're focused on growing margin, we're focused on reducing expense, and that's sort of how we see the remainder of the year.

Okay, great. Switching to revenue, what specific factors drove the revenue growth in this quarter and how much of it was attributed to new client contracts versus existing client expansions?

Yes, it's a good question. What I would talk about is the strong uptick in Critical Services sales that we saw towards the second half of last year, we had a lot of those -- a lot of that work carried through into this calendar year. So the difference is that in 2025, we started with a bigger backlog of work as compared to when we started in 2024, where we didn't have that backlog, frankly. So that was part of the existing work that we had already done. And this is true, by the way, both for services work as well as some of the technology resell work.

What we're seeing today, and we alluded to this earlier in the conversation, is that the flywheels are starting to spin and when it comes to new client acquisition. So when we're looking at adding additional logos, we're seeing a lot more referrals and word-of-mouth coming inbound to us. As opposed to strictly focusing on existing client expansion.

The importance is to have both. You always need to be adding new clients and you always need to be hopefully expanding your wallet share within those clients. And the good news is that we are seeing both. I think the change this year versus last is that a lot of those -- a lot of the investment that we've made in the partnerships, which we've talked about like Forcepoint and CrowdStrike, are certainly -- we're certainly seeing the impact of those today now that we've been investing in them for a bit of time.

Okay. One just came in here and you just mentioned this. So maybe you could -- I don't know if you can elaborate, but could you go into detail on how Forcepoint added value to the company or adds value to the company?

So rather than talking about a specific partner, I'll just talk about partners generally. And so it could be Forcepoint, it could be CrowdStrike, it could be TD SYNNEX or it could be other partnerships that maybe we haven't necessarily announced.

In a lot of ways, the large OEMs like Forcepoint and CrowdStrike, they have great brand recognition, and they'll oftentimes be top of mind for customers. And so if a customer were to go to say, a Forcepoint just by way of example because that's what the question had. Forcepoint might then turn around to us and say, "Hey, we need some help with XYZ part of the business." and it could be a direct opportunity in the sense that they might need help implementing and deploying Forcepoint or it might be something that's a little bit more indirect.

So perhaps the customer approach Forcepoint and they need a pen test and Forcepoint doesn't necessarily do that themselves. They might refer that customer to us. And so having those partnerships in place allows those referrals or direct opportunities to come from those partners. And so that forms part of how we are going out and landing those new logos. So hopefully, that provides a bit of an explanation.

Okay. Perfect. Excellent. What trends are you seeing in client demand for specific cybersecurity services such as cloud security or ransomware protection? And how are you positioning your offerings to meet these needs?

So with Plurilock, we've always been focused on staying loyal to the customer and not staying loyal to any one specific technology. And the reason for this is that technology trends can change. So for instance, I don't think anybody was really talking about quantum security 5 years ago. And today, it's not an uncommon conversation to be having with customers today around quantum preparedness and understanding the impact of quantum computing and how that might impact customer environments and specifically their security.

So what I would say is that, broadly speaking, we are we're focused on staying loyal to the customer. What we're seeing now is a lot of focus around native AI security tools. So it's not around companies adopting AI generally, but it's actually more specifically our cybersecurity products embedding AI and how can we help our customers with either the adoption of those technologies or the implementation of those technologies or the operation of those technologies.

Notably, we announced a very large sale last year is approximately $19 million. And that was an AI need of cybersecurity tool suite, it replaced from memory 7 or 8 legacy cybersecurity point solutions that the customer had deployed. And it was a combination of both cost savings, getting better technology and being able to leverage AI within that tool that led to that procurement.

And so that trend is not dissimilar from other clients that we are speaking to. It's definitely a focus today for CIOs and CISOs to be looking for technology that has AI embedded in it. when they're going through and procuring new solutions. I think the other thing is that there's certainly a recognition that there is a deficit of talent in the cybersecurity industry. And so tools or software that requires an additional human or additional 5 humans to actually operate is certainly not as favorable as either a tool that's easier to use or that uses AI to replace having to manually kind of work in it or to procure a piece of software and then turn to a partner like Plurilock to help deploy and integrate and operate.

And so that's the other thing is that there's just a recognition now that there's not enough people and they have to -- CISOs and CIOS have to find other solutions to solving those problems.

Perfect. Okay. Next one, I'm going to kind of paraphrase this, but the question is around the U.S. government work and how you're positioned there as far as requiring people on the ground there, do you need to kind of have your head office there? And then maybe just talk about the structure of Plurilock, where you're located, how you're addressing the U.S. and other regions from a location basis?

I think it's to do with, obviously, what's going on in the U.S. and just making sure that we're positioned there.

Yes. So the headquarters of the company doesn't matter as much when it comes to doing business with governments. And you can use very large companies in the United States as additional examples.

So just because the company might be headquartered in Europe or in Canada doesn't necessarily preclude being able to do business with the U.S. federal government. And by the way, the opposite is also true. There are large U.S. headquarter companies that do a lot of business in Canada with the Canadian government. So it really it goes both ways. The requirements generally to do business with public sector customers have to do with information assurance and ensuring that there are appropriate controls in place to protect sovereignty or data depending on what the case may be.

And so Plurilock has -- Plurilock as a Canadian headquartered company. We operate a subsidiary in Ottawa called Integra, and we operate another subsidiary in the United States called Aurora. And we have different security controls in place within those different subsidiaries to be able to do business with their respective customers. So that is the more important part.

I think relocating a headquarters doesn't necessarily get you the ability to do business with the U.S. federal government as an example. And actually, part of the moat that we have here at Plurilock is both the know-how of what it takes to do business as well as a lot of the infrastructure to be able to do that work.

And so we see that as a positive in terms of having made that investment already and being able to benefit from that on a go-forward basis. I think the last thing that I would say and just in regards to tariffs, is that the way that we've structured Plurilock is that we have a U.S. subsidiary, which is Aurora, which employs U.S. people and we sell largely U.S. products to U.S. customers.

And so again, it comes back to kind of the structure and the controls in so much as we don't do a whole lot of cross-border -- cross-border stuff for the reasons that we just articulated.

Great. Next one, what's your outlook on an uplisting and I'm going to -- there's 2 of them. And how are you positioning yourself to get that uplisting?

Yes. So this kind of is in response to a press release that we put out last year. And in that press release, we had talked about a desire to potentially access the U.S. capital markets. And we didn't put a time line around that. We simply identified that the company is looking at alternatives and the U.S. capital markets could certainly be one of those alternatives.

What we have been doing in the background is laying the foundation such that if there is a window where we believe it made sense and would create shareholder value to uplist that we would be able to do so. And so some of the things, which we talked about both on this call as well as the last call, has to do with making sure that our accounting practices are ready to go when it comes to forms that are acceptable to U.S. capital markets.

And so specifically, we referenced the PCAOB audit that we undertook as well as other investments that we've made in the G&A function here at the company to be able to be in a position to do that and we'll continue to lay the foundation, while looking for opportunities to potentially act on that. I think that for us, a couple of things have to come together. There has to be a route to a potential uplist. There has to be a strategic rationale for that uplist.

And that strategic rationale really comes down to whether we believe it's going to create more value for shareholders. And if those things looks to be good, then it's something that we could certainly act on, and we'll be in a better position to be able to do so, having made these investments over the last 6 months.

Perfect. Okay. [Operator Instructions]

Right now, we have one more Ian. And I think you touched on this a little bit, but maybe a way to wrap it up. What are your growth expectations for 2025?

Yes. So for us, it's going to be a continuation of focus on Critical Services. I think that for a company like ours, it can be easy to just focus on top line revenue. And the way to do that is to over-index on the solutions division, go after million-dollar deals, but they might be fairly thin in terms of margins.

And so for us, what we're looking for is growth overall, but specifically growth around gross margin. And the other thing that's focusing on Critical Services does for us is also give us a vehicle to be able to focus on either recurring revenue or highly repeatable revenue. So we're going to continue to focus on critical services. We're going to continue to deliver on the existing clients that we have.

We're going to continue to respond to incoming opportunities that we're starting to see come inbound as a result of the partnerships that we have and some of the foundations that we've been laid -- that we have laid. And that's going to be the story for the balance of the year.

Great. Okay. Well, that's -- there is no further questions at this point. If you weren't able to ask your question or have any other questions after the call, please reach out to us, and we'd be happy to answer them. Contact information is available on the screen in front of you.

I'll pass the call back to Ian now for closing remarks.

Well, I'd just like to thank everybody for listening in. I see some of the same names for this call on the last call. It's a pleasure to see you again, and we look forward to continuing to share our progress with you in the quarters ahead.

Thanks, Sean.

Excellent. This concludes our call for our Q1 2025 results, and thank you for joining. Have a good day.