Digitisation and use of big data have been two of the defining trends of the last decade. While companies have long held information like credit card details and customer names and addresses, the ability to analyse and monetise the data has increased dramatically.
But as the value of data increases, so does the challenge of keeping it safe.
Regulators are taking an increasingly dim view of companies who don’t keep customer data secure. Those not taking proper precautions face fines that can stretch into the hundreds of millions of pounds.
When companies are facing bills of that magnitude it’s not hard to convince management that spending on cybersecurity is money well spent. That’s good news for the companies that specialise in protecting our data.
All investments rise and fall in value, so you could get back less than you invest. This article is not personal advice, if you are unsure, please seek advice. Yields are variable and are not a reliable indicator of future income.
Avast is the UK’s largest listed Cybersecurity firm, and among the most profitable listed cybersecurity firms in the world – with a cash profit margin of 54.1% last year.
Direct-to-consumer sales reached $698.4m last year, some 81% of total revenue. That might come as a surprise, since the core anti-virus software is actually free to use for consumers.
Revenue comes from upselling to the group’s 435m+ customer base. Additional products help increase privacy, improve performance or expand protection to include smart home devices.
Future growth depends on the user base continuing to swell, and keeping existing users happy enough to fork out hard earned cash for upgrades. That means keeping on top of a huge range of cyber threats and winning support from key opinion setting tech journalists.
It’s no surprise then that research and development spending is substantial – accounting for over 20% of operating expenses last year – and more than 50% of staff are focused on improving products. There have been some pretty big acquisitions (buying other companies) over the years to help boost the proposition too.
Before it listed on the stock market last year, private equity groups held a significant stake in the business. And, as is quite common for companies with that kind of background, debt reduction has been a priority early on. Fortunately, the group is highly cash generative, and combined with reasonable earnings growth, means overall leverage has fallen quickly. The current net debt to EBITDA (earnings before interest, tax, depreciation and amortisation) ratio of 2.4 times isn’t exactly conservative, but nor is it overly intimidating.
Given the fundamentally attractive business model, and the fact investment banking analysts almost universally rate the stock a ‘buy’, you might expect Avast to be among the highly rated tech darlings that currently dominate the stock market. However a price to earnings ratio (PE) of 13.9 times is modest compared to lots of superficially less exciting businesses, and the stock offers a dividend yield of 3.2%.
The cooler rating is likely down to the fact those private equity investors still have some stock to dispose of, which could hold back share price performance, and recent revenue growth has been strong rather than stellar. Some caution is probably required.
Sophos is focused on cyber-security products for businesses, specifically SMEs (small and medium sized enterprises).
The company’s market-leading products include a high standard of both network and end user protection. These are increasingly bundled together with a centralised, cloud-based system which alerts IT departments to risks as and when they’re detected.
The group depends on a network of over 47,000 independent partners, which have existing relationships with businesses, to sell its products. Contracts usually run for up to 3 years with opportunities to increase the value of existing contracts through upselling and tacking on additional products when renewal time rolls round.
Low capital requirements mean cash flows are significant. Although there’s a yield on offer, it’s just 1.2% at present, with spare cash being ploughed back into research and growth.
All this means Sophos should have long term potential. However investors have had a very painful couple of years, after a sudden slowdown in sales caught management, the market and ourselves by surprise.
Sales repeatedly missed guidance in 2018, as bumper sales of the Intercept-X anti-malware product following the WannaCry attack of 2017 failed to materialise in subsequent periods. However, the tough 2017 comparison is behind us, and with changes at the top. Sophos could be worth considering once again.
The most recent quarter showed a return to healthy billings growth, up 9% year-on-year, and a PE ratio of 29.6 is less than half of what it was two years ago. The group’s partners have improved upselling at renewal time and the group’s newer products grew sales 43%.
Crucially the group was able to increase R&D spend last year and we don’t think relationships with customers have been damaged. For all the work that needs to be done rebuilding bridges with investors, the core business seems to be unaffected.
Some investors will have had their trust in the business irreparably damaged, and that’s fair enough in our opinion. But for others Sophos may, once again, be the simplest way to hack into growth in cyber-security.
The author owns shares in Sophos.
Unless otherwise stated estimates are a consensus of analyst forecasts provided by Thomson Reuters. These estimates are not a reliable indicator of future performance. Past performance is not a guide to the future. Investments rise and fall in value so investors could make a loss.
This article is not advice or a recommendation to buy, sell or hold any investment. No view is given on the present or future value or price of any investment, and investors should form their own view on any proposed investment. This article has not been prepared in accordance with legal requirements designed to promote the independence of investment research and is considered a marketing communication. Non-independent research is not subject to FCA rules prohibiting dealing ahead of research, however HL has put controls in place (including dealing restrictions, physical and information barriers) to manage potential conflicts of interest presented by such dealing. Please see our full non-independent research disclosure for more information.