Q2 2020 Earnings Call Transcript

Published: 14 Aug 2020

Operator:

Welcome to CynergisTek's 2020 Second Quarter Earnings Conference Call. Today's conference is being recorded. Joining us today from the company includes Mr. Caleb Barlow, President and Chief Executive Officer; and Mr. Paul Anthony, Chief Financial Officer. Before we begin the formal presentation, I'd like to remind everyone that some statements made on the call and webcast including those regarding future financial results and industry prospects, among others, are forward-looking and may be subject to a number of risks and uncertainties that could cause actual results to differ materially from those described in the conference call. Certain of these risks and uncertainties are or will be described in greater detail in the company's SEC filings. CynergisTek is under no obligation and expressly disclaims any such obligation to update or alter its forward-looking statements whether a result of new information, future events or otherwise. At this time, I'd like to turn the call over to our CEO, Caleb Barlow.
William Barlow:

Good afternoon, everyone. This quarter continued to be defined by the coronavirus pandemic. And the impact to the health care industry and more specifically, health care providers that make up the bulk of our business. While the pandemic has prompted fundamental shifts in how providers treat patients, accelerating technology adoption curve from years to months. In the immediate term, many of our customers are still struggling financially. The impact was a drop in our presold revenues due to cancellations, restructuring and delays in renewals of current contracts from approximately 15% of our customers and a shortfall in our projections for net new business. We also saw professional services and consulting revenues effectively pause as customers reduce spending with third-party vendors anywhere that was not tied to a long-term contract, along with furloughs or reductions to their own back office staff. Halfway through the third quarter now, we believe things have leveled off and are starting to see signs of recovery. Remote work and telemedicine are definitely here to stay, and they both come with significant new security and privacy issues that the market and regulators are just now beginning to understand. Now also realize, well, the kids will probably be back in school, and we may all be eating in our favorite restaurant, once again, well before hospitals have COVID-19 patients out of their ICUs. I anticipate that health care providers will be a bit slower than other industries to bounce back as we get on the other side of this crisis. So to put this in perspective, the American Hospital Association indicated that hospitals and health systems are reporting average inpatient volume declines of 19.5%, and 34.5% in outpatient volumes relative to 2019. And many hospitals are reporting that they do not expect volumes to return to pre-pandemic levels for the rest of 2020. Additionally, we've seen and expect to continue to see consolidation within the health care space over the next 18 months, which we anticipate will have an impact on our client base. Now although consolidation, well, it can be disruptive, but it may mean that we need to resell our capabilities to leadership, we have been successful with this in the past, and we believe it can open the door to new opportunities. But we could be dealing with a market with fewer and much larger hospital systems moving forward. And we believe this will play to our strengths, but it becomes incumbent on our team to ensure that our offerings, our people, our capabilities are relevant in a much larger practice than we typically serve today. Now turning my commentary to the bad guys. While we know the threat landscape continues to evolve to the negative, and health care continues to be one of the hardest hit industries. New data from IBM and the Ponemon Institute show the average cost of the health care data breach is up 10.5% from last year, with an average cost of $7.1 million. That is nearly double the average cost of the data breach in other industries. We also know from our own soon to be published research at CynergisTek that the security maturity of America's hospitals is falling behind the escalating sophistication of attackers. It's not that hospitals are not investing in security, but they're simply not investing enough to keep up with the adversaries in this game of cat and mouse. In 2019 alone, 12.6% of the U.S. population had their health care records exposed, impermissibly disclosed or stolen in a single year. Going to the doctor has become incredibly risky from a cybersecurity and privacy perspective. And that makes what we do, our craft, all the more important coming out of this crisis, which has accelerated these risks. We started to close deals with new customers, and our pipeline is increasing. And we continue to refine our sales approach and the team. We recognize that days of face-to-face selling, well, they're largely over, at least for the foreseeable future. And we continue to refine and adapt our go-to-market approach. This included the hiring of a new sales leader this quarter and a planned transition from prior leadership. Clients are reengaging, and our delivery calendar between now and the end of the year is almost fully booked as clients catch up on work that have been delayed over the last 2 quarters. I also want to make a call on to our employees. Well, they've continued to be there for our clients. Our people understand the mission, and they're dedicated to it. Our delivery organization, in particular, has used this time to, well, sharpen the saw in ways that make me very proud of be leading with the organization. Over the coming months, you're going to see us bring forward new research that will help the market better understand the security and privacy implications of the crisis. We'll be launching new offerings that improve our relevancy in larger health care practices as we prepare for consolidation. And you'll see new partnerships, like a recent announcement with Awake Security, an AI-enabled platform backed by some of the largest VCs in the U.S., that gives us the ability to offer compromise assessments. An incredibly important service that can identify adversarial activity coming out of the rapid expansion of customer networks due to telemedicine, remote work and search facilities. Our delivery team has spent a significant amount of time with our sales organization, identifying and targeting key new and existing contacts to make our sales and marketing efforts more effective and efficient. At the same time, we're continuing to implement a new delivery and project management model that will improve the efficiency of our delivery, resulting in improved margins. In summary, while this has been a bumpy road but we are moving forward. We've worked through the process of managing the business responsibly through the enormous challenges our clients and employees faced while moving to a completely remote environment. We're ready for what comes next. We're a lot leaner, more efficient and much more relevant to what we think the market will look like moving forward. And our people are incredibly motivated by the work they do. Let me now turn the call over to our CFO, Paul Anthony, for a discussion of our financial performance. Paul?
Paul Anthony:

Thanks, Caleb. I'd first like to summarize the impact we saw from COVID, then get into the standard financial disclosures. We saw a 25% reduction in our presold revenue due primarily to delays in renewals, but also some cancellations and restructuring of contracts as we discussed above. We saw a reduction in professional services and consulting of approximately $1.3 million when compared to prior year in our projections. The H2 revenue resulted in a 10% drop in gross margins for the quarter. To respond, in late Q1 and Q2, we executed on permanent annualized cost reductions of approximately $3.3 million, which when combined with Caleb's expense reduction initiative that he started at the end of 2019, will translate into more than $4.5 million in annualized expense reductions. Additionally, we took steps to temporarily reduce 2020 projected costs by $3 million that are primarily related to compensation. As a reminder, we received $2.8 million under the Paycheck Protection Program. Until we determine the final amount forgiven, the full amount remains as debt on the balance sheet. Recent developments with this program reinforce our expectations that a large portion of this loan will be forgiven. We also expect some tax relief as a result of the Coronavirus Aid, Relief, and Economic Security Act or the CARES Act which, among other things, permits NOL carryovers and carrybacks to offset 100% of taxable income for years beginning before 2021. In addition, the CARES Act allows NOLs incurred in '18, '19 and '20 to be carried back to each of the 5 preceding taxable years to generate a refund of previously paid income taxes. We do expect to carry back available losses to the extent possible, which at this point, we believe, will exceed $1 million. Outlining our standard financial disclosures, revenue decreased $0.5 million to $4.6 million due to lower revenue from professional and consulting services and the impact from clients moving services out into Q3 and Q4 due to the effects of COVID-19. Breaking down revenue for Q2 2020 versus '19, managed services revenue increased slightly to $2.9 million. Professional and consulting services decreased to 23% to $1.6 million. Backbone Consultants, which was acquired in Q4 '19 contributed $0.8 million in the quarter. Gross margin was 27% for Q2 2020 compared to 41% in 2019. Gross margins were down due to the revenue shortfall and an increase in labor costs as a percent of revenue due to additional costs in attracting cybersecurity employees and costs associated with ramping up new services. We continued to enact staff reductions during the quarter, and that should improve margins going forward. Sales and marketing expenses increased to $1.7 million for Q2 2020 compared to $1.3 million for the same period in '19. This increase was due to an increase in headcount to support our efforts to grow revenue and additional systems costs to support automation. G&A expense increased $0.3 million to $1.8 million for Q2 2020 compared to the same period in '19. The increase is due to $0.4 million in severance-related costs associated with expense reduction efforts taken to improve operating margins, $0.1 million in additional stock-based compensation, $0.2 million in cost for Backbone. And these were offset by $0.4 million in spend reductions associated with the reaction to COVID. Our non-GAAP adjusted EBITDA loss was $1.3 million for Q2 2020 when compared to $0.4 million for '19. The full financials and reconciliation of GAAP to non-GAAP information can be found in the earnings release that came out today. This concludes the financials and the prepared remarks for Q2 2020. Operator, please open the floor for questions.
Operator:

[Operator Instructions]. And we'll take our first question today from Matt Hewitt with Craig-Hallum Capital Group.
Matthew Hewitt:

I was hoping to both dig into the markets a little bit. I think you mentioned that it stabilized, and maybe you're starting to see some signs of improvement. How much of that, I guess, improving trend is reliant on budgets versus where we're at with the pandemic? Are you going to need to see hospital budgets improve in order to start seeing some of these bigger deals come through? Or do you need to see whether it's a vaccine or better treatments or just a decline in COVID-positive tests before you start to see it? And maybe even at the point where the budgets haven't necessarily improved. But what comes first, I guess?
William Barlow:

Well, no, that's a great question. And frankly, I wish I knew the answer because we're asking a lot of the same questions as well. In fact, I was -- just came off a call prior to this with a half a dozen CIOs and CISOs at various hospital systems where we're all asking exactly those questions. But here's a few things we know. So first of all, there are some hospital systems that are still in varying levels of crisis mode. And that's problematic when they cannot bring in various types of elective work, elective surgeries and things like that. Ultimately, what that means is their business model is often upended. Now that varies a lot by system, the size of the system and there are various sources of funding and endowment, right? The second -- that the first thing to understand is what do they have for cash coming in the door. The second piece of this is -- and I wouldn't even say it's so much their budget as it is their purchasing process. There are other teams and other parts of the organization that step forward as potential barriers now to close deals, whether that is an IT team that suddenly can't review a new application because they're understaffed. Or it could be a procurement action saying, "Hey, look, we need to cut all costs by 30%, 40% and take some draconian actions." Those types of steps, we have definitely seen size that they're starting to turn around. I think most of our clients, not all, but most of them are starting to kind of get out of the crisis, get a little bit back to normal. I'm even hopeful there are some systems that may have a little bit of money left in their coppers before the end of the year and are looking to spend it. I don't think that this necessarily, at this stage, has a whole lot to do with the budget. I think the budget in a lot of ways is kind of thrown out the wall -- thrown out the door when the whole COVID thing started. Now the bigger question though is budget related, which is what does the budget look like moving forward? And there's a few things we know. First of all, the things that they had to do in order to address the crisis, rapidly deploy telemedicine, move their back office to remote work. You're never going to get that genie back in the bottle, even when we see providers return to normal in terms of their incoming revenue, odds are, there will be a lot more remote workers than they were in the past. Odds are, telemedicine is here to stay. So those things come with new privacy and security implications that the industry, frankly, is just beginning to grapple with. And what I'm hopeful to see is that as they start to understand those, they're going to have to put both budget to securing them.
Matthew Hewitt:

That's really helpful. And I guess, kind of following on that, the telemedicine opportunity, this has been in development for a number of years, but it really took a pandemic to drive very rapid adoption. In some cases, I think it will be much like with electronic health records where there was a lot of vendors out there, and, hey, we can do this for you and you have to plug it in right away and get going. And then after you've got it in, you kind of figure out, well, wait a second, this isn't as good as we thought or there's other out there that might have been a better fit for what we're hoping to accomplish. I would imagine the same will be true with telemedicine, but one thing that we don't hear about telemedicine is the cybersecurity angle to that, I mean you're basically taking your patient now visit now online. And I'm curious, where do you fit in that model? And what types of discussions have you been having with -- and have you been talking to market leaders such as Amwell and Teladoc and others?
William Barlow:

Well, the thing that's so fascinating about this is -- so first of all, I think it's fair to kind of acknowledge that health care was probably moving a little bit slower than a lot of other industries in adoption of remote work, remote collaborative tools. I mean for the -- in most cases, even the back-office functions like -- traditional administrative functions like billing, for example, you had to go to the hospital to do that work. In addition to that, the tooling that were being used historically was special purpose tooling. They're specifically designed for telemedicine. And as you referenced kind of the deployment of electronic health care records, remember, yes, those capabilities were there. But at the end of the day, that was accelerated because of regulation. The difference in this case is that it was accelerated literally overnight because of a crisis. The tools that were used to ramp things up included not only those purpose-built tools, but also consumer-grade tools. I mean, literally, tools like Zoom that were never designed for this. So I think the opportunity here is actually much bigger than most people realize in that there's an opportunity with tools that were purpose-built and working with and collaborating with vendors like some of the ones you mentioned. But also -- and this is more of a guess than anything else, but I think we're going to see a lot of these consumer-grade tools realize that they've made a whole lot of money off of telemedicine in the last few months. And they're probably not going to want to give it up. And there's a very good chance they're going to be thinking about, hey, what do I need to do to make my consumer-grade tool robust enough for this? So some of the areas we're paying a lot of attention to and having a whole lot of conversations about are third-party APIs that will be used to access these records and enable more collaboration in health care record. We're spending a lot of time also looking at how do hospital systems shore up their remote workers, and how do you deal with some of these telemedicine tools and most importantly, the security of the telemedicine tools is one part of the puzzle. In a lot of ways, that's the easy part. The harder part is how do you deal with the privacy side of it. All of the exhaust of data that comes out of the usage of these tools, whether that's a recorded session, an image that might be shared, even a chat, is that stored locally on a device. Was it encrypted in Transit? What happens to that data? And how do we find it? And how do we build the policies to manage it? And then how do we enforce it, if you will. What probably the biggest step that we can talk about so far we've taken there is the partnership with Awake Security. So what Awake allows us to do is, remember, all of these things were deployed in a hurry, right? So effectively, it's kind of like -- imagine a medieval castle where you had the wall, the archers on the wall, the moat around the castle, COVID happens, you drop the drawbridge and you tell everybody to run out of the castle because they need a social distance. So all your security provisions are effectively gone, right? The princess is running out the forest with the jewels around her neck trying to protect yourself, basically. So the opportunity for compromise for bad guys to get into that castle, if you will, while the drawbridge was down is quite high. And what Awake allows us to do is do these compromise assessments, where we can look for both past and current signs of adversarial activity. So it's not just looking forward in terms of how do we shore things up but are you already infected by a bad guy that may have gotten in while the drawbridge was down.
Matthew Hewitt:

Interesting. Okay. That's helpful. Maybe one last one and then I'll hop back off. Given the tight labor market, you made a comment about it in your prepared remarks, and then I -- even in the 10-Q, you commented that you have been able to hire on the sales and marketing front, in particular, but given that the labor market and kind of the furloughed employees and people that have been laid off, has that created more opportunity for you to attract talent? Or is your pocket of the market still in such high demand that the cost of hiring is still there and it's still difficult to find the right level of candidates?
William Barlow:

So initially, as companies started to lay off and furlough employees, there was definitely talent available out in the market. According to CyberSeek, which is a website that tracks kind of cybersecurity job openings really down at the state level, there's 507,000 open unfilled cybersecurity jobs right now just in the United States. And I think that number is actually up from what it's been historically. Now here's where this gets really interesting for us. The demand for the type of work we do in terms of people that can go in and assess security is likely only to continue to grow. Outside of health care, we're seeing other industries express interest in starting to require assessments. And as those types of regulations come on board, there will continue to be a demand for the types of talent that we hire. I think the biggest impact to us is that historically, we could get access to talent relatively easily and at a pretty good discount because we didn't care where the talent lived. We were always basically a remote workforce. Now we traveled a lot on planes, which we don't do today. We were face-to-face with our clients, but only a small number of our people actually came into an office. And that allowed us to recruit people, well, from almost anywhere. And the thing in the United States is, there are a couple of cities that have really high abundance of cybersecurity talent, right? So you're historically looking at the San Francisco area, the Boston area, Atlanta; Austin, Texas, as an example. Well, the problem now is everybody is remote. So company -- the big cybersecurity company that would only historically recruit in the cities where they had a presence now don't care. They're recruiting everywhere. So we are definitely having to compete nationally now for talent. And I do think the cost of that talent will go up. That's the bad news. The good news for us, probably not the good news for our clients is that it's going to be even harder, I think, for our clients to recruit because they're going to not only run into the same national versus local problem. But I do think that it will be increasingly difficult for a, let's say, mid-sized hospital to compete to get access to that talent if that talent can get access to jobs now on a national level.
Operator:

Next, we'll hear from Jeff Bash with Fintech Capital [ph].
Unidentified Analyst:

I had three questions. Not to minimize the impact on the family of any deaths from COVID, but when this whole thing started, the national initiative was to flatten the curve so that the hospitals would not be overwhelmed, and they would be able to handle people appropriately and folks wouldn't be dying from lack of proper care. It seems that, by and large, that has long since happened, but the national press seems to be -- seems to have moved to more of a -- if anyone dies from COVID, it's absolutely dreadful, which is far from the initial perspective, which was, you would spread everything, including deaths over a longer period of time. How do you feel the hospitals have reacted to, let's say, the change in the national discussion? Are they feeling comfortable with where they sit now? And really interested in getting back to normal, like you sort of hinted? Or are they -- you sort of been pushed into this? If anybody dies, it's the end of the world type of thinking?
William Barlow:

Well, I mean, I think there's a couple of pieces to this. So first of all, it varies dramatically based on where that health system is located. There are -- some of our clients that have no COVID patients at all in their hospital. There are others that have a lot. There are some that are still in various levels of surge capacity. In addition to that, there were, at some points in this crisis, hospitals that were put into a surge capacity but never saw that surge, which can be a bit frustrating. I think the biggest challenge now, it's -- I don't want to dive into kind of a political conversation here. But this -- the challenge now is that this has gotten wrapped up in the whole election season. And that just causes a level of frustration and anxiety in our clients. I don't necessarily think there's a specific outcome people are expecting there other than begging people to wear masks. But it certainly is a factor in everything that they're looking at. And they're asking questions, everything from what a reimbursement level is going to look like in the future to, like I said, this has become, unfortunately, political. So from a public health perspective, getting the social distancing, getting mask wearing, it's important to the hospitals for 2 reasons. One, they care about their patients. But two, they also recognize that their bottom line doesn't start to come back until they can get back to the normal business at hand.
Unidentified Analyst:

Okay. Next, following up on the discussion we just had with Matthew, about the labor market. In the past, you would indicate, I believe, that your contracts didn't adequately provide for the increasing cost of labor that were required by the market, even perhaps before COVID started. Where do you stand now? Are you in a situation where a contract renewal you're able to make an adjustment for that situation? Or you're sort of faced with a hard-nose person saying, you want us to renew at all, it's the same price type of thing.
William Barlow:

Welcome to my world over the last three months, Jeff. You're hitting it spot on, right, in that. We definitely have some challenges there as people come out of that. I think that our clients realize that we're talking about cybersecurity talent. If they've had a fixed price for that for a 3-year period, it's very logical that, that's going to increase. And I don't think that surprises anybody. On the same front, in many cases, for -- if you're talking about a renewal that like, let's say, it's hit in the last 2 months, that might be a really tough pill for a client to swallow, especially if they're being asked to cut costs right now. And this is where we've gotten creative and working with clients, right? We've found, in some cases, ways to continue their pricing for a period of time. In some cases, we're changing up the services they need. In some cases, we're giving them a bit of financial release on a short-term basis. So this is where myself and my direct reports have had to really roll off our sleeves and get creative, and it's on a situation-by-situation basis. But I look forward to the day where we are able to really kind of get our clients solid enough that they're able to really come to us about where they want to grow their program versus just trying to maintain their programs. And again, we are seeing some early signs. We've been able to close some net new logos. That always is a great sign right in the middle of this. But I think the reality is many of these hospitals -- and when I say these comments, I'm specifically talking about the providers. If we look outside of the provider segment, for example, medical device manufacturers, things like that, they've also been hit, but our clients outside the provider space, the hit is nowhere near as dramatic.
Unidentified Analyst:

Okay. And finally, I like the Awake announcement, its a very interesting way that they move forward. But I wonder if the company has any -- either any interest or opportunity with perhaps affiliating itself with a larger or more stable company, with stabilized operations and finances going forward. So there's no question about you're being able to survive the pandemic and those consequences.
William Barlow:

Well, as you know, we're always looking for new partnerships, opportunities and ways we can align, and we'll always continue to stay focused on what's in the best interest of our shareholders.
Operator:

[Operator Instructions]. And this concludes the question-and-answer session. I will now hand it over to Caleb Barlow for any closing remarks. Caleb, please go ahead.
William Barlow:

Well, look, in closing, I just want to thank all of our shareholders, customers and employees for their ongoing support as we get back to the work of growing this business. And I think Jeff had a really great point you brought up there, which is, what's it going to take to get health care back to normal. It's going to take a lot of the same things, folks to get us back to normal, which is, get out there, wear your mask, be safe, and we'll get through this. Thank you, everyone.
Operator:

That does conclude today's conference. Thank you for your participation. You may now disconnect.

Q2 2020 Earnings Call Transcript

Other earnings call transcripts: