Cyren Ltd.
Q1 2017 Earnings Call Transcript

Published:

  • Operator:
    Good day and welcome to the Cyren First Quarter 2017 Results Conference Call. Today’s conference is being recorded. And at this time, I would like to turn our conference over to Eric Spindel, ‎General Counsel and Corporate Secretary. Please go ahead.
  • Eric Spindel:
    Thank you and welcome to our conference call to discuss Cyren’s first quarter 2017 financial results. This call is being broadcast live and can be accessed on the Investor Relations section of the Cyren website. Before we begin, please let me remind you that during the course of this conference call, Cyren’s management may make forward-looking statements. These forward-looking statements are based on current expectations that are subject to a number of risks and uncertainties that may cause actual results to differ materially from expectations. These risks are outlined in the Risk Factors section of our SEC filings, including our Annual Report on Form 20-F filed on April 27, 2017. Any forward-looking statement should be considered in light of these risk factors. Please also note as a Safe Harbor, any outlook we present is as of today and management does not undertake any obligation to revise any forward-looking statements in the future. Also during the course of this conference call, we may discuss non-GAAP measures when talking about the company’s performance. Reconciliations to the most directly comparable GAAP financial measures are provided in the tables in the earnings press release issued today and available on the Investor Relations section of our website. These financial measures are included for the benefit of investors and should be considered in addition to and not instead of GAAP measures. With me on the call today are Mr. Lior Samuelson, Cyren’s Chairman and Chief Executive Officer and Mr. Mike Myshrall, Chief Financial Officer. With that, I would now like to hand the call over to Lior.
  • Lior Samuelson:
    Thank you, Eric. Good morning and welcome to everyone on the call today as we discuss Cyren’s first quarter 2017 results. First, I would like to make a few comments on the ransomware outbreak known as WannaCrypt or WannaCry that has been infecting networks around the world since last Friday. Cyren’s cloud security products were able to detect the earlier samples of the malware and protect our customers and partners from well-known variants. Cyren’s Cloud-based platform identifying protected customers from the first early stages of the WannaCry attack. This include the detection of the initial vulnerability exploit payload and toxication of all related heaviness of the attack in e-mail and web, including kill switch, IP addresses and command and control server callbacks. We have also identified over 500 variants of the WannaCry attack to-date. Cyren’s Cloud automatically classifies any related indicators of the attack and protects customers immediately from compromised URLs. They are used as droppers. We continue to identify infected URLs as well as malicious IP addresses and they command and control server with which the WannaCry attack communicates. We update our cloud in real-time to ensure that the risk of customer infection is minimized. As we issued in a customer update press release yesterday, we do not believe any Cyren customers or partners were affected by the attack. We offered a number of recommendations and our customers can protect themselves against WannaCry and its derivatives. I refer you to that press release and associated blog update, both of which can be found on the Cyren website. This ransomware attack is a fluid situation that continues to evolve. And our security researchers are continuing to stay in top of emerging variants. I will be happy to answer questions at the end of our prepared remarks. Now, moving to the quarterly results. Cyren finished the quarter with $8 million in revenue, representing an increase of 8% compared to Q1 2016. Though down marginally from the last quarter, Cyren’s revenue run-rate in 2017 is on pace to grow over the full year 2016 revenue when we finished the year with $31 million in revenue. I would like to share with you some metrics in our enterprise business that we believe are strong indicators of our future. In the first quarter, we accelerated the pace of growth in acquiring enterprise customers and we renewed and launched significant threat intelligence services accounts. We have closed over 60 new enterprise accounts during the quarter, 100% growth over a year ago. Our pipeline of enterprise deal is up 47% of the last quarter and new enterprise prospects are growing at a rapid rate. Lead generation was 44% higher in Q4, with total lead for the business, up over 250% from the same quarter in 2016. These statistics reflect the strong interests we are seeing in the market for advanced and effective security solutions. We received some of the strong interest we have seen in years at the RSA Security Conference in February in San Francisco. We are also seeing a huge surge of interest in e-mail security, where incumbent e-mail security providers have been under-investing in their security capabilities for a number of years and customers are frustrated with the lack of security effectiveness. Repeatedly, customer prospects tell us that too many phishing and ransomware attacks are getting through their current providers under defensive are not adequate. Over the past 12 months, we have been investing in building out our website to support a more self-service buying process for our customers, more in line with a pure SaaS business. Two areas in particular I wanted to call out, our new online trials for web security and our web security diagnostic tool. During Q1, we launched a self-service trial capability for signing web security that allows prospects to create, allow the trial of our SaaS web security offering in 30 seconds. We have had over 100 web security website trials conducted in the last 30 days and several of these will close as a result of these trials. As far as we know, this online trial capability is unique in the industry and provides us with a strong sales advantage. Appliance-based solutions can take weeks to provision a player like this and because each trial requires them to ship an expensive appliance to the prospect. They limit the number of trials that they allow. In addition, our web security diagnostic tool allows prospect to test our existing web security solution in less than 30 seconds and determine if they have gaps in their security posture. To-date, the diagnostics have been utilized over 10,000x with 99% of enterprises failing at least one security test. We provide prospects with an executive report of their test results identifying any security gaps we find, so they can document their issues, share them with others in the organization and build the case for upgrading their security. This utility in particular has been helpful in adding more new prospects to the top of our funnel. We believe that our innovations in acquiring customer via the web will pay significant dividends in the future in an industry where on-boarding clients, is complicated and takes months. Our easy, fast and inexpensive approach will streamline the buying process. We believe that the majority web security providers cannot respond to these approaches as their appliance-savvy technology cannot be easily adapted. On the product front, we launched Cyren Cloud Security 4.0 in March. This new integrated cloud platform is the industry first SaaS solution to combine e-mail security, web security, DNS security and sandboxing from a single platform. We believe that CCS 4.0 strongly differentiates us from the competition by providing an integrated suite of internet security products that can be turned on or off with a push of a button are managed using a common policy based paradigm and provide comprehensive defense across multiple-related internet threat vectors. The cyber attack landscape keeps growing and the need for game-changing approach is necessary. Just this quarter, we detected no tax such as ransomware as a service and cryptocurrency wallets, even as they went undetected by appliances and so-called next generation AV solutions. Cyren’s advantage is all due to our unified cloud technology. We have already seen a few successful deals by customer. Customer, who chose to upgrade the level of the security by utilizing the new capabilities of our unified platform. I am also excited to talk about some progress we have made on positioning Cyren against other players in the security industry. We spend the last several months working with an independent third-party to identify Cyren’s unique capabilities that we will bring to our partners and customers in the security market. Over and over, Cyren has received accolades and recognition for its fastest time to detect the latest cyber security threat. We believe we are faster than anyone in the industry, but more importantly we have also determined that Cyren enables the fastest time to protection in the industry which is [indiscernible] differentiator, not only that Cyren detect the latest and most serious threats faster than our competitors, while we also blocked these threats in line within seconds of finding them for our enterprise SaaS customers, stopping these threats from entering our customers network and preventing infections and outbreak. This is exactly what happened in the recent WannaCry outbreak. Our threat intelligence services continued to perform well. During the first quarter we had a number of notable wins that have strengthened our position and will lead to significant revenues in the future quarters. For example, we won a multi-year multi-million dollar contract with a large Tier 1 managed cloud computing service provider using several Cyren’s threat intelligence services displacing another well known security vendor who is the incumbent. The customer is in the process of launching Cyren’s services and this contract is expected to have a positive contribution to revenue during the second half of 2017. In addition, we also renewed and expanded several large threat intelligence service contracts in the United States, Europe and Asia. These include well-known fraud security vendors who are heavily dependent on Cyren’s superior detection technology in order to deliver service to their enterprise customers. In most cases, these contract renewals include increased pricing and additional usage of Cyren’s service and will have an immediate positive impact on revenues beginning Q2. We look forward to several key renewals throughout the rest of 2017 in order to continue these up-sell opportunities. On the last call, we commented about the continued investment in sales and marketing as we focused Cyren to expand our footprint in enterprise securities and services. The team members we added in the second half of 2016 are ramping quickly and are expanding their pipelines and closing new business. We won a number of deals from competitors including Forcepoint, Cisco, McAfee, Mimecast and Barracuda and a number of reference customers we have is growing. We believe that this traction will help to accelerate new customer and logo acquisition over the coming quarters. Finally, I would like to discuss a notable funding announcement that we made during the first quarter. At the end of March, Cyren closed the transaction with a small group of foreign investors for a convertible note in the aggregate amount of $6.3 million. The note carries a relatively low interest rate of 5% and is convertible to equity at $2.50 per share which represents a premium to Cyren’s share price. We finished the quarter with $13.5 million in cash and the additional capital will help us execute our growth plans going forward. I will now hand the call over to Mike to go through the first quarter financial results. Mike?
  • Mike Myshrall:
    Thank you, Lior and good morning everyone. I am pleased to provide you with a review of Cyren’s first quarter 2017 financial results. For the more detailed results, please refer to the press release we issued earlier today which is posted on our website. As always please note that we state our financials under U.S. GAAP accounting standards including non-operating expenses and that I will discuss certain financial metrics on a non-GAAP basis which excludes those non-operating items. You can refer to today’s press release for a reconciliation of our GAAP and non-GAAP results. GAAP revenue for the first quarter of 2017 was $8 million compared to $7.4 million during the first quarter of 2016 and $8.1 million last quarter. This represents an 8% year-over-year increase in quarterly revenue compared to the first quarter of 2016 and as Lior mentioned includes revenue from over 60 new enterprise customers that were added during the quarter. GAAP operating expenses for the first quarter totaled $7.4 million compared to $6.7 million in the first quarter of 2016 and down from $8.4 million during Q4 2016. It should be noted that the Q4 2016 expenses include a one-time adjustment to the earn-out obligation that was disclosed in our recent 20-F annual report, but not previously included in the Q4 2016 financial results that were released in February. This adjustment was a result of a legal ruling received subsequent to the reporting of our Q4 financial results. GAAP R&D expenses during the first quarter were $2.3 million in line with the $2.3 million reported during the first quarter of 2016 and up $0.1 million compared to last quarter. GAAP R&D expenses for the quarter were net of any R&D capitalization project but did not include any R&D grant funding from Israel’s National Authority for Technological Innovation. In previous years, Cyren received funding of approximately $760,000 during 2016 and $850,000 during 2015, but we have not yet been approved for any R&D grant funding for 2017. GAAP sales and marketing expenses during the first quarter totaled $3.6 million compared to $2.7 million in the first quarter of 2016 and $3.5 million last quarter. The increase in sales and marketing expense is due to additional new hires during the fourth quarter and first quarters to strengthen our enterprise sales force. We also recorded significant expenses related to our participation in the RSA Security Conference in February, by all account it was a great success for Cyren. GAAP G&A expense for the quarter came in at $1.6 million compared to $1.7 million during the first quarter of 2016 and down from $1.8 million last quarter. First quarter GAAP net loss was $2.5 million or a loss of $0.06 per basic and diluted share compared to a net loss of $0.04 per share in the first quarter of 2016. The quarterly loss in Q4 2016 was $2.9 million or $0.07 per share including the expenses associated to the adjustment in the earn-out obligation. On a non-GAAP basis Cyren’s net loss was $2.4 million or $0.06 per basic and diluted share compared to a non-GAAP net loss of $1.9 million during both the first quarter of 2016 and last quarter. Cyren’s non-GAAP loss excludes expenses related to stock based compensation, amortization of intangibles adjustments to earn-out obligations and capitalization of technology. Please see the table in our press release for a full reconciliation of our GAAP to non-GAAP results. Cash flow from operating activities during the first quarter was negative $1.9 million compared to operating cash flow of $2.9 million in the first quarter of 2016 and negative $0.8 million during the fourth quarter of 2016. However, net cash flow for the first quarter totaled $2.9 million compared to negative $2.4 million for the first quarter of 2016. This includes proceeds of a $6.3 million issued from the issuance of the convertible note that Lior mentioned earlier. The company’s cash balance at the end of the first quarter stood at $13.5 million, up from $10.6 million at the end of the fourth quarter. Due to the derivative nature of convertible note this liability is expressed in two components under long-term liabilities on the balance sheet. The long-term convertible note is listed in the amount of $4.3 million and the embedded conversion feature of the note is listed as $2.0 million. We believe that terms of the note were very favorable to Cyren and this debt can be converted into equity at $2.50 per share before the maturity date in September of 2019. Cyren also has the ability to issue up to $3.7 million of additional notes under these same terms. Prior to the issuance of our 20-F annual report on April 27, two notable legal events occurred that were reflected in the subsequent events to note to our 2016 financial statement. The first item was related to the earn-out dispute for our 2012 acquisition in Germany. Cyren received a German arbitration panel judgment which cited in favor of the former 11 shareholders and caused Cyren to increase our earn-out liability on the balance sheet from $2.2 million to $3.1 million. Additionally, we settled the legal dispute with the former customer in Japan that resulted in a receipt of approximately $0.7 million to Cyren. Due to the timing of these events the income statement impact of the German transaction was reflected in the Q4 2016 financial statement as published in our 20-F, but the Japanese litigation item will be reflected in our Q2 financial results. Looking forward, we expect that our sales and marketing efforts will continue to pay off and the release of Cyren Cloud Security 4.0 will generate an increase in the number new enterprise customers who are utilizing web security, e-mail security, DNS security and our cloud sandboxing. With that I would like to open up the lines for Q&A.
  • Operator:
    [Operator Instructions] Our first question comes from Chad Bennett from Craig-Hallum. Please go ahead.
  • Chad Bennett:
    Great. Good morning. Thanks for taking my question, guys.
  • Lior Samuelson:
    Good morning, Chad.
  • Chad Bennett:
    So it looks like a really strong quarter on the enterprise data business from kind of new customer and bookings standpoint. I guess, Lior, can you give us an update on the new customer average in the quarter kind of where pricing is today and kind of what part of this solution or how much of this solution your customers are actually taking these days?
  • Lior Samuelson:
    Yes. So, as I mentioned, we launched our 4.0 just around the corner. What we are seeing is in general is that we are seeing increased interest in customers buying at least two products. So, we are seeing people buying web and mail at the same time. It’s more in 50% – between 50% and 70% of the people are inquiring about buying both products. I anticipate that in the near future we will be able to sell the entire stack to customers. And again, this is the plan that we have had for a while, which is to be able to allow enterprises to buy the Cloud-based protection from web e-mail, cyber all from the same platform, all from the same, also basically mail is my popular one. So, I think that’s kind of progressing well. I am encouraged by that. Still we are – as you know, we are targeting primarily right now, not exclusively, but primarily SME and SMBs and obviously we are in the process right now where we are still discounting, not all the time still discounting, still discount on our prices as the mindset and the strategy that we are using is really we would like to focus on global acquisition and get as many customers on the network and see basically how this solution works and also test out our marketing sales and kind of the entire operations. And I must say that we are more than hitting our internal targets. So, from an internal standpoint, we are doing very well.
  • Chad Bennett:
    Okay. And then of the 60 new customers, can you give us an idea of kind of average headcount of that customer base? How many seats per customer on average?
  • Lior Samuelson:
    I would say that it’s kind of hard to tell on average, but it’s between 200 and 2000. I mean, that’s an only one. I mean, we have some that are bigger than that, but that’s kind of basically where the majority of the range is.
  • Chad Bennett:
    Okay. And then another question for me on the OEM side of the business, it sounds like you had a pretty significant win there with the Cloud provider on the security side. Can you just give us the insight into kind of what – how you won that business versus a competitor and the process there? And then maybe kind of how significant this player is in the Cloud security space?
  • Lior Samuelson:
    So, I think that so for us it’s very significant, not entirely significant, because I think that it chose us. And I think other people that are security infrastructure that includes our engines, the data our Cloud really produces superior detection and prevention. And so I think that’s how we want it. We want it through bake-offs through tests. It goes through – these companies go through extensive testing. It takes months sometimes. So, I think that – some of the emphasis that we have – we have put a emphasis in the past couple of years and we continued to do so in our security technology. We believe that in the future it will become a major differentiator and there is a lot of noise in this industry. There are a lot of players. People make a lot of claims. But I think that at least in our mind, our detection and prevention, our engines of security is really second to none. And that’s why we were able to win it.
  • Chad Bennett:
    Okay. Last question for me, where are we at today in quota-carrying headcount on the enterprise side of the business and how much has it increased versus this time last year? Thanks.
  • Lior Samuelson:
    So, the entire sales team is approximately 30 people now, 30 to 32, that includes sales manager and sales engineers and sales operations folks as well. So, on a quota-carrying headcount, the number is probably in the 20% range and compared to a year ago, that’s up probably close to 50% from where we were a year ago.
  • Chad Bennett:
    Great. Thanks. Nice job, guys.
  • Lior Samuelson:
    Thank you. Appreciate it.
  • Operator:
    [Operator Instructions] And our next question comes from John Lucia from JMP Securities. Please go ahead.
  • John Lucia:
    Hi, guys. Thanks for taking my questions. And so we were impressed with the addition of John Becker to the board, I just wanted to ask how that relationship with John came about and what kind of role you will be taking as a member of the board?
  • Lior Samuelson:
    We are impressed with them. So, that’s why we put them on the board. I think John is – we have an office in the Northern Virginia where Mike and I live and he is a very well-known person in the community, well-known security experience of a CEO of a bunch of companies, including some very successful one. So, John met with us and once he understood and saw what we were doing. He thought it was very exciting opportunity for him to be part of a very interesting company with a lot of potential. So, for us, personally and also is which is not the indication that people do know what they are talking about decide to join our board.
  • John Lucia:
    And then what kind of role will he be playing as a board member, is it kind of a standard board member or do you think it will take more of an active role as a member of the board as opposed to the other board members. How can we think about his role as a board member?
  • Lior Samuelson:
    Yes. So, our board has 7 people in it, including myself. And the board is really an integral part of the company. That’s how we run the company. We meet with the board often. In fact, John was here yesterday for a few hours in the office. So, each board member contributes for their advantages. John knows the market very well. So he has already attended more than one board meeting. He has been on a face-to-face board meeting before he officially joined the board and he will play a significant role in assisting us and thinking through our strategy going forward and sales and marketing, but most of our board members are very active and I expect to be very active.
  • John Lucia:
    Okay, great. And then everyone is talking about this ransomware attack that happened on Friday and over the weekend, what kind of impact on demand do you think the attack will have and then anecdotally, have you spoken to customers and partners about this. I would just be curious to hear kind of the initial reactions and stuff that you have heard from the field?
  • Lior Samuelson:
    Yes. Well, I think I don’t expect to see sort of radical change in demand. I think it’s just another step in the direction that everyone knows is coming which is that the security landscape is changing, not only because of the type of – and the frequency and the massiveness of attacks, but also the change in what is necessary from a technology standpoint and interest that want to provide protection. And I think that so many vendors out there didn’t see that couldn’t prevent it. And I think so – I think that what will happen is just that the market will grow as many people and some analysts predict it will grow, I think relatively rapidly. But I think more significant is that we will see as we are already seeing a fundamental shift in the way people what type of security people buy. And if you are first generation and there are many from around us security provider, it’s very difficult to protect your clients. So I don’t see a massive change as you think that it will be maybe we will accelerate the way the enterprises think about the type of security that they buy. But I think the move to the cloud and the move to more sophisticated detection is might be accelerated.
  • John Lucia:
    Okay. And then the deferred revenue in the quarter, I think is declined by $500,000 where as it was up $3.8 million in the year ago quarter, if I was looking at that correctly, can you just walk me through that the nuts and bolts there?
  • Lior Samuelson:
    Sure so typically in our traditional threat intelligence services business our OEM service model, most of our customers pay us on a quarterly basis and typically as they are quarterly basis after the service has been provided. So the deferred revenue associated with those customers generally speaking is relatively low. We have a few notable exceptions one of our largest customers prepaid a year ago in Q1 a year ago for 3 years of service until we received a very large upfront payment for those 3 years of service. And s what you are seeing on a quarterly basis with the decline of deferred revenue is basically we are just recognizing the revenue associated with that one large customer. And so the decrease in deferred revenue on a quarterly basis right now is basically saying that we are recognizing more revenue than customers are prepaying. Now as we move to the full enterprise SaaS subscription model, we are going to see more of a mix of customers who are prepaying us for 12 months of service or more at a time. But that enterprise business right now is still relatively small compared to our overall revenue stream and that’s why you are seeing that the deferred revenue balance is decreasing on a quarterly basis.
  • John Lucia:
    Okay, great. Thank you.
  • Lior Samuelson:
    Sure.
  • Operator:
    And there appears to be no other questions at this time.
  • Lior Samuelson:
    Okay. I will – so let me close by saying that I mean we are extremely pleased with what we are accomplished to-date in 2017. As we have seen with the latest malware outbreak we know how important it is to remain diligent with our detection technology leadership and continue to provide the best time to protection in the industry. We will continue I think to acquire customers at an increasing rate and please visit our website for any news or updates on the WannaCry attack and any future outbreaks, its updated several times every day. So again, thank you very much for being on the call today. And I look forward to updating you in the near future. Thank you very much.
  • Operator:
    This does conclude today’s presentation. Thank you for your participation. You may disconnect.

Other Cyren Ltd. earnings call transcripts: