Darktrace plc (OTCPK:DRKTF) Q4 2023 Earnings Conference Call September 6, 2023 8:00 AM ET
Company Participants
Luk Janssens – Head of Investor Relations
Poppy Gustafsson – Chief Executive Officer
Jack Stockdale – Chief Technology Officer
Cathy Graham – Chief Financial Officer
Conference Call Participants
Luk Janssens
Hello ladies and gentlemen, and welcome to Darktrace plc’s Full-Year 2023 Results. I’m Luk Janssens, Head of Investor Relations.
I’m joined by Poppy Gustafsson our CEO, Cathy Graham our CFO and Jack Stockdale, our Chief Technology Officer. Together, they will present for about 40 minutes, after which we will conduct a question-and-answer session. We welcome questions from participants using the chat function, which you can find at the bottom of the screen in the tool bar and you can start submitting questions throughout the presentation.
Here is a disclaimer which you can review, but now let me hand over to the CEO of Darktrace, Poppy Gustafsson, to open the presentation. Over to you Poppy.
Poppy Gustafsson
Thank you, Luk, and welcome once more to everyone joining us on the call. What a moment to be working in AI.
Recent months have seen the stars align into what is a unique opportunity for us at Darktrace. We are seeing an undeniable seismic shift in the AI landscape; at a time where we have just completed a year long process in supercharging our go-to-market team. We are racing into a new financial year with a unique market opportunity ahead of us, and a refreshed team that is eager to make the most of it.
So let’s talk AI, something we have been talking about for a decade. Some of you watching this might be carrying a little AI fatigue, viewing this with slightly narrowed eyes, fearing that the AI hype is a mere flash in the pan leaving a trail of AI chatbots in its wake. Some might be worried that AI is fueling a new wave of scammers, spammers, and spoofers. Well, it is. And it will. But so will the next innovation, and probably the one after that. Novel threats arising from AI are inevitable, novel is the new normal.
For us, AI is not an exciting new tool for developers to get giddy over. It is essential. It is the only way in which we could do what we do. We are AI natives; AI is, and has always been, woven into our DNA. I feel more confident than ever in our competitive position within the market and Jack will talk more about this later on.
Shortly I will talk to you about how we have taken advantage of the weaker macro environment over the past year to refocus on investing in our go-to-market teams, but first, let me walk you through some delivery highlights from the past year.
After launching Darktrace PREVENT in the summer of 2022, this summer we launched Darktrace HEAL, meaning we have now delivered on our ambition to create the Cyber AI Loop. Despite a quieter macro environment, as reflected in a slowdown in new customer additions, we have ramped up investment in our existing customers, and the average size of existing customer contracts is up 9.5%.
We now have around 8,800 customers globally and have grown our revenue by 31.3% year-on-year. ARR grew by 29.6% year-on-year, and we generated free cash flow of $93.8 million, well above previous guidance and showing our continued profitability.
We used that profitability to invest heavily into the foundations of our future growth. For me that meant supercharging our go-to-market teams, and getting them ready for the next phase of growth. In June, we appointed Chris Kozup as Chief Marketing Officer, who brings proven experience of leading high performing marketing teams at fast-growing enterprise technology companies.
We also made several key hires in our go-to-market team following the appointment of Denise Walter as Chief Revenue Officer in February of this year. Denise has driven the evolution of our incentive structures, we have invested in our systems and processes, with Workday currently being rolled out. We’ve also invested in learning and development, and the Darktrace Academy is now up and running.
These achievements have proven the success of our business model, and we have done it all against a challenging economic backdrop and a high level of scrutiny on the business this year. We’ve made several years’ worth of changes in a single year, with minimal impact to the business model near-term, but allowing us the scalability we want to see longer term. We’re going into FY ‘24 in a position of strength, better prepared than ever, and we expect to see a re-acceleration of sales in the second-half of the year as we reap the benefits of our investments.
But before I pass over to Jack, let me return to say a few words about the hype around AI, which is admittedly at fever pitch. As I said earlier, at Darktrace we are AI-native. Our technology has been built from the ground up by AI experts over 10-years, with AI at its core. It is future-proofed, because it has been designed to identify novel threats, irrespective of how that threat emerged, or what the latest capability was that fueled it. That concept was central to our genesis as a business, it is the problem we were trying to solve when we first started out.
You’ve seen the value of cloud-native products, which were designed to cope with cloud applications, constantly shrinking and expanding, moving between on-prem and off-prem, and bouncing across multiple cloud platforms. But this wasn’t only a technology change; it was also a mindset change.
The same holds true for those vendors who think of enterprise security in siloes, instead of thinking in the new data-driven world of AI. AI requires a mindset challenge. Our approach to AI, which covers the entire digital ecosystem, has allowed us to move from being the market share leader in network security, to leader in next generation email security, to securing the cloud, operational technology, and beyond. With our core AI architecture, we are future-proofing customers against novel threats regardless of where they may occur.
Privacy concerns are addressed, the customer data stays where it is; we bring our AI to the data. And because we are not training systems on known bad, we don’t rely on taking data from one customer to train a system for another customer.
For us, AI goes more than skin deep. It is the essence of what we do. Darktrace was the first to apply AI to the real-world challenges of cybersecurity, and today we’re on our sixth generation of Cyber AI.
But are we seeing AI powered attacks in the wild? Ultimately, the use of AI among threat actors is still in its infancy and we don’t know exactly how AI will evolve. But what we do know, is that it will affect the way that scammers, phishers, the bad guys are all working. Already now, we are seeing the growth of new techniques that indicate increasing use of automation and a focus on attacks that abuse user trust. Attacker behavior and threats are always evolving; novel is the new normal.
With that, I’ll pass over to Jack now, to explain why our approach is different and how our products are set up to protect our customers from the security challenges of this era.
Jack Stockdale
Thanks Poppy. Now, we have a technology day for our investors in coming up in November we’ll be covering our approach and AI in much more detail, but I’d like to give a quick overview of what makes Darktrace’s unique approach so essential to our customers.
AI. What do we mean by AI? Whether it’s a public chatbot that can write you a fantastic new poem, or a tool to help you analyze medical images in your clinical role, or an enterprise AI that helps you make a critical judgement call, each of them is formed from a few essential ingredients. Obviously you need some compute resource to build and run them on. And then you have some AI algorithms. And then you have some data.
The algorithms are definitely important, but it’s the data you have, and how that data interacts with those algorithms that’s absolutely critical. And even though each of those AIs might be total game changers in their field, you absolutely need to use the right AI, trained on the right data, for the job in hand. You wouldn’t have a public chatbot trying to interpret private medical images, You wouldn’t even be allowed to or an AI trained on medical images try to write a poems, if you tried to do so, the results would be a total disaster.
And this is just as true within the enterprise and security space, where Darktrace takes a completely unique approach to how we protect our customers, in those algorithms we use, in the data we use and crucially how the two interact. Now most AI in the world today is trained periodically in offline training labs, the AI data pipeline uses huge amounts of combined historic training data. You take all that data, you feed it to the AI, and then after a few days or weeks, you get a static AI models output, which you push into production. And it perfectly well serves its role until the next time your new model is ready and you can discard the old one. And this a perfectly sensible way to go about things for many use cases. This is exactly how ChatGPT and most other public generative AI tools work.
But at Darktrace, using customer data in real time lies at the heart of everything we do. This is our real difference and real advantage. We don’t periodically hoover up all your data, combine it with other customers’ data, and upload it to a lab somewhere.
Instead of taking your data to the AI, instead we take our AI to your data, wherever your data is. So inside every single customer lies a Darktrace AI that is completely unique to them is their own data AI pipeline plugged into their own enterprise, learned by itself in real time, completely automatically, from everything that happens in their digital world, across their email, their cloud systems, on their laptops, their offices, their external exposure on the internet, and from the everyday applications their employees use.
Our AI is learning by itself in place with each customer, it was not taught in a large lab a few months ago. And this is completely different from nearly everything else we see, not only in cyber security, but even the wider enterprise. And while there are certainly important tools that use those large, combined data sets to detect previously seen threats, it leaves Darktrace uniquely positioned in all the cases where the only way to protect yourself from a new or novel threat is from a deep understanding of your own business. In the real world, this can happen at any time, and it happens all the time.
So, if the customer’s own data is that unique data source we use, what about our tech and algorithms? As Poppy said, we have been a completely AI native technology from the beginning. We began as an AI Research Centre 10-years ago and we were among the first to apply AI to cyber security. Since then, our ongoing research has been key to our innovation and our new products. That Original AI Research Centre in Cambridge has now grown to 100s of R&D employees, we’ve added a second research center in the Hague, and in both we draw people from a wide range of backgrounds and run a true research environment.
So instead of needing huge teams of people collecting examples and training and retraining those combined lab based models just to keep up with the latest threats, instead we give our researchers the total freedom to be at the absolute cutting edge of applying new algorithms to customer data. We look at every new and emerging AI technique, and take the best of them, wherever they will help us solve the particular needs of our customers.
The occasional failure of a research project is completely accepted, it’s even encouraged, but as each piece of successful research it pushes our innovation forward and very often goes on to power our products of tomorrow. As we’ve grown the teams and increased the breadth of the research, we’ve significantly built our product set and the patents we have protecting it. Not only have we expanded those areas in the digital world that we can learn from and protect, we’ve also added a whole suite of new algorithms, always following that same philosophy, use the right AI and the right data for the job.
Now on its 6th generation, our current AI uses a huge range of techniques and algorithms, all of which have been applied to real world cyber challenges across our customer base. These have been battle tested thousands and thousands of times in the real world, and they seem to work. We now use a wide range of our own self-learning methods that understand new information and decide if something never seen before looks suspicious. Our real time Bayesian probabilistic methods allow models to be efficiently updated and controlled in real time.
We use deep-neural networks to replicate the thought process of humans. Graph theory understands the incredibly complex relationships between people and our systems, organizations and the supply chains. Offensive AI such as GANs help to test and improve our ability to counter AI driven attacks. We use gen AI and applied AI to run simulated phishing campaigns, tabletop exercises and realistic drills, unique for each customer.
We also use natural language processing and large language models which can interpret and produce that human readable output. And so we’ve built up this AI arsenal, and use each part where it best fits. As an example, we’ve seen over the years how important it is for AI systems able to explain itself . It’s not enough to build the best product in the world, you need humans to use it, to understand it and trust it. Having AI able to explain its reasoning, and decisions is critical in the enterprise. So, when we need to do that, we draw on our AI language models, our natural language processing, and the ability of gen AI provide that reasoning, or to summarize outputs or translate reports.
But when instead we need to understand potential attack paths from a distant supply chain into your most critical assets, attack path modelling and graph theory they are the best tools for the job. Five years ago, we started research into offensive AI and how best to defend against that, we turned to GANs and gen AI. Always use the best AI, and the best data for the job.
So why are these techniques in this data and how we apply them the best choice to protect our customers? Well for a start, as soon as you make that fundamental shift of taking the AI to the data and giving each customer their own AI, many of the common challenges facing systems today just become non-issues. The customer’s data don’t go anywhere, there were no privacy or compliance issues, there’s no potential IP loss. The system inherently learns and works in real time, there’s no more waiting days or weeks for a detection update. It’s can take real time actions in real time against threats never seen before.
You can even remove many of those costs associated with transfer and huge amounts of data in and out of your business. But these are almost by-products, what you actually have is a system that is uniquely able to solve emerging cyber security challenges. After learning a customers’ business Darktrace can even start recommending pre-emptive actions you can take to meaningfully lower your potential risks, letting you get ahead of the games.
It’s also there, always on, always learning, ready to detect and stop any potential threat to your business. It doesn’t really matter what the threat is, your individual Darktrace AI knows your business well enough to stop the unusual, the suspicious and the novel. The pace of new threats and the tech behind them now outpaces any notion that a weeks’ old view of historic cyberattacks can fully protect you as a business, whether from the threats that we’re seeing today, or the threats of tomorrow, and whatever they may be, whether that’s self-evolving code designed to evade the best of those defenses, it is automated deepfakes where you can’t hear or trust what you’re hearing or seeing, or your employee’s being tricked into being inadvertent insiders.
Now e-mail is a perfect example of this. Most e-mail AI security learns from historic attacks seen in emails elsewhere and will stop them if they target you. Darktrace instead learns from your own e-mail to understand the context and nuance of how each person uniquely communicates. Who they talk to and how. And this allows us to stop existing threats, new novel threats and is even powerful enough to spot when something has not been written by who it says it was.
Now we’ve seen the complexity of phishing attacks rise a lot since gen AI tools have been made available to everyone. The Darktrace spots and stops these. And this is why we have one of the most successful products in the world today for preventing novel attacks for our e-mail. And this is all without your confidential e-mail data leaving your control.
As Poppy said, AI-powered attacks today are in their infancy and they will continue to evolve, but the cyber security industry actually has been plagued with novel attacks for years. And we’ve seen repeatedly that our approach works. We’ve always excelled at preventing novel attacks. That included Log4J, supply chain attacks like SolarWinds, the novel phishing scams we saw during the covid lockdowns, zero days like Netscaler, novel ransomware worms such as WannaCry, through to sophisticated nation-state attacks.
Darktrace doesn’t protect you from these because we are looking for them in particular, we find these, because every threat, whether known or novel, internal or external, accidental or malicious, human-driven or AI-driven, they all impact your business or your people or your data, and so can be immediately detected and stopped by your own Darktrace AI.
As Poppy said, Novel is the New Normal, and it’s the novel attacks that can do the most damage. Gen AI phishing attacks and deepfakes are the latest, but they won’t be the last. And we’re talking much more about these other novel attacks and how our data and products prevent them at our Tech day in November, but I hope this overview gives you a good sense of how our technology works and why it is so differentiated from others in the space.
Now back to you, Poppy.
Poppy Gustafsson
Thank you, Jack. Our mission is to free the world of cyber disruption, which puts our customers at front and center of everything we do. We are proud to be protecting around 8,800 organizations around the world from healthcare institutions and public bodies through to multinational corporations.
We have continued to grow our customer base throughout the year, adding 1,362 new customers across a wide range industries. We were proud to protect global sporting events such as the Qatar World Cup in November, and we closed our biggest ever deal to-date with a major critical infrastructure organization. The value our customers place in Darktrace has been acknowledged by third parties. In June we were named a Customers’ Choice in the 2023 Gartner Peer Insights Voice of the Customer for Network Detection and Response, and our technology won several awards throughout the year.
If you want to hear directly from a customer on how we’re adding value to their team, I’d urge you to have a look at the video we’ve released today from Royal Caribbean which you can find on our LinkedIn page.
Now we are never standing still at Darktrace, but even for us this past year has been exceptionally busy. We have made some significant investments across the business, as I alluded to earlier. These have been focused on our go-to-market team and structure, our brand and positioning capabilities, and the systems and processes that our businesses sits upon.
A big part of that investment is in the appointment of Denise Walter as Chief Revenue Officer, bringing deep expertise in building high-performing teams at fast growing businesses. Since joining in February, Denise has set a path for evolving the structure of our go-to-market teams for the next phase of growth, and she has made a number of strategic hires across sales, channel and customer success to help drive that evolution. With the U.S. being our biggest market, but also representing our deepest opportunity going forward, we’ve taken steps to ensure that we have the right resource in place there.
Having brought new talent in from companies including VMWare, Zscaler and Crowdstrike, the next phase of the strategy has been to harness that talent to drive success across the business. Our focus has been to evolve the structure of our salesforce to drive more from the strategic part of the market, particularly in the U.S.
Further to our appointment of Denise, in June we hired a new Chief Marketing Officer, Chris Kozup. Chris was previously CMO at Zscaler and is focused on strengthening the Darktrace brand globally to support our evolving go-to-market efforts. He will build out our marketing capabilities, with an emphasis on demand generation as well as product, digital and partner marketing.
Drawing on expertise from third party advisors and our new talent, we have evolved our compensation model to better align market best practice, so that we’re attracting and retaining top talent. This was not a cost saving exercise, but to ensure that we are driving behaviors to support growth across the go-to-market team, not just in sales, but in other areas of the team including customer success and technical support, and ensuring success is rewarded early in a career journey. We expect to see these changes make a positive impact on productivity per seller, and to drive better attrition, which we have seen improve in FY 2023.
Furthermore we’ve taken steps to upgrade our systems and processes. We have invested in Workday, a cloud solution which will improve our HR, finance and expenses processes. In FY ‘24, we plan to begin implementing a new CRM tool to help us to capture data on a more granular level and ensure better visibility and consistency.
As we look to upskill our workforce, we have invested in training and development across the employee base. I’m pleased to say that we’ve now launched Darktrace Academy, a huge initiative which allows our employees to develop and cultivate their skills at Darktrace. Within the Academy we have introduced MEDDPICC sales methodology training to every person within the sales and customer success team. As I said earlier, we have used this period to drive several years’ worth of changes in a single year, and needless to say, I’m hugely excited to see these investments paying off.
And the good news is, we’ve already paid for these changes. We have generated more cash than expected, some of which we have used to make these changes, particularly around compensation. And we have done all of this with no impact to our long-term model on profitability, just a short-term timing on cashflow. As more commission is paid upfront, rather than deferred, we’re amending the way we’re defining our adjusted EBITDA to ensure that it remains comparable with our peers.
I’ll pass over to Cathy now to talk you through these points and our financial performance.
Cathy Graham
Thanks, Poppy, and thanks everyone for joining us. I want to accomplish two things today. First, I want to give you more context around our final FY ‘23 results, with final ARR measures slightly better, and Adjusted EBITDA much better, than we’d expected. And second, I want to confirm and expand on the FY ‘24 expectations we gave in our July trading update.
Since then, our outlook on FY ‘24 operating performance hasn’t changed, but modifications to sales commission plans that started July 1, and the resulting accounting impacts will affect adjusted EBITDA, so much so that we’ve decided to change our definition of that measure. Free cash flow will also be affected as we transition between plan structures, temporarily reducing FCF before it normalizes again beyond FY ‘24.
I want to make sure you understand the impacts to both these measures, and more on that in a moment, but first, let’s discuss FY ‘23 results. Over the past year, we continued to invest in our go-to-market teams and product pipeline. That, combined with the benefits of our multi-year contract and high variable cost model, enabled us to deliver strong revenue and ARR growth, as well as operating performance, against a challenging macro-economic backdrop.
In FY ‘23, our revenue grew by 31.3% over the prior year. With subscription sales continuing to make up more than 99% of revenue, and with average contract term still averaging over 36 months, RPO, or contracted backlog, was up 25.3% over the prior year. Remember that about 80% of annual revenue is typically in RPO at the start of each financial year, so we not only have considerable revenue visibility, but significant committed future revenue to support growth.
We focus on expanding constant currency ARR to drive top line growth. During FY ‘23, our ability to grow ARR was dampened by macro-economic headwinds, as pressure on business budgets made prospects more reluctant to run product trials and lengthened sales cycles when they did. Despite that, we delivered constant currency net ARR added of $143.6 million, only $600,000 or 4/10ths of a percent, below FY ‘22 levels, increasing our constant currency ARR by 29.6%.
FX tailwinds in FY ‘23 saw U.S. dollar denominated ARR outpace our constant currency measure, growing by 31.4%. As we reset constant currency rates each year to the rates in effect on the last day of the prior year, this $637.3 million U.S. dollar ARR balance reflects FY ‘24 constant currency rates and is the value against which we’ll measure constant currency ARR for the coming year.
Our ARR measures continued to be driven mostly by the addition of new customers, which, in the recent environment, has been more challenging than usual. Year-over-year, we added 446 fewer net new customers than we did in FY ‘22, but still grew our customer base 18.3% year-over-year. To achieve relatively stable year-over-year net ARR added, the decline in net new customers added was offset by increased contract values across both new and existing customers. In aggregate, we saw a 9.5% year-over-year increase in average contract ARR across our customer base.
We continued to sell across a broad range of customer and contract sizes, however, driven by greater focus on strategic accounts and the increase in average contract ARR, our account distribution again shifted larger. For FY ‘23, 54% of ARR came from the 18% of customers with ARR of more than $100,000, compared with 50% of the ARR from 15% of the customers in FY ‘22.
Also key was the continuing product penetration that accompanied accelerated upsell activity in FY ‘23. At 30 June, 48.8% customers had purchased four or more of our products, up from 46.4% a year prior. While our customers still buy most of their products from us up front, we continue to strengthen our upsell focus, and expect this, along with an expanding product set, to continue deepening product penetration across our customer base.
Tracking broader trends, both one-year constant currency gross ARR churn and net ARR retention weakened from the prior year, but only slightly. Gross churn was two-tenths of a percent higher, driven by an increase in bankruptcies and other defaults, as customers across our base grappled with their own financial challenges. That said, churn remains significantly below the pandemic highs we saw in FY ‘21, and is still within what we consider to be a normal range for our customer base.
This slight increase in churn is reflected in the six-tenths of a percent decline in net ARR retention we saw between years. While we drove a significant increase in product upsell activity in FY ‘23, it was offset by contract down sells, where customers reduced coverage or eliminated products in response to their own budget pressures. Despite a small, and we think temporary, reversal in what had until recently been improving trends in churn and net ARR retention, we’re encouraged by this increase in upsell activity.
While our primary focus remains on new customer acquisition, we’ve continued to structure team responsibilities and incentives to focus more attention on existing customer product adoption. With FY ‘23 activity as an indicator and, combined with more exciting product launches and enhancements to come, we believe that both these measures will move back in the right direction as our go-to-market investments start to pay off and economic conditions continue to improve. We’ve already talked growth trends and their drivers so now let’s spend a few minutes on our costs and resulting profitability measures.
For FY ‘23, gross margin increased by six-tenths of a percent versus the prior year, staying at the high-end of our expected range. The shift in composition of direct costs continued as hosting costs grew significantly faster than the total, reflecting increasing sales of cloud-based offerings and customers moving more of their digital footprint to the cloud. This was offset by slower growth in appliance depreciation and related deployment costs, and further by the typically small amount of costs for appliances sold to government or regulated customers being even smaller than the prior year.
Though our FY ‘23 operating expenses increased substantially year-over-year, in aggregate, they came in below even our late year forecasts, driving higher than expected full year margins. In part, this was a function of our multi-year contract, high variable cost model, where in a slower sales environment, incentive compensation and other sensitive costs fall well before any impact to revenue. We also managed discretionary costs effectively across the year, and saw some late year cost delays, which offset a portion of the investments we made in our go-to-market capabilities and corporate infrastructure.
Sales and Marketing expenses increased by 24.5% year-over-year, but as a percent of revenue, came down by 2.9 percentage points. The largest increases were in compensation costs, reflecting the second half hiring of our CRO and the experienced people she’s attracted to Darktrace. This additional hiring also resulted in a significant second half increase in T&E, as newly organized teams travelled to meet customers, prospects and each other. These cost step-ups were partially offset by lower than planned variable compensation, reflecting a slower sales environment. Also offsetting this investment was a temporary pullback in late year marketing spend, as some activities and commitments were delayed to get input from our new CMO.
R&D costs increased by 8.2% year-over-year, and as a percent of revenue, came down by 1.9 percentage points. Cash compensation costs across our tech functions went up about 27%, reflecting continued hiring and salary adjustments to retain our talented teams. This was partially offset by a reduction in share-based payment and related tax charges of about 30%, following the first-half vesting of significant IPO-related equity grants. Depreciation of capitalized R&D labor also declined by about 30%, reflecting the timing of development cycles.
G&A costs increased by 43.2% year-over-year, and as a percent of revenue, increased by 1.8 percentage points. The largest factor was a doubling of professional services fees for both planned and unplanned engagements. Our implementation of Workday, which is now in its final stages, was in progress throughout the year. We also spent a significant amount to reassure stakeholders and provide confidence in our financial statement, after questions were raised by a short seller. Increases in bad debt, as well as higher fixed asset depreciation related to new office buildouts, also contributed to the increase.
As we’ve consistently said and demonstrated, Darktrace has a resilient business model, where multi-year contracts cushion revenue growth during periods of economic uncertainty, and high variable costs allow us to be responsive to profitability and cash flow goals.
Reflecting this, adjusted EBITDA increased by $47.8 million year-over-year, for an FY ‘23 adjusted EBITDA margin of 25.5%. This was higher than the 18% we expected at the start of the year, largely due to some of the cost factors I just mentioned. But it was also pushed up by some late-year, one-off items – bad debt recovery, reversing accruals and FX translation credits, to above the 22% we expected in July.
As you’ll have seen in the RNS, we’re now changing our definition of adjusted EBITDA, largely in response to commission plan changes that will have a permanent accounting impact. I’ll walk you through the changes and the reasoning in a moment, but I did want to highlight that this is the last time you’ll see adjusted EBITDA under this definition.
For FY ‘23, free cash flow was $93.8 million, down slightly from the prior year period, and representing 67.4% of adjusted EBITDA. As we’ve said before, this decline, and FCF being below our typical 75% to 105% of adjusted EBITDA range, was expected; in fact, we guided to a 50% to 55% range and have outperformed that. I’ll remind you that this year’s variance from the norm reflects a decision to net settle a first half equity vesting for Executive Directors not from any change in our normal cash flow from operations or working capital movements.
Changes in how we pay commissions, as well as our re-definition of adjusted EBITDA going forward, are going to have an impact on how we guide free cash flow. Again, I’ll walk you through this in a moment, but I just wanted to make sure you note the change and keep it in mind when you look at trends and comparisons. But before we move to guidance, there are two other quick financial items impacting our FY 2023 results that I want to point out.
For the first time, we’ve recognized a deferred tax asset related to our accumulated prior period losses. At 30 June, we recognized a DTA of $19.8 million, leaving a further $78.3 million unrecognized. We assess expectations for short-to-intermediate term profitability on an ongoing basis, and in future periods, will recognize additional DTA as and when our forecasts support it.
Also during the year, we spent $145.2 million to repurchase Darktrace shares. Of this, $94.3 million went to repurchase 28.3 million shares for our employee benefits trust. These shares will be used to offset future dilution under our equity-based incentive plans.
The remaining $50.9 million was used to repurchase shares with the intention of reducing our share capital. During the year, we repurchased 15.4 million shares, all of which have been, or will shortly be, cancelled. We have remaining authorization under this program so purchases have continued into FY ‘24. I’ll note that these buybacks were largely self-funded, using the $134.0 million in cash from operating activities we generated in the year.
Today, we’re confirming the FY ‘24 constant currency ARR and revenue guidance we gave in our July trading update. We’re still expecting ARR growth of between 21% and 23%, which will be measured against a finalized 30 June ARR balance, rebased for FY ‘24 constant currency rates, of $637.3 million. This implies that we expect to add net new ARR of between $133.8 million and $146.6 million, for year-over-year growth of between negative 8% and 1%. We’re balancing ongoing macro-economic uncertainty with early signs of recovery, and reflecting the time needed for recent investments in GTM strategy and teams to impact results.
We continue to think of FY ‘24 in terms of first-half stabilization and second-half reacceleration, and still expect approximately 55% of FY ‘24 net new ARR to be added in the second-half. This is more back weighted than typical and reflects what we expect to be accelerating sales performance later in the year.
Second-half weighted ARR additions will have an impact on Darktrace’s revenue growth, as a larger number of contracts generate revenue for a smaller portion of the year. Also, as trends in revenue typically lag those in ARR added by six to 12 months, the ARR added trends we saw in FY ‘23 will be felt in FY ‘24 revenue. However, we took this into account prior to our July trading update so are confirming our year-over-year revenue growth expectations of between 22.0% and 23.5%.
Now, as you saw in our RNS, we’re updating Adjusted EBITDA margin guidance to reflect first, changes in our sales commission plans, and second, a related change in our Adjusted EBITDA definition. To better align with market practices and improve our ability to hire and retain experienced talent, we’ll now be paying 100% of sales commissions up front. From a cost recognition perspective, this means that we’ll now capitalize substantially all sales commissions and recognize them over their contract lives; a change from past plans where we capitalized the first 50% but expensed the second 50% typically over the first year.
This has the effect of moving more commission costs to later periods, better aligning with revenue recognition. We don’t expect this change to have any material impact to our long-term financial profile and are not changing our long-term steady-state economic model. You’ll note that in FY ‘23, we delivered an FY ‘23 adjusted EBIT margin of 15.1% – well on the way to our mid-20%s target.
In July, we told you to expect FY ‘24 Adjusted EBITDA at or around 22%, which was based on using prior period commission plans and related accounting treatments. If these plans had stayed the same, we would now be updating guidance to a range of between 22.0% and 24.0%.
If we kept the same definition, but netted the cost benefit of capitalizing 100% of commissions against the continued cost accruals for FY ‘23 plan commissions, it would have added approximately 3 percentage points to our FY ‘24 Adjusted EBITDA guidance range.
However, with 100% of commissions now being capitalized, and after reviewing comparable peer practices, we have decided that for prudence, and to better align revenue, profitability and cash flow measures going forward, we’re going to change our definition of Adjusted EBITDA to treat all commissions amortization as cash costs.
On this basis, we’re now guiding to an FY ‘24 Adjusted EBITDA range of 17.0% to 19.0%. In the RNS, you’ll find a table comparing adjusted EBITDA margin expansion between FY ‘21 results and FY ‘24 guidance, both pre and post changes, showing that our underlying performance trajectory is not changing.
Transitioning to a new commission payout schedule will also impact Free cash flow for FY ‘24, as we pay both 100% of new commissions and remaining commissions from FY ‘23. This impact will be temporary and largely confined to FY ‘24 and early FY ‘25. Longer term, our expectation for FCF expressed in terms of a range of percentages of Adjusted EBITDA will also change, almost entirely due to the change in our Adjusted EBITDA definition.
Given this, we now expect FCF for FY ‘24 to be in the range of 50% to 60% of the newly defined adjusted EBITDA and, more typically, to fall in the range of 100% of Adjusted EBITDA, plus or minus 20 percentage points. As before, we’re giving a range of normal FCF outcomes to account for variability in a range of cash flow timings. However, we’ve now expanded our range of outcomes to reflect additional variability from paying higher commissions in-period, as well as now factoring in assumptions for future deferred tax asset recognition and cash tax payments.
In summary, we’re pleased with our positive FY ‘23 performance amidst a challenging economic environment. Our resilient business model was put to the test and showed that indeed, multi-year contracts and high variable cost structures do allow for continued growth, investment, profit expansion and cash flow, even in uncertain times. And, as we expect to benefit from recent go-to-market investments later this year, we’re looking forward to capturing more of what remains a large market opportunity, both in the second-half of FY ‘24 and beyond.
And with that I’m going to hand back to Poppy for some final comments.
Poppy Gustafsson
Thank you, Cathy. So, as we look ahead, what are we going to see? As ever, you can expect to see new innovations coming out of our AI Cyber Research Centre in the coming year. Cloud is a huge area of focus for us, as we see an opportunity to improve the way that cloud systems are protected.
We have supercharged our go-to-market capabilities and we’re ready to go after the 150,000 companies that can benefit from our technology. We expect to see sales accelerating in the second-half, driven by the investments we’ve made, rather than external macro conditions.
So I end with what I said at the start, we have unique capabilities in a growth market, at a time when the business has never been more ready. This is our moment for the taking and we couldn’t be better positioned for it. What a moment to be Darktrace.
With that, over to Luk to open up the floor for questions.
Question-and-Answer Session
A – Luk Janssens
Thank you to Poppy, Cathy and Jack for that presentation. We’re now ready to take questions. It’s great to see that many of you have already submitted questions in the chat function at the bottom of the screen for anyone else please do continue to do so.
Our first question comes from Rob Owens at Piper, who asks and touching on changes to go-to-market, the addition of Denise and Chris is exciting. What proof points should we see relative to their impact on the business, especially relative to success with strategic accounts? Any milestones in terms of new business mix of strategic accounts or G-2000 penetration we can look to? And further how do you ensure that the mid-market transactional business remains uninterrupted as you increase your focus up market?
Poppy, do you want to take the first one there for us?
Poppy Gustafsson
Yes. Of course. thank you, Rob. Yes, it’s huge exciting. I think we’re really pleased that to welcome Denise and Chris, and it’s a great example of the fact we’re able to re-attract some world class talent at the moment, which we’re all very, very excited about. In terms of all of this investment that we talked about, a lot of it is very centered around, like, go-to-market, and we talked about a lot of those changes, but with the addition of Chris, we’re seeing that exactly that same investment happening across the marketing team as well, and that’s a lot of what Chris is spearheading.
But all of these efforts from my perspective are about sort of driving four key areas. So firstly, the U.S. is our largest market, and it’s also our largest opportunity. So I really want to be driving a lot more activity in there. The strategic end of the market and selling into those larger accounts. That’s another one upselling, I do expect to see us really leveraging the account teams to think about upselling motion. And then lastly, of course, channel where we have made some significance in the investments in the team there as well.
When it comes to proof points, I’ll let Cathy touch on where any of those movements will show out in some of the numbers.
Cathy Graham
So I think that, you know, we’ve given you guidance and what we’re looking for here is over time that you will see these, sort of, efforts show up in metrics like improved churn and retention, size of comp average contract value, and the percentage of our revenue that’s come and ARR that’s coming from larger customers. However, there’s long sales cycles on a lot of these things. So the questions that you should be asking us for, you know, over the next sort of 12 to 18 months and particularly in the back-end of this financial year and into the beginning of the next is our questions around, you know, how are conversations going? What’s the trajectory of conversations that you’re having with Fortune 500 and similar kinds of companies? How is our efforts in channel led transactions and interactions going, along, you know, across the larger side of the business?
So it’s things like that that I think are the questions you want to be asking us about color before those results would show up in metrics. The metrics are kind of tail end, but we want to make sure and we will be giving you color. Those are the things that you should be asking us.
Luk Janssens
Great. And the good news, Cathy, is that anyone coming to Rob’s conference, with Piper next week will meet Denise, our Chief Revenue Officer, and ask those questions directly to her.
Our next question comes from James Musker at Davy, who says are you having to raise compensation across all functions, because of the AI high induced rush for talent? And does the shift to 100% commission upfront come with a cut to commission, or is it the same amount? Poppy?
Poppy Gustafsson
I’m going to take it first, and then I’ll let Kathy jump in. Just to be completely clear, the contract economics stays exactly the same. So all of the conversation around commission is a matter of timing, not dollars. So what we are not doing is trying to drive cost savings through commission, and nor would you expect us to see us paying out a larger amount of commission, those contract economic stay exactly the same. It’s just a question of timing of the payments of those commission checks.
Cathy, I don’t know if you want to…
Cathy Graham
Yes. And Poppy is exactly right. It is the payment of commission, but then it does have an accounting flow through. Now I’m going to be very clear, this is not an accounting policy change. It is not something Darktrace we are doing. This is with the way we are now going to pay, all of those expenses need to be capitalized and spread over the life, but that is simply IFRS. It is the accounting rules and so that is what is where the changes are stemming from. It is not any change Darktrace is making to its policy.
Poppy Gustafsson
So reiterate that is not an accounting policy change, it’s an operational change. And the reason that we’re driving this operational change is to make sure that we are paying commission in line with the market. I think at the moment, we are doing a really fantastic job attracting some really high quality talents. It feels particularly in areas of the U.S. it feels like Darktrace is the place to come and work. You see that at the top level in terms of the appointment to people like Chris and Denise, but it really is happening all down the through the business. And what we’re trying to do here is really leverage all of our capabilities that we have demonstrated so well in that mid-market and start to build out a team that can really focus on that strategic market in the U.S. as I answered earlier.
Luk Janssens
Great. Thank you both. And actually, James goes on to ask, how is the push for more channel sales going. Cathy, do you want to comment on that?
Cathy Graham
Sure. I think we’ve put a very good framework in place for evolving our channel strategy and our channel operations over the next couple of years, but this is not something that is going to change overnight. We are moving from being, sort of, channel as a lead source and distribution to sort of channel led and particularly at the top end of the larger client base. So this is something that I think you will see an evolution, but it’s not a month’s evolution. It’s you know, a year, two years plus, but we’ve put the framework and we certainly have put the talent and experience in place to be able to drive that change.
Luk Janssens
Okay, thanks. And, Jack, great to have you on the call this time around. James is also worried that you haven’t got enough money, apparently. He says R&D is growing slower than revenue. How will it reach the 10% to 13% of sales that you’ve previously guided for? Does it need to increase if you’re holding products back, so as not to overburden the sales?
Jack Stockdale
Well, I can take the product side of it. Yes, we’re doing more research with more people than we’ve ever done before. We have multiple products in the pipeline. So it’s absolutely not the case that we’re in any way slowing or stopping products. In fact, we’re accelerating that. And then from my point of view, from all the products we have, it’s great to see all the investment being put into the marketing and GTM teams to take advantage of that product pipeline. I’ll leave Cathy to talk about their percentages.
Cathy Graham
Yes. So just one comment I want to add. If you look at the sort of detail that we gave you, what you see is that, we actually increased cash compensation across the tech base, by just about the same as revenue by 27%. So the — don’t get distracted by the actual percent of revenue for the whole category. The biggest factor in actually R&D going down a bit this year as a percent of revenue was that non-cash, share-based compensation was lower this year than last year. And just to be absolutely clear, that does not mean we’ve lowered cash — lowered equity compensation or we’ve changed anything. There was a large vesting early in FY ‘23 that was done around the time of the IPO, and that took a lot of expense out, so we’re now in a more normalized environment.
Luk Janssens
Great. Our next question comes from Charlie Brennan at Jefferies, who asks there’s a lot of focus on AI in the prepared remarks. I think most people would say that Microsoft is leading many of the current AI debates. They describe the security co-pilot as an AI powered analysis tool that enables analysts to respond to threats quickly and process signals at machine speed. Can you talk about the key points of differentiation between you and Microsoft?
Jack Stockdale
Absolutely. Thank you, Charlie. Listen, there’s obviously a lot of hype around AI at the moment. But coming from that, there will be winners in loads of areas. We’re totally confident that Microsoft will be one of those winners in that AI that takes that huge amount of data from all their customers and build those models. And so from that point of view, as I spoke about earlier, that building AI on threats and that back was looking view, Microsoft may well win that game. But we’re very complimentary, and we work alongside that. So think in email, a lot of our email customers would take their Microsoft large AI and combine it with our customer data AI to solve the problems together.
The thing about co-pilot, that’s looking really exciting. There’s a number of tools coming from various vendors. They tend to really be focusing on making humans more efficient, which is a totally sensible thing to do. Obviously, making your security more efficient, which is critical. We’re really focusing on this slightly different, which is taking that human being out of the loop. A lot of cyber incidents now, they move too fast and too rapid and the wrong time to have that human being in the loop making those reactions. So we think we see our technology as really one of the few AIs in the world that takes that human out the loop is able to make the decision for them to solve a lot of those problems without a human being involved. But really interested to see not only co-pilot, there’s a few other ones, exactly how that changed the market and where they go on to.
Luk Janssens
Thanks, Jack. Our next question comes from Rob Chantry at Berenberg, who asks can you give a bit more clarity on the evolution of free cash flow and broader cash generation under the new commission agreements?
Cathy Graham
Of course, so as Poppy sort of pointed out a few moments ago, the changes in commission are not a change in amount. There’s simply a change in timing both from an expense recognition standpoint and from a cash flow standpoint. So if we think longer term, there’s fundamentally very little change in the company’s cash generation capability. And some ways I’d sort of urge you to look at this are around the fact that if you look at adjusted EBIT numbers and you look at the fact that both adjusts that cash flow is expected to be above that and you’re sort of looking at a 100% of adjusted EBITDA. You can sort of see the trajectory to once you get through this transition that our cash generation actually doesn’t change much from what it would have been expected to be.
If you think about the transition, what you have is in the period of FY ‘24, it suppresses cash generation, because while we are getting a benefit from spreading current compensation, current commission compensation out over a longer period of time, we’re also paying last year’s commission — as the last year’s commission compensation, the second 50% out. That pretty much goes away in ‘24. Some of the other benefit of spreading compensation goes through ‘25, but by the time you get to ’26. Yes, by the time you get to FY ‘26, you’re basically everything has equalized. I’m going to remind you that with cash generation being, sort of, guided to being above adjusted EBIT and with our long-term steady state adjusted EBIT, sort of, margin or model being said, we believe that can be in the mid-20s. Then I think that kind of gives you a good idea of what we think our long-term cash generation capabilities are.
Luk Janssens
Thanks, Cathy. Our next question comes from Andrew Ripper at Liberum, who again talks about go-to-market and partners. So it’s exciting to see that everyone’s touching on this. What changes and payback do you expect from the investment in the go-to-market heads? And, for example, will those sell more to enterprises, more through partners, again, if we can just double down on what we’re trying to get from this supercharging of the go-to-market, Poppy?
Poppy Gustafsson
Yes. So this is us investing for that next three years of growth that Cathy’s just been talking about. Earlier, I mentioned that those key areas of focus for us at U.S., it’s the strategic, it’s upsells, and it’s the channel. And the art form here is building on all of that expertise that we have in the mid-market that we do so well, but layering on top of that, a sales motion that’s focused much more at the sort of larger end of the market, but obviously without disrupting the bread and butter of what we do so successfully. So that is where we’re really spending a lot of that investment, U.S., strategic upselling channel.
Luk Janssens
Great. Our next question comes from Victor Chan at Bank of America, who asks, can you provide some examples on how generative AI is being applied within Darktrace at the moment? And the roadmap to expand its use cases, for example, to speed up security operations?
Jack Stockdale
Absolutely. The short answer really is we would use it wherever it makes sense, wherever it’s best for the job. We actually added LLMs into the product set, when we started looking back in 2019, and it became part of the product in 2021. So this isn’t — I know there’s a lot of hype and this is news to lots of people. We’ve known about this technology. We’ve been predicting AI on AI attacks for about five years now. And so we, as I said earlier, we use all the techniques that useful, but particularly generative AI, it’s can tell by its name very good at generating things. So really good use cases, for example, in our prevent product when the system wants to run realistic fishing exercises, that would use Gen AI. It’s really good at that.
When we run a customer specific tabletop simulated drill. Again, Gen AI is really good at thinking up of new ways to test your security teams. There are lots of cases, we’re coming into the right now to make those humans using the products task easier. So bringing in sort of a will context, doing that translation, doing summarization reports, again, something that Gen AI really excels that, but it’s not a silver bullet. You shouldn’t really be using Gen AI for lots of tools. I think that the world’s trying to use now. There are other techniques that perform things like real time decision making better than Gen AI, but certainly not only in the current product set, but in our product roadmap, there are more and more use cases of not only Gen AI, but also the other new techniques we’re looking at.
Luk Janssens
Great. Thank you for that, Jack. Our next question comes from Will Wallace from Numis, who says in relation to the change in sales commission structure. Was this a reactive change, reflecting higher churn in your sales team? You’ve given us guidance about the working capital impact on FY ‘24 can you also talk, and give us some idea about the expected size of that working capital effect on FY ‘25?
Cathy Graham
Thanks, Will. And, no, I wouldn’t call it a reactive change. We went through a very strong exercise of going through and saying what will allow us to attract and retain the best people over the longest period of time. We worked with a third-party compensation consultant. We looked at different markets. And it was very much a proactive change not being reactive to any sort of issues in our sales space. With regard to sort of the working capital impacts, we have talked about ’24. So the two changes that happen flowing into ‘25 are that we no longer see the second-half of commissions from FY ‘23 being paid once you once you flow into FY ‘25. You actually have some outflows in the July, August time frame, but that’s it. So it’s very, very limited.
However, if you think about the capitalization of current commissions, so FY ’24, ‘25, and ‘26. What you have is an accumulating effect as you go out. So we have a bigger benefit in ‘24 somewhat less of a benefit in ‘25. And by the time you get to ’26, you’re kind of a third, a third, a third. So you’ve got a third from three years prior, a third from two years prior a third from that year. And so kind of by the time you get you have some remaining benefit in FY ’25 once you go into FY ‘26, you’re probably basically normalized.
Luk Janssens
Hey, Kathy. Well, we’ve got you the next question from Rahul Chopra from HSBC, follows-up on that. He says under the previous policy, what happened to capitalize sales expenses during salesforce churn? And then asks what is the current employee churn at Darktrace?
Cathy Graham
So let me take the first piece. So indeed, if someone did not remain at Darktrace, if a salesperson did not remain at Darktrace, they did not get, the second-half of commissions actually being here was a requirement to get that, as well as customer touch points that they had to make during that first year. However, what I can tell you and this may go to give you some guidance towards the second piece of your question is that the amount of commissions that were not paid is in the very low-single-digits. So, it was not a material portion of the number that was left on the table. It’s part of the reason that as we transition, it was very easy for us to look and say, you know, the absolute number, amount of commissions is not going to be impacted at all by what might have been forfeited in prior periods.
Luk Janssens
Great. Thank you for that, Cathy. Our next question comes from Patrick O’Donnell from Goodbody, who says, can you just give us a sense of [Indiscernible] buying behavior? What’s happening in the market that you’re seeing now versus perhaps six months ago and how are you looking forward, over the next 12?
Poppy Gustafsson
Absolutely. So [Indiscernible] aren’t wanting to buy a selection of siloed products. They are very much looking to thinking about their digital state in its entirety rather than just parts of a jigsaw. And we’re having a lot of conversations with them around how we can support, you know, in your email, in your cloud environments, your network, and all of and all of that good stuff. Separately, though, there is a lot more of a thought around risk and resilience and how do they make sure they are in resilience in the face of a cyber-attack and how would they minimize the disruption rather than trying to ameliorate the entire risk, and we’re having more conversations with people like Chief Risk Officers, and that’s so we are seeing the type of conversation change within the organization, as well as that breadth of the conversation and the area of the business that they’re looking to protect.
Luk Janssens
Great. Thank you for that, Poppy. Our next question comes from an institutional investor, who says that, your shareholder base lacks U.S. longer term institution. What’s the engagement plan to get them interested in the business, given how many flights I’ve asked to book recently, Cathy, for our outreach program in the next four months. Maybe you want to comment on the plan for?
Cathy Graham
Yes. I would say that we not only have a very robust outreach program going on more — probably with more activity in this half of the year than and we’ve always had a robust program, but it is ramped up significantly. I would also say that we are going to focus a lot of that as we have in the past, but focus a fairly significant amount of it on moving, you know, even greater engagement in the U.S. market. We have discussions of technology day in November, we are going to then that is in London, but we will be taking that on the road, and taking that sort of to the U.S. market, so that we can be engaging with analysts and investors there.
And then we’ve got a pretty full conference schedule that is, also has a strong U.S. component. So the company is absolutely continuing its outreach and is not ignoring that very, very large pocket of growth capital.
Luk Janssens
Yeah. Exactly. Thank you, Cathy. And everybody can look at ir.darktrace.com for the 10 or so conferences that we’re attending between now and Christmas many of which will be in the U.S. and anybody, on the institutional investor side that is interested in joining myself and the entire leadership team on technology day on 6th November in London, we’d be delighted, to have you along. So do get in touch with the IR team, for that.
We have, an additional question from Harvey talking about, commission impacts, and how that comments to margin, but I think we’ve covered those things already more broadly, Cathy.
Cathy Graham
And Harvey can call me.
Luk Janssens
Exactly. Great, would you like to make any closing remarks as we come to the conclusion for our call, probably perhaps from you.
Poppy Gustafsson
I’m just going to reiterate what I said at the outset, which is what a time to be Darktrace. We have got some fantastic additions to the team. And the fact that we are able to attract such high caliber expertise and experience is really comes down to the quality of the technology that Jack and his team have built. I think we’re at a point where the conversation around AI is really emphasizing everything that we’ve been saying for the new decade, which is novel threats are going to become the new normal, and Darktrace is uniquely positioned to identify those whatever kind of organization you are, whatever kind of industry you are. And it is our job to go out there and defend the world from cyber disruption.
Luk Janssens
Great. Thank you very much. That concludes our earnings call for today. If anybody has any follow-ups, feel free to get in touch with myself or [Kitty] (ph) on the investor relations team. and we look forward to engaging with many investors on the road over the coming months. Thank you very much.
