In common with a number of software companies, it is moving away from the “one licence per user” model, with its lumpy revenues, to an “as a service” (AaS) model, which traditionally results in an initial hit to revenues, as there are no more big up-front payments when a new customer signs up or an existing one renews.
On the plus side, an AaS model is generally regarded as being better for recurring revenues.
The argument goes that because AaS customers stump up on a pay-as-you-go basis, the monthly bite-sized payments are less likely to make the chief financial officer of a customer have a fit than an annual or bi-annual big licence renewal.
Legacy product revenue on the decline – as expected
It is early days, still, but trading in 2017 confirmed the expected pattern, with a decline in legacy product revenue to US$0.6mln from US$3.3mln but a much stronger element of recurring revenue.
Group revenue for 2017 is expected to be in the range of US$8.5mln to US$9.0mln and would have been higher, but for delays in world-wide implementation schedules for a large digital enterprise customer win in the third quarter of 2017 and an existing customer's ongoing deployment. The bulk of the revenue from these two customers is now expected in the first half of 2018.
As a result of the lower-than-expected revenues, the group’s loss before interest, tax, depreciation and amortisation (Lbitda) is now expected to be in the range of US$4.8mln and US$5.3mln, versus Lbitda of US$6.4mln in 2016.
Encouragingly, thanks to the record order intake for the company’s flagship Smartwall platform, the fourth quarter saw the group operating close to break-even, with the final quarter’s loss expected to be in the range of US$0.1mln and US$0.5mln.
SmartWall order intake for the whole of 2017 is expected to be between US$9.3mln and US$9.8mln, with roughly half of this representing recurring revenue in the form of support, services, and distributed denial of service (DDoS) protection as service (DDPaaS) contracts, versus 2016’s order intake of US$6.7mln including recurring revenue order intake of US$2.6mln.
Net cash at the end of 2017 is expected to be about US$1.0mln, down from US$2.9mln a year earlier.
Corero is planning to fund its working capital requirements for 2018 via a debt financing that it expects to complete in the first half of 2018.
Corero entered 2018 with a recurring revenue contract base of about US$5.0mln.
Growing the top line is vital in a high margin business
As the above figures demonstrate, Corero is still in the loss-making stage where revenue growth is deemed more important than profits.
Crank the revenue up high enough, and the profits will follow.
In that regard, the record order intake in the fourth quarter of last year was encouraging, as was the pair of contract wins in January 2018.
The two deals were worth US$400,000 in total for an Intel extension of software that prevents distributed denial of service attacks (DDoS).
Another day, another cyber-crime
The stream of contract wins reflects a growing realisation of the threat posed by cyber-crime and the commercial opportunities the threat presents for a company such as Corero, which specialises in combating it.
The contract awards, plus others, have underlined Corero's market leadership in the field of preventing distributed denial of service attacks, where one or more malevolent agencies bombard a company's web site or network with requests, with the intention of causing a kind of cyber gridlock.
Such attacks can be highly damaging financially, not to mention reputation-wise, so companies are keen to be bang up to date on providing the latest protection.
"The demand from digital enterprises for real-time DDoS mitigation solutions is being driven by the increasing number and severity of DDoS attacks and the growing awareness of the threat of cyber-attacks brought about by high profile attacks such as the crippling DDoS attack on Dyn in 2016 and recent WannaCry ransomware attacks,” said Andrew Lloyd, president and executive vice president of sales & marketing at Corero.
“In addition, new cyber security regulatory requirements such as the European Network Information Security (NIS) Directive, General Data Protection Regulation and the revised Payment Services Directive (PSD2) are requiring companies invest in appropriate cyber security defences,” he added.
Corero's chief executive, Ashley Stephenson, sees hundreds of further opportunities for new business.
The UK’s National Crime Agency (NCA) warned in 2016 that businesses and law enforcement agencies were losing the “cyber arms race” with online criminals, as the technical capabilities of criminal syndicates outpaced those of security services.
The report, published in July 2016, found 2.46mln incidents of cyber-crime in 2015, including 700,000 cases of fraud.
Following the report, the government announced it planned to spend £1.9bn over the following five years on cyber-defences.
The NCA found that the accelerating pace of technology and criminal cyber-capability development currently outpaced the UK's collective response.
More recently, UK defence giant BAE Systems PLC (LON:BA.) claimed that the average cost of a cyber-attack was at least £330,000. The figure was arrived at after it had surveyed 100 bosses that lead businesses that each employs more than 1,000 people.
"Businesses need to ensure they have the right people, process and tools in place, so when a major incident occurs they are equipped to understand, contain and remediate," said Julian Cracknell, managing director for UK Services at BAE.
Far better, of course, to prevent the major incident in the first place and this is what Corero is all about.