Darktrace Statement on QCM reportsSource: RNS
01 February 2023
Darktrace Statement on QCM reports
Darktrace plc ("Darktrace") (DARK.L), a global leader in cyber security AI, notes the recent Quintessential Capital Management reports and makes the following initial response to the allegations.
Commenting on the reports, Poppy Gustafsson, CEO of Darktrace said:
"We embrace the scrutiny of the public markets. However, it is also important to refute any unfounded inferences about the listed business we are today and push back in the strongest terms on any suggestions that this is a business that is not being run with the greatest integrity. The purpose of our statement today is to explain what we've done to establish and enforce robust processes in our business. I stand by my team and the business I represent.
We are a business that is growing fast and generating cash. Our technology is world-class, created here in the UK by some of the brightest minds, and we are solving one of society's most pressing challenges - the terrible costs of cyber disruption. We will continue to address any legitimate questions that may arise."
Private to public transition
Since joining Darktrace as CFO in February 2020, Cathy Graham and her finance team have led a comprehensive transition from private to public company, which provided the Board and Management with confidence to IPO the business in April 2021 and to continue to support its fast-growth.
As part of that process the Board and Management focused on:
o Ensuring the robustness of financial systems and processes;
o The scalability of that finance infrastructure; and
o The accuracy and consistency of the data required, not only to run the business but to report accurately and with integrity.
Cathy Graham has also hired in-house specialists into key areas such as:
o FP&A; and
o Technical accounting
All of these people, as well as Darktrace's independent auditors and specialist advisors worked, and continue to work, to help ensure that its systems and processes can support Darktrace as a fast-growing public company.
Partner Channel Controls
The channel is a significant area of risk for every software vendor. Both Darktrace and its independent auditors have reviewed this area very extensively and continue to monitor all partners and channel contracts through the robust processes that were put in place in the run up to the IPO.
Key to Darktrace's channel approach is that its contracts with partners and the partner's contracts with their customers must be "back-to-back". This means that they have the same start and end dates and that all other material contract terms must also be aligned. Processes are in place to validate that all contracts signed meet these standards and Darktrace only recognises agreements that meet its criteria. Darktrace requires visibility into the signed end user contract and will not just rely on partner assurances.
Also, as part of its IPO preparations, Darktrace carefully reviewed its contract portfolio as well as the control procedures surrounding the channel. Where processes could be strengthened, Darktrace has done so, including in partner onboarding processes, contract booking and post-contract auditing.
Contracts that did not meet Darktrace's policies were not included in Darktrace's financial statements either in the IPO prospectus (which included not only Darktrace's 2020 statements but also the 2019 and 2018 comparative periods) or Darktrace's Annual Reports since the IPO.
There were a small number of contracts that were not validated under the reviews done in the run up to the IPO and these have not been included in any of our public company financial statements.
In the vast majority of contracts, Darktrace does not sell appliances to customers.
Darktrace deploys its technology on an appliance that it owns or virtually as a cloud deployment, based on the customer's needs, with deployment fees related to appliance-based deployments being broadly equivalent to hosting fees for cloud-based deployments.
As part of adopting IFRS 15, Darktrace conducted an extensive analysis on this area and because these appliances are used for different purposes, across multiple customers and prospects, over their useful lives, Darktrace holds hardware appliances as assets and depreciates them over a five-year life. Appliances are often used for different deployments after a full data wipe.
There are exceptions to this, for example, where a customer needs to own all the infrastructure in their data centre, usually because they're a government or regulated entity, and in those circumstance Darktrace will sell the customer the hardware appliance.
Where Darktrace sells a hardware appliance, Darktrace recognises all of the revenue and the costs up front on the appliance portion of the contract only, in line with the required accounting treatment.
Over 99.5% of Darktrace's revenue is subscription based, namely a single unit of accounting, meaning there are a limited number of customers who buy hardware appliances from Darktrace.
There is full disclosure of our accounting policies with respect to appliances within Darktrace's financial statements.
Partner Marketing Events
Organisations that transact with the channel will typically co-host marketing events with their partners. Partner marketing events are a normal course of business for almost all software businesses and Darktrace is no different
This has been, and remains, a very small part of Darktrace's marketing and the costs of them over the last five years has consistently been substantially below 0.5% of Darktrace's revenue.
A preliminary review of Darktrace's events in the regions highlighted in the original QCM report has not shown any evidence of unusual practises.
Darktrace now avoids opt-outs or other cancellation rights in its contracts, wherever possible. However, there are some contracts, mainly historical, that do still have these terms.
For any contracts that have opt-outs, none of the contract value beyond the opt out date is in Darktrace's backlog; therefore the $1bn+ recurring performance obligations (RPO) are only fully contracted, non-cancellable revenue.
As Darktrace recognises revenue on a straight-line basis from the first day of the contract to the last, for any contract that does have an opt out, Darktrace recognises only the pro rata portion of the revenue related to the service period actually provided.
To reiterate, Darktrace only recognises revenue on fully contracted transactions and only the portion of a transaction that is fully committed is included within backlog.
One year Gross Constant Currency Annual Recurring Revenue Churn
Darktrace reports gross constant currency ARR churn on a one-year basis, in line with the vast majority of publicly listed software companies, in order to make it easier for investors to compare Darktrace to its peers.
Non-Current Deferred Revenue
Non-current deferred revenue is future committed revenue invoiced for periods more than 12 months before revenue is scheduled to be recognised.
The majority of Darktrace's customers are invoiced annually in advance and most longer invoices are one-off situations to align future invoicing dates; it is rare for customers to be invoiced and pay for substantially longer periods up front.
Rarely, customers will pay full contract values in advance but because this is infrequent, non-current deferred revenue balances will decline as these contracts run down unless there is another unusual, large, in-advance payment.
Luk Janssens - Head of Investor Relations, Darktrace
+44 7811 027918
Powerscourt (Public Relations adviser to Darktrace)
Victoria Palmer-Moore/Elly Williamson
+44 (0) 20 7250 1446