CynergisTek, Inc. (NYSE:CTEK) Q4 2021 Earnings Conference Call March 24, 2022 4:30 PM ET
CompanyParticipants
Bryan Flynn – Head of Investor Relations
Michael McMillan – President & Chief Executive Officer
Paul Anthony – Chief Financial Officer
Conference Call Participants
Operator
Please standby. Good day and welcome to the CynergisTek Fourth Quarter and Full Year 2021 Earnings Conference Call. Just a reminder, today’s conference is being recorded.
At this time, I’d like to turn the conference over to Bryan Flynn, Vice President of Investor Relations. Please go ahead, sir.
Bryan Flynn
Welcome to CynergisTek’s fourth quarter and full year 2021 earnings call. Joining me today from the company are Mr. Mac McMillan, President and Chief Executive Officer; and Mr. Paul Anthony, Chief Financial Officer.
Before we begin the formal presentation, I’d like to remind everyone that some statements made on the call and webcast, including those regarding future financial results and industry prospects, among others, are forward looking. These forward-looking statements can be identified by the use of forward-looking terminology such as believes, expects, anticipates, would, could, intends, may, will or similar expressions and are subject to a number of risks and uncertainties that could cause actual results to differ materially from those described in today’s conference. Certain of these risks and uncertainties are or will be described in greater detail in the company’s SEC filings. Given the risks and uncertainties, listeners should not place undue reliance on any forward-looking statements and should recognize that the statements are predictions of future results which may not occur as anticipated. CynergisTek is under no obligation and expressly disclaims any such obligation to update or alter its forward-looking statements, whether as a result of new information, future events or otherwise.
At this time, I’d like to turn the call over to Mac McMillan, our CEO.
Michael McMillan
Bryan, thank you for getting us started this afternoon. Welcome all of you for joining us for today’s earnings call and thank you for taking time out of your busy day to be here as well. This marks the second earnings call since I returned last August. And even though we still have a long way to go, our fourth quarter performance showed that elements of our strategy are working. Most notably, our sales team which just recently added its last team member, turned in a solid performance, better than expected and our other efforts to better manage costs and alignment of resources in the company had a positive impact as well.
As we head into the new year, we are watching very closely the impact of the economy and the war in Europe are having on the market and our business. Several clients have already shared that with the COVID federal relief dollars ending, they are now facing reduced operating margins from last year’s losses combined with this year’s economy but cyber remains a priority and a major concern for all of them. So we remain focused on executing our plan while working with our clients to work through these issues. I’m very pleased to share the business performance that led to a strong fourth quarter and year-end. We saw continued demand for our services, ending the year with 43 net new customers and improving the renewal rate of existing customers by nearly 30 points higher than it was in July. Our customer expansion included a diverse portfolio of entities from large university and medical centers and nationally recognized health systems to many in adjacent markets, including those in our CMMC government offering.
Our goal is to continue this momentum into 2022. We believe trends in the business will be the same this year as we have seen in previous years with the first half of the year starting off somewhat slower, particularly with the economic pressures mentioned above and then ramping up as the year progresses. This February marked an important milestone as we fleshed out our sales team with dedicated reps in each region across the U.S. All have been onboarded, have had initial orientation and training and are focused on pipeline growth and closing deals.
I’m happy to report that our efforts in marketing are also showing improvement, not only in managing costs but more importantly, in lead generation and marketing activity. This quarter, the marketing team developed an aggressive marketing plan for 2022 while preparing for the busiest period of the year in marketing activity with three of the largest annual events we participate in happening in early spring. We have also seen an uptick in the prospect client face-to-face meetings which benefits sales opportunities.
We continue to experience growth in our DoD CMMC pipeline and we’ve actually been able to initiate several CMMC projects. However, progress remains slow as we all wait for DoD to issue its final guidance which is expected by the end of this month. Organizations are expectedly reluctant to begin before DoD issues that guidance. As a reminder, our focus through the end of last year was on four key areas: first, supporting sales and getting fully staffed, enabled and aligned to effectively engage with market opportunities; second, expanding the mission of the delivery organization to go beyond project delivery and into driving new and expanded business; third, reassessing and prioritizing those competencies needed to support growth of the business; and fourth, revisiting our long-term strategy.
Addressing the first two items, we continue to add strength to the sales team throughout the last part of the year with our last salesperson selected just after the New Year. Even though most of the team arrived in late 2021 and early 2022, they managed to drive a 23% increase in bookings in the second half of the year when compared to the first half as several reps closed deals in their first quarter on board.
Our Q4 bookings of $5.8 million exceeded our expectations and added to our presold revenue which has increased by 15% or roughly $20 million by Q4 2021. This improvement is a direct result of the reorganization and refocusing efforts we initiated last fall, along with the tremendous efforts by this new sales and the delivery team to identify new opportunities within our existing client base and with new prospects.
Today, we have a sales team that consists of eight business development leads and inside sales reps, who with the aid of a reenergized marketing team and revived corporate sales culture, have been able to generate and double the pipeline to date when compared to year-end 2020. We are recreating the sales culture that built CynergisTek initially. And together with the top-down — together — and together from the top-down, everyone in the organization is working in lockstep to identify opportunities for growth as we continue to drive the company forward.
Before I talk about the second half of our focus, growth and our long-term strategy, it is probably appropriate to speak to the current cyber ecosystem. Obviously, that has become more interesting recently as the result of the conflict in Ukraine with Russia. And as many of you no doubt saw, President Biden as well as the CISA and the FBI issued warnings earlier this week that cyberattacks could be imminent and all critical infrastructure industries should prepare and be vigilant. Certainly, this could be a game changer in terms of the threat landscape and has caused organizations to become even more cautious.
The regulatory landscape also changed in this last week as the omnibus funding bill passed which had several pieces of legislation regarding cybersecurity. Key among them was a universal breach reporting requirement for all critical industries. In the event of a cyberattack, they will have 72 hours to report to CISA. And if they pay a ransom, they will have 24 hours to report that. This is the shortest time line to date for breach reporting. It will be some time before the implementing rules are written, vetted and published that will make this requirement effective. But this will give thousands of organizations a mandatory breach reporting requirement that are not subject to one today. However, what is driving buying decisions today is more a factor of the actions of cyber insurance carriers who are requiring very specific measures to avoid large increases in premiums and the overall threat and cost of breaches.
Today’s health care landscape is evolving. The global health care cybersecurity market is predicted to grow by 15% year-over-year over the next five years and reach $125 billion in cumulative spend from 2020 to 2025. More than ever, we are hearing clients and prospects they are interested in managed services. But bad actors continue to target health care to disrupt business operations because of lack of financial and operational resources focused on cybersecurity. Today, with the expanding attack surface and exposure of protected health information through remote workforces, telehealth, cloud services and an ever-growing number of supply chain vendors, cyberattacks are increasing in volume and sophistication and can be a life-and-death situation for patients.
Cyberattacks on health care systems spiked during the pandemic, demonstrating how cybercriminals exploit opportunity and their total lack of regard for health care’s mission. This spike is now threatening patient care as well as private data while increasing operating costs. Developing an effective response is not getting simpler either. With over 3,500 cybersecurity vendors producing and selling thousands of solutions, it is difficult for hospitals to identify what tools should be a priority. Additionally, ransomware attacks alone cost health care organizations $20.8 billion in downtime, lawsuits, ransoms paid, lost revenue and fees to rebuild their business in 2020, double the amount of cost in 2019 according to a Comparitech report.
Attacks continue to rise with more than 300,000 new malware introduced on the web every day, resulting in a staggering increase in the number of incidents and the effects of those attacks have on business. Today, 93% of health care organizations have experienced at least one data breach in the past year and health care accounts for more than half of the ransomware attacks experienced in the U.S. While attack methods evolve, the nature of the threat has not changed. It is still primarily about money. Responsible organizations today must prioritize cybersecurity if they want or intend to protect their business and their investments.
While business disruption is perhaps the number one business risk for health care, patient safety and quality of care are still their highest priority. In 2021, it became evident that patient safety and quality of care were also being directly impacted by disruptive attacks. To make things worse, a greater number of these attacks originated from other points across their expanding attack service that now includes remote workforce members, the Internet of Things, supply chain vendors and business partners. The success of these attacks has also fueled an increase in their numbers. The environmental factors also contributed to an increase in the number of attacks experienced like the number of ransomware attacks that grew exponentially during the pandemic, roughly going from one successful ransomware attack every 40 seconds in 2020 to every — one every 14 seconds in 2021 and now expected to reach one in every 11 seconds by the end of this year. That translates to approximately 7,200 successful ransomware attacks a day in the U.S.
This immediate threat led the Emergency Care Research Institute, or ECRI, to identify cybersecurity as the number one risk in their recently released report called Top 10 Health Technology Risks for 2022. Both the financial and operational impacts of cyberattacks are increasing dramatically. Health care is realizing this and looking to cyber vendors for greater support and solutions. As organizations start to increase spend to improve readiness, build greater resilience into their defenses and be more productive, proactive with security, we want to be ready to support them. To meet this need and answer the need for growth, we have added several new strategic vendor solutions and reenergized several others to enhance our service offerings and move towards being a managed service provider. Our new solutions include advanced threat hunting, incident response support, managed continuous pen testing and compromise assessments, security controls validation and SOC services.
Clients are becoming more and more aware of the threat and face — they face and the need for more proactive security. It is not enough to have good defenses any longer and sit and wait in a defensive posture for the adversary to attack. We need to go on the offensive and build more resilience in our protections to better anticipate the threat and respond more effectively. Health care is also faced with the daunting task in trying to build and maintain the cyber expertise they need to meet these challenges, making managed services all that more important and attractive.
As we look out over the next few years, we have four underlying pillars to our growth strategy. Our near-term tactical focus will be on driving revenue growth and margin expansion. We believe that the levers for accelerated revenue growth will be the organic growth through net new clients, further expansion of services into our current customer base and evaluation of M&A service opportunities.
Margin expansion will come from alignment with technology-based strategic partners and the ability to scale and leverage our existing delivery team for greater revenue growth. Our goal is to double the size of the business and transition from a primarily services company that we are today into a managed service provider, or MSSP. We feel that we can achieve this through a mixture of organic growth, strategic partnerships and an acquisition or merger that better positions us to be the partner of choice for customers.
Again, our near-term focus in 2022 will be returning the company to core business growth, targeting four key metrics: renewals, customer penetration, net new clients and average client spend which will drive increased revenue and operating margin. This past fall, we saw a growth in all four of these metrics: client spend, an improvement in our renewal rate and increase in our contract size and an increase in number of net new customers. This will continue to be our focus going forward. By targeting a greater than 85% renewal rate of managed service contracts, we will expand our presold revenue and maintain a strong foundation to build on as we grow the business going forward. We will focus on expansion in our current customers and target a 20% increase to our managed service contracts to date.
Secondarily, we intend to grow the number of clients with two or more managed services. As we penetrate and add services to our managed service customers, we are targeting a 25% increase in average client spend, giving us greater penetration and increasing client loyalty. Achieving more managed security sales which are typically greater in size, will help make this a reality.
And finally, we want to increase our net new clients by at least 20%. Currently, we sit at approximately 200-plus clients and we look to drive that to 240 plus in 2022. And currently, we will work to accelerate growth by evaluating M&A opportunities, enhance strategic partnerships and the integration of IP into our offerings.
On the M&A side, we will look for opportunities in the services, MSSP and technology space that supports or complements our existing service offerings. We plan to look at both equity and debt financing options to fund these acquisitions. Long term, 2024, 2025, our goal is to transform into an MSSP-generating opportunities to sell our own products, drive additional growth or improving margins through implementation, management and automation of technology in combination with our existing managed services.
I’ll turn it over now to Paul to cover the financials and be back before we wrap up.
Paul Anthony
Thanks, Mac. Bookings this year totaled $18.9 million compared to $17.7 million last year. As a result, our presold revenue continues to grow, increasing by an additional $2.8 million to $20 million. This increase in bookings was a direct result of our investments in sales and marketing, the increased demand for our services and the size of our contracts.
Addressing the Q4 standard financial disclosures, revenue was $4.4 million compared to $4.7 million in Q4 of 2020. The decrease from prior year was due to lower revenue from managed services which was reduced by $0.5 million to $2.2 million due to the impact of COVID. Consulting and professional services revenue increased $0.2 million to $2.1 million when compared to Q4 of 2020 due to increased activity in the Backbone business unit. We’ve started to see sequential revenue growth in Q4, 16% over Q3 2021, with the majority of growth coming from an increase in consulting and professional services revenue, again, due to the Backbone rebounding, higher bookings in our traditional services as well as a seasonal increase we’ve historically seen in Q4.
Gross margin increased 3% to 40% for Q4 2021 versus Q4 2020 and sequentially, we saw a 4% increase from Q3 to Q4 2021 after adjusting Q3 for the employee retention credits. This increase was due to the increased revenue and again demonstrates how modest growth allows for positive operating leverage in this business. SG&A expenses increased to $3.3 million for Q4 of 2021 compared to $2.2 million for the same period in 2020. This increase was primarily due to additional headcount, compensation-related expenses and additional costs as we reinstated benefits that were eliminated during COVID and an increase in sales, marketing and travel costs now that we have a full team and are back on the road driving growth.
Non-GAAP adjusted EBITDA loss was $1.4 million for Q4 2021 compared to $0.3 million last year due to this increase in SG&A we just highlighted. Full financials and reconciliation of GAAP to non-GAAP information can be found in the earnings release that came out today.
This concludes the financials and the prepared remarks for Q4. Operator, please open the floor for questions.
Question-and-Answer Session
Operator
[Operator Instructions] And our first question will come from Matt Hewitt with Craig-Hallum Capital Group.
Unidentified Analyst
Hi guys, this is Lucas on for Matt Hewitt. I guess to start it off, in recent months, you’ve had a pretty steady cadence of customer wins and expansions. Are you seeing an increase in demand? And if so, what do you think is driving that?
Michael McMillan
Well, it’s kind of a — I’d say it’s kind of a mixed bag at the moment. We’re seeing an increase in demand and we’re seeing an increase in requests from, I guess, across the board. A lot of it is being driven by what’s going on overseas. A lot of it is being driven by just the threat that health care is dealing with, with respect to ransomware and other disruptive attacks that they’re faced with. But we’re also seeing a balance, if you will, in terms of cautiousness as a result of the economy, the same thing with what’s going on overseas and inflation and rising interest rates that are absolutely affecting a lot of the hospital’s operating margins.
Unidentified Analyst
That’s helpful color. And then I guess you also talked about how you now have a fully staffed sales team. I guess where would you say we’re at in terms of the ramp for those newer sales reps?
Michael McMillan
I’d say for the newest ones, of course, that just came on, we’re probably still a good two quarters before they’re — this quarter and next before they’ll be probably fully functional. It is probably the best way to describe it. But I have to admit that the sales reps that we’ve added in the last part of the year have actually started selling a lot faster than I expected, meaning, normally, when a sales guy comes on or gal, you expect them — their first quarter to be one of orientation and building their pipeline and not necessarily closing deals, right, because of the sales cycles, et cetera. Second quarter, you expect them to start closing deals and by the third quarter, you expect them to be hitting their number. But we’ve actually seen — I think just about every single one of our new salespeople have actually started closing deals in their first quarter. And a couple of them have actually hit their number in their second quarter. So I don’t want to predict that they’re all going to be that fast or they’re all going to be that efficient. But I’m very impressed with the sales guys that we’ve hired; they’ve all got great backgrounds in cyber and in selling IT.
Almost every single one of them also has worked in an environment where they’ve sold not only into adjacent markets but into health care as well. And we’re actually seeing the benefit of that, I think. And they’re all — they’re very motivated. And obviously, they’re being very driven right now in terms of what we need them to do. And the whole organization understands that sales is the name of the game.
Unidentified Analyst
Great. And then finally, I guess, looking ahead to the rest of the year, is there any chance that you would expand the sales team further?
Michael McMillan
That’s a good question. I think it depends on some of the newer services and relationships that we’re bringing on now. It may be that at some point, we expand to include things like sales engineers for some of the technology to — in terms of selling that. But I don’t want to — I don’t know that we’re going to do that yet but that is clearly something that might be a possibility.
Unidentified Analyst
And then, I guess, if I could just squeeze in one final question here. For hospital CEOs specifically, have you seen any movement in terms of where cybersecurity falls within their priority list?
Michael McMillan
So, if you look at most of the senior executive team’s priority list for their hospitals today, you’ll find cybersecurity is — generally is one of the Top Three or Top Five priorities they have. Clearly, their number one priority right now is recovering from the financial losses that they took in 2020 and 2021 because of the pandemic and dealing with the financial pressure that they’re experiencing now with the inflation and the interest rates, as I talked about and whatnot. But if you look at their IT priorities, in particular, cyber is definitely one of their top priorities.
Unidentified Analyst
Okay. Thank you very much. That’s all I have.
Operator
And our next question will come from Jerry [ph], a private investor.
Unidentified Analyst
Hi Mac and Paul, good to see you. Thanks for your hard work and efforts and accomplishments. I just had — I wonder if you could give us a little update, probably maybe it’s more of a Mac question, relating to the Department of Defense work that you had kind of get approved for a while back and I know it kind of gets stalled. But any update you can give us on that?
Michael McMillan
Sure. So when I came back, the company was probably positioned as best it could possibly be in terms of executing on that work and that strategy. Clearly, we were ahead of everybody else as it related to our ability and — to do that. And for a while there, it looked like — actually looked like towards right at the end of the year that it was going to take off because we were really seeing an uptick in the growth of the pipeline. We’re actually seeing folks leaning forward in terms of wanting to get started with their projects. And then, of course, DoD came out in November and kind of put the kibosh on a lot of things by totally revamping, restructuring the program and then saying they were going to have to go back through an entirely new process of getting it approved, et cetera, et cetera which was going to take several months. Then they came back after that and a couple of things. But make a long story short, we — what it really did was it caused everybody to kind of take a step back and to say, “Well, we don’t know that we want to move forward or we want to do this right now because what happens if DoD totally changes the requirement.”
I think they’ve gotten past that because I think the CMMC-AB has done a fairly decent job of working with the Undersecretary of Acquisition and getting the message out that the program isn’t going to change demonstrably. And in fact, they’ve actually walked back some of the changes that they had suggested back in the fall. And DoD committed to putting out the final guidance, if you will, by the end of this month, March, with respect to the program. So the good news was probably in the February time frame, we began to see organizations reengaging and the pipeline started moving again. The good news is, right now, the pipeline is continuing — for us is continuing to grow. The number of prospects is continuing to grow. The number of proposals, so to speak, going out the door is continuing. And we do have several of the initial projects in flight now. And so we’re all hoping that DoD will keep to its word and initial that final guidance in March and hopefully, it won’t be anything that surprises anyone. And if it isn’t, then I’m hopeful that once we get past that and we have that final guidance and we’re moving towards an update of the FAR that organizations will get more comfortable and start to move out again.
And — but clearly, DoD has — we’re all unfortunately at the mercy of waiting for DoD to approve the final program guidelines.
Unidentified Analyst
Sure, appreciate it. So relating to your projections, if you will, of growing the business, there’s not a lot of reliance on that business from the DoD. And so that would, in your mind, probably be an upside from what you’re expecting? Would that be a fair statement, Mac?
Michael McMillan
Well, we actually had some of that business obviously plugged into our projections for this year because at the time that we put together that budget last fall, things were moving steadily in that direction. We’ve kind of backed that down as a result. But like I said, I’m hopeful that if the final guidance comes out at the end of this quarter, that there’s still plenty of time for us to ramp to what I think we were going to try to achieve in the first place. So I’m going to still stay hopeful. But I’m going to — I guess, I’m going to be guardedly hopeful, waiting to see what they do.
Unidentified Analyst
Sure, makes sense. One last question and I’ll leave, is relating to potential acquisitions. Obviously, your — valuation on your company, in my opinion, is very low. And so it would seem as there’ll be a challenge to try to get anything done on the acquisition side. It’s — can you speak to that a little bit on your — what the plans would be relating to that?
Michael McMillan
Yes. No, you’re absolutely correct. I mean it’s a very challenging part of the plan, if you will. But I think it’s a very important part of it in the sense that if we can find the right acquisition that is complementary and increases revenues and customers and et cetera and then that can be accretive or if we can find the right acquisition from a technology perspective, that can enhance our ability to be more efficient in how we deliver and increase margins and whatnot. The bottom line is, is that you’re right, in terms of raising capital to do it right now is very difficult because of where our valuation is. But to me, it has to be part of the — part of our plan for growth because organic growth is going to continue to — is going to get us somewhere but it’s not going to get us, I think, where we want to be. And at some point, we’re going to have to embrace acquisitions if we want to really accelerate growth.
Unidentified Analyst
Okay. Well, thanks for all your hard work. Mac and Paul, I appreciate it. I am all done.
Michael McMillan
Thanks.
Operator
And that does conclude the question-and-answer session. I’ll now turn the conference back over to Mac McMillan.
Michael McMillan
Thank you, operator. To summarize, we’re working to achieve an increased enterprise value. As we implement and execute our plan, we believe we can drive growth in the business to achieve great detail. We see a path to grow this company to a $50 million-plus business over the next few years through a mixture of organic and inorganic growth. That will require execution of the planned investment in the right strategic partners and acquisition. This will not be without challenges in the near term as clients and health care entities in particular grapple with inflation, rising interest rates, shrinking operating margins and as federal COVID subsidies dry up and the uncertainty of the world situation and the associated price increases for critical essentials such as fuel.
Despite all of these pressures, protecting data and systems is still a high priority and an important need for businesses and they will seek to balance these two issues. We will continue to help them to do that by increasing and adapting the services we provide to their unique needs. We are making progress but are still rebuilding with the goal to be in a growth stage as we emerge from 2022. Again, I want to thank everyone for joining the call today and we will see you soon during our Q1 2022 earnings call. Thank you.
Operator
Thank you. That does conclude today’s conference. We do thank you for your participation. Have an excellent day.
Be the first to comment