Critical Services – A Catalyst for Organic Growth
In Sophic Capital’s (Pluri)Lock-ing Your Data report, we detailed why pure-play cybersecurity Company and Sophic Capital client Plurilock Security [TSXV:PLUR, OTC:PLCKF] is a leader in the fight against cyber threats. Specifically, we discussed how Plurilock’s resells cybersecurity industry products and technologies to meet the needs of commercial and government customers in North America. We highlighted that Plurilock has assembled an impressive advisory council featuring some of the most influential names in cybersecurity, government, military, aerospace, and banking. And we concluded with some of the deals that Plurilock’s Critical Services (PLCS) division signed.
We note that since publishing our last report on October 6, 2024, Plurilock has announced:
- a partnership with CrowdStrike to secure critical infrastructure and organizations. Plurilock will provide sales and support of the AI-native CrowdStrike Falcon® cybersecurity platform to help power Plurilock’s Critical Services business unit. Until the recent $5.5 million financing, Plurilock didn’t have any dedicated PLCS salespeople but added some as part of the use of proceeds.
- a US$19.3 million deal (its largest ever) and allocated two dedicated cybersecurity experts from the Security Operations practice of Critical Services for a 12-month period, demonstrating synergies across the Company’s business units.
- a US$1.7 million follow-on order with an existing client – a major semiconductor manufacturer. The sale, awarded through the Company’s Aurora Systems Consulting division, is based on the success of previous work delivered by Plurilock and will further enhance the customer’s cybersecurity infrastructure.
In this report Sophic Capital will detail Plurilock’s evolution to becoming a “one-stop shop” for all clients’ cybersecurity needs.
Plurilock develops and delivers comprehensive security solutions to meet the growing demand to keep organizations safe from cyber threats and compliant with regulations. By recently shifting its focus to its Critical Services, the Company is embedding personnel into its customer base, giving insights to continue expanding wallet share. From a financial perspective, the shift to Critical Services is driving higher gross margins and increased recurring revenue.
Fortifying the Future: Plurilock’s Tailored Cybersecurity for Global Challenges
Plurilock focuses on multinational corporations and governments facing a triad of critical challenges:
- Business Continuity: Securing critical systems and data to ensure operational resilience.
- Geopolitical Threats: Protecting critical infrastructure and data from state-sponsored cyberwarfare.
- Regulatory Compliance: Meeting the demands of evolving data privacy and security regulations.
Plurilock’s strong relationships with the U.S. and Canadian governments underscore their commitment to specific geopolitical alliances. By strategically avoiding markets like Russia and China, the company focuses on safeguarding critical infrastructure within the manufacturing, semiconductor, and defense sectors. This targeted approach, combined with a unique blend of product offerings and service capabilities, sets Plurilock apart in the cybersecurity landscape. Recognizing the influence of geopolitical events on cybersecurity, Plurilock provides adaptive tools designed to protect clients from ever-evolving threats. This strategy positions them to effectively meet the rising demand for cybersecurity solutions as organizations prioritize the protection of their data.
Transforming Fragmentation into Opportunity
Cybersecurity has become an identity-driven discipline. Understanding who is accessing data and systems, why they are accessing it and what they are doing with the data has taken centre stage. Plurilock’s journey began with the development of a software product, now known as the Plurilock AI platform. Plurilock AI is proprietary SaaS software that combines next-generation identity technologies (behavioural biometrics) with best-in-class cybersecurity tools to provide an all-in-one data and identity protection platform. This initial offering established a strong reputation for the Company within the Canadian and U.S. government sectors. However, early traction with the U.S. Department of Defense exposed a critical challenge: the cybersecurity industry’s extreme fragmentation. As one advisor, a former Bank of America Chief Information Security Officer (CISO) highlighted, managing hundreds of products from dozens of vendors creates complexity, hindering overall security.
To further build upon this, Plurilock went public in 2020 with a clear strategy: to utilize its stock as currency for M&A within the fragmented cybersecurity market. This resulted in the acquisition of three established private cybersecurity resellers, and one cloud security SaaS platform, bolstering the distribution network and providing a foundation for future growth.
A Strategic Approach to Critical Services Cybersecurity
The market has transitioned from individual best-of-breed products to integrated security platforms. Recognizing this shift, Plurilock Critical Services empowers clients to leverage these platforms for optimal security. Furthermore, many companies often lack the internal expertise and resources to build comprehensive cybersecurity capabilities. Plurilock Critical Services fills this gap.
Embracing the cybersecurity industry’s fragmentation as an opportunity, Plurilock opted not to build a single, all-encompassing solution. Instead, it focused on acquiring distribution channels and the ability to resell best-in-class solutions from various vendors, thereby delivering a more complete security solution to their clients. Plurilock created a cybersecurity platform to serve as a “one-stop shop” for all clients’ cybersecurity needs.
Beyond its own capabilities, Plurilock seamlessly integrates solutions from trusted third-party vendors. This is a key element of Plurilock’s business – leveraging VAR business and expertise to implement solutions. And it’s a crucial component since there is a lack of cybersecurity professionals inside organizations to do this work. Plurilock also recognized this industry problem and provides a holistic approach that ensures clients receive the most effective solution for their specific needs. As a result, Plurilock has built strong credibility and high levels of trust with clients. Unlike some public cybersecurity firms, Plurilock’s focus is on addressing specific needs to solve real-world cybersecurity issues, rather than simply selling products to address generic problems.
Plurilock leverages three distinct business units to deliver technology and cybersecurity solutions. These units cater to government and commercial clients across North America and NATO countries. The high margin, Critical Services division leverages a long history of providing IT and cybersecurity products to clients through the Solutions Division. The Solutions Division serves as the foundation for client relationships, facilitating both service delivery and SaaS sales. These services often begin with smaller projects (e.g., firewall configuration) and can evolve into more comprehensive solutions, particularly following security incidents.
Critical Services leverages Plurilock’s skilled engineers to tackle critical security issues for large corporations with urgent needs. This division has been strategically revamped to drive profitability via:
- Enhanced Leadership: New leadership has been appointed and a dedicated team created to spearhead growth initiatives.
- Optimized Resource Allocation: Non-billable tasks have been shifted to support personnel, freeing up engineers for billable projects.
- Increased Revenue Generation: Cybersecurity engineers have transitioned from a cost center (R&D) to a revenue center (Critical Services).
Plurilock leverages its established Solutions Division for both direct and indirect sales of Critical Services offerings. This existing client base provides a fertile ground for upselling high-margin services. Strong client relationships with the Solutions Division generates leads more efficiently than pursuing entirely new customers. This “land and expand” approach fosters trust and facilitates the conversion of project-based engagements into recurring managed services contracts.
Complex security challenges require swift and decisive action. The cybersecurity landscape often suffers from fragmented processes, with different organizations hindered by slow handoffs and scheduling conflicts. Plurilock tackles this inefficiency by offering a fully integrated solution that streamlines the entire procurement and implementation process. Recognizing the increased need for specialized security solutions and the investment required for R&D to counter evolving cyber threats, Plurilock has strategically shifted its focus towards Critical Services.
Plurilock views their Critical Services segment as the primary driver of future growth. While Plurilock has always offered professional services, the recent formalization of the “Plurilock Critical Services” division formalizes this capability and provides a clearer focus. These services typically begin as smaller engagements (five to six figures) addressing specific needs like firewall management or post-breach incident response and can evolve to address broader security needs with larger contracts.
Plurilock Critical Services doesn’t have a dedicated sales team. However, the existing sales force within the Solutions Division effectively identifies potential clients from its established customer base. The existing client base provides a fertile ground for expanding higher-margin services, minimizing the need for additional capital expenditure. This presents an opportunity to convert one-time VAR sales into long-term managed services contracts, generating stable and predictable revenue streams. This, combined with efforts to optimize cost structures and streamline operations, positions the Company for future sustainable profitability.
A Model That’s Working
One under-appreciated aspect of Plurilock’s business model is its inherent reliability. They cultivate long-term relationships with clients, many lasting 15 years or more. While specific product purchases may evolve (routers, firewalls, etc.), the underlying need for security remains constant. This focus on long-term partnerships fosters a predictable and recurring revenue stream, unlike subscription models with high churn.
As a result, Plurilock reported $70.4 million in F2023 revenue, up 9% from 2022, with gross margin improvement from 7.7% to 8.3%. The gross margin expansion was attributed to Plurilock’s Critical Services revenue growing from 1% to 4% of the overall revenue. That $70 million also includes Plurilock’s software business which operates at approximately $1 million ARR. More recently, Plurilock reported Q2 2024 gross profit of $2 million, which is 44% growth year-over-year. This can be attributed to prioritizing high-end consulting and services above software sales, leading to a faster sales cycle with improving margins. Q2 had a gross margin of roughly 15.6% up from 11.2% in Q1 2023, reflecting the consulting business growing into a larger portion of total revenues. The continued expansion of the Critical Services segment will be a key driver of future profitability and value creation. Plurilock currently trades at roughly 0.5x LTM EV/Sales.
Customer mix impacts profitability. Plurilock’s gross margins are influenced by their customer base. The relative weighting of higher-margin services versus lower-margin hardware and software sales directly impacts overall profitability (Exhibit 1). VARs selling to government clients typically operate with lower margins due to competitive pricing pressures. However, government contracts offer the benefit of stability across economic cycles. In contrast, incident response services for breached clients generally command higher margins.
Exhibit 1: Plurilock Revenue By Segment Versus Gross Margin 2021 – 2023
Source: Plurilock Company Reports
Understanding the interplay between customer segments, service offerings, and geographic reach is crucial for evaluating Plurilock’s profitability potential. Underpinning this is the Company’s Advisory Council who are helping Plurilock to accelerate its efforts within enterprises. As the Company continues to refine their approach, investors can look to see further improvement in their profitability metrics. Perhaps more important, Plurilock’s Advisory Council and its Critical Services focus in making the Company a trusted source for CISOs.
In Conclusion…
Sophic Capital client Plurilock Security [TSXV:PLUR, OTC:PLCKF] specializes in comprehensive, high margin Critical Services, cybersecurity solutions tailored to meet the demands of a dynamic threat landscape. With a focus on multinational corporations and government entities, the Company addresses three primary challenges: ensuring business continuity, safeguarding against geopolitical threats, and maintaining regulatory compliance. Recognizing the fragmentation in the cybersecurity market, Plurilock has transitioned from traditional product offerings to providing “one-stop shopping” for clients’ cybersecurity needs. On the back of the Company’s largest contract (valued at US$19.3 million) and a subsequent US$1.7 million repeat order, Plurilock appears positioned to continue capitalizing on the fragmented cybersecurity solutions market.
For More Research
Access more Plurilock Security research HERE
Sign up for Sophic Capital’s reports HERE
Disclosures
Plurilock Security Inc. [TSXV:PLUR, OTC:PLCKF] has contracted Sophic Capital for capital markets advisory and investor relations services.
Disclaimers
The information and recommendations made available through our emails, newsletters, website and press releases (collectively referred to as the “Material”) by Sophic Capital Inc. (“Sophic” or “Company”) is for informational purposes only and shall not be used or construed as an offer to sell or be used as a solicitation of an offer to buy any services or securities. In accessing or consuming the Materials, you hereby acknowledge that any reliance upon any Materials shall be at your sole risk. None of the information provided in our monthly newsletter and emails or any other Material should be viewed as an invite, and/or induce or encourage any person to make any kind of investment decision. The recommendations and information provided in our Material are not tailored to the needs of particular persons and may not be appropriate for you depending on your financial position or investment goals or needs. You should apply your own judgment in making any use of the information provided in the Company’s Material, especially as the basis for any investment decisions. Securities or other investments referred to in the Materials may not be suitable for you and you should not make any kind of investment decision in relation to them without first obtaining independent investment advice from a qualified and registered investment advisor. You further agree that neither Sophic, its, directors, officers, shareholders, employees, affiliates consultants, and/or clients will be liable for any losses or liabilities that may be occasioned as a result of the information provided in any of the Material. By accessing Sophic’s website and signing up to receive the Company’s monthly newsletter or any other Material, you accept and agree to be bound by and comply with the terms and conditions set out herein. If you do not accept and agree to the terms, you should not use the Company’s website or accept the terms and conditions associated to the newsletter signup. Sophic is not registered as an adviser or dealer under the securities legislation of any jurisdiction of Canada or elsewhere and provides Material on behalf of its clients pursuant to an exemption from the registration requirements that is available in respect of generic advice. In no event will Sophic be responsible or liable to you or any other party for any damages of any kind arising out of or relating to the use of, misuse of and/or inability to use the Company’s website or Material. The information is directed only at persons resident in Canada. The Company’s Material or the information provided in the Material shall not in any form constitute as an offer or solicitation to anyone in the United States of America or any jurisdiction where such offer or solicitation is not authorized or to any person to whom it is unlawful to make such a solicitation. If you choose to access Sophic’s website and/or have signed up to receive the Company’s monthly newsletter or any other Material, you acknowledge that the information in the Material is intended for use by persons resident in Canada only. Sophic is not an investment advisor, nor does it maintain any registrations as such, and Material provided by Sophic shall not be used to make investment decisions. Information provided in the Company’s Material is often opinionated and should be considered for information purposes only. No stock exchange or securities regulatory authority anywhere has approved or disapproved of the information contained herein. There is no express or implied solicitation to buy or sell securities. Sophic and/or its principals and employees may have positions in the stocks mentioned in the Company’s Material and may trade in the stocks mentioned in the Material. Do not consider buying or selling any stock without conducting your own due diligence and/or without obtaining independent investment advice from a qualified and registered investment advisor. The Company has not independently verified any of the data from third party sources referred to in the Material, including information provided by Sophic clients that are the subject of the report, or ascertained the underlying assumptions relied upon by such sources. The Company does not assume any responsibility for the accuracy or completeness of this information or for any failure by any such other persons to disclose events which may have occurred or may affect the significance or accuracy of any such information.
The Material may contain forward looking information. Forward-looking statements are frequently, but not always, identified by words such as “expects,” “anticipates,” “believes,” “intends,” “estimates,” “potential,” “possible,” “projects,” “plans,” and similar expressions, or statements that events, conditions or results “will,” “may,” “could,” or “should” occur or be achieved or their negatives or other comparable words and include, without limitation, statements regarding, projected revenue, income or earnings or other results of operations, strategy, plans, objectives, goals and targets, plans to increase market share or with respect to anticipated performance compared to competitors, product development and adoption by potential customers. These statements relate to future events and future performance. Forward-looking statements are based on opinions and assumptions as of the date made and are subject to a variety of risks and other factors that could cause actual events/results to differ materially from these forward-looking statements. There can be no assurance that such expectations will prove to be correct; these statements are no guarantee of future performance and involve known and unknown risks, uncertainties and other factors. Sophic provides no assurance as to future results, performance, or achievements and no representations are made that actual results achieved will be as indicated in the forward-looking information. Nothing herein can be assumed or predicted, and you are strongly encouraged to learn more and seek independent advice before relying on any information presented.