March 23, 2023
Big Data Security Analytics , Data Masking & Information Archiving , Governance & Risk Management Meager Product Sales, Limited Presence in Americas Among Red Flags for Hub Security Michael Novinson (MichaelNovinson) • March 9, 2023     The economic downturn has laid bare just how much of a disaster special purpose acquisition companies, or SPACs,…

Big Data Security Analytics , Data Masking & Information Archiving , Governance & Risk Management

Meager Product Sales, Limited Presence in Americas Among Red Flags for Hub Security Michael Novinson (MichaelNovinson) • March 9, 2023    

The economic downturn has laid bare just how much of a disaster special purpose acquisition companies, or SPACs, have been for the security industry.

See Also: OnDemand | Navigating the Difficulties of Patching OT

Four cyber companies announced plans during the financial boom of 2021 to eschew the initial public offering in favor of merging with or being acquired by a shell company that was already public. One of the four proposals encountered turbulence prior to launch and never even made it off the ground.

Risk analytics platform Qomplx in March 2021 acquired two companies and agreed to become publicly traded by merging with SPAC Tailwind Acquisition Corp. at a $1.4 billion valuation. But in August 2021, the two sides “mutually agreed” to call the deal off due to “market conditions preventing certain of the closing conditions from being satisfied.” Qomplx’s headcount has fallen by more than 32% since then.

The three cybersecurity SPAC mergers that did make it off the starting blocks haven’t fared much better.

Secure access vendor Appgate was spun out from data center vendor Cyxtera in January 2020 and went public in October 2021 by merging with Newtown Lane Marketing at a $1 billion valuation. Since then, Appgate has laid off 130 workers – or 22% of its staff, weathered the resignation of CEO Barry Field and President and COO Jawahar Sivasankaran, and seen its valuation fall by nearly 65% to $382.2 million (see: Secure Access Vendor Appgate Promotes CISO Leo Taddeo to CEO).

It’s been a dramatic fall from grace for network detection and response vendor IronNet, which went public in August 2021 by merging with a shell company at a $1.2 billion valuation. Since then, IronNet has removed co-CEO William Welch and CFO James Gerber from their posts, excised more than half its workforce through multiple rounds of layoffs, and seen its valuation fall by 97% to $37.9 million (see: IronNet Nearly Insolvent; Board to Probe Claims of Deception).

External threat intelligence vendor ZeroFox went public in August 2022 by merging with a publicly traded SPAC at a $1.4 billion valuation, but the only cybersecurity company to go public last year faces an uphill battle as investors shift to more conservative bets. In recent months, ZeroFox’s profitability fell far below expectations and its valuation sank 73% to $319.1 million (see: James Foster on Taking ZeroFox Public in Hard Economic Times).

Despite all this, another cybersecurity vendor decided to try its luck with a SPAC.

Hub Security Tries Its Luck on the Nasdaq Stock Exchange

Israeli confidential computing cyber vendor Hub Security agreed in March 2022 to start trading on the Nasdaq Stock Exchange by joining forces with SPAC Mount Rainier Acquisition Corp. at a $1.28 billion valuation. But before the transaction even crossed the finish line, CEO Eyal Moshe and Vice President of Human Resources Ayelet Bitan left their posts and Chairman Uzi Moskovitch was forced into service as CEO.

Hub began trading on Nasdaq on March 1 at $2.69 per share, but by Thursday the company’s stock price had plummeted more than 47% to $1.42 per share. Despite promises of a 10-figure valuation, Hub’s market cap currently sits at just $145.2 million. And on Monday, investors asked for class action status, claiming Hub had misrepresented an “irrevocable” $50 million investment commitment that didn’t come to fruition.

The company told regulators it’s still examining the claim and is therefore unable to assess the likelihood of either the claim being approved as a class action or of the lawsuit having a material impact on Hub’s operational results or financial condition. Hub didn’t respond to requests for comment from Information Security Media Group.

Where have things gone wrong for Hub?

Red Flags Aplenty on Hub’s Balance Sheet

For starters, Hub hasn’t crossed the financial threshold that security vendors subject to the scrutiny of the initial public offering process normally hit. Hub had just $77.8 million of sales in 2021 and $37.4 million of revenue in the first half of 2022. Prior to the economic downturn, investors liked to see at least $100 million – and ideally $150 million – in annual sales from a cyber company pursuing an IPO.

On an even more ominous note, Hub’s losses were worsening despite its growth. The company lost $17.1 million in all of 2021 and $20.2 million through just the first six months of 2022, meaning the firm spent approximately $1.54 for every dollar it earned in the front half of 2022. Investors expect to see diminishing losses by the time a company goes public so that profitability can be a reasonable goal.

Hub divides its business into two segments – one that’s focused on providing services related to cybersecurity and systems reliability and another that’s focused on products and technology such as confidential computing. The company expects a 226% compound annual growth rate and high profits for its confidential computing segment and just 5.5% CAGR and lower profits for its services business.

But as of June 20, 2022, more than 97% of Hub’s business came from consulting, planning, training and integration services thanks to long-term recurring revenue contracts with government agencies and enterprises such as Lockheed Martin, Lloyds, Siemens and HSBC. The company generated under $800,000 in revenue in early 2022 from products that help firms protect their RAM or confidential computing data

The profitability picture is also quite a bit rosier around Hub’s professional services segment, which recorded an operating loss of $1.5 million in 2021. In contrast, Hub’s products and technology segment lost $11.3 million despite bringing in only $935 million of revenue.

Hub said it has large insurance, defense and government customers in its confidential computing pipeline, and it expects its projects and technology revenue to outpace its services revenue in 2023. But it’s unclear how much confidence investors should have in Hub’s projections given that the company hadn’t generated any meaningful revenue from its confidential computing business through mid-2022.

In addition, Hub’s geographical division of revenue isn’t in alignment with what investors expect to see from a mature, public company. An established cybersecurity company will typically generate at least half of its revenue from North America, which is the earliest adopter of next-generation security technology, and at least 30% of its business from Europe, given the role regulations play in driving security spending.

But the Americas accounted for just 2% of Hub’s revenue in 2021 and less than 1% of sales in the first half of 2022. Europe didn’t fare much better, comprising 2% of the company’s sales in 2021 and nearly 4% in the first half of 2022. Hub instead counted on its home country of Israel for roughly 95% of its sales in both 2021 as well as the first half of 2022.

While Israeli enterprises and government agencies are technically sophisticated, just 9.69 million people live in the country, dramatically limiting the size of Hub’s total addressable market. Hub will need to rapidly build out a robust go-to-market organization in North America and Europe in order to hit its ambitious revenue projections.

Given all the obstacles ahead for Hub, investors appear to be steering clear of the company’s stock.