Bridge Report:(4493)Cyber Security Cloud Fiscal Year ended December 2021
President & CEO Toshihiro Koike | Cyber Security Cloud, Inc. (4493) |
|
Company Information
Market | TSE Mothers (Newly established: TSE Growth Market) |
Industry | Information and Communications |
President & CEO | Toshihiro Koike |
HQ Address | VORT Ebisu maxim 3F, 3-9-19 Higashi, Shibuya-ku, Tokyo |
Year-end | December |
Homepage |
Stock Information
Share Price | Shares Outstanding (End of the Term) | Total Market Cap | ROE Act. | Trading Unit | |
¥2,156 | 9,373,344 shares | 20,208 million | 21.1% | 100 shares | |
DPS Est. | Dividend yield Est. | EPS Est. | PER Est. | BPS Act. | PBR Act. |
0.00 | - | ¥27.63 | 78.0x | ¥100.66 | 21.4x |
*The share price is the closing price on March 15. Each figure is from the financial results for the Fiscal Year ended December 2021
Change of Financial Results
Fiscal Year | Sales | Operating Profit | Ordinary Profit | Net Profit | EPS | DPS |
December 2018 Act. | 488 | -29 | -27 | -27 | - | 0.00 |
December 2019 Act. | 816 | 143 | 141 | 153 | 17.20 | 0.00 |
December 2020 Act. | 1,194 | 188 | 172 | 134 | 14.60 | 0.00 |
December 2021 Act. | 1,817 | 297 | 297 | 169 | 18.17 | 0.00 |
December 2022 Est. | 2,300 | 390 | 387 | 259 | 27.63 | 0.00 |
*The estimates were provided by the company. Units: million yen and yen. Consolidated financial results from the Fiscal Year ended December 2020.
*The company carried out a 10-for-1 stock split in March 2018, a 100-for-1 stock split in September 2019, and a 4-for-1 stock split in July 2020. (EPS was revised retroactively.)
This Bridge Report presents Cyber Security Cloud, Inc.'s earnings results for the Fiscal Year ended December 2021, etc.
Table of Contents
Key Points
1. Company Overview
2. Fiscal Year December 2021 Earning Results
3. Fiscal Year December 2022 Earnings Forecasts
4. Growth Strategies for 2025
5. Interview with President Koike
6. Conclusions
<Reference: Regarding Corporate Governance>
Key Points
- In the term ended December 2021, sales were 1,817 million yen, up 52.2% year on year, and operating profit was 297 million yen, up 57.8% year on year. In addition to Shadankun, which is their mainstay, the sales of WafCharm, which would become the second pillar of them, grew considerably. The acquisition of SofTek Systems, Inc. as a subsidiary, also contributed. Due to the sales growth, gross profit rose 56.9% year on year and gross profit margin increased 2.1 points. Personnel expenses and recruitment & education costs augmented due to the increase of employees, mainly marketing staff and other SG&A expenses, including R&D costs and advertisement expenses increased, but the augmentation of SG&A expenses was offset and profit grew considerably.
- For the term ending December 2022, the company forecasts net sales of 2.3 billion yen, up 26.5% year on year, and an operating profit of 390 million yen, up 31.2% year on year. The company will steadily implement key measures in its growth strategy. Although the company will continue to strengthen its development capabilities and invest in marketing, it expects to achieve double-digit growth in sales and profit.
- The business environment is expected to remain favorable for the company. With such a favorable wind in its sails, the company aims to provide services that are trusted around the world as a global security manufacturer originating in Japan, and to achieve the following three goals by 2025: to become Japan's top security company in the field of "web security" with 10,000 installations; to achieve sales of 5 billion yen and an operating profit of 1 billion yen as financial targets; and to accelerate global expansion and increase the ratio of overseas sales to 10%. Key initiatives include "strengthening partner support for Shadankun," "global expansion of WafCharm," and "enhancement of the service lineup for new solutions.”
- We interviewed President Toshihiro Koike about his mission, the company's competitive advantage, and its growth strategy for 2025. Mr. Koike said, "As a global security manufacturer, you can expect significant growth in our top line," and "We will make it our social significance to raise awareness of the importance of cyber security and make it take root, and aim to become the first company in Japan that people associate with "Cyber Security Cloud" when they think of cyber security. We would very much appreciate your support from a medium- to long-term perspective."
- While there are reports on a global increase of cyberattacks, including the announcement of a U.S. government analysis on February 18, 2022 that "Russia has carried out cyberattacks on Ukraine," the company announced, in a news release dated March 1, 2022, that "through a survey of more than 15,000 sites in Japan, we have confirmed a sharp increase in the detection of unauthorized access by suspicious attackers, or more precisely, attacks by BOTs (a type of malware for remote control from outside) and vulnerability scanning tools, since February 16. "We have detected up to 25 times more attacks than the average of the last three months, and we recommend that everyone strengthen their countermeasures as soon as possible" announced the company. Japanese companies, which are not directly involved in the Ukraine issue, cannot afford to treat the situation as if it were a fire on the other side of the river.
- It is difficult to recognize the importance of cyber security as a personal matter unless one is actually attacked. Given that awareness of cyber security is said to be particularly low in Japan, the company has a significant role because its social meaning of existence is to raise awareness of its importance and make it take root. The progress of the company's key initiatives will be closely watched, as it aims for "10,000 installations, sales of 5 billion yen, an operating profit of 1 billion yen, and an overseas sales ratio of 10%" by 2025.
- In the previous fiscal year, the company focused on strengthening its sales structure, and this fiscal year, the company will place more weight on product development. Demand for AI and other human resources continues to rise, and competition for human resources is intensifying. The company's ability to secure development staff, including those from outside partners, will be a key factor in achieving growth in the current fiscal year and beyond.
1. Company Overview
With a management ethos to create a secure cyberspace that people around the world can use safely, Cyber Security Cloud provides web security services, including “Shadankun,” a cloud-based web application firewall (WAF) that visualizes and blocks cyber-attacks on websites, “WafCharm,” a service for the automatic management of rules (signatures) of platforms like AWS WAF etc., and “AWS WAF Managed Rules,” a set of rules for AWS WAF. These services utilize world-leading cyber threat intelligence and AI (Artificial Intelligence) technology and are offered on a subscription basis.
In September 2018, the company formed a group with the subsidiary Cyber Security Cloud, Inc. in Seattle, Washington, the U.S., which was established with the aim of selling Managed Rules, which are a set of rules for AWS WAF, and is expanding its business overseas. However, the subsidiary is excluded from the scope of consolidation as it does not currently have a material impact on the corporate group’s financial position, earnings results, or cash flow.
1-1 Environment Surrounding the Company
◎ Increasing cyber attacks
As the Internet is increasingly used, the number of cyber-attacks is growing. According to the reference material of the company, the communication volume of cyber-attacks in 2020 was 500.1 billion packets, up 64.4% from the previous year. In parallel with the acceleration of DX, cyber-attacks are estimated to increase further.
◎ WAF adoption rate is low among SMEs and second-tier companies
The adoption rate of WAF (Web Application Firewall; The details will be described later), which protects web applications from cyber-attacks, is over 70% among top-tier companies that have over 5,000 employees and can be said that it is standardized, but it is 33.3% among second-tier companies that have 1,000-4,999 employees, 12.7% among medium-sized companies that have 100-999 employees, and 3.2% among small-sized companies that have less than 100 employees, so there remains room for increasing WAF adoption rate significantly.
◎ Cyber security measures demanded in parallel with DX
“The Cyber Security Strategy for the Next Term,” which was determined by the Cabinet Office in September 2021, is to take measures for securing cyber security while carrying out DX. The concrete activities in this strategy include “the change in the way of thinking of the management,” “promotion of DX and cyber security in local SMEs,” “development of a foundation for securing reliability, such as the supply chain,” and “improvement and popularization of digital/security literacy leaving nobody behind.”
◎ Trend of the Japanese government
The government actively implements measures for cyber security, such as the establishment of Digital Agency in September 2021 and the full enforcement of the amended Act on the Protection of Personal Information in April 2022. All Japanese enterprises will be required to take stronger security measures.
| Points |
Establishment of Digital Agency | -Management of personal information by distributing the Social Security and Tax Number System -Promotion of utilization of IT in medical and educational fields |
Full enforcement of the amended Act on the Protection of Personal Information | -Emergence of the obligation to report to the Personal Information Protection Commission and the obligation to notify individuals -Toughening of penalties against corporations (up to 100 million yen, effective in December 2020) |
◎ Shortage of security personnel and a low rate of automation of security operations
While the average sufficiency level of security personnel in four countries: the U.S., the U.K., Singapore, and Australia is 85.0%, the sufficiency level of security personnel in Japan is only 11.2%, indicating that Japan lacks security personnel seriously. The automation rate of security operations in Japan is 20.2%, much lower than the average of the four countries: 47.3%. It is imperative for Japanese enterprises to improve these two points.
1-2 Security measures and the company’s business operations
Increased use of the Internet has facilitated the spread of a wide range of online services, which make daily life and running businesses much more convenient. Against this backdrop, cyber-attacks are increasing. There are two main security measures companies put in place. One is corporate security, which is designed to protect PCs and in-company networks from malware (malicious software/programs). The other is web security, which protects public servers from attacks on software vulnerabilities and the web application layer. For an e-commerce site like Amazon, where many users register their credit card information, it is web security that protects such sensitive data.When it comes to web security, there are several layers of protection, including that for web applications (applications and services that can be used via a web browser), software/operating systems (OS), and infrastructure/networks. The level of security required differs depending on the layer. It is the job of the web application firewall (WAF) to protect the web application layer, which constitutes websites, from cyber-attacks. WAFs are predominantly appliance based, software based, or cloud based. Cyber Security Cloud offers “Shadankun,” cloud-based WAF services for corporations and other entities that provide web services.
(From the reference material of the company)
WAF is a firewall that prevents intrusions such as SQL Injection and XSS, which can cause information leakage and the falsification of websites. It can also handle attacks that conventional firewalls or IDS/IPS were unable to prevent. Cloud-based WAF “Shadankun” was launched in 2013, and boasts the No.1 position in the Japanese cloud-based WAF market in terms of the total number of companies/websites using the service. Shadankun’s success owes to the ease of installation, the reliability of it being developed and operated in-house by Cyber Security Cloud itself, and the firm’s extensive track record of providing services to major corporations. However, with many of the data leak incidents that have occurred in recent years being caused by unauthorized access to website, website security measures remain insufficient. There also appears to be a significant number of website operators that are under the false impression that security measures are already in place, according to an awareness survey on security software by Marketing & Associates.
1-3 Services
In its web security business, Cyber Security Cloud provides Shadankun, a cloud-based WAF, WafCharm, a service for the automatic management of rules for AWS WAF provided by Amazon Web Services (AWS) that is based on technologies built up from the operation of Shadankun, and Managed Rules, a set of security rules for AWS WAF.
◎Cloud-based WAF “Shadankun”
Shadankun is a cloud-based security service that detects, blocks, and visualizes cyber-attacks on web applications. From development to operation, sales, and support, Cyber Security Cloud handles all aspects of the service. This enables the company to accumulate a wealth of data on cyber-attacks on websites, as well as build up operational know-how (over 2.3 trillion rows of data from over 10,000 websites). By reflecting the accumulated data when developing/customizing Shadankun or when updating its signatures (patterns associated with malicious attacks), the service helps keep websites secure. Shadankun also visualizes cyber-attacks in real time, identifying the type of attack and the IP address (i.e., countries and attack types) the attack is coming from. Such data can be viewed on the management screen. The visualization of these invisible cyber-attacks enables companies to gain a better grasp of their security situation and share information more effectively.
Two types of Shadankun services offered
Cyber Security Cloud offers two versions of Shadankun, one being the server security (agent linked) type, which installs a security agent onto the client’s server. The agent detects and blocks attacks by receiving log entries/block commands from the cloud-based monitoring center. The other is the Web/DDoS security (DNS switching) type, which involves switching “DNS (domain name system) only” and directing traffic to Shadankun’s WAF center, which detects and blocks attacks. Having two services like this means that Shadankun can be deployed regardless of a customer’s web application environment.
For the Web/DDoS security type, the website is accessed through the WAF center, which analyzes and determines whether this access is a cyber-attack or not. Only by switching DNS, it can be installed easily and places no burden on a website’s resources. However, as traffic is redirected (i.e., goes through the monitoring center), delays may occur for e-commerce, media, video-streaming, and other high-traffic sites. In contrast, the cyber security type is able to respond to attacks with little transmission delay and is unaffected by the volume of network traffic, as the monitoring center, which is a separate system, analyzes potential attacks and sends blocking commands directly to the security agent installed on the server.
(Source: Reference material of the company)
Utilization of AI
AI is also increasingly utilized for Shadankun. In particular, using AI enables Shadankun to detect attacks that conventional signatures could not detect, and also identify false positives that negatively impact customers’ services. Through Cyber Security Cloud’s neural network (technology/network used for machine learning), the AI engine learns not only normal attacks, but also legitimate user access and requests that have falsely been labeled as malicious. It evaluates daily access data and detection data, improving signature accuracy day by day.
◎“WafCharm”, a service for the automatic management of rules of platforms like AWS WAF etc.
WafCharm, launched in December 2017, is equipped with an AI engine that learns attack patterns on web applications accumulated by Shadankun. It enables the automatic management of rules for AWS WAF, provided by Amazon Web Services (AWS), which holds the largest share of the global cloud market. WafCharm has gained high marks for its ease of installation and operation, as well as for the swift development of new features supporting new AWS WAF functionalities, backed by its partnership with AWS.While AWS WAF increases the security of web applications, the site operator must create and enforce rules to filter web traffic themselves. Making full use of it requires considerable time and knowledge. However, WafCharm is equipped with an AI engine that automatically applies the most appropriate rule among many AWS WAF rules for the target web application, automating all necessary security options. It is automatically updated to deal with new vulnerabilities, keeping the website secure at all times. It is also equipped with a reporting function, which compiles the number of detected attacks, the type of attack, the source country, and the attacker’s IP address for each rule, as well as a notification function, which sends an e-mail containing details of detected attacks in real time.
Support for Microsoft's Azure platform began in November 2020. Also, from November 2021, support for Google's platform "Google Cloud" began, making it compatible with the world's three major platforms.
◎AWS WAF Managed Rules
AWS WAF selects and provides security rules called “Managed Rules” that have been written by expert security vendors. AWS WAF Managed Rules are a comprehensive package of security rules needed to mitigate specific threats. Security is limited to specific threats, but installation and operation are simple. Managed Rules is a package service that draws on AWS WAF rule-setting expertise built up through the operation of WafCharm. AWS WAF users can easily use Managed Rules from the AWS Marketplace. Cyber Security Cloud’s U.S. subsidiary, which has been certified as the seventh AWS WAF Managed Rules seller in the world, began selling the group’s own rule set on AWS Marketplace at the end of February 2019.
◎ SIDfm™, a service of providing vulnerability information, and web security diagnosis
It is a service offered by SofTek Systems, Inc., which became a 100% subsidiary of the company in December 2020. Since SIDfm™ was launched, it has been utilized by many customers as the information base for vulnerability management for over 20 years. SofTek’s analysts specializing in vulnerability research the details of vulnerability, which appear on a daily basis, produce content, and deliver information to customers by various means. It is difficult for customers to make a judgment in the survey on the effects of vulnerability, but by seeing the content of SIDfm™, it is possible to make an appropriate judgment, and the information on vulnerability is also used for matching for managing the vulnerability status of individual IT assets. SofTek offers comprehensive solutions, from the production of vulnerability-related content to the provision of vulnerability management tools.The web security business, which has been operated by Cyber Security Cloud, visualizes and blocks cyber-attacks to websites and servers while utilizing vulnerability information. When SofTek, which excels at vulnerability management with SIDfm™, joins the web security business of Cyber Security Cloud, the technological capabilities of the two companies will be strengthened through the sharing of knowledge, and it will be possible to utilize the big data of Cyber Security Cloud and expand sales channels.
On April 1, 2022, Cyber Security Cloud merged with SofTek and began sales of its products as Cyber Security Cloud products.
(Source: Reference material of the company)
1-4 Business model
Shadankun, Cyber Security Cloud’s core service, is offered on a subscription basis (monthly billing) over a period of time, in which customers are charged fees for access under the premise of continuous service. Revenue streams consist of monthly recurring revenue (MRR), initial installation fees, and non-recurring revenue (one-off payments). Over 95% of revenue generated from Shadankun is recurring revenue. It also boasts a high service continuation rate, backed by the successful improvement of customer value through the accumulation of data on web application vulnerabilities, its swift response to these vulnerabilities, signature setting, and rule customization. The churn rate for the term ended December 2021 remained low, ranging between 1.07% -1.35%. The company uses its strengths to provide comprehensive services from development to operation and support and increase customer satisfaction.
(Source: Reference material of the company)
1-5 The Enterprises that Adopted the Company’s Product and Sales Routes
In each field, renowned companies representing Japan have adopted the products of Cyber Security Cloud. The products have been adopted in the financial and public sectors, where security requirements are tight, earning high trust.
(Source: Reference material of the company)
In addition, the number of major sales partners, which possess a strong customer base, has increased steadily, leading to the increase of enterprises that have adopted the products of the company. To promote WafCharm, the company has cemented the cooperation with partners that have many AWS users.
(Source: Reference material of the company)
2. Fiscal Year December 2021 Earnings Results
2-1 Consolidated Financial Summary
| FY12/20 | Ratio to sales | FY12/21 | Ratio to sales | YoY | Compared to Initial Forecasts | Compared to Revised Forecasts |
Sales | 1,194 | 100.0% | 1,817 | 100.0% | +52.2% | +1.5% | +1.0% |
Gross profit | 816 | 68.4% | 1,281 | 70.5% | +56.9% | - | - |
SG&A expenses | 628 | 52.6% | 984 | 54.2% | +56.7% | - | - |
Operating income | 188 | 15.8% | 297 | 16.4% | +57.8% | +18.8% | +2.5% |
Ordinary income | 172 | 14.5% | 297 | 16.4% | +72.5% | +20.2 % | +3.0% |
Net Income | 134 | 11.3% | 169 | 9.3% | +26.4% | -5.5% | -11.5% |
*Unit: million yen.
Significant increase in sales and profit due to growth in mainstay products and the acquisition of SofTek Systems, Inc. as a subsidiary
Sales were 1,817 million yen, up 52.2% year on year, and operating profit was 297 million yen, up 57.8% year on year. In addition to Shadankun, which is their mainstay, the sales of WafCharm, which would become the second pillar of them, grew considerably. The acquisition of SofTek Systems, Inc. as a subsidiary, contributed too. Due to the sales growth, gross profit rose 56.9% year on year, and gross profit margin increased 2.1 points. Personnel expenses and recruitment & education costs augmented due to the increase of employees, mainly marketing staff, and other SG&A expenses, including R&D costs and advertisement expenses, increased, but the augmentation of SG&A expenses were offset, and profit grew considerably.
2-2 Trends in Key Indicators
| KPI | FY 12/20 4Q | FY 12/21 4Q | YoY |
Shadankun | ARR (unit: million yen) | 966 | 1,113 | +15.3% |
The number of users | 926 | 1,065 | +15.0% | |
Churn rate (%) | 1.24% | 1.21% | -0.03pt | |
WafCharm | ARR (unit: million yen) | 306 | 474 | +54.6% |
The number of users | 392 | 657 | +67.6% | |
Churn rate (%) | 1.00% | 0.77% | -0.23pt | |
Managed Rules | ARR (unit: million yen) | 81 | 141 | +74.7% |
The number of users | 1,558 | 2,372 | +52.2% | |
SIDfm
| ARR (unit: million yen) | - | 154 | - |
The number of users | - | 135 | - | |
Overall | ARR (unit: million yen) | 1,354 | 1,883 | +39.1% |
The number of users | 2,876 | 4,229 | +47.0% |
*ARR (Annual Recurring Revenue) was obtained by multiplying the MRR as of the end of the month in question by 12. MRR stands for Monthly Recurring Revenue in the subscription model. It is the sum of monthly recurring revenues from existing customers.
*The churn rate of Shadankun was obtained from the average of MRR churn rates in the past 12 months. MRR churn rate means the actual churn rate obtained by dividing the MRR lost in the month in question by the MRR as of the end of the previous month.
*For WafCharm's churn rate, they use the most recent 12-month average churn rate for the number of users. The churn rate is calculated from the number of users who cancelled the contract in the most recent year in the n-th period divided by the number of users in the (n-1)-th period.
(1) ARR
Total ARP continued to grow steadily in the fourth quarter (Oct.-Dec.), increasing 39.1% year on year. The number of orders per month reached a record high in December 2021.
(2) Number of users
The number of users of every product increased. The total number of users exceeded 4,000.
(3) Churn rate
There is no significant change in churn rate. The major reasons for cancellation are the closure of websites and the termination of contracts between business partners and end users, and most reasons are not attributable to the products of the company. The company aims to keep churn rate low.
(4) Recurring revenues
As the sales of Shadankun and WafCharm, which are core products, have increased, recurring revenues have been growing steadily. The ratio of recurring revenue to net sales has remained above 90%, contributing to the establishment of a stable revenue base.
The recurring revenues of the company are composed of the MRRs of Shadankun, WafCharm, Managed Rules, and SIDfm.
(5) Operating expenses and the number of employees
Total operating expenses for the fourth quarter (October-December) increased 60.9% year on year to 486 million yen. Overall costs increased due to strengthened marketing activities such as recruiting and holding seminars, as well as the use of outside resources.
The number of employees at the end of December 2021 was 78, up 19 from the end of the previous year. The recruitment of sales and marketing staff was boosted. In 2022, the company will focus on hiring engineers and strengthening its development capabilities while efficiently utilizing external resources.
2-3 Topics
(1) WafCharm supports the world's three major platforms
In addition to AWS and Microsoft Azure, Google Cloud is now supported, enabling the company to offer its services to more cloud users.
As a pioneer of automated WAF operation services, being the first to support the world's three major platforms, the company will protect many websites and lead to increased revenues.
(2) "AWS Version of WafCharm" launched in the U.S.
In November 2021, following the beta version, the commercial (paid) version of "AWS Version of WafCharm" was launched in the U.S.
The company has started acquiring new users and will begin full-scale sales activities in 2022 to accelerate the cultivation of the huge U.S. market.
The automated WAF operation service allows in-house security engineers to focus on strategic operations, and has received feedback from U.S. users who appreciate the ease of implementation and the fact that complex technology integration or construction is not required, and the company expects to capture demand in the future.
(3) Immediate response to dangerous vulnerabilities
On December 10, 2021, an attack that exploited the vulnerability in the program "Apache Log4j," which is widely used on websites around the world, was observed and made headlines due to its impact.
The company's security team began responding immediately. Approximately one attack was observed every three seconds, and by December 20, approximately 310,000 attacks were observed and blocked.
(4) Significantly strengthening the organizational structure for 2025
The company previously had only one sales department, but subdivided it into a marketing division to reel in customers, a remote marketing division to follow up with customers by phone, a sales division to negotiate business, and a planning division to formulate sales strategies, to shift to a more efficient sales structure.
In addition, the company had previously focused on SEO, banners, and other forms of web advertising, but the increase in personnel due to stronger hiring has enabled the company to host its own seminars and provide content outside media outlets.
In the current fiscal year, the company will develop new measures, including the launch of new commercials, the establishment of a security federation to promote cooperation and development across industrial boundaries, and support for sales partners.
3. Fiscal Year December 2022 Earnings Forecasts
3-1 Consolidated Earnings
| FY 12/21 (Act.) | Ratio to Sales | FY 12/22 (Est.) | Ratio to Sales | YoY |
Sales | 1,817 | 100.0% | 2,300 | 100.0% | +26.5% |
Operating Income | 297 | 16.4% | 390 | 17.0% | +31.2% |
Ordinary Income | 297 | 16.4% | 387 | 16.8% | +30.2% |
Net Income | 169 | 9.3% | 259 | 11.3% | +52.6% |
*Unit: million yen.
Sales and operating profit are estimated to rise
The company forecasts net sales of 2.3 billion yen, up 26.5% year on year, and an operating profit of 390 million yen, up 31.2% year on year. The company will continue to strengthen its development capabilities and invest in marketing, it expects to achieve double-digit growth in sales and profit.
3-2 Major Initiatives
(1) Promotion using new commercials
A new commercial using the keyword "anti-hacker" will be promoted, targeting companies throughout Japan, through exposure on the Internet, TV, cabs, etc.
(2) Establishment of a security awareness organization through industry-government-academia collaboration
In February 2022, the company initiated the establishment of the Security Alliance with 34 companies to raise awareness of the importance of cyber security measures, which is a serious social issue.
At the same time, the company launched a security awareness campaign, "Making Japan's DX Safe Aiming for Zero Cyber Attack Damage," to raise awareness of the need for cyber security in Japan and to change the mindset of business managers, focusing on the recent sharp increase in cyberattack damage.
Activities will be promoted with 112 supporting companies, government and central ministries and agencies, universities, and specialized institutions.
(3) Steady groundwork for the cultivation of the U.S. market
In January 2022, Managed Rules became "certified software" that has undergone review by AWS, gaining further reliability and raising its AWS partner rank to the second highest. This is a significant advantage for WafCharm in the U.S. market, as it increases its reliability.
The company aims to reach the top tier of partners by the end of the first half of 2022. Becoming a top-tier partner will provide the company with powerful opportunities to promote its products, including introductions on the official AWS blog and speaking engagements at AWS-sponsored seminars, and is positioned as the most important step in developing the U.S. market. So, the company is preparing to reach it steadily.
4.Growth Strategies for 2025
It is expected that the cybersecurity field will grow rapidly as the expansion and deployment of cloud computing, DX, 5G, and IoT accelerate. In light of these circumstances, the company offers trustworthy services worldwide as a global security service provider from Japan.
The company aims to achieve the following three goals by 2025.
* To make its product adopted by 10,000 companies and become Japan's top security company in the "Web Security" field.
* Financial targets: Net sales of 5 billion yen and an operating profit of 1 billion yen.
* To accelerate global expansion and increase overseas sales ratio to 10%.
4-1 Financial Objectives
(1) To achieve sales of 5 billion yen
The company aims to achieve a total of 10,000 companies installing Shadankun or WafCharm, and to become Japan's top security company in the "Web security" field, with sales of 5 billion yen in 2025.
It will raise the ratio of overseas sales to 10% and establish a foothold for subsequent business expansion.
*Net Sales
| 2021 | 2025 Target | CAGR |
Shadankun | 11 | 20 | +16.1% |
WafCharm | 4 | 20 | +49.5% |
Japan | 4 | 15 | +39.2% |
Overseas | - | 5 | - |
Others | 3 | 10 | +35.1% |
Overall | 18 | 50 | +29.1% |
*CAGR was calculated by Investment Bridge based on the company’s data.
**Unit: billion yen
The following three measures are key to achieving this goal (see below for details).
* Strengthening Partner Support for Shadankun
* Global expansion of WafCharm
* Enhancement of the service lineup for new solutions.
(2) To increase operating profit over 3 times to 1 billion yen by 2025
To execute each of the priority measures, recruitment will be strengthened, particularly for development and sales personnel.
While assuming that profit will be posted from 2022 to 2024, the company aims to achieve an operating profit of 1 billion yen in 2025 by expanding recognition through aggressive marketing activities and other upfront investments.
The company makes flexible investment decisions in response to changes in the domestic security market and investment opportunities in the global market.
4-2 Priority Measures
(1) To strengthen partner support
To rapidly expand the number of users, the company will work to strengthen its sales network through its partners.
It will leverage the know-how accumulated in its direct sales organization and focus on partner success*.
To acquire new partners, the company will expand its target to major cities nationwide and secure a wide range of partners, including cloud vendors and system integrators.
In March 2022, the company signed an agency agreement for "Shadankun" and a distributor agreement for "WafCharm" with KOUS CO., LTD. (Osaka City, Osaka Prefecture), a web marketing company that works with one of the largest corporate information database vendors in Japan.
For existing partners, the company will support sales of packaged products with the partner's own services, with the aim of expanding the number of the company’s products distributed.
*Partner Success
A generic term for support activities to maximize the value delivered to end-users through partners by providing information to and supporting sales activities of partners to promote understanding of the company's products.
(2) Global expansion of WafCharm
To improve partner ranks in each cloud and implement stronger measures.
In direct sales, the company aims to improve recognition among cloud users.
In addition, the company will collaborate with leading global sales partners.
(3) Enhancement of the service lineup
With the growing importance of countermeasures against vulnerabilities, the company will leverage its business development capabilities to maximize the value of SIDfm.
In addition, the company will develop new services to solve user issues and strengthen its service lineup in order to become a comprehensive solution company for web security.
5. Interview with President Koike
We interviewed President Toshihiro Koike about his mission, the company's competitive advantage, its growth strategy toward 2025, and his message to shareholders and investors.
Q: "I would like to hear how you came to be the president of the company and what your mission is."
We went public in 2020, and with the listing, we needed to further solidify our business foundation and, moreover, we needed to ensure good overseas governance as we aim to expand our business internationally.
I had worked for a large corporation, had corporate management experience in Japan and the U.S., and had experience and achievements in sales and IT. I was asked to take this position because I was the right person for the next step in our company, and I was fascinated by the new challenge and agreed to take on the position.
Despite the increasing danger of cyber-attacks on a daily basis, the lack of awareness of the danger among Japanese executives is very worrisome. Therefore, we believe that our mission is also to raise and establish more awareness about the importance of cyber security.
Just as no one leaves their house unlocked when they go out, I believe that raising awareness of this issue to the level of locking up and protecting websites with a sense of mission is the most important social raison d'etre for our company and for me, as president.
Q: "What is your company's competitive advantage in the world of cyber security?"
Cyber security is a word that encompasses a variety of genres, such as e-mail filtering and firewalls, but we are the only listed company that specializes in defending against attacks on websites.
In addition, while many cyber security products are made overseas, we believe that our unique feature or strength is that we develop and market our products in Japan and provide 24-hour, 365-day support in Japanese.
The work for cyber security does not end when it is installed; it is necessary to constantly evolve, maintain, and support it, for example, by keeping up with OS updates.
In normal times, customers forget that our products have even been installed, but when something goes wrong, they naturally request that we respond immediately, so "support capabilities" are extremely important in the cyber security world.
In terms of this "support capability," in addition to our high technical capabilities and proven track record, we are highly rated for our ability to provide support in Japanese, and the high level of customer satisfaction is linked to the low churn rate of each product.
We believe this is our strong competitive advantage.
Q: "What is the source of this advanced technological capability?"
Our technological capabilities are supported by two things: AI and people.
With regard to AI, we have created an environment for our AI development engineers to focus on development.
Half of our engineers are foreign nationals, and since gathering information from overseas is extremely important in the world of AI and cyber security, we are creating an environment where they can focus on AI development and create advanced technology on a global scale and in an environment where English is the official language.
Another element that supports our technology is "people."
We have partnered with an Israeli cyber security company to routinely gather intelligence and other information from around the world and update the situation every hour. Based on this information, our staff members constantly discuss trends and other aspects of cyber-attacks occurring around the world, and share their insights with other staff members.
While AI predicts and blocks the types and methods of attacks based on statistical information, our personnel block the sure things based on an extremely steady accumulation of work.
We combine the two to achieve the industry's highest level of protection accuracy.
Q: "The financial results for the last fiscal year were very favorable. Could you please give your own self-evaluation?
While external factors such as growing cybersecurity awareness and needs have been a major tailwind, we believe that our service lineup has matched the needs of the times.
Our mainstay product, Shadankun, is more suited to customers' traditional systems, such as those that set up their own rental servers. In contrast, cloud platforms such as AWS and Microsoft Azure are rapidly growing. In order to respond to these trends of the times, we introduced our next product, WafCharm, in 2018, and were able to achieve significant growth in the previous year as well because of the lack of other products that are best suited for cloud platforms. In addition, sales of AWS WAF Managed Rules, a set of AWS WAF rules, are steadily picking up. Although the sales volume of this product is still small, it has an extremely high profit margin and contributed significantly to profits.
Thus, by riding the wave of cybersecurity with our broad lineup of Shadankun, WafCharm, and Managed Rules, we were able to steadily increase both the number of users and ARR and achieve a significant increase in sales and profits by capturing a wide range of demand.
Q: "It seems that one of the main reasons for the strong results of the previous fiscal year was the strengthening of the sales structure. What can you tell us about that?"
As I mentioned earlier, strengthening sales is another task I have been assigned.
When I assumed the position, the sales department had only a few salespeople and no clear customer segmentation strategy, so we would respond to inquiries as they came in.
Therefore, over the last year, we have been working to build a sales organization that is more efficient by subdividing the organization into a marketing division to attract customers, a remote marketing division to follow up with customers by phone, a sales division to negotiate with customers, and a planning division to formulate sales strategies.
In marketing, the focus had been on SEO, banners, and other forms of web advertising, but with the addition of more staff, we were able to increase exposure by hosting our own seminars and providing content to outside media outlets.
We believe that these efforts to strengthen our sales and marketing structure will lead to further sales expansion in the current fiscal year and beyond.
Q: "Next, I would like to ask you about your growth strategy for 2025. What are your key strategies for "strengthening partner support for Shadankun," "global expansion of WafCharm," and "enhancement of the service lineup for new solutions"?
*Strengthening Partner Support for Shadankun
As a manufacturer, we believe it is important to create a system that allows our partners to feel the benefits of using our products.
Since there has been almost no such mechanism in place to date, we will focus on "Partner Success," a support activity to promote understanding of our products by providing information and sales support to partners.
We have invited a person with a wealth of experience and know-how to be in charge of this partner support organization.
We have also increased the number of staff members to build a close relationship with our partners and strive to acquire new partners and strengthen support for existing partners.
*Global expansion of WafCharm
We will improve our partner rank in each cloud.
For example, the AWS community is the world's No. 1. If we are going to do business with AWS, it is of utmost importance that we increase our rank and presence within AWS.
We make products that fit AWS, and the quality of our technology and the ratings of customers who have used our products are important factors in determining our rank. We believe that the release of the production version of the AWS version of WafCharm will also be a major factor.
We are currently in the second tier from the top out of five, and we hope to be promoted to the top rank by the end of the year.
*Enhancement of the service lineup for new solutions
The scope of security contingency support is very broad.
For example, in the case of a home invasion in which a safe was stolen, a typical intrusion prevention system would not grasp what was stolen, nor would it confirm if there was a safe containing a large sum of money in the house, in the first place. This is because the security system was only providing a wall to keep people from breaking in. Of course, that wall has value, but from the customer's point of view, they naturally want to know who broke through, what was done when they broke through, and where the stolen items went.
In addition to that, there is a lot to deal with because we have to examine the wall to see if there are any other areas besides the wall that have been broken into, while restoring it. Thus, even us cannot see all of our clients' security situations, but only a small part of them, and we can only provide a small part of our services in a wide range of fields.
As I said at the beginning, our mission is to raise our clients' awareness of cyber security, so we can't just say, "We don't know," but we believe that we must become a company that our clients can truly rely on to protect their websites from start to finish.
Therefore, in protecting websites, we will not only build walls but will also focus on developing services in peripheral areas, including constant monitoring of our customers' situations, while maintaining the axis of website protection.
Q: "Following that, please tell us about any challenges you face in achieving growth."
We have advanced technology, but it is not the goal, and we must continue to strengthen it.
On the other hand, there are cases where the security world is too cutting-edge, but customers do not demand that much. We need to catch up with the fast-paced changes in technologies, including networks and servers, rather than simply pursuing advanced technology. We believe that securing and strengthening human resources for this purpose are major issues that need to be addressed.
Another is the need to have the ability to better communicate the significance of our company's existence and role in society, not only in IR and PR, but also in sales and marketing.
Q: "Thank you very much. In closing, please give us a message to your shareholders and investors.”
In our growth strategy toward 2025, we are committed to providing trusted services worldwide as a global security manufacturer originating from Japan.
Although there are many competitors in the huge global market, WafCharm is steadily penetrating the U.S. market, including AWS, and Managed Rules has already built up a sales track record in more than 70 countries around the world.
As a global security manufacturer that is not limited to the domestic market, you can expect significant growth in our top line.
While we aim to grow into a global security manufacturer, we also want to strongly emphasize the fact that we are a security manufacturer originating from Japan.
Currently, most of the listed Japanese companies in the security industry are distributors or consulting companies that handle overseas products, and Japanese-made security product manufacturers such as our company are very rare.
We will make it our social raison d'être to raise awareness of the importance of cyber security and make it take root, and aim to become the first company in Japan that people associate with "Cyber Security Cloud" when they think of cyber security. We would very much appreciate your support from a medium- to long-term perspective.
6. Conclusions
While there are reports on a global increase of cyberattacks, including the announcement of a U.S. government analysis on February 18, 2022 that "Russia has carried out cyberattacks on Ukraine," the company announced, in a news release dated March 1, 2022, that "through a survey of more than 15,000 sites in Japan, we have confirmed a sharp increase in the detection of unauthorized access by suspicious attackers, or more precisely, attacks by BOTs (a type of malware for remote control from outside) and vulnerability scanning tools, since February 16. "We have detected up to 25 times more attacks than the average of the last three months, and we recommend that everyone strengthen their countermeasures as soon as possible" announced the company. Japanese companies, which are not directly involved in the Ukraine issue, cannot afford to treat the situation as if it were a fire on the other side of the river.
It is difficult to recognize the importance of cyber security as a personal matter unless one is actually attacked. Given that awareness of cyber security is said to be particularly low in Japan, the company has a significant role because its social raison d'être is to raise awareness of its importance and make it take root. The progress of the company's key initiatives will be closely watched, as it aims for "10,000 installations, sales of 5 billion yen, an operating profit of 1 billion yen, and an overseas sales ratio of 10%" by 2025.
In the previous fiscal year, the company focused on strengthening its sales structure, and this fiscal year, the company will place more weight on product development. Demand for AI and other human resources continues to rise, and competition for human resources is intensifying. The company's ability to secure development staff, including those from outside partners, will be a key factor in achieving growth in the current fiscal year and beyond.
<Reference: Regarding Corporate Governance>
◎ Organization type and the composition of directors and auditors
Organization type | Company with an audit and supervisory |
Directors | 5 directors, including 2 outside ones |
Auditors | 3 auditors, including 3 outside ones |
◎ Corporate Governance Report (Update date: March 31, 2021)
Basic policy
<Reasons for Non-compliance with the Principles of the Corporate Governance Code (Excerpts)>
Our company implements all the basic principles stipulated in the Corporate Governance Code.
This report is not intended for soliciting or promoting investment activities or offering any advice on investment or the like, but for providing information only. The information included in this report was taken from sources considered reliable by our company. Our company will not guarantee the accuracy, integrity, or appropriateness of information or opinions in this report. Our company will not assume any responsibility for expenses, damages or the like arising out of the use of this report or information obtained from this report. All kinds of rights related to this report belong to Investment Bridge Co., Ltd. The contents, etc. of this report may be revised without notice. Please make an investment decision on your own judgment. Copyright(C) Investment Bridge Co.,Ltd. All Rights Reserved. |
You can see back numbers of Bridge Reports on Cyber Security Cloud, Inc. (4493)and IR related seminars of Bridge Salon, etc. at www.bridge-salon.jp/.