What Metrics do the Top Security Companies Report On?
12/1/24 Benchmarks for Operators
There’s a lot you cannot control when it comes to fundraising.
It's chaotic. It’s high pressure. It's intense.
The fates of companies and investors alike are decided in these moments.
I bet you know the pitch deck. But have you heard of the data deck?
Probably not, yet it’s the single most powerful thing Bobby, Co-founder and CEO of Equals, built for every single fundraising process he's led—Intercom’s $23M Series B, $35M Series C, $120M Series D, and Equals’ $16M Series A.
Thankfully, he created an in-depth guide to help get your metrics in order so you can embrace the chaos.
This grid compares the metrics disclosed and guided by ten leading companies in the cybersecurity and observability sectors.
The comparison highlights similarities and differences in their reporting practices, reflecting their individual business models and investor focus.
Legend:
One checkmark (✓): Company discloses this metric
Two checkmarks (✓✓): Company both discloses and provides guidance on this metric
Blank: Company neither discloses nor guides on this metric
Key Observations:
Universal Metrics: All ten companies disclose and guide on Revenue and Non-GAAP Operating Income/Margin. These are table stakes.
Profitability Focus: Most companies provide guidance on Non-GAAP Net Income Per Share, with PANW being a notable exception.
Cash Flow Emphasis: Free Cash Flow is widely reported and guided, reflecting its importance to investors in assessing financial health and sustainability. These days you can’t be all revenue sizzle with some FCF steak.
Customer Metrics: Most companies disclose customer-related metrics such as number of large customers and dollar-based net retention rate.
It’s interesting that more companies provide the number of customers over $100k vs total paying customers, perhaps hinting that the smaller, fleeting customers are inconsequential to forecasting and may cause noise.
Most companies report if NDR is above or below a stated “threshold” (e.g., 120%) rather than giving a specific number, as the metric can be volatile
Subscription Revenue: CRWD, DDOG, DT, and CYBR specifically highlight and guide on Subscription Revenue, reflecting their SaaS-centric business models.
Billings and ARR: There's a split in focus between Calculated Billings and Annualized Recurring Revenue (ARR).
Billings can be notoriously volatile, especially in the cybersecurity sector where deals can be lumpy and timing of big deals can shift unexpectedly. A single large deal slipping from one quarter to the next can dramatically impact billings
Plus, billings often include multi-year contracts, while revenue is recognized over time. This can create a disconnect between billings growth and actual business performance. ARR is a better indicator of where the revenue puck is going.
Unique Metrics:
Only DT and CYBR report on Annual Contract Value (ACV).
RPO (Remaining Performance Obligation) is reported by several companies but not universally.
Variations in Guidance: While most companies disclose similar metrics, there's variation in which metrics they provide forward-looking guidance on, likely reflecting what each company believes is most relevant to its investors and business model (and most importantly, what they feel they can forecast predictably).
TL;DR: Multiples are FLAT week-over-week.
Top 10 Medians:
EV / NTM Revenue = 16.4x (flat w/w)
CAC Payback = 26 months
Rule of 40 = 53%
Revenue per Employee = $391K
Figures for each index are measured at the Median
Median and Top 10 Median are measured across the entire data set, where n = 110
Population Sizes:
Security: 17
Database and Infra: 14
Backoffice: 16
Marcom: 16
Marketplace: 15
Fintech: 16
Vertical SaaS: 16
Revenue Multiples
Revenue multiples are a shortcut to compare valuations across the technology landscape, where companies may not yet be profitable. The most standard timeframe for revenue multiple comparison is on a “Next Twelve Months” (NTM Revenue) basis.
NTM is a generous cut, as it gives a company “credit” for a full “rolling” future year. It also puts all companies on equal footing, regardless of their fiscal year end and quarterly seasonality.
However, not all technology sectors or monetization strategies receive the same “credit” on their forward revenue, which operators should be aware of when they create comp sets for their own companies. That is why I break them out as separate “indexes”.
Reasons may include:
Recurring mix of revenue
Stickiness of revenue
Average contract size
Cost of revenue delivery
Criticality of solution
Total Addressable Market potential
From a macro perspective, multiples trend higher in low interest environments, and vice versa.
Multiples shown are calculated by taking the Enterprise Value / NTM revenue.
Enterprise Value is calculated as: Market Capitalization + Total Debt - Cash
Market Cap fluctuates with share price day to day, while Total Debt and Cash are taken from the most recent quarterly financial statements available. That’s why we share this report each week - to keep up with changes in the stock market, and to update for quarterly earnings reports when they drop.
Historically, a 10x NTM Revenue multiple has been viewed as a “premium” valuation reserved for the best of the best companies.
Efficiency Benchmarks
Companies that can do more with less tend to earn higher valuations.
Three of the most common and consistently publicly available metrics to measure efficiency include:
CAC Payback Period: How many months does it take to recoup the cost of acquiring a customer?
CAC Payback Period is measured as Sales and Marketing costs divided by Revenue Additions, and adjusted by Gross Margin.
Here’s how I do it:
Sales and Marketing costs are measured on a TTM basis, but lagged by one quarter (so you skip a quarter, then sum the trailing four quarters of costs). This timeframe smooths for seasonality and recognizes the lead time required to generate pipeline.
Revenue is measured as the year-on-year change in the most recent quarter’s sales (so for Q2 of 2024 you’d subtract out Q2 of 2023’s revenue to get the increase), and then multiplied by four to arrive at an annualized revenue increase (e.g., ARR Additions).
Gross margin is taken as a % from the most recent quarter (e.g., 82%) to represent the current cost to serve a customer
Revenue per Employee: On a per head basis, how much in sales does the company generate each year? The rule of thumb is public companies should be doing north of $450k per employee at scale. This is simple division. And I believe it cuts through all the noise - there’s nowhere to hide.
Revenue per Employee is calculated as: (TTM Revenue / Total Current Employees)
Rule of 40: How does a company balance topline growth with bottom line efficiency? It’s the sum of the company’s revenue growth rate and EBITDA Margin. Netting the two should get you above 40 to pass the test.
Rule of 40 is calculated as: TTM Revenue Growth % + TTM Adjusted EBITDA Margin %
A few other notes on efficiency metrics:
Net Dollar Retention is another great measure of efficiency, but many companies have stopped quoting it as an exact number, choosing instead to disclose if it’s above or below a threshold once a year. It’s also uncommon for some types of companies, like marketplaces, to report it at all.
Most public companies don’t report net new ARR, and not all revenue is “recurring”, so I’m doing my best to approximate using changes in reported GAAP revenue. I admit this is a “stricter” view, as it is measuring change in net revenue.
Operating Expenditures
Decreasing your OPEX relative to revenue demonstrates Operating Leverage, and leaves more dollars to drop to the bottom line, as companies strive to achieve +25% profitability at scale.
The most common buckets companies put their operating costs into are:
Cost of Goods Sold: Customer Support employees, infrastructure to host your business in the cloud, API tolls, and banking fees if you are a FinTech.
Sales & Marketing: Sales and Marketing employees, advertising spend, demand gen spend, events, conferences, tools.
Research & Development: Product and Engineering employees, development expenses, tools.
General & Administrative: Finance, HR, and IT employees… and everything else. Or as I like to call myself “Strategic Backoffice Overhead.”
All of these are taken on a Gaap basis and therefore INCLUDE stock based comp, a non cash expense.