CTEK First Quarter 2018 Earnings Script

Participants

Bryan Flynn – Investor Relations

Mac McMillan – Chief Executive Officer

Paul Anthony – Chief Financial Officer

Operator

Welcome to CynergisTek’s 2018 first quarter earnings Conference Call. Today’s conference is being recorded. At this time, I would like to turn the conference over to Bryan Flynn, Investor Relations for CynergisTek. Please go ahead, sir.

Bryan Flynn

Thank you, operator.  I want to welcome everyone to CynergisTek’s first quarter twenty eighteen earnings call. Joining us today from the company includes Mr. Mac McMillan, President and Chief Executive Officer and Mr. Paul Anthony, Chief Financial Officer.

Before we begin the formal presentation, I'd like to remind everyone that some statements made on the call and webcast, including those regarding future financial results and industry prospects among others, are forward-looking and may be subject to a number of risks and uncertainties that could cause actual results to differ materially from those described in the conference call. Certain of these risks and uncertainties are or will be described in greater detail in the company’s SEC filings.

CynergisTek is under no obligation and expressly disclaims any such obligation to update or alter its forward-looking statements whether as a result of new information, future events, or otherwise.

At this time, I would like to turn the call over to our CEO, Mac McMillan.

Mac McMillan:

Thank you Bryan, and good morning everyone.  

It is always humbling and an honor when you are recognized in the industry that you serve.  In March CynergisTek was recognized as one of the 10 best cybersecurity companies of 2018, by CIO Bulletin.  We were the only healthcare focused cybersecurity firm on the list, further stressing the need for increased awareness, readiness, and protection within the healthcare industry.  This recognition is a testament to our continued commitment to be the trusted partner to our healthcare clients.  As with all industries it is difficult to keep up with the onslaught and sophistication of cyberattacks.  For instance the most recent malware attack launched by the hacker group Orangeworm which target healthcare.  Orangeworm is an advanced hacker group thought to be conducting attacks for the purpose of espionage. Their focus in healthcare was on X-Ray, MRI and other medical devices rather than the traditional PC and they did that because those systems traditionally demonstrate latency in maintaining up to date operating systems and patch profiles basically making them an easier target for exploitation.  This age-old paradigm of taking advantage of the weak link continues to offer attackers a fertile environment for attacks.  Particularly within healthcare where the IT environment is constantly evolving and is full of new technologies like IoT devices that need new approaches to protection and provide more opportunity for attackers.  Healthcare cyberattacks continue to evolve and are growing at an unprecedented rate and should remain at the forefront of healthcare executives thought processes.  Study after study have shown that the healthcare industry has seen significantly more attacks than other industries in the US.   According to statistics from reported cyber incidents the sophistication and damage that these attacks are causing also continues to increase at a rate not being seen in any other industry and at a much higher cost to remediate and mitigate.   At CynergisTek we strive to assist our clients in building cybersecurity and privacy programs that mitigate this risk by protecting systems, data, operations, and respecting the privacy of the patients they serve.  

Turning to this quarter, in perspective to our last call together, things generally remained consistent.  At the beginning of the quarter as expected we experienced slower new sales due to continued uncertainty in the market which seemed to be causing many health systems to be cautious about spending, but it recovered in the last month of the quarter as the industry become more comfortable with the message out of Washington and its potential impacts on reimbursements.  However, that coupled with the normal Q1 seasonality we typically see in the business affected top line growth.  Overall our performance was in line with our expectations with the exception of our low margin equipment revenue segment which took the biggest hit due to clients again re-evaluating their capital spend.  As you recall, our focus in Q1 was three-fold.  Continuing to strengthen relationships with clients.  Growing our pipeline for our new and existing managed services, particularly Patient Privacy Monitoring, Incident Response Services, Biomedical Device Security Services and growth of our Professional Services offerings.  And finally completing improvements to all of our managed service offerings to help maintain margins and strong EBITDA.  I am pleased with the initial progress we have made on all of these initiatives but I would like to see sales start to accelerate in the future.  We continue to maintain a 95% client renewal rate, saw growth in the pipeline for some of our new services and completed the restructuring within the organization and operations to maintain gross margins comparable to last year even with the continuing impact from the losses on the MPS side of the managed services business.

While we are seeing slower growth in MPS cross selling opportunities than we had hoped our first MPS win of 2018 was the first time we have sold an integrated print security assessment component as part of our full service MPS program.  Also, Arkansas Children’s, an MPS win in late 2017, was an example of cross-selling success as they became both an MPS and CAPP (Managed Security Service) services client by adding security in Q1.  Other cybersecurity deals that closed this quarter were notable as they represented some of the largest CAPP programs to date.   We continue to focus efforts on building a pipeline for our revamped

managed print offerings and the potential that brings for new sales in 2019.   Our focus hasn’t changed.  We want to grow our pipeline in both our new and existing offerings, continue to deliver high caliber managed services as well as continue to expand and evolve our service offerings to meet market demand for new services such as managed medical device security, support for the Cybersecurity Resilience Review requirement and impacts to US hospitals from GDPR.  

In respect to biomedical devices we are developing a complete set of services designed to better protect and manage biomedical devices in conjunction with a leading biomedical device management software solution provider.  These services will finally provide our healthcare clients with the ability to identify, categorize by risk and integrate more effective security and maintenance activities to create safer more secure medical devices on their networks.  Our new Cyber Resilience Review (CRR) program addresses 10 specific areas of business risk from cybersecurity issues that the SEC has said Board of Directors should be cognizant of as corporate leaders.  The CRR was developed by the Department of Homeland Security in conjunction with the National Institute of Standards and Technology (NIST) on behalf of the SEC to address the need of Directors for information regarding the growing threat of cyber incidents that could affect the companies they serve.  The recent passing of the GDPR (General Data Protection Regulation) in Europe has also heightened awareness around privacy concerns in the United States and we are seeing an increase in interest around privacy from many of our healthcare clients as a result.  

I will now hand it over to Paul to review the financials highlights for the first quarter of 2018.  Please go ahead, Paul.

Paul Anthony:

Thank you, Mac.

Good morning everyone.      

On January 1, 2018, we adopted Topic 606 for revenue recognition. There was no change in revenues reported using this method as compared to the previous guidance.  As a result, we are now classifying revenue into the following three categories; Managed Services, Consulting and Professional Services and Hardware and Software Resales.  The full financial detail and disclosures can be found in the 10Q. The key difference between Managed Services and Consulting & Professional services is the fact that managed services are predominantly revenues from our long-term 3-5-year contracts where the consulting and professional services are predominantly more short-term, and project based in nature.

Breaking down the revenue into the new categories for Q1 2018 versus Q1 2017, Managed services revenue was $13.3 million a decrease of -16%.  This decrease was the result of the $3.8 million drop from the MPS non-renewals we have discussed in the past offset by $1.2 million in revenue growth from our existing MPS customers and growth in the Security related services to new customers. Consulting and professional services increased by 61% to $2 million due to growth in security related consulting and professional services provided to new and existing customers. Equipment, hardware and software resales decreased by -15% to $1 million.  

We maintained a gross margin of 25% of revenues in the first quarter of twenty eighteen as compared to the same period in 2017. Non-GAAP adjusted EBITDA after adding back stock-based compensation and non-recurring charges related to our recent debt refinancing and the departure of a senior executive was $0.9 million or 6% of revenues for the first quarter of 2018, compared to $1.1 million or 6% of revenue for the same period in 2017.  Non-GAAP adjusted earnings after adjusting for the non-recurring charges, amortization of intangibles, stock-based compensation, depreciation and non-cash income tax expense, was $0.5 million, or $0.06 per basic and $0.05 per diluted share for the first quarter 2018, compared to $0.6 million or $0.07 per basic and diluted share for the same quarter in 2017.

At March 31, 2018, deferred revenue was $1 million, down from $1.4 million at December 31, 2017. The Company had $3.4 million of cash and cash equivalents as of March 31, 2018. Effective January 1, 2018, when we adopted the new revenue recognition pronouncement, we increased deferred commissions by $0.9 million with a corresponding increase in beginning retained earnings. Deferred commissions are included in prepaid and other current assets in our consolidated balance sheet.

This concludes the financial portion, I will now turn the call back over to Mac for closing remarks.  

Mac McMillan – Closing Remarks

With continued heightened presence of cybersecurity in the news and sophisticated coordinated cyberattacks aimed at taking down critical infrastructure and causing systematic failure on the rise, healthcare Executives and their organizations can no longer be on the defensive but must proactively implement, monitor and enforce a comprehensive cybersecurity policy and framework that spans the entire enterprise.  No longer is security just the role of the Chief Information Security Officer or IT, now everyone has a role in protecting the workplace.  CynergisTek will continue to remain focused on helping our clients solve cybersecurity challenges both current and emergent.  We will also look to expand our services through new solutions and partnerships that support our position as our clients trusted partner. 

This concludes the prepared remarks. Operator, please open the floor for questions.

Question-and-Answer Session

…