Delivering cybersecurity solutions

Overview: WhiteHawk Limited (“Whitehawk”, “the Company”) is an ASX listed Arlington, Virginia, USA-based cybersecurity company, providing cyber risk products, services, and solutions. WhiteHawk developed and operates the first online cybersecurity exchange enabling businesses of all sizes to manage cybersecurity threats.

The company is evolving its portfolio of cybersecurity systems and services and has secured contracts with key US federal government departments, along with Fortune 500 companies, top US financial institutions, major insurers, manufacturers, utilities providers, and a top Defence Industrial Base (DIB) company. WhiteHawk enables companies to identify and mitigate their priority cyber risks on an ongoing basis, saving time and cost.

Launched in 2016, WhiteHawk commenced operations as a cybersecurity advisory service and has since expanded its offering to cloud-based SaaS solutions, simplifying how companies purchase cybersecurity solutions. The company has developed a technology platform that focuses on identifying, prioritizing, and mitigating cyber risks for businesses and their supply chain partners, as well and tailored online risk platforms and programs for Enterprise and government agencies.

Much of our confidence in WhiteHawk is to do with the experience and expertise of its management team, led by CEO, Founder, and Chair, Terry Roberts. Roberts is a 35-year veteran of the US national security and cyber intelligence community. She is a former Deputy Director of US Naval Intelligence, a Department of Defence Senior Executive, the Vice President for Cyber Engineering and Analytics at TASC, and an Executive Director of the Carnegie Mellon Software Engineering Institute.

Roberts is also co-chair of the Intelligence and National Security Alliance Cyber Council and four task force efforts, a member of the AFCEA intelligence committee, the naval intelligence professionals board of directors, and the cyber education advisory board of directors for the US Naval Academy and Marymount University.

Catalysts: New and extended contract announcements and partnerships have and will continue to be share price catalysts for WhiteHawk. The Company’s product lines and services continued to be sold and executed via cloud-based online platforms, SaaS services, and virtual consultations throughout the COVID pandemic. The US Department of Defense (DoD) introduction of new Cybersecurity Maturity Model Certification (CMMC) requirements that all Defense Industrial Base (DIB) contractors and suppliers must satisfy has opened up a very large potential market for WhiteHawk. Going forward, additional contract signings, partnerships, and Proof of Values have the potential to be major value drivers.

Hurdles: While Roberts’ unique experience has opened doors to US federal government departments that are inaccessible to others, the Company may be subject to increasing competition in a growing market. Given the sensitivities around cybersecurity and the parties involved, the exact identities of WhiteHawk’s customers, particularly when it comes to US federal government departments, are often undisclosed. While this is understandable, it means that the market can overlook the significance of the counterparty.

CallOut icon

WHK has a strong cash position of US$1.5M along with a strong pipeline of sales contracts

Investment View: WhiteHawk offers early-stage exposure to the growing global cybersecurity market. At this stage, WhiteHawk isn’t a company that lends itself to attributing a valuation using conventional metrics. But with a market capitalisation of just $30 million, it offers leverage to the growing global cybersecurity sector and to additional partnerships and contract signings.

We place a high value on management’s industry connections and its demonstrated ability to secure contracts with large private and government enterprises. It has signed multiple long term, hard-to-secure contracts and sub-contracts with privacy-conscious US government departments, Fortune 500 companies, and other major enterprises. These existing contracts and relationships position the company to leverage further contract signings to generate substantial revenues over the coming years.

WhiteHawk has a firm funding position and while reliance on external capital may not be entirely eliminated, its rapid growth in revenue and new and extended contracts should provide management with near-term funds to continuing its pursuit of growth opportunities. WhiteHawk has sufficient cash to operate well into 2021, with US$1.5 million as at 30 June. It has existing revenue-generating contracts and a strong US sales pipeline across diverse sectors including the US federal government, the US financial sector, US Defense and Industrial Base (DIB), and the US manufacturing and utilities sectors.

As the market for cybersecurity continues to grow, WhiteHawk appears to be in a unique position to take advantage of increased cybersecurity spend through its Cybersecurity Exchange, SaaS, and consultant-led solutions.

This is an early-stage business and the long-term growth potential remains to be validated, but we believe that favourable quarterly reports along with any new contract or partnership announcements could drive significant interest towards the stock.

While WhiteHawk saw no delays in product line development or execution due to COVID and virtual sales demos and Proofs of Value were consistently scheduled, the Company did have some contract scoping and completion delays of 60 to 90 days, with government and industry procurement teams working dispersed from home. However, WhiteHawk received a US Government Pandemic forgivable loan for US$230K.

As at 30 June, the Company had a strong cash position of US$1.5M along with a strong pipeline of sales contracts. Invoicing for the second quarter of 2020 was US$502K, matching the US$516K in invoicing for the 1st quarter 2020. For the full year, revenue doubled from $506k for the year ended 31 December 2018, to over US$1 million in the 2019 financial year. For the current financial year, ended 31 December 2020, WhiteHawk is again on track to exceed the prior year.

PRODUCT OVERVIEW

The Company has made a significant investment in technological development, providing and adapting solutions to market needs. WhiteHawk’s expanded product line includes the Cyber Risk Radar, an annual software as a service (SaaS) subscription service consisting of quarterly services that include Cyber Risk Scorecards, Cyber Risk Portfolio Reports, and ongoing conversations with a professional Cyber Analyst.

Cyber Risk Program: Cyber Risk Program is a software as a service (SaaS) product that incorporates WhiteHawk’s online Cybersecurity Exchange platform, its automated Cyber Risk Scorecards, and virtual consultations.

The Cyber Risk Program includes:

  • Cyber risk continuous monitoring and prioritisation;
  • Cyber risk executive-level scorecards and reporting;
  • Cyber risk validation by real-time Red Team Assessment (a type of targeted penetration test); and, as appropriate,
  • A dark net assessment based upon findings from the Cyber Risk Program.

The program allows a comprehensive outside-in approach to assessing an enterprise’s ongoing cyber risks. Key cyber risks are determined through a Cyber Threat Readiness questionnaire and a cyber risk assessment, as appropriate. This information matches companies and organisations to tailored risk mitigation solution options, while WHK’s cyber consultants help in building a tailored cyber maturity plan.

WhiteHawk has incorporated and automated the new US Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) mapping into its online client services and Cyber Risk Scorecard. The Company built upon its existing Cyber Risk Maturity Model, mapping current cyber controls to the CMMC framework and into all Cyber Risk Scorecards in order to support its current and future DIB clients. Additionally, the Company’s Cyber Risk Scorecard product line is now 100% automated, enabling scalability across thousands of companies. These developments were made in response to the DoD establishing CMMC as the cyber resilience benchmark for all Defense Industrial Base (DIB) contractors and suppliers to improve information protection and cybersecurity. There are roughly 330,000 subcontractors of the DoD industrial complex for which CMMC will apply to vary degrees.

Cyber Risk Radar for supply chains: Cyber Risk Radar manages the business and cyber risks of an enterprise’s partners and supply chain companies by addressing supply chain risks via Software-as-a-Service (SaaS) platforms.

WhiteHawk’s annual Cyber Risk Scorecard subscription consists of quarterly updates combined with cyber consultant sessions in tandem with the delivery of each scorecard.

Risk Research and Discovery — Collect, analyse, and correlate publicly available data into actionable intelligence.

Continuous Monitoring and Alerts — Understand an organizations security performance and be alerted to impactful changes.

Focused Analytics — Perform deep dives in the areas that need focus rather than the entire dataset.

Ecosystem Maps — Visualize the enterprise by understanding the supplier and vendor interconnections.

Risk Prioritization & Mitigation — Prioritize mitigation and business actions based on levels for impact and performance.

Integration into a Centralized Risk Management Dashboard — Continuous situational awareness, tracking, mitigation, and management of the SCRM/VRM program.

Portfolio Assessments — Understand an organisation’s portfolio of all suppliers and vendors.

Cybersecurity Exchange: The company also operates the first online Cybersecurity Exchange based on a platform architecture that is AI-driven, with a focus on identifying, prioritising, and mitigating cyber risks for its clients. This cyber marketplace is an online resource, offering hundreds of best-of-breed, affordable products, and services catering to the cyber risk mitigation needs of businesses and organisations. The cybersecurity exchange enables companies to source relevant cybersecurity tools without having to retain expensive consultants or having to establish large-scale cyber security programs.

The online questionnaires and assessments provide companies with a picture of their cyber risks. These can range from malware, denial of service mitigation, traffic analysis, data leak prevention, network intrusion detection, vulnerability assessment, mobile data security, encrypted communications, and access control. Companies can then purchase solutions via the marketplace via Software-as-a-Service (SaaS) subscription models. WhiteHawk sources these remediation tools from third-party vendors and makes a fee on every month’s subscription payment.

RECENT CONTRACTS

US Government Cyber Risk Radar Contract. In July, WhiteHawk was contracted by a US Federal Government CISO to implement its Cyber Risk Radar. The five-year contract was the result of a Proof of Value that was implemented early in 2019 across 10 vendors for the same US Government agency. Cyber Risk Scorecards will be provided quarterly, virtually and remotely, for 150 to 300 vendors to this US Federal Government Chief Information Security Officer, via an integrated risk management dashboard. The annual Software as a Service (SaaS) contract will see WhiteHawk generate base revenues of US$580,000 (A$803k) and up to an additional US$600,000 (A$831k), for a total of up to US$1.18 million (A$1.63m) for each year of the contract, with 4 additional option years at the same levels. The contract involves WhiteHawk providing continuous monitoring, prioritisation, and near real-time mitigation of this key US federal government CISO team’s vendors. It will also oversee its supply chain’s cyber risks over time and identify and prioritise risk mitigation strategies. This was the first US Federal contract where WhiteHawk is the Prime Contractor. On the three prior US Federal Department CIO Contracts, WhiteHawk is a Cyber Solution sub-contractor to a prime contractor.

US Federal Government Sub-Contract Extension: On 6 October, WhiteHawk was awarded a US$1.5 million (A$2.1M) contract extension with a US federal government department for FY 2021 through the prime contractor. The award of this second-year contract, under an existing US federal government department, validates WHK’s cybersecurity technology and capabilities and its value to the US government in coping with cyber threats.

CallOut icon

The Cyber Risk Radar enables companies to efficiently and effectively defend themselves against cyber attacks

CIO Cyber Risk Radar contract: WhiteHawk is implementing its new US federal government CIO Cyber Risk Radar contract across 150 suppliers (with options for additional 150 suppliers per year), for a base year and 4 option years. This will generate base revenues of up to US$1.18M (A$1.64M) over the first year.

US Federal Government Sub-Contract Extension: On 6 October, WhiteHawk was awarded a US$1.5 million (A$2.1M) contract extension with a US federal government department for FY 2021 through the prime contractor. The award of this second-year contract, under an existing US federal government department, validates WHK’s cybersecurity technology and capabilities and its value to the US government in coping with cyber threats.

Other: WhiteHawk is executing on a Cyber Risk Radar annual SaaS subscription contract with a Top 12 US Defense Industrial Base (DIB) company for 200 suppliers and vendors.

The Company also continues to execute a Cyber Risk Program contract with a major US manufacturer via a global consulting partner.

Opportunities: WhiteHawk has seen increased cyber risk awareness both in the US and in Australia this year and as a result, is expanding its opportunities. It is actively and effectively working up to 10 leads for each product line, including doubling down on US Government and US Federal Contractor opportunities in 2020 as well as planning new sales channels in Australia. Proof of Value offerings to the US and Australian government healthcare and energy entities demonstrate the ease, impact, scalability, and affordability of WhiteHawk’s Cyber Risk identification, prioritisation, and mitigation product lines.

THE BULLS AND THE BEARS

CallOut icon

THE BULLS SAY

  • The need for effective cybersecurity is rising and well-positioned to take advantage of growth opportunities in the cybersecurity market
  • Management has proven its ability to secure contracts with hard-to-access US government departments and to update its technology to adapt to market needs.
  • Any additional contract announcements that will improve the company’s recurring revenue base have the potential to be a major value driver.
CallOut icon

THE BEARS SAY

  • WHK is at a relatively early stage, and whether it can continue its growth at an operational and financial level remains to be seen.
  • While the Company announced sufficient cash reserves through 2021, additional external capital may be required to ensure the long-term sustainability of the business.
  • Contracts, particularly with key U.S. federal government departments, have been slow to finalise and execute.
  • Extensions of sub-contracts rely on ongoing relationships with the Prime Contractor.
  • The Company’s financial position could deteriorate if operational targets are not achieved.

Cybersecurity as a Service

Overview: WhiteHawk Limited (“Whitehawk”, “the Company”) is an ASX-listed Arlington, Virginia, USA-based cybersecurity company, providing a range of cyber risk products, services, and solutions. WhiteHawk developed and operates the first online cybersecurity exchange enabling businesses of all sizes to manage cybersecurity threats. The Company is evolving its portfolio of cybersecurity systems and services and has secured contracts with key US federal government departments, along with Fortune 500 companies, top US financial institutions, major insurers, manufacturers, utility providers and a top Defence Industrial Base (DIB) company.

Catalysts: New and extended contract announcements and partnerships have proven to be share price catalysts for WhiteHawk. This was demonstrated with the recent growth in customer contracts through its expanded product line and new SaaS product via its partnership with a major global consulting firm. WhiteHawk’s product lines and services continue to be sold and executed via cloud based online platforms, SaaS services and virtual consultations. Management has confirmed it is well-positioned to continue to support its customers and to engage with future customers seamlessly and effectively throughout the current global pandemic. Additional working capital facilities totalling A$1.9m subject to shareholder approval, provide additional funding capabilities. New contracts will boost the Company’s recurring revenue base and have the potential to be value drivers.

Hurdles: While the Company announced sufficient cash reserves through 2021, additional external capital may be required to ensure the long-term sustainability of the business. There is no guarantee that capital can be procured at favourable terms to shareholders. Despite implementing a range of mitigation initiatives, the greater impact of COVID-19 on the global economy and WhiteHawk remain somewhat uncertain and there is no guarantee that ongoing growth can be achieved. The Company may be subject to increasing competition in a growing market.

Investment View: WhiteHawk offers exposure to the growing global cybersecurity market via its cybersecurity exchange. We are attracted to management’s industry connections, the Company’s existing contracts with U.S. federal government departments & Fortune 500 companies, its partnerships and sales pipeline. WhiteHawk has a firm financial position and while the Company remains reliant on external capital, recent funding supply should provide management with near-term resources to pursue growth opportunities. The Company’s existing revenue-generating contracts are supported by a deep sales pipeline in the US across diverse sectors including the federal government, financial sector, Defense and Industrial Base as well as manufacturing and utility sectors. As the market for cybersecurity continues to grow, WhiteHawk is in a unique position to take advantage of increased cybersecurity spend through its Cybersecurity Exchange and solutions. While the long-term growth potential of the business remains to be validated, we believe that a series of favourable quarterly updates along with any new contract or partnership announcements could drive significant interest towards the stock and we, therefore, initiate coverage with a view to providing further updates in the future.

COMPANY & ASSET OVERVIEW

Launched in 2016, WhiteHawk commenced operations as a cybersecurity advisory service and has since expanded its offering to cloud-based SaaS solutions, simplifying how companies purchase cybersecurity solutions.

CallOut icon

Revenues are generated via recurring SaaS contracts

Today, WhiteHawk enables companies to identify and mitigate their priority cyber risks on an ongoing basis with demonstrated cost and time savings. Leveraging the online Cybersecurity Exchange platform and SaaS partners WhiteHawk works to identify, prioritise, and mitigate cyber risks that impact client revenue and reputation. It partners with top commercial technologies and SaaS services that leverage AI techniques and open data sources.

WhiteHawk’s expanded product line now includes the Cyber Risk Program, a software as a service (SaaS) product for mid-sized and large enterprises to defend against cyberattacks by monitoring, identifying, prioritising, and mitigating cyber risks. The company’s Cyber Risk Radar is an annual SaaS subscription that manages the business and cyber risks of an enterprise’s partners and supply chain companies. WhiteHawk’s annual Cyber Risk Scorecard subscription consists of quarterly updates combined with cyber consultant sessions in tandem with the delivery of each scorecard. The Cyber Marketplace is an online resource, offering hundreds of best-of-breed, affordable products and services catering to cyber risk mitigation needs of small to midsized businesses and organisations.

Founder and CEO, Terry Roberts, is a former deputy director of US Naval Intelligence and brings over 30 years of experience as a US national security and cyber intelligence professional. This includes time as a US Naval Intelligence Officer, a Department of Defence Senior Executive and as a Cyber Engineering, Architecture and Analytics industry executive.

WhiteHawk leverages algorithms and data sets to provide ‘solutions on demand’ delivering tailored services to customers

Whitehawk generated revenues of US$1.03 million (A$1.5M) during financial year 2019, a 100% gain in the prior year, of which US$867k (A$1.32M) were with two key customers in the US and US$161k (A$245k) in government contracting. Issued capital stands at US$11.2 million (A$17M) as of 31 December 2019.

The first quarter 2020 revenues of US$516k (A$787k), were up 55% from US$333k (A$508K) in Q419 and up 282% on pcp. WhiteHawk has taken a lean approach to expenses, reducing its cash burn during the quarter while increasing gross margins. It finished the first quarter with a strong cash position of US$1.5 million (A$2.3M) and a solid pipeline of sales contracts. The Company has additional Working Capital facilities available from RiverFort Global, comprising a A$400k loan and a A$1.5m combined placement and equity (subject to shareholder approval at the May 2020 AGM).

Following a period of accelerated investment in product and sales channel development, WhiteHawk is on track to again deliver growth in 2020. A recent partnership with a major global consulting firm has delivered an additional sales channel that has generated annual 2020 SaaS subscriptions of greater than US$400k, as of 15 April. The table below is a summary of WhiteHawk’s recent financial performance and highlights the growth achieved over the prior corresponding period.

OUTLOOK

WhiteHawk has made great advancements in the evolution of its business over the past year and is positioned for strong scalable growth. The Company has existing revenue generating contracts and a strong sales pipeline in the US. These span diverse sectors including US federal government, US financial sector, US Defense and Industrial Base (DIB) and the US manufacturing sector.

The Cyber Risk focused business model enables WhiteHawk to remain agile, to partner with the best open data and AI enabled platforms, and to continually evolve to align with customer needs and appetites. The Company now has optimal positioning in the cyber risk market, across companies and organisations of all sizes in the US and is seeking to increase business internationally.

*Companies & partners WhiteHawk works with.

WhiteHawk is on track to again deliver strong revenue growth in 2020. It has completed the online integration and automation of its product lines and added a major global consulting firm as a sales partner. Its partnership with Sontiq/EZShield provides a scalable business model and seamless access to thousands of businesses needing to address their digital risks. Plus, the new rules around cybersecurity of US government supply chain and contractor companies should generate new business.

THE BULLS AND THE BEARS

CallOut icon

THE BULLS SAY

  • Following a period of accelerated investment in 2018 and 2019, the business is well-positioned to take advantage of growth opportunities in the cybersecurity market.
  • Rising revenues, including recurring SaaS annual revenues and US government contracts that can become annuities.
  • Has multiple US federal government contracts that are very difficult to secure, plus large private sector counterparties, reflecting the quality of the product and the reach of the management team.
  • The need for effective cybersecurity remains amid the global coronavirus pandemic. WhiteHawk products and services continue to be sold and executed via cloud-based online platforms, SaaS services, and virtual consultations.
  • And while automated services and products and that Cyber Security is more essential than ever
  • Any additional contract announcements that will improve the company’s recurring revenue base have the potential to be a major value driver.
  • Successful execution of Whitehawk’s growth strategy could drive significant interest toward the stock.
CallOut icon

THE BEARS SAY

  • While the Company announced sufficient cash reserves through 2021, additional external capital may be required to ensure the long-term sustainability of the business.
  • There is no guarantee that capital can be procured at favourable terms to shareholders.
  • Despite a range of mitigation measures implemented by management and while automated services and products make cybersecurity more essential than ever, the greater impact of COVID19 on the global economy and Whitehawk remains uncertain and there is no guarantee that ongoing growth can be achieved.
  • Some contracts, particularly with key U.S. federal government departments have been slow to finalise and execute.
  • The Company may be subject to increasing competition in a growing market.
  • The Company’s financial position could deteriorate if operational targets are not achieved.