The Expert's View with Michael Novinson

Big Data Security Analytics , Data Masking & Information Archiving , Governance & Risk Management

SPAC Woes Continue With Hub Security's Sluggish Nasdaq Debut

Meager Product Sales, Limited Presence in Americas Among Red Flags for Hub Security
SPAC Woes Continue With Hub Security's Sluggish Nasdaq Debut

The economic downturn has laid bare just how much of a disaster special purpose acquisition companies, or SPACs, have been for the security industry.

See Also: OnDemand | The Cost of Underpreparedness to Your Business

Four cyber companies announced plans during the financial boom of 2021 to eschew the initial public offering in favor of merging with or being acquired by a shell company that was already public. One of the four proposals encountered turbulence prior to launch and never even made it off the ground.

Risk analytics platform Qomplx in March 2021 acquired two companies and agreed to become publicly traded by merging with SPAC Tailwind Acquisition Corp. at a $1.4 billion valuation. But in August 2021, the two sides "mutually agreed" to call the deal off due to "market conditions preventing certain of the closing conditions from being satisfied." Qomplx's headcount has fallen by more than 32% since then.

The three cybersecurity SPAC mergers that did make it off the starting blocks haven't fared much better.

Secure access vendor Appgate was spun out from data center vendor Cyxtera in January 2020 and went public in October 2021 by merging with Newtown Lane Marketing at a $1 billion valuation. Since then, Appgate has laid off 130 workers - or 22% of its staff, weathered the resignation of CEO Barry Field and President and COO Jawahar Sivasankaran, and seen its valuation fall by nearly 65% to $382.2 million (see: Secure Access Vendor Appgate Promotes CISO Leo Taddeo to CEO).

It's been a dramatic fall from grace for network detection and response vendor IronNet, which went public in August 2021 by merging with a shell company at a $1.2 billion valuation. Since then, IronNet has removed co-CEO William Welch and CFO James Gerber from their posts, excised more than half its workforce through multiple rounds of layoffs, and seen its valuation fall by 97% to $37.9 million (see: IronNet Nearly Insolvent; Board to Probe Claims of Deception).

External threat intelligence vendor ZeroFox went public in August 2022 by merging with a publicly traded SPAC at a $1.4 billion valuation, but the only cybersecurity company to go public last year faces an uphill battle as investors shift to more conservative bets. In recent months, ZeroFox's profitability fell far below expectations and its valuation sank 73% to $319.1 million (see: James Foster on Taking ZeroFox Public in Hard Economic Times).

Despite all this, another cybersecurity vendor decided to try its luck with a SPAC.

Hub Security Tries Its Luck on the Nasdaq Stock Exchange

Israeli confidential computing cyber vendor Hub Security agreed in March 2022 to start trading on the Nasdaq Stock Exchange by joining forces with SPAC Mount Rainier Acquisition Corp. at a $1.28 billion valuation. But before the transaction even crossed the finish line, CEO Eyal Moshe and Vice President of Human Resources Ayelet Bitan left their posts and Chairman Uzi Moskovitch was forced into service as CEO.

Hub began trading on Nasdaq on March 1 at $2.69 per share, but by Thursday the company's stock price had plummeted more than 47% to $1.42 per share. Despite promises of a 10-figure valuation, Hub's market cap currently sits at just $145.2 million. And on Monday, investors asked for class action status, claiming Hub had misrepresented an "irrevocable" $50 million investment commitment that didn't come to fruition.

The company told regulators it's still examining the claim and is therefore unable to assess the likelihood of either the claim being approved as a class action or of the lawsuit having a material impact on Hub's operational results or financial condition. Hub didn't respond to requests for comment from Information Security Media Group.

Where have things gone wrong for Hub?

Red Flags Aplenty on Hub's Balance Sheet

For starters, Hub hasn't crossed the financial threshold that security vendors subject to the scrutiny of the initial public offering process normally hit. Hub had just $77.8 million of sales in 2021 and $37.4 million of revenue in the first half of 2022. Prior to the economic downturn, investors liked to see at least $100 million - and ideally $150 million - in annual sales from a cyber company pursuing an IPO.

On an even more ominous note, Hub's losses were worsening despite its growth. The company lost $17.1 million in all of 2021 and $20.2 million through just the first six months of 2022, meaning the firm spent approximately $1.54 for every dollar it earned in the front half of 2022. Investors expect to see diminishing losses by the time a company goes public so that profitability can be a reasonable goal.

Hub divides its business into two segments - one that's focused on providing services related to cybersecurity and systems reliability and another that's focused on products and technology such as confidential computing. The company expects a 226% compound annual growth rate and high profits for its confidential computing segment and just 5.5% CAGR and lower profits for its services business.

But as of June 20, 2022, more than 97% of Hub's business came from consulting, planning, training and integration services thanks to long-term recurring revenue contracts with government agencies and enterprises such as Lockheed Martin, Lloyds, Siemens and HSBC. The company generated under $800,000 in revenue in early 2022 from products that help firms protect their RAM or confidential computing data

The profitability picture is also quite a bit rosier around Hub's professional services segment, which recorded an operating loss of $1.5 million in 2021. In contrast, Hub's products and technology segment lost $11.3 million despite bringing in only $935 million of revenue.

Hub said it has large insurance, defense and government customers in its confidential computing pipeline, and it expects its projects and technology revenue to outpace its services revenue in 2023. But it's unclear how much confidence investors should have in Hub's projections given that the company hadn't generated any meaningful revenue from its confidential computing business through mid-2022.

In addition, Hub's geographical division of revenue isn't in alignment with what investors expect to see from a mature, public company. An established cybersecurity company will typically generate at least half of its revenue from North America, which is the earliest adopter of next-generation security technology, and at least 30% of its business from Europe, given the role regulations play in driving security spending.

But the Americas accounted for just 2% of Hub's revenue in 2021 and less than 1% of sales in the first half of 2022. Europe didn't fare much better, comprising 2% of the company's sales in 2021 and nearly 4% in the first half of 2022. Hub instead counted on its home country of Israel for roughly 95% of its sales in both 2021 as well as the first half of 2022.

While Israeli enterprises and government agencies are technically sophisticated, just 9.69 million people live in the country, dramatically limiting the size of Hub's total addressable market. Hub will need to rapidly build out a robust go-to-market organization in North America and Europe in order to hit its ambitious revenue projections.

Given all the obstacles ahead for Hub, investors appear to be steering clear of the company's stock.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.