Delivering cybersecurity solutions
Overview: WhiteHawk Limited ("Whitehawk", "the Company") is an ASX listed Arlington, Virginia, USA-based cybersecurity company, providing cyber risk products, services, and solutions. WhiteHawk developed and operates the first online cybersecurity exchange enabling businesses of all sizes to manage cybersecurity threats.
The company is evolving its portfolio of cybersecurity systems and services and has secured contracts with key US federal government departments, along with Fortune 500 companies, top US financial institutions, major insurers, manufacturers, utilities providers, and a top Defence Industrial Base (DIB) company. WhiteHawk enables companies to identify and mitigate their priority cyber risks on an ongoing basis, saving time and cost.
Launched in 2016, WhiteHawk commenced operations as a cybersecurity advisory service and has since expanded its offering to cloud-based SaaS solutions, simplifying how companies purchase cybersecurity solutions. The company has developed a technology platform that focuses on identifying, prioritizing, and mitigating cyber risks for businesses and their supply chain partners, as well and tailored online risk platforms and programs for Enterprise and government agencies.
Much of our confidence in WhiteHawk is to do with the experience and expertise of its management team, led by CEO, Founder, and Chair, Terry Roberts. Roberts is a 35-year veteran of the US national security and cyber intelligence community. She is a former Deputy Director of US Naval Intelligence, a Department of Defence Senior Executive, the Vice President for Cyber Engineering and Analytics at TASC, and an Executive Director of the Carnegie Mellon Software Engineering Institute.
Roberts is also co-chair of the Intelligence and National Security Alliance Cyber Council and four task force efforts, a member of the AFCEA intelligence committee, the naval intelligence professionals board of directors, and the cyber education advisory board of directors for the US Naval Academy and Marymount University.
Catalysts: New and extended contract announcements and partnerships have and will continue to be share price catalysts for WhiteHawk. The Company’s product lines and services continued to be sold and executed via cloud-based online platforms, SaaS services, and virtual consultations throughout the COVID pandemic. The US Department of Defense (DoD) introduction of new Cybersecurity Maturity Model Certification (CMMC) requirements that all Defense Industrial Base (DIB) contractors and suppliers must satisfy has opened up a very large potential market for WhiteHawk. Going forward, additional contract signings, partnerships, and Proof of Values have the potential to be major value drivers.
Hurdles: While Roberts’ unique experience has opened doors to US federal government departments that are inaccessible to others, the Company may be subject to increasing competition in a growing market. Given the sensitivities around cybersecurity and the parties involved, the exact identities of WhiteHawk’s customers, particularly when it comes to US federal government departments, are often undisclosed. While this is understandable, it means that the market can overlook the significance of the counterparty.
Investment View: WhiteHawk offers early-stage exposure to the growing global cybersecurity market. At this stage, WhiteHawk isn’t a company that lends itself to attributing a valuation using conventional metrics. But with a market capitalisation of just $30 million, it offers leverage to the growing global cybersecurity sector and to additional partnerships and contract signings.
We place a high value on management’s industry connections and its demonstrated ability to secure contracts with large private and government enterprises. It has signed multiple long term, hard-to-secure contracts and sub-contracts with privacy-conscious US government departments, Fortune 500 companies, and other major enterprises. These existing contracts and relationships position the company to leverage further contract signings to generate substantial revenues over the coming years.
WhiteHawk has a firm funding position and while reliance on external capital may not be entirely eliminated, its rapid growth in revenue and new and extended contracts should provide management with near-term funds to continuing its pursuit of growth opportunities. WhiteHawk has sufficient cash to operate well into 2021, with US$1.5 million as at 30 June. It has existing revenue-generating contracts and a strong US sales pipeline across diverse sectors including the US federal government, the US financial sector, US Defense and Industrial Base (DIB), and the US manufacturing and utilities sectors.
As the market for cybersecurity continues to grow, WhiteHawk appears to be in a unique position to take advantage of increased cybersecurity spend through its Cybersecurity Exchange, SaaS, and consultant-led solutions.
This is an early-stage business and the long-term growth potential remains to be validated, but we believe that favourable quarterly reports along with any new contract or partnership announcements could drive significant interest towards the stock.
While WhiteHawk saw no delays in product line development or execution due to COVID and virtual sales demos and Proofs of Value were consistently scheduled, the Company did have some contract scoping and completion delays of 60 to 90 days, with government and industry procurement teams working dispersed from home. However, WhiteHawk received a US Government Pandemic forgivable loan for US$230K.
As at 30 June, the Company had a strong cash position of US$1.5M along with a strong pipeline of sales contracts. Invoicing for the second quarter of 2020 was US$502K, matching the US$516K in invoicing for the 1st quarter 2020. For the full year, revenue doubled from $506k for the year ended 31 December 2018, to over US$1 million in the 2019 financial year. For the current financial year, ended 31 December 2020, WhiteHawk is again on track to exceed the prior year.
PRODUCT OVERVIEW
The Company has made a significant investment in technological development, providing and adapting solutions to market needs. WhiteHawk’s expanded product line includes the Cyber Risk Radar, an annual software as a service (SaaS) subscription service consisting of quarterly services that include Cyber Risk Scorecards, Cyber Risk Portfolio Reports, and ongoing conversations with a professional Cyber Analyst.
Cyber Risk Program: Cyber Risk Program is a software as a service (SaaS) product that incorporates WhiteHawk’s online Cybersecurity Exchange platform, its automated Cyber Risk Scorecards, and virtual consultations.
The Cyber Risk Program includes:
- Cyber risk continuous monitoring and prioritisation;
- Cyber risk executive-level scorecards and reporting;
- Cyber risk validation by real-time Red Team Assessment (a type of targeted penetration test); and, as appropriate,
- A dark net assessment based upon findings from the Cyber Risk Program.
The program allows a comprehensive outside-in approach to assessing an enterprise's ongoing cyber risks. Key cyber risks are determined through a Cyber Threat Readiness questionnaire and a cyber risk assessment, as appropriate. This information matches companies and organisations to tailored risk mitigation solution options, while WHK’s cyber consultants help in building a tailored cyber maturity plan.
WhiteHawk has incorporated and automated the new US Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) mapping into its online client services and Cyber Risk Scorecard. The Company built upon its existing Cyber Risk Maturity Model, mapping current cyber controls to the CMMC framework and into all Cyber Risk Scorecards in order to support its current and future DIB clients. Additionally, the Company’s Cyber Risk Scorecard product line is now 100% automated, enabling scalability across thousands of companies. These developments were made in response to the DoD establishing CMMC as the cyber resilience benchmark for all Defense Industrial Base (DIB) contractors and suppliers to improve information protection and cybersecurity. There are roughly 330,000 subcontractors of the DoD industrial complex for which CMMC will apply to vary degrees.
Cyber Risk Radar for supply chains: Cyber Risk Radar manages the business and cyber risks of an enterprise’s partners and supply chain companies by addressing supply chain risks via Software-as-a-Service (SaaS) platforms.
WhiteHawk’s annual Cyber Risk Scorecard subscription consists of quarterly updates combined with cyber consultant sessions in tandem with the delivery of each scorecard.
Risk Research and Discovery — Collect, analyse, and correlate publicly available data into actionable intelligence.
Continuous Monitoring and Alerts — Understand an organizations security performance and be alerted to impactful changes.
Focused Analytics — Perform deep dives in the areas that need focus rather than the entire dataset.
Ecosystem Maps — Visualize the enterprise by understanding the supplier and vendor interconnections.
Risk Prioritization & Mitigation — Prioritize mitigation and business actions based on levels for impact and performance.
Integration into a Centralized Risk Management Dashboard — Continuous situational awareness, tracking, mitigation, and management of the SCRM/VRM program.
Portfolio Assessments — Understand an organisation’s portfolio of all suppliers and vendors.
Cybersecurity Exchange: The company also operates the first online Cybersecurity Exchange based on a platform architecture that is AI-driven, with a focus on identifying, prioritising, and mitigating cyber risks for its clients. This cyber marketplace is an online resource, offering hundreds of best-of-breed, affordable products, and services catering to the cyber risk mitigation needs of businesses and organisations. The cybersecurity exchange enables companies to source relevant cybersecurity tools without having to retain expensive consultants or having to establish large-scale cyber security programs.
The online questionnaires and assessments provide companies with a picture of their cyber risks. These can range from malware, denial of service mitigation, traffic analysis, data leak prevention, network intrusion detection, vulnerability assessment, mobile data security, encrypted communications, and access control. Companies can then purchase solutions via the marketplace via Software-as-a-Service (SaaS) subscription models. WhiteHawk sources these remediation tools from third-party vendors and makes a fee on every month's subscription payment.
RECENT CONTRACTS
US Government Cyber Risk Radar Contract. In July, WhiteHawk was contracted by a US Federal Government CISO to implement its Cyber Risk Radar. The five-year contract was the result of a Proof of Value that was implemented early in 2019 across 10 vendors for the same US Government agency. Cyber Risk Scorecards will be provided quarterly, virtually and remotely, for 150 to 300 vendors to this US Federal Government Chief Information Security Officer, via an integrated risk management dashboard. The annual Software as a Service (SaaS) contract will see WhiteHawk generate base revenues of US$580,000 (A$803k) and up to an additional US$600,000 (A$831k), for a total of up to US$1.18 million (A$1.63m) for each year of the contract, with 4 additional option years at the same levels. The contract involves WhiteHawk providing continuous monitoring, prioritisation, and near real-time mitigation of this key US federal government CISO team’s vendors. It will also oversee its supply chain’s cyber risks over time and identify and prioritise risk mitigation strategies. This was the first US Federal contract where WhiteHawk is the Prime Contractor. On the three prior US Federal Department CIO Contracts, WhiteHawk is a Cyber Solution sub-contractor to a prime contractor.
US Federal Government Sub-Contract Extension: On 6 October, WhiteHawk was awarded a US$1.5 million (A$2.1M) contract extension with a US federal government department for FY 2021 through the prime contractor. The award of this second-year contract, under an existing US federal government department, validates WHK’s cybersecurity technology and capabilities and its value to the US government in coping with cyber threats.
CIO Cyber Risk Radar contract: WhiteHawk is implementing its new US federal government CIO Cyber Risk Radar contract across 150 suppliers (with options for additional 150 suppliers per year), for a base year and 4 option years. This will generate base revenues of up to US$1.18M (A$1.64M) over the first year.
US Federal Government Sub-Contract Extension: On 6 October, WhiteHawk was awarded a US$1.5 million (A$2.1M) contract extension with a US federal government department for FY 2021 through the prime contractor. The award of this second-year contract, under an existing US federal government department, validates WHK’s cybersecurity technology and capabilities and its value to the US government in coping with cyber threats.
Other: WhiteHawk is executing on a Cyber Risk Radar annual SaaS subscription contract with a Top 12 US Defense Industrial Base (DIB) company for 200 suppliers and vendors.
The Company also continues to execute a Cyber Risk Program contract with a major US manufacturer via a global consulting partner.
Opportunities: WhiteHawk has seen increased cyber risk awareness both in the US and in Australia this year and as a result, is expanding its opportunities. It is actively and effectively working up to 10 leads for each product line, including doubling down on US Government and US Federal Contractor opportunities in 2020 as well as planning new sales channels in Australia. Proof of Value offerings to the US and Australian government healthcare and energy entities demonstrate the ease, impact, scalability, and affordability of WhiteHawk’s Cyber Risk identification, prioritisation, and mitigation product lines.
THE BULLS SAY
- The need for effective cybersecurity is rising and well-positioned to take advantage of growth opportunities in the cybersecurity market
- Management has proven its ability to secure contracts with hard-to-access US government departments and to update its technology to adapt to market needs.
- Any additional contract announcements that will improve the company's recurring revenue base have the potential to be a major value driver.
THE BEARS SAY
- WHK is at a relatively early stage, and whether it can continue its growth at an operational and financial level remains to be seen.
- While the Company announced sufficient cash reserves through 2021, additional external capital may be required to ensure the long-term sustainability of the business.
- Contracts, particularly with key U.S. federal government departments, have been slow to finalise and execute.
- Extensions of sub-contracts rely on ongoing relationships with the Prime Contractor.
- The Company's financial position could deteriorate if operational targets are not achieved.
General Information Only
S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’) (CAR No. 433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information and is for informational purposes only. Any advice is general advice only. Any advice contained in this article does not constitute personal advice and S3 has not taken into consideration your personal objectives, financial situation or needs. Please seek your own independent professional advice before making any financial investment decision. Those persons acting upon information contained in this article do so entirely at their own risk.
Conflicts of Interest Notice
S3 and its associated entities may hold investments in companies featured in its articles, including through being paid in the securities of the companies we provide commentary on. We disclose the securities held in relation to a particular company that we provide commentary on. Refer to our Disclosure Policy for information on our self-imposed trading blackouts, hold conditions and de-risking (sell conditions) which seek to mitigate against any potential conflicts of interest.
Publication Notice and Disclaimer
The information contained in this article is current as at the publication date. At the time of publishing, the information contained in this article is based on sources which are available in the public domain that we consider to be reliable, and our own analysis of those sources. The views of the author may not reflect the views of the AFSL holder. Any decision by you to purchase securities in the companies featured in this article should be done so after you have sought your own independent professional advice regarding this information and made your own inquiries as to the validity of any information in this article.
Any forward-looking statements contained in this article are not guarantees or predictions of future performance, and involve known and unknown risks, uncertainties and other factors, many of which are beyond our control, and which may cause actual results or performance of companies featured to differ materially from those expressed in the statements contained in this article. S3 cannot and does not give any assurance that the results or performance expressed or implied by any forward-looking statements contained in this article will actually occur and readers are cautioned not to put undue reliance on forward-looking statements.
This article may include references to our past investing performance. Past performance is not a reliable indicator of our future investing performance.