Should Tech Stock KnowBe4 Be on Your Watch List?

In this episode of Industry Focus: Tech, host Dylan Lewis and Motley Fool contributor Brian Feroldi discuss a business that's part tech and part consulting. They talk through the numbers and explain why management and company culture are the real things to be excited about with this biz.

To catch full episodes of all The Motley Fool's free podcasts, check out our podcast center. To get started investing, check out our quick-start guide to investing in stocks. A full transcript follows the video.

This video was recorded on April 23, 2021.

Dylan Lewis: It's Friday, April 23, and we're talking about a cybersecurity company that just went public. I'm Dylan Lewis, I'm joined by fool.com's key kid of not knowing non-new news, Brian Feroldi. Brian, I like what you did there with the K in the end. That was an honest mistake.

Brian Feroldi: You liked that?

Lewis: Yeah. That was crafty.

Feroldi: I was really hoping that it was going to mess you up, but yet again, failure, Dylan.

Lewis: You succeed in some of the other ways, Brian. [laughs] We're on today. We're talking about another prospectus and really this is a company that is already public, which is nice, so if people are interested, they can start kicking the tires on it themselves, and this is KnowBe4 (KNBE), and Brian, I'm particularly excited about this one because it's in a space that we haven't spent a lot of time talking about in the past.

Feroldi: This is a company that's focused on cybersecurity from a different angle than a lot of the companies that are publicly traded cybersecurity companies, and one reason that we really haven't touched upon this is, cybersecurity is an extremely complex area. There are dozens, if not hundreds, of companies working on the topic and you really need specialized knowledge to go deep on those companies. This is not an area that I feel super competent.

Lewis: Yeah. Me, neither, honestly. It's been a tough space and I think there are a lot of people who have been so excited in the megatrend of cybersecurity. Seeing all the news about hacks that are coming through, understanding the huge reputational and financial damage that can come when your security is breached. But it's been tough, I think, investing in a lot of these businesses. Some have been good performers but there have been a lot of businesses that had a lot of hopes in this industry that haven't necessarily turned into great shareholder returns, either.

Feroldi: But on the flip side, there have been some mega winners on the market: CrowdStrike, Zscaler, Palo Alto Networks. This is definitely an area to get to know. What's really fascinating about the company that we're talking about is, I think they are approaching cybersecurity from an entirely different angle.

Lewis: Yeah. I think you're right and we'll get into that in a sec. I think I just want to give a couple of quick details on the business for folks that are listening. The company is KnowBe4, and for Avril Lavigne fans out there, they have taken the skater boy approach to naming themselves, it is K-N-O-W-B-E and then the No. 4, and the ticker, Brian, is KNBE.

Feroldi: That's correct. That's probably the thing, I swear I get to that I like the least about this company [laughs] is the way that they have named themselves. The rest there's a lot to like, and this is a company that IPO'd earlier this week. They did price at about $16 per share, raising $140 million. The stock is currently trading about $22-$23, so it's up from its IPO price. That's a good start.

Lewis: Yeah, and I will say for that pop, a lot of management teams like to see a little bit of excitement. They didn't leave a ton of money on the table. In the grand scheme of IPOs that we've seen over the last 12 months. This was one of the better priced ones at the least, for how much enthusiasm there was around the company.

Feroldi: Totally agree. This is a company I wouldn't want to be trading at $30 or $40 or $50 post-IPO, so yes, management here did leave some for public investors or those that got in the IPO, but they definitely raised at a seemingly good price.

Lewis: For their part, we're going to get into this when we talk about the financials, but nice for them to raise cash; not something necessarily needed to do, and there's a lot to be excited about with this business. I think the financials are really going to bear out why we're excited and why we think this is an interesting company. I think at core, when I started reading through this prospectus, Brian, and reading about this company, I was reminded, I don't know if you know this acronym, E-B-K-A-C, have you heard about this? It's a common tech support acronym, and it's an error between keyboard and chair. [laughs] What it means is, the human is the problem. That's basically the short of it. It's a tongue-in-cheek joke, and I think that that's probably one of the best ways to frame how this company is thinking about cybersecurity and what they are really offering to their customers.

Feroldi: I think you've just nailed on our really key point there. Historically, if you look at how companies, how enterprises have protected themselves, it's with technology. It's finding the best products that are on the market and deploying those products to keep their systems safe. However, all of that technology is useless if the people that are using it make their password 1-2-3-4-5 or if they take sensitive data and they email it to somebody or if a phishing email gets through to them and they click on it. There are so many ways that the human can basically make their cybersecurity technology obsolete, and that is a problem that KnowBe4 is trying to solve.

Lewis: Exactly. It doesn't matter how good the tools are, if they aren't being used correctly or if the training just isn't there for the people that should be using the tools, they're useless. That's the crux of what this company is trying to help solve. It's really better training, better awareness, and really making the best use of all these systems that companies have in place by making their workforce aware of what they need to do.

Feroldi: I love mission-driven companies, and this company spells out its mission right at the top of its S-1. Their mission is to enable employees to make smarter security decisions every day. This company was actually founded in 2010 by Stu Sjouwerman; himself a cybersecurity expert for years. I love this quote that he had in the Founder's Letter. He said, ''When I started KnowBe4 in 2010, I'd been in cybersecurity for 15 years. Through that experience, I realized that despite the billions of dollars that were spent at security products, more often than not, it was a human letting the bad guys in.'' I love that, framing the problem right from the get-go.

Lewis: Yeah. What I have noticed, Brian, is there have been a lot of very successful Fool investments and Fool universe stocks where the company started with someone who knew a space very well, recognizing a problem and trying to find a way to solve it elegantly for themselves and then also broadly for the industry. This seems to check that box.

Feroldi: I totally agree. We can talk about Wix, they've done this, something like that. Shopify, they've done something like that. Zoom, they did exactly like that. An entrepreneur sees a problem that it's not being addressed by the market, creates their own solution, and then sells it to others. It's very much in that spirit here. I love how this company says they are focused really on the ABCs of security: awareness, behavior, and culture. Those are three areas that not many other companies focus on.

Lewis: That's right. I think a big part of that is informed by the fact that the CEO, Sjouwerman, has been in the industry for a long time. He's got decades of experience in the space and decided that, I think, in this most recent act of his over the last 10-ish years or so, this is where he wanted to focus because this is where you saw an interesting opportunity. There are some benefits to being first, and we'll get into that a little bit as we talk about where they sit in the landscape, but this feels like a pretty unique offering in the grand scheme of cybersecurity.

Feroldi: Yeah. Again, we'll get into the business model in a little bit and their focus, but what I really like here is, again, they are focused solely on the human. They're focused on training employees and making employees better at cybersecurity themselves so that when that phishing email gets through or when that phone call comes through, they are less likely to give out that sensitive information. That's a critical part of cybersecurity that to date hasn't really been addressed.

Lewis: It hasn't and I think the problem is only getting worse, Brian, because we see that, just look at the headlines when it comes to breaches, there is a large reward for people that are trying to figure this stuff out and trying to hack into businesses. It's become a cottage industry in and of itself. With people being far more decentralized, us not working in offices right now, I think that there is even more of a risk for companies with this because it's harder to keep tabs on what your employees are doing and make sure that everyone is following the correct security protocols when everyone's working from home.

Feroldi: That's exactly correct. That problem, as you point out, is only going to get worse and worse. They actually have some interesting statistics in their S-1 that are worth highlighting here. So the Center for Strategic and International Studies estimates that the global total cost of cybercrime is $1 trillion. A recent study by IBM Security found that the average breach cost a company $3.86 million, that's in direct cost, but there's also reputational costs that could be at risk here. Getting this problem under control is a serious matter.

Lewis: Yeah. There's going to be a lot of money pouring into this space. I think a lot of corporate clients are looking for really good solutions and I think that this is only going to become an increasingly more relevant part of how companies are looking at both protecting customer data and proprietary data but also mitigating risk.

Feroldi: Totally. That's exactly what KnowBe4 does. Now the way they do it is, they are deploying a software-as-a-service business model, and their products currently fall into three primary buckets. Bucket one is called just security awareness and these are tools that help a corporation to assess threats, find weaknesses, analyze their user behavior, and then train them through a series of over a thousand pieces of content that they have when necessary to make sure that they're not falling for these scams. Product bucket No. 2 is called security automation. This is with workflow management. It helps with remediation. It helps to detect threats ahead of time. The third bucket is just called governance, risk, and compliance. This helps to make sure your vendors are doing their job. It helps with auditing, it helps with analyzing results, and it helps with assessing risk. Those are the three primary buckets that the company's products fall into.

Lewis: Yeah. All of those make sense. They all work together really well. When I see them laid out that way, Brian, what I hear is basically the value of working with a certain provider is enhanced the more they can understand exactly what's going on in your ecosystem and really all of the different moving parts. That seems good when it comes to customer retention. It also, to me, signals that there's probably some optionality with this business and being able to layer in new services, new offerings as they identify customer needs.

Feroldi: That's one of the things that we're not getting into later in the show. This is a land-and-expand model and they've done a pretty good job thus far with landing. And just an OK job with expanding. Currently, only about 14% of their customers subscribe to multiple products. On the one hand, you might think that's not a lot of success, on the other hand, that's a lot of opportunity for improvement.

Lewis: Yeah, because you can look and see opportunity if they're able to prove out their value, and this is so often what we talk about, particularly with software solution products. It proves the value and the spend is going to be there.

Feroldi: That's exactly right. More importantly, when we're talking about this platform, this company has been identified as a leader by numerous third parties. So first-off, Gartner and Forrester have called out KnowBe4 as a category leader. Their company's app, KnowBe4 app, was in the top five most downloaded in 2020 for Microsoft Azure Active Directory product.. They are also featured in Okta's 2021 security tool report. So this company is getting a lot of accolades from the industry.

Lewis: You're getting a lot of accolades from a tech company with a subscription business as we start keying into a few numbers from this business model. In this case, yup, we have a subscription model. For everyone following at home, you knew where we are going with this show.

Feroldi: Listeners, if there is no recurring revenue I will fight to make sure it does not appear on this show. KnowBd4 currently has more than 37,000 customers, up 22%. Only about 14% of them are using multiple products, which leaves room for growth. They have numerous tiers for organizations to choose from. 

Lewis: [...] is right, we're recently in the billion-dollar business mid-cap space.

Feroldi: Numbers are pretty down this recent quarter [...] year total revenue 45%. Basically, the take figure was up 36%. The rest of the income statement looks good too. Gross margin was 84%. That's stunning. Now the company is not profitable, at least on a GAAP basis. They are spending heavily to grow this business, especially on sales and marketing. That is their biggest spending category so far. They're also spending on overhead and not that much on R&D, to be frank; $20 million on research and development. However, the company reported 33 cash flow positive since '20. Post IPO balance sheet has $228 million in cash, zero debt. Financially, very strong.

Lewis: Very strong. If you look at the liabilities section for this business, you're going to see a couple of big line items and they're just unearned revenue, which for this line of business, you expect to see. Those are pretty good liabilities to be sitting on, Brian. Particularly when we're seeing what looks like pretty loyal customers and a gross margin of 85% is a darn strong business figure.

Feroldi: Especially when that figure is still rising and could continue to go higher over time, especially if they have success up-selling their customers to more products. But man, is that a good starting point.

Lewis: We mentioned CEO, Stu Sjouwerman. We just want to give some background on him. A classic look at the management team here. It's an interesting pedigree for Sjouwerman, he was the co-founder of a company, Sunbelt Software, which had won many awards. It was an anti-malware and software business, and that was acquired in 2010. Always nice to invest alongside someone who has a track record of success. We mentioned before: been in the industry for a while, a veteran and understands what to do, what to grow businesses, and also I think to just build a successful one. What I was most encouraged by, Brian, is looking over at the Glassdoor reviews for this business. I mean, it's about as good as I have seen for a company that we've done an S-1 show on recently.

Feroldi: I love it when you have a "Wait, what?" moment when you're researching the stock, and this one definitely clarified that this company gets 4.7 stars out of 5 on Glassdoor. The CEO has won numerous best CEO awards, and 98% of them approve of him as CEO. Those numbers are outstanding.

Lewis: Yeah, and we've seen them win awards. They've been on Glassdoor's 2021 Best Places to Work list, also in the top 10 in 2020. There is clearly a supportive culture here that employees like, we always like to see that as investors. If you're looking for the skin in the game, Sjouwerman owns just under 4% of shares outstanding, which is good for about a $100 million stake, mentioned before. He is already taking a business to the point where it's been acquired. My hunch is that he is in the "I don't need to do this to live" [laughs] phase of his career and is doing this because it's a problem that he likes solving. That can be a very successful management [laughs] style to invest alongside.

Feroldi: Yeah, not only that, but if you look at just the executive team in general, they own over 6% of this business and their Chief Hacking Officer, a guy named Kevin Mitnick, who is infamous in the security industry because he was actually convicted of cybersecurity fraud and had to go to jail for a little while. Books have been written about him. He is involved with this company as the Chief Hacker Officer, and he owns 7% of this business. There are some good skin  in the game here.

Lewis: There's kind of a Frank Abagnale arc there. [laughs] "Catch me if you can." Going from being black hat to being white hat, that's cool to see. If you're operating in this space, you need people who know how to get around these things to be helping you build out systems and create educational programs, so that the average person who's far less sophisticated knows what to be looking out for. It's just the reality of it.

Feroldi: If nothing else, free marketing because he is somebody that is infamous in the space, so him being involved is a positive.

Lewis: It is, yeah. I think when I take a step back and look at everything we've talked about so far, Brian, this looks like an incredibly investable business. There's a lot of things to be excited about here. The financials look really good, love seeing companies in that $2 [billion] to $10 billion space. The accolades both for the corporate culture and what we've seen, just the track record of the management team, really strong. I think there's also some interesting growth opportunities for this business. We talked about the tailwinds and just the sheer amount of money that's going to be coming in the year, because it is such an important part of how companies do business. There is also, I think, some opportunities for them to move into some adjacent markets and expand internationally, but they create a pretty compelling investment thesis.

Feroldi: Yeah, the bulk case here or the long-term growth story here is based on many of the principles that we see in lots of SaaS companies that we talk about. No. 1 priority, add new customers. They are clearly doing a good job of that. They grew their customer base by over 20% in 2020 and now have 37,000 total of customers. At No. 2, up-sell those customers on more products and services. They have done a good job about making more customers subscribe to more than one product over time, but there's still a long way to go there with only 14% of current customers subscribing to more than one. And No. 3, international expansion. This company's only been around for 11 years now and while it has started to develop a presence in international markets, international sales are only 12% of total revenue, so they see big potential for this in international markets. Finally, they hope they call up striking up new partnership opportunities and allowing for cross-selling opportunities. Currently, they do have some partnerships in place that help them to get new customers, and they did note that about 38% of sales in 2020 were derived from these partnership agreements. They hope to do more, especially as they expand into international markets. When you take all of that into consideration, this company currently sees its addressable market opportunity at over $15 billion. If that's anywhere close to correct, that means that it's currently tagged about 1% of its opportunity.

Lewis: That's another point in opportunity, Brian [...] [laughs]. You could say it's only 1%, or you could say it's only 1%. [laughs] Both of those things are true. It's all about how you frame it. With the international expansion, I was doing some reading on this before we hopped on, I do think one of the things that we'll have to keep in mind with this business is they are going to have to pretty heavily localize anything they're doing for markets that they're looking to expand into. Some of that is just the local specific ways that hackers might be trying to access. Some of it it's the language and the nuance of how people are going to be framing this stuff. There is so much market opportunity in the United States alone that it's an exciting business, but I think the rollout to separate markets it's going to be somewhat country-specific. They're going to have to figure out which territories are worth going after and prioritizing them accordingly. Just because not everything from one space is going to transfer to the other.

Feroldi: That's exactly right which is why I really like their idea of coming up with some partnerships, opportunities to do this, and when their gross margin is so high, that gives them lots of room to reinvest, to make their product more localized for different areas. It remains a massive opportunity for the company.

Lewis: One of the things that we always like to see is, OK, sounds great, Brian, but what do I need to know here risk-wise? Are there supplier concentrations? Do we have customer concentration? Is there a lot of money pouring into this space? These are typically the boxes we'll check and again, I think we were pleasantly surprised when we started scrolling down to that part of the S-1.

Feroldi: No customer concentration risks to speak of, no supplier concentration risk to speak of. Having said that, I do think there are some risks for investors to watch. To me, No. 1, by far is, what if this company gets hacked? What if one of this company's own employees is the source of that hack. Talk about a black eye that could be sitting out there if that happened, that would be a massive PR nightmare, PR fiasco for this company if that was to happen. The other risk to keep in mind is that growth might not be as high as some investors were hoping for. If you rewind the clock two years to 2018, this company was reporting 53% growth in its customer base. Last year, that number was only 22%. You would have thought that COVID would've been a pretty good tailwind for this company like it was from any other SaaS companies. Again, that's just customer growth we're talking about. Revenue growth was much higher than that, which shows they're getting more revenue per customer. But is there the chance that this company might not be growing as fast as growth investors would like? That's a risk. Then finally, there's just valuation risks like we've seen for any company. This company is currently trading at about 22, 23 times sales and there is free cash flow, so we can actually compute that number, and it's right around 110 times free cash flow. Those are certainly high numbers that are pricing in continued growth. If that growth failed to materialize for whatever reason, look out below.

Lewis: Yeah, and putting it in the free cash flow sense is interesting. We don't do that too often, Brian. I think most people are used to hearing us talking about price to sales or price to earnings valuation shorthand. If you're looking at those slightly more conventional metrics, we've said it before, but by the end of the year, about $200 million in recurring revenue. We are looking at just under $200 million in trailing-12-month revenue. With a $4 billion valuation, you ballpark, it's something about 20 times, a little bit more than 20 times sales that we're talking about here. Not outrageous, if the margins stay intact and the growth story stays intact. To your point about client growth, though, we always like to see the number of clients going up and the spend going up. Then you have two levers that are fueling your growth and you can enjoy acceleration sometimes, if you really nail your offerings. I think one of the things that they might ride into, and it might affect their customer base growth, is just having to educate the market a little bit on what they are bringing to the table and why this is something that companies need to spend on in addition to all the other stuff that they may already be spending money on in this space.

Feroldi: Yeah. I think that's a big reason why this company is currently spending so heavily on sales and marketing. Again, when you are approaching a category, as this company is from a completely different angle, that's great because the competition might not be as fierce and you have greenfield opportunities. On the flip side, the market is not free-educated in this category. So you do have to do a lot of spending up front to almost build demand for your product as you go. Investors should probably expect that sales and marketing number to be really high for a while. On the flip side, when you think about that, they are really the top dog in doing what they are doing. Since they are addressing this from a completely different angle, one thing that I really like about this company is that it is nonrival with all the other leading cybersecurity companies. It's not like if you have CrowdStrike or Zscaler, or some other cybersecurity company that you're not going to go with KnowBe4, this actually compliments those products, it doesn't compete with them. That is awesome.

Lewis: Yeah, I think you're right. I mean, it makes it a lot easier to get buy-in from other players in the industry. It might be helpful for them in locking down partnerships and stuff like that in the future as well. Brian, I got to be honest, when I was doing my homework on this, I was surprised that there wasn't more on this company. I don't know about you, but I was looking for the articles, I was looking for the coverage and just on first glance, seeing what we had in terms of topline growth margins, the space it's in, there was an underwhelming amount of coverage on this business.

Feroldi: Underwhelming amount of [laughs] coverage equals opportunity for us, I guess. [laughs]

Lewis: Yes, I think that's right. It's fun to get one that a ton of people haven't talked about before. I'm curious, having been through everything now, having walked through the entire business, where does this one see for you? Is this an immediately investable idea, a watch-list thing, something you're watching just because it's an interesting industry, or something you're saying like, "I don't know if this is for me."

Feroldi: New IPOs are always tricky because one of the things we highlight on this show is great culture, great management team. Those things can change when a company comes public, that's always a risk to watch. We also don't know: Is this company going to have a beat and raise culture. Are they going to do a good job of meeting Wall Street's expectations? We don't have any track record there to go off of. What's the post-IPO dilution going to be like? It was pretty mild last year, the year before that, it was really hot. What's this company going to be like with doling out stock-based compensation, now that it's a publicly traded company? We don't know a lot of the answers to those questions. With all that in mind, why am I interested in this company? This might be something that I buy basically as soon as I'm allowed to, because it checks a lot of the boxes, if not almost all the boxes that I looked for, an investable idea. I really like that it's only a $4 billion company. I really like that it's playing into cybersecurity from an angle that I can understand. So this company is very high on my watch list. How about you?

Lewis: Well, I think I'm a user that would probably benefit from this business. I think it's easy if you can see the use case to see the investment case. They're just things that I know as an Internet consumer and someone who, I wouldn't say I'm sophisticated, but I think I'm probably slightly better than the average person online. Yet, I'm sure there's a lot that I would learn going through a lot of their systems and a lot of their modules. I see the case, I love that they're not directly competing with a lot of the industry incumbents. I think that makes a ton of sense. It is a top of the watch list type stock for me. I love the company culture too. I think that's one of the most impressive things. We got through the financials and I was like "This is an interesting business." Then you start seeing the Glassdoor reviews and the way that people talk about working there. That really gets you bought in.

Feroldi: Yeah, I think so. This is going to be one that I'm going to enjoy doing a follow-up show on a lot in a couple of months, [laughs], see how they're doing, or throwing support, at the very least.

Lewis: Yeah. We'll definitely be coming back to this one as we have some earnings releases. I'm excited about it. I mean, I think one of the fun things over the last year, Brian, it's just been, we've had so many interesting ideas come public. A lot of nascent tech, a lot of spaces that I think people are a little hungry to put some money into because they see the headlines. This is one of those businesses I'm going to be excited to circle back on it.

Feroldi: I'm right there with you.

Lewis: Brian, thanks so much for hopping on today's show with me.

Feroldi: Anytime, Dylan.

Lewis: Listeners, that is going to do it for this episode of Industry Focus. If you have any questions or you want to reach out and say, "Hey," shoot us an email at [email protected] or you can tweet as @MFIndustryFocus. If you're looking for more of our stuff, subscribe on iTunes, Spotify, or wherever you get your podcasts. As always, people in the program may own companies discussed on the show, and The Motley Fool may have formal recommendations for or against stocks mentioned, so don't buy or sell anything based solely on what you hear. Thanks to Tim Sparks for all his work behind the glass today, and thank you for listening. Until next time, Fool on!