Rubrik (RBRK) reported 24Q3 with fantastic results

Hi, I’d like to bring this new Cyber-security name to the board. Rubrik just reported 24Q3 earnings today, with a eye-blowing beat.

A brief view about the company

Rubrik IPOed on April 25, 2024, so this is their second earning report. It’s a SaaS company which focuses on cyber resilience. It’s major product is Rubrik Security Cloud (RSC), which is a SaaS product with Zero Trust design to detects, analyzes, and remediates data security risks and unauthorized user activities. It helps customers to achieve “cyber resilience”, which encompasses cyber posture and cyber recovery. This contributes to the majority of revenue.

Rubrik claimed that they are the only company that consolidate both cyber recovery and data security posture management (DSPM), which appear to be a unique advantage over competitors.

Rubrik does not compete with any of the Cyber-security names we discussed on this board (e.g. CrowdStrike, ZScaler, etc). It partners with them to deliver its solution.

While some other companies prevent cyber outage from happening, Rubrik can make sure a fast recovery from any cyber attacks. The recent CrowdStrike outage seemed to make large organizations more worried about cyber resilience, which is a tailwind for Rubrik.

Rubrik is winning in the cyber resilience market. As more and more organizations realize that cyber-attacks and breaches are inevitable, cyber resilience is becoming the number one topic in cyber security. In my conversations with CIOs and CISOs around the world, what is clear is in spite of spending millions of dollars in cyber-attack prevention tools, it is not a question of if, but when they will experience a successful cyber-attack. Every Board of Directors is asking for a cyber resilience strategy to ensure that their business get back up and running as fast as possible.

Gen AI is another tailwind for Rubrik’s DSPM solution, because, while exposing data to Gen AI apps, the data security becomes very important.

Rubrik’s market cap is about 12B (after the AH surge today). Current subscription ARR is just above 1B. Rubrik’s recently Q3 non-GAAP FCF was positive (7% margin), while it is still negative from a full year basis. Rubrik’s defined a new metric called “Subscription ARR Contribution Margin” and uses it to track their profitability of the subscription business. It’s currently improving and is about to break-even.

2568×1444 378 KB

Financial Results

Revenue

YoY

QoQ

Q4 Revenue guidance: 233.5
Q3 Revenue: 218.5 → 236.2 (guided → actual)
Q2 Revenue: 197 → 205 (guided → actual)

Note: Rubrik’s subscription revenue has some upfront recognition which make the QoQ growth a little fluctuating. They did mention some one-time revenue benefit in Q3.

The Q3 revenue outperformance relative to our guidance reflects our strong ARR growth and higher-than-expected upfront and non-recurring revenue. This is due to higher-than-expected new sales and renewals of RSC private from regulated and government verticals in Q3 as well as the extension of transition licenses to some of our customers as they progress through the adoption of Rubrik Security Cloud.

Subscription Revenue

YoY
58.86% → 49.80% → 54.46%

ARR

YoY

QoQ

Here I do have a concern about the decreasing ARR growth, which is much slower than the overall subscription revenue growth. But if it can stabilize at the current level, I think the company is still cheaply valued now, considering a ~15 PS ratio.

As a reminder, the benefit for subscription ARR growth from the conversion of maintenance to subscription has been moderating, and we saw approximately 2 points of benefit in Q3. We are not expecting any benefit to growth from converting maintenance to subscription ARR in fiscal 2026.
In addition, historically, we see higher net new subscription ARR in the second half of the year versus the first half. As we have discussed previously, we had an exceptional start to fiscal 2025, which offset typical seasonality. In fiscal 2026, we expect to see more normalized quarterly seasonality in subscription ARR.

Rubrik does not report exact NRR, but their Subscription NRR has been above 120%.

we continue to see a strong subscription net retention rate which remained over 120% in the third quarter. All vectors of expansion are healthy contributors to our net retention rate, highlighting the meaningful runway we have to more deeply penetrate our customer base.
Adoption of additional security functionality remains at approximately one third of our subscription net retention rate, stable from last quarter, but up from approximately a quarter in the year ago period.

Notes from earning call

Winning market share

(From Q2) This quarter, a U.S. Insurance company replaced its existing data backup and recovery vendor with RSC or Rubrik Security Cloud Enterprise Edition and SaaS data protection for M365. This customer was dissatisfied with their current WAN provider. A competing new-gen vendor as it could not operate at the scale and speed the business required nor protect their M365 environment. During the proof of concept, we demonstrated a recovery time of about 35 seconds, compared to over five hours for the incumbent. The customer security team also endorsed Rubrik for our suite of native security features such as anomaly detection, threat hunting and monitoring, and sensitive data discovery, which their existing vendor lacked.

(Q3) This quarter, a global engineering and construction service provider selected Rubrik to protect its entire data ecosystem, including SaaS data protection for Microsoft 365. This was driven by a board mandate seeking to consolidate multiple backup providers and improve cyber recovery times. In a proof of concept with other new gen backup providers, Rubrik was the only vendor that beat the required RTO of less than 4 hours for their mission-critical applications.

Another logo win was with a Fortune 20 health care company that selected Rubrik as their only cyber resilience partner. After a thorough evaluation, we were the only immutable cyber resilience provider that could meet the organization’s RTO, both on-premises as well as in the cloud. In addition, adoption of RSC Enterprise addition allows this customer to rip and replace six disparate new gen and legacy backup vendors while delivering superior cybersecurity functionality.

DSPM is growing rapidly with the Gen AI tail wind.

(Q2) Another example, a U.S. consumer services company added Rubrik DSPM to provide visibility into where its sensitive data resides and reduce its attack surface. Rubrik automated the discovery and classification of company’s sensitive data in only a few hours, which would have otherwise taken months of manual work across 10 full-time employees according to the customer. In addition, what we are seeing is that, generative AI brings urgency to DSPM. Before an organization’s proprietary data gets fed into LLM, data sensitivity and user access must be managed. AI trust, safety and preparation must be established and DSPM plays a critical role in this.

Now moving on to data security posture management, or DSPM. DSPM provides visibility into sensitive data exposure to minimize surface area of attack and the risk of data exfiltration. We are the only vendor in the market to offer DSPM plus cyber recovery in an integrated platform. This allows us to deliver complete cyber resilience before, during and after an attack. Our complete cyber resilience value proposition is resonating with customers as demonstrated by growing volume of DSPM deals, which nearly doubled quarter-on-quarter in Q3.

In addition, the adoption of AI applications such as M365 CoPilot brings an urgency to DSPM adoption. What makes CoPilot such a powerful tool is its ability to leverage content across the company to provide accurate and relevant insight? However, companies need to have the right data security controls in place to ensure sensitive data remains secure when using AI tools such as CoPilot. This quarter, we announced Rubrik DSPM for M365 CoPilot. This new set of capabilities not only helps enterprises reduce the risk of sensitive data exposure and exfiltration, but also helps them accelerate the secure adoption of CoPilot.

In terms of like DSPM, we are continuing to see a strong traction with DSPM and as I mentioned in the prepared remarks, that number of customers doubled quarter-over-quarter in Q3. The issue is DSPM provides data risk and data threat visibility. And then combination of DSPM plus cyber recovery is the complete cyber resilience. And since generative is now pulling data from the nooks and crannies of enterprise applications, folks need to understand the sensitivity of the content to be able to deliver responsible AI. And that is also our attempt in terms of the Rubrik DSPM for Microsoft CoPilot. In fact, the health care organization in Q3 added DSPM to their existing Rubrik footprint because their Chief Information and Digital Officer was concerned about their ability to recover quickly and they actually replaced their existing DSPM vendor to be able to offer superior cyber resilience capability and be able to understand the data risk, data threat and to be able to deliver fast cyber recovery.

DSPM is still a relatively smaller part of our business

New products for potential future growth

As some of you might have read in our IPO prospectus, Rubrik pie design perpetually lives on the frontier of innovation and our long-term success depends upon our ability to continuously paid and commercialize pioneering products.
In this vein, just this week at AWS Reinvent, we announced Rubrik Annapurna, which, along with an exciting new partnership with AWS will accelerate the development of trusted gen AI applications. There are three parts to this groundbreaking innovation: Number one, Rubrik Annapurna API service will allow customers to have ready to go access to all business data to quickly build more powerful and trusted gen AI applications; number two, Annapurna will deliver secure data embedding powered by RSC; and number three, Rubrik Annapurna leverages all enterprise data and metadata in RSC to easily set and manage data access controls for AI applications.
We believe we are uniquely positioned to enable AI adoption in a secure and compliant manner, which is a top priority for enterprises. We are excited about what we can do with Annapurna because Rubrik extracts, manages and secure the most important real estate in the brave new world of Gen AI, business data. However, I would like to note that we are in the very early innings of a multiyear strategy for Rubrik to be the secure data infrastructure platform for Gen AI applications. We look forward to providing more color on this road map as it advances in the next several years.

Q: Cloud has native back-up solutions, why would customers use Rubrik?

Rubrik has a huge opportunity in the cloud. And the reason is that cyber resilience is needed, wherever your application and data resides. But the fundamental question is that you have your data in three clouds, five SaaS applications and five data centers, and you can’t have different methods to do cyber recovery in different places because if you have to turn 30 knobs when you are – you had a bad breach, you will be down for a very long time.
So customers are looking for a single policy engine and single security control to actually deliver cyber recovery across all of their data estates. And that’s why we are winning in the cloud because we have a very comprehensive solution for all the native cloud providers as well as data centers as well as SaaS applications such as Salesforce and M365.
As an example, this quarter in Q3, a Fortune 500 insurance company came to us to actually replace their native backup solution on their cloud platform with Rubrik cloud-native protection because they wanted the consolidated, again, policy management and security controls across all of their data so that they can have a native data threat engine that would be provided for complete visibility, control and being able to confidently do cyber recovery when the inevitable cyber attack happens.

Q: whether the strong demand for DSPM and cyber recovery is related to inflection, e.g. Gen AI roll out?

In terms of Gen AI, Gen AI is certainly a driver for a lot of enterprise activities right now because Gen AI is forcing people to focus on data to understand the integrity of the data, to understand the sensitivity of the data, to understand potential risk of the data, to understand who has access to what data and what they can do with data.
And if you look at where we play, Rubrik is the data security platform. We – at the outset, our goal was to transform backup and recovery, which was a legacy platform into a data security platform to deliver cyber resilience. And so our cyber recovery together delivers our customers an understanding of data risk and delivers data integrity and availability. And so truly, the Gen AI initiatives bring the focus back into data, and that definitely is a tailwind for this market.
Having said that, obviously, digital transformation, cloud transformation, application – SaaS application adoption. And everything that is accelerating throughout the year is also contributing. So it’s a broad set of capabilities and broad set of market drivers driving the secular tailwind for this market.

Earning call link: https://ir.rubrik.com/financials/quarterly-results/default.aspx
Bert’s article about Rubrik: Rubrik: A Leading Data Resiliency Solution That Deserves More Attention | Seeking Alpha
S1: https://www.sec.gov/Archives/edgar/data/1943896/000119312524083525/d359771ds1.htm

Cheers,
Luffy

I agree, and so do the analysts seemingly. I don’t share the worry about ARR growth, though. It was up 9.1% qoq vs 7.4% in Q2 so that seems like an acceleration. Also a large part of the ARR is now cloud ARR which is growing very fast. Cloud ARR was $762m of the $1bn, and that was up 67% yoy. The last comment from John DiFucci from Guggenheim said it nicely:

Well, keep it up guys because - you know this - what we saw tonight is rare. Thanks.

In addition to the very strong growth at $1bn ARR scale, I want to add some meat around the margins. Margins all seem to be on a generally improving trajectory, with strong operating leverage.

First, operating margin

→ Operating leverage clearly kicking in. And although the company is not yet operating margin, positive, the thing to watch as a leading indicator for operating margin, according to the CFO is what they call ARR contribution margin. That is almost at breakeven, and should be positive next year. Also, the CFO indicated that operating margin should follow ARR contribution margin by a couple of quarters. So next year the company should inflect to operating margin profitability.

Here is the graph showing their progress on ARR contribution margin from the Q3 Slide deck:

Screenshot 2024-12-06 at 12.26.351442×630 75.1 KB

Net profit margin:

→ The company is not yet net profitable, but improvement has been very impressive, both vs last q and vs a year ago.

Free cash flow margin:

→ This for me is the best one. Their guide for full-year FCF implies positive FCF in Q4 too, and in the commentary they also indicated that next year should be overall FCF poisitive for the year. This is a company turning the corner now to FCF positive territory (after 10 years).

All in all, this was an excellent report from a fairly new IPO with very strong secular tailwinds, which still seems to be valued (relatively) fairly (at a ±10x run-rate P/S as of yesterday’s close, before the bump that is no doubt coming today).

-wsm
(Long: 9%)

Good call out for the Cloud ARR growth. Regarding the sequential ARR acceleration from 7.36% to 9.05% QoQ, I think the management made it clear in the earning call that it was due to a one-time benefit.

We added $83 million in net new subscription ARR. We continue to drive adoption of our Rubrik Security Cloud, which resulted in $769 million of cloud ARR up 69%. Our subscription ARR growth benefited approximately 2 percentage points from transitioning our declining maintenance base to subscription.

In addition, the management also pointed out that their business has seasonality so the second half of year usually have higher ARR growth.

As a reminder, the benefit for subscription ARR growth from the conversion of maintenance to subscription has been moderating, and we saw approximately 2 points of benefit in Q3. We are not expecting any benefit to growth from converting maintenance to subscription ARR in fiscal 2026.
In addition, historically, we see higher net new subscription ARR in the second half of the year versus the first half. As we have discussed previously, we had an exceptional start to fiscal 2025, which offset typical seasonality. In fiscal 2026, we expect to see more normalized quarterly seasonality in subscription ARR.

So combining all these information, the total ARR growth does feel like a slow down, though I still think the company could have > 30% ARR growth next year, which still justifies the value considering the company will also likely have FCF breakeven in 2025.

Luffy

When entering RBRK financial data into my spreadsheet I see that RBRK’s total liabilities exceed their total assets. 1,268,691 total assets - 1,789,778 - total liabilities - most recent quarter. It has been like that as far back as I can see. Its due to deferred revenue and non-current deferred revenue. AI tells me that “deferred revenue is a liability on a company’s balance sheet because it represents revenue that hasn’t been earned yet. As the company delivers the goods or services, the deferred revenue is recognized as revenue on the income statement.”

Ok, I get that, but what I don’t understand is why this revenue is not showing up as cash or other assets on the balance sheet, one should negate the other. None of the other companies in my portfolio has more liabilities than assets. Can anyone shed a little light on this? Am I making mountains out of mole hills here. Thanks in advance,
Happy Hunting

They have only reported two quarters so far. Why would they negate each other if they are growing contracts faster than the cash they take in? When they get larger and the contracts start to slow down, then I would think they would negate each other. But for now, if they are winning share, you should want them to have more Deferred Revenue. That is all money in the bank. Edit: It could be that they also have longer contracts. Rubrik’s contracts are written for 3 years.

When entering RBRK financial data into my spreadsheet I see that RBRK’s total liabilities exceed their total assets. 1,268,691 total assets - 1,789,778 - total liabilities - most recent quarter. It has been like that as far back as I can see. Its due to deferred revenue and non-current deferred revenue.

I think the diff between total liabilities and total assets is due to the negative total common equity, from the huge negative retained earnings.

1496×816 64.2 KB

And the jump of retained earnings was primarily due to huge net loss. ($176.9 million in Q3, $732.1 million in Q2) And SBC appears to be the largest contributor.

1512×1084 87.4 KB

I think the $630.3 million SBC in Q2 was very likely a one-time vest related to the IPO and the $105 million in Q3 may be more of a norm, but we’ll have to wait and see the trend since RBRK has only reported two earnings.

In the short term, I think the net income will stay negative for quite a while, but I’m not worried the company’s long term ability to achieve profitability, considering its continuously improving FCF margin.

Luffy

How specifically does SBC affect the Balance sheet? Which line item on the balance sheet is it reported on. SBC only affects the Income Statement and the Cash Flow statement. Most expenses are reported on the Balance sheet but SBC is an exception.

You can find SBC on the income statement in the diluted earnings , you can find SBC on the cash flow statement under stock based compensation. But there is not any category on the balance sheet for SBC. The FASB wanted to provide an accounting for it but did not want to use the balance sheet…

To clarify, total assets = total liability + total equity, so the negative total equity is the gap here between total assets and total liability.

I initially thought that it was due to SBC because SBC will reduce Net Income, and Net Income reflects in the Retained Earnings in the Total Common Equity Section on Balance Sheet. (If you do 2,591.5-2,414.6, your get 176.9 which is the net loss of Q3).

But I was probably wrong here. ChatGPT told me that SBC would also increase the Additional Paid-in Capital, which can cover the Retained Earnings change in most cases.

When SBC occurs,

• The Retained Earnings account decreases because of the lower net income.
• The Additional Paid-In Capital account increases as part of the equity section, reflecting the issuance of equity-based awards.

In summary, SBC reduces retained earnings by lowering net income but simultaneously increases additional paid-in capital in equity. The total equity might remain unchanged, but the composition of equity shifts.

I asked ChatGPT in which cases can a newly IPOed company carry significant more retained loss than Additional Paid-In Capital and here’s the answer.

It is relatively uncommon but not impossible for a company to have negative common equity right after an IPO. Here’s a breakdown of why this might happen and how to interpret the situation:

1. Why Common Equity Might Be Negative After an IPO

• Accumulated Deficits:
  • If the company has a history of significant net losses before the IPO, retained earnings (often reported as “accumulated deficit” for loss-making companies) may be deeply negative. This reduces the equity balance.
• Large Pre-IPO Financing or Restructuring Costs:
  • High expenses related to the IPO process, such as underwriting fees, legal costs, and restructuring charges, might reduce the equity further.
• Preference Share Redemption or Conversion:
  • If preferred shares are converted into common shares at a discount or redeemed using IPO proceeds, this could impact the equity structure, leaving common equity negative.
• Debt Refinancing:
  • Some companies use IPO proceeds to repay debt rather than increase liquidity or equity, which doesn’t significantly affect APIC but reduces retained earnings indirectly by the cost of early repayment fees or interest expense.

2. Why Retained Earnings and APIC Both Increased

• Retained Earnings Increase:
  • If the IPO involves settling liabilities that previously reduced net income (e.g., capitalizing prior losses or covering pre-IPO debt with proceeds), retained earnings may appear to increase significantly.
  • Alternatively, revaluation of deferred tax assets or liabilities post-IPO could lead to an improvement in retained earnings.
• APIC Increase:
  • APIC increases during the IPO due to the sale of shares at a premium over their par value. However, this increase might still be smaller compared to the deficit in retained earnings.

3. Why Retained Earnings Are Bigger Than APIC

• Large Historical Deficits:
  • If the company was operating at a significant loss for many years before the IPO, the accumulated deficit might still be far larger than the APIC increase from the IPO.
• Limited Premium on Shares:
  • If the IPO was priced conservatively (i.e., the shares were sold at a relatively low premium), the APIC increase might be modest compared to the retained earnings deficit.
• Capital Intensity:
  • High investment in fixed assets, R&D, or acquisitions before profitability could result in prolonged losses, keeping retained earnings lower relative to APIC.

4. Key Considerations

• Growth Companies:
  • This situation is more common for startups or growth companies with significant pre-IPO investment in technology, R&D, or customer acquisition, leading to losses before the IPO.
• Investors’ Focus:
  • Investors often focus on future growth potential rather than immediate profitability. However, negative common equity could raise red flags about solvency or the sustainability of operations.
• Pro Forma Adjustments:
  • Analyze any pro forma financials disclosed in the IPO prospectus to better understand how the IPO impacts equity.

5. Conclusion

Negative common equity post-IPO isn’t the norm but can occur due to a combination of significant historical losses, modest APIC increases, and high IPO-related costs. While this can be concerning, the broader context—such as the company’s growth trajectory, cash flow generation, and use of IPO proceeds—needs to be considered to assess financial health.

Luffy

SBC is further down the Net Income statement. It doesn’t reduce Net Income but comes into play with Diluted Earnings. That is why on the Cash Flow statement you will see it as a line item, otherwise it would be counting it twice on the Cash Flow statement.