Darktrace plc (OTCPK:DRKTF) Q4 2022 Earnings Conference Call September 8, 2022 9:00 AM ET
Company Participants
Poppy Gustafsson – Chief Executive Officer
Cathy Graham – Chief Financial Officer
Max Heinemeyer – Chief Product Officer
Luk Janssens – Head of Investor Relations
Gregory Smith – Chief Information Officer, American Kidney Fund
Conference Call Participants
Operator
Hello ladies and gentlemen and welcome to Darktrace plc’s full year 2022 results. I’m Luk Janssens, Head of Investor Relations. I’m joined by Poppy Gustafsson, our CEO, Cathy Graham, our CFO, and Max Heinemeyer, our newly appointed Chief Product Officer. Together they will present for 30 minutes, after which we will conduct a question and answer session. We welcome questions from participants using the chat function, and you can start submitting them throughout the presentation.
Here is a disclaimer which you can review, but now let me hand over to the CEO of Darktrace, Poppy Gustafsson to open the presentation. Over to you, Poppy.
Poppy Gustafsson
Thank you Luk, and welcome everyone to this call. I want to start by acknowledging the recent news that the offer period that commenced in August has now passed. As a reminder, in early August we received an unsolicited approach from Thoma Bravo, and in keeping with our fiduciary duties, exploratory conversations followed. Thoma Bravo is a well respected organization with a number of cyber security investments, and it is no surprise that our world-leading technology caught their eye. However, I firmly believe, and so does our board, that we still have so much more value to bring to this business as an independent company.
We have a set of world-class technology products with enormous potential and a business full of [indiscernible] people. We’re executing against a very large total addressable market as cyber security is now a must have for any organization, and just as a reminder, we have more than delivered on all of the key financial metrics that we set out at the IPO. We were the most successful IPO on the London Stock Exchange during 2021, and today we are one of Europe’s fastest growing technology companies, and that was just year one.
With that, let’s turn to our full year financial results, marking the end of our first year as a public company. We have been very busy and that hard work has paid off. What a fantastic year it has been. We have delivered a strong financial performance in the second half of the fiscal year, 46% revenue growth, 43% constant currency ARR growth. The business is delivering over half a billion dollars of ARR. We have over 7,400 customers globally and we’re delivering this stellar growth profitably with an adjusted EBITDA margin in FY22 of 22%.
In addition, I’m also pleased that these better than expected headline results are accompanied with improving KPIs with lower churn and higher net retention rate. Today we are reiterating our guidance for FY23, meaning we expect year-on-year constant currency ARR growth of 31% to 34% and adjusted EBITDA margin of 15% to 18%, reflecting the strength and profitability of our underlying business model.
My personal highlight was the launch of our new product family, Prevent. As we’re hearing from customers, this is exactly the right product at the right time as business leaders are increasingly looking for ways to prevent business disruption while lowering costs and maintaining compliance. Max will be talking more about this terrific reception we are receiving from early adopter customers later on.
Prevent is a major component of our vision for cyber AI loop and an important milestone in our long term technology vision. The loop is an always-on feedback system with deep interconnected understanding of the enterprise. It creates a virtuous cycle in which each capability strengthens and hardens the entire security ecosystem and allows organizations to not just prevent, detect, respond and heal from cyber attacks, but to do all of these all at once and all of the time. The cyber AI loop has always been an ambitious technology vision, something that has never been done before in cyber security, and with the launch of Prevent, we are another stop closer to achieving it.
The reason that we at Darktrace are uniquely positioned to deliver this vision is because every component of the loop is underpinned by self-learning AI, Darktrace’s real USP. Self learning AI knows you. While the majority of the cyber security industry takes an outside view on risk by focusing on the attacker and historical attack techniques, we understand the risks from a different perspective by first understanding you and your organization. Our technology learns what normal looks like and then uses that understanding to rapidly and autonomously spot and stop attacks which have never been seen before. Based on mathematical models and unique to each organization, self learning AI delivers always-on, continuously evolving security which is complementary to other defense solutions on the market.
Taking a step back to look at the broader threat landscape, cyber is no longer just a focus of IT professionals and cyber security CEOs, such as myself. It is one of the biggest threats to modern society. Our world is a digital one. Our communications, our power supplies, logistics, water and critical services, they are all provided by organizations that are built upon digital foundations. We assume that those foundations are resilient. Increasingly those assumptions are being challenged.
Over the past year, we have seen several cyber attacks with substantial repercussions on businesses, governments and people around the world. Without doubt, the most high profile crisis in the last year has been Russia’s invasion of Ukraine. Whilst this was not the Big Bang cyber event that many were expecting, damage has still been done as we see a dripping tap of cyber warfare being repeatedly used to erode societal structures and support the physical invasion.
The geopolitical landscape has heightened the urgency for all organizations to proactively mitigate cyber risk as the threat of nation state attacks looms larger than ever and as the consequences of mass scale cyber conflicts are felt more broadly. The reality is that today there is a constant flow of major cyber instances threatening to impact critical infrastructure and global supply chains and stop people and businesses from getting on with their day-to-day. Adversaries continue to innovate and the next wave of cyber offensive capability is already taking shape.
In this context, it is no surprise that the security team, whose job it is to defend our organizations, are busier than ever. Conventional cyber security solutions typically result in long checklists that must be addressed manually [indiscernible] often neglected by overstretched security departments. Their digital territory is bigger than ever with more threats than ever before.
In July 2022, our team of analysts studied the external vulnerability data of over 150 organizations and found that 85% of high-risk vulnerabilities are not patched within one week and 70% are still unpatched after one month, leaving organizations exposed to attack. This isn’t because security teams are not doing their job, it’s because these defenders simply do not have the resources to fight on every front all of the time.
This brings us back to Darktrace Prevent, one of the most exciting developments in our recent product evolution. With Prevent, we are enabling our customers to proactively spot vulnerabilities before attackers get to them and subsequently harden the business’ defenses inside and out to ensure these vulnerabilities are not exploited. This technology has the power to transform the way that industry thinks about cyber security, and our customers are telling us how excited they are about the potential of Prevent.
Let me now hand over to Max, who has been spearheading our efforts in this area.
Max Heinemeyer
Thanks Poppy. I wanted to start off by reminding everyone what we set out to do with Prevent.
Prevent is the culmination of years of R&D in our AI research center in Cambridge. It’s a completely new product family and builds on top of the understanding of self or a business that Poppy just talked about. Prevent identifies the critical assets and applies an attacker’s perspective – how could this be hacked? This knowledge allows organizations to prioritize security efforts most efficiently and wrap protections around these issues by feeding back into detect and respond. This reduces risk proactively. We’re making the job of a cyber attacker much harder. I know this because I started my career as a white hat hacker, or a hacker, myself.
Prevent consists of two products. There is Prevent End-to-End, or E2E, and Prevent Attack Surface Management, or Prevent ASM. These are breaking new ground in the industry and they are all about feeding back into the loop to reduce risks for our customers. E2E on the one hand delivers continuous visibility into the most vulnerable and critical attack paths within an organization. To our knowledge, there is no product with this breadth of capabilities. E2E crucially feeds into detect and respond.
On the other hand, there is Attack Surface Management, or ASM that continuously monitors an organization’s external attack surface for a diverse set of risks, such as shadow IT, unwanted exposure, heighted tech vulnerabilities, and many more. It is establishing itself as a strong market [indiscernible] at the moment and is well known to security professionals.
We’ve been really pleased with how the rollout has gone since Prevent was made generally available in August. At the major cyber conference, Black Hat in early August, I had the pleasant opportunity to talk to peers, fellow hackers, customers and prospects about Prevent, and the feedback has been very positive indeed. For several days, we presented Prevent to customers and prospects, had discussions and showed demos on how the product works. This really demonstrated to us that we’re striking a chord here. Security teams want to become more proactive but haven’t found the right solutions yet. We have exactly what they need.
With Prevent, we can finally tell customers what needs protecting the most and what the impact of a compromise can be by taking our self learning AI and overlaying the view of an attacker. For example, for one organization we discovered that a new product they were working on was exposed to the internet on the attack surface. They were completely unaware of this. This was a brand and business risk that went straight to their executive team.
For another organization, Darktrace had learned the organization from the ground up and we immediately saw that one of their mid-level IT people stood out from all of the rest. He had an extreme overload of permissions. That person could basically do anything anywhere in the organization. The person was also susceptible to social engineering, which we validated with an AI-generated social engineering attack straight away. We basically showed within minutes that the organization could burn to the ground easily if an attacker hit this one person. They weren’t aware of that permission problem and we showed them that it’s not just a theoretical risk.
That desire to become more proactive is also broadly reflected in our customer base. We’ve got the longest list of opt-ins that we’ve ever seen and still growing. We have closed a number of Prevent deals already even though it’s only been available for the last month or so. I’ve personally never seen as many jaw drop moments in my career in [indiscernible] meetings as I’ve seen with Prevent, and don’t just hear it from me. Here, you can see some of our costumer testimonials.
We are excited to continue rolling Prevent out to both new and existing customers, transforming the way that organizations [indiscernible] to protect themselves from the threats that we are dealing with today and tomorrow.
With that, I pass it back over to Poppy.
Poppy Gustafsson
Thanks you Max.
As you can hear, we are super excited about the potential of Prevent to transform our customers’ approach to security. Brilliant products like this are the outcome of hard work from our teams in our AI research center in Cambridge and increasingly from our second European R&D center in The Hague after our acquisition of Cybersprint earlier this year. The team’s headcount there has gone up by nearly 30% and now comprises over 150 experts in disciplines from mathematics and astrophysics through to linguistics and data [indiscernible]. It boasts over 80 Masters degrees, 30 doctorates, and under Jack Stockdale’s leadership the team is relentlessly interrogating how AI can be applied to real world problems and augment human capability. Today we have filed more than 115 applications with over 30 of those already issued as a result of their efforts.
This team has continued to improve our existing products in the second half, adding an early warning system to Darktrace Respond, which allows members of the Darktrace community to contribute and to benefit from insights gleaned from across the fleet. We also extended our detect and respond capability to Zero Trust technology.
What else have we been up to? First, I want to talk a bit about our customers and other updates. We are proud to be protecting over 7, 400 organizations today, helping them to regain the upper hand in the battle against an ever-changing threat landscape. Not only did we improve and expand our product set for existing customers but we continued to grow our customers’ success team which is focused on ensuring customers have the best possible experience with Darktrace. This is reflected in the 2.8 percentage point increase in the net ARR retention rate from 103% to 106% in the period.
Understanding our customers is important to us, and so we commissioned an independent research organization to survey cyber security experts to understand what their experience with Darktrace has been like. I’m really proud to say that the data showed that 90% of customers surveyed found that our technology is more effective at identifying threats than other solutions have been. Respondents highlighted how our technology helps teams with limited resources to scale their efforts, particularly in big global organizations, as well as a breadth of use cases we are able to address and how passionate our team is about the technology. But even more importantly, we are also using the result of the survey to identify areas for improvement so we can do an even better job for our customers and continue enhancing our value proposition.
I’ll pass over now to a very happy customer, Gregory Smith, Chief Information Officer at
American Kidney Fund who uses Darktrace’s technology to stay secure.
Gregory Smith
My name is Gregory Smith. I am the Chief Information Officer for the American Kidney Fund. What we do at the American Kidney Fund is we fight on all fronts to help protect the 37 million Americans with kidney disease and millions more that have hidden symptoms of kidney disease.
Darktrace is applied for our email system enterprise wide, our Office 365 environment including our Teams collaboration platform for every license and every mailbox across the enterprise, so it’s a pretty comprehensive footprint of cyber security protection. CIOs have got to start thinking offensively instead of defensively, and Darktrace is one of the tools that we employ in our arsenal to do just that. What Darktrace was able to identify and block and allow us to block through configurations, especially at the GIOP blocking level, was substantial and it was a game-changer decision for us to select Darktrace over the other provider.
The MDR algorithms out there take a collaborative approach for collecting risks, piping those up into a centralized cloud database and leveraging that database for agent-based actions. Darktrace takes a very different approach, and now I understand why it’s such an effective tool. It takes the approach that every customer environment is its own AI database, and it leverages the knowledge to hone a faster algorithmic response. Darktrace’s algorithms are focused on one thing, and it’s your organization. It’s not any other organization, it’s yours. It learns faster, it adapts faster, it morphs faster, so what Darktrace does for us, it saves us an immense amount of labor and time that my team doesn’t have to spend keeping our platform safe.
Computer scientists throughout history have written algorithms to make things that are manual much more automated and much more efficient, and Darktrace’s engineers have done just that with regards to the risks to cyber security.
Poppy Gustafsson
Thank you Gregory for that.
We have always had a very diverse customer base, and this year was no different. We added 1,800 new customers to our roster across a huge range of sectors. We closed a number of significant deals in the second half with organizations in the sporting industry through the aviation sector, healthcare providers, global semiconductor providers, and manufacturing giants. Every customer win represents a step forward in capturing a significant total addressable market ahead of us and means that we’re getting closer to fulfilling our mission of freeing the world from cyber disruption.
Outside of what’s happening on the product and customer side of things, I wanted to take the chance to talk to you today about other exciting developments happening across the business. Earlier in the year, we announced that we were launching Darktrace Federal, a new division to serve the U.S. Department of Defense, the U.S. intelligence community, and national critical infrastructure providers. The team is based in Reston, Virginia and boasts experts in critical infrastructure and former members of the U.S. intelligence community. We’ve appointed Marcus Fowler as Darktrace’s federal CEO. Marcus spent 15 years at the CIA developing a global cyber operation and has been part of the Darktrace team for several years.
Finally, some of you will remember from the Prevent launch that we have conducted a thorough review and update of our brand and positioning as a result of our expanded product portfolio and subsequently updated our brand proposition, including how we convey the value of our technology and the commitment that we make to our customers. We’re really pleased with the new positioning which better reflects our product set and highlights the contribution that our technology makes to society. You’ll see this new proposition reflected in our brand-new look and feel, including the launch of our newly designed website.
Now before I come back to talk about our immediate business priorities, I’ll pass over to Cathy to go through the financial review.
Cathy Graham
Thanks Poppy. I’m pleased to be here sharing both our final FY22 results and additional detail around our expectations for FY23. Before we move to the year’s numbers, however, I want to address two things you should understand before reviewing our results.
First, for customer ARR and ARR-related measures, we have re-cast the impact of Cybersprint to report these measures as though it had been owned in all periods presented. We’ve done this to improve comparability particularly in the second half of FY23 by reflecting all Cybersprint customers and ARR added at the contract date rather than at the acquisition date.
Second, in preparing our FY22 results, we determined that $3.8 million of the revenue we were recognizing in FY22 was related to prior periods and should more appropriately be recognized in FY21. This difference was discovered after in the second half of the year, we enhanced our revenue reporting systems to allow us to analyze contracts at a more granular level. This identified a limited group of contracts, largely contracts that had post-commencement modifications, where a portion of the contract revenue should have been recognized in prior periods. As a result, we’ve reallocated approximately $3.8 million in revenue from FY22 to FY21, reducing revenue recorded in FY22 to $415.5 million from the $419.2 million that we otherwise expected. However, as FY21 revenue is increasing by the same amount, the combined revenue of FY21 and FY22 remains unchanged.
Most importantly, we didn’t find any differences in total revenue across these contracts, so this adjustment was made solely to correct the timing of revenue recognition and ensure proper revenue recognition going forward. Further, this adjustment has not impact on ARR or its related measures, cash position, or the U.S. dollar value of Darktrace’s FY23 guidance.
Turning back to our FY22 results, Darktrace continued to deliver strong growth across our customer base, ARR and revenue, as well as delivering and maintaining the improvements to key customer and contract metrics. At $415.5 million, FY22 revenue grew by 45.7% over the adjusted prior year with more than 99% of our revenue continuing to come from subscription sales. This combined with our multi-year contract structure creates significant RPO, or contracted backlog, which at over a billion dollars was up 31.5% over the prior year. With plus or minus 80% of our annual revenue typically being in RPO at the start of the financial year, we maintain a high recurring revenue base and significant revenue visibility.
To drive continual top line growth, we focus the business on expanding constant currency ARR. During FY22, we delivered net ARR added of $153.7 million, 36.8% greater than in prior year, increasing our constant currency ARR by 42.6% year-over-year to $514.4 million. In a reverse of our FY21 experience, when ARR growth in U.S. dollar terms outpaced that in constant currency, the significant foreign exchange headwinds in the last half of the year had our constant currency measures coming in ahead of the U.S. dollar equivalents for FY22. U.S. dollar ARR ended the year at $484.9 million for 34.4% year-over-year growth.
Growth in our ARR measures continued to be driven primarily by the addition of new customers. Year-over-year, we added, 1808 net new customer, a 32.1% year-over-year increase. We also saw movement in other new and existing customer contract metrics. Year-over-year, the average ARR of new customer contracts increased by 13.4% and combined with significant year-over-year ARR uplift per existing customer resulted in a 7.9% year-over-year increase in average contract ARR across our customer base.
We continued to sell across a broad range of customer and contract sizes; however, driven by the period-over-period increase in average contract ARR, our account distribution shifted slightly towards larger accounts. For FY22, 52% of ARR came from the 17% of customers with ARR more than $100,000, compared with 49% of the ARR from 15% of the customers in FY21.
Also key to this shift was a continued deepening of product penetration. At the end of FY22, 69.3% of our customers had three or more products and 46.4% of customers had four or more. This reflected the year-over-year shift towards three-plus and four-plus products of 7.4 percentage points in both categories. Subsequent to year end, we launched the first two products in our Prevent family, bringing our product set-up to 12. While our customers still buy most of their products from us upfront, we have strengthened our up-sell focus over the past year and these new products should further support both upfront and up-sell product penetration.
With our half year report, we told you one-year gross churn and net ARR retention rates had significantly improved year-over-year as the smaller end of our customer base stabilized after early pandemic impacts, our customer success team reached the scale and maturity to influence results, and we continued to focus on up-sell activity. I’m pleased to say that in the second half, those improvements have largely been maintained.
At year end and after adjusting for the retrospective treatment of Cybersprint, one-year constant currency gross ARR churn was 6.5%. This was a one percentage point improvement year-over-year though a slight 2/10ths of a percentage point worse than at midyear; but as we’d said previously, with churn now in the sixes, we expect it to fluctuate within what we see as the normal operating range for the profile of our customer base.
Remember that while a ubiquitous platform gives us a large addressable market and long sales runway, the resulting smaller average customer size means that our gross ARR churn will naturally be a bit higher than vendors who specifically target larger enterprises. That said, retention has been holding amongst our smaller customers as we’ve expanded our ability to manage and demonstrate value in those relationships, and our churn has continued to benefit as we’ve delivered larger contract values and deeper product penetration, where retention tends to be higher.
In addition to maintaining an appropriate one-year gross churn for the profile of our customer base, we have continued a steady focus on up-sell activities. This resulted in a net ARR retention rate at year-end of 105.5%, a 2.5 percentage point year-over-year improvement and, after adjusting to reflect Cybersprint on this retroactive basis, 3/10ths of a percentage point better than at midyear. While our primary focus remains on new customer acquisition, as our customer base continues to grow, it makes more and more sense for us to increase the attention we pay to existing customer product adoption.
We’ve already talked about revenue, so now let’s spend a few minutes on cost trends and their impact on profitability. For FY22, gross margins stayed within our expected range but declined by 8/10ths of a percentage point versus the prior year. This was largely driven by an increase in hosting costs as we expand and drive sales of our cloud-based offerings and our customers continue to work in hybrid environments. We are continuously looking for technical efficiencies in our deployment costs and with respect to cloud costs have negotiated volume-based arrangements that will allow us to take advantage of unit cost efficiencies as we grow.
In aggregate, FY22 operating expenses remained below our initial expectations, largely because of three factors. First, travel and entertainment expenses were slower to return than we had forecasted, though they did pick up meaningfully in the second half of the year. We believe these costs are still scaling and we have a way to go before they reach normal rate of growth relative to the growth of our business. Second, it took longer than expected to re-contract many of the offices we let go during the pandemic and to get our staff back onsite. We believe these costs have now been fully restored and expect for periodic step functions inherent in opening key new or expanded offices. We believe facilities’ costs should now scale in line with our business. Finally, we were below planned staffing levels for much of the first half, though we have since largely caught up to our year-end expectations.
Within our operating cost categories, we pay close attention to other operating costs which excludes T&E, facilities, and share-based payment costs. This removes the impact of costs that are currently volatile, in transition or out of our control, and allows us to more readily assess whether our recurring cost movements align with our goals. In sales and marketing, these core other operating costs, which made up 84% of the total expense category in both FY22 and FY21, remain a bit lower than we typically expect due to the three factors we just discussed.
That said, these factors were not a major driver of the 8.7 percentage point reduction in these costs as a percent of revenue. As we continue to leverage our expanding customer base in multi-year contracts, the economies of scale we’re driving in customer acquisition costs are being reduced.
In R&D, these other operating costs, which made up 64% and 55% of the total category expense in FY22 and FY21 respectively, increased by 1.3 percentage points as a percent of revenue between the periods. This increase was driven by a 45.4% increase in staffing costs because of both an increase in the weighted average number of employees by 28.1% and retention-related compensation changes across this key employee group. Hiring into our development and broader R&D teams remains a core focus of the company and the capabilities gained through the acquisition of Cybersprint in March of this year represents a significant step in our R&D expansion.
In other administrative expenses, these operating costs, which made up 71% and 77% of the total category expenses in FY22 and FY21 respectively, decreased by 6.8 percentage points as a percent of revenue. This decrease was driven by economies of scale that are now emerging after a period of expansion preparing for our IPO and to absorb public company costs. I’ll remind you that our customer success group sits within this cost category, so continued investment in this area is partly offsetting economies of scale emerging elsewhere. Additionally, most early investments in our new U.S. federal division are also captured in G&A, further offsetting some economies of scale.
Relative to the prior year, FY22 share-based payment charges increased in aggregate, largely reflecting a full period of costs for private to public transition schemes put in place at IPO. Movement in these charges across our cost categories are related entirely to the types and timing of prior grants and their related vesting, not to any policies or practices around who is eligible to participate in our grant plans.
For FY22, we reported a net profit of $1.5 million, a $147.3 million improvement from the net loss reported in prior year. While economies of scale were a part of this shift, the biggest factor was a $106.4 million reduction in finance costs between the two periods. In FY21, we recognized non-cash finance costs related to $163 million in convertible notes, the proceeds of which were primarily used to buy back shares as a part of restructuring our ownership before listing. The notes converted upon IPO and the related non-cash charges stopped, so in FY22 we have only a normal level of bank charges, letter of credit fees, and other operating finance costs.
For anyone who wants to dig deeper into our cost trends, we’ve provided a schedule showing additional cost breakdowns and their period-over-period movements in the appendix to this presentation.
One of the core features underlying our business model is that multi-year contracts create increasing levels of committed revenue backlog. This has continued to underpin the scale efficiencies that drove year-over-year improvement across all our earnings measures.
Year-over-year adjusted EBITDA increased by 173% to $91.4 million and adjusted EBITDA margin of 22%. We continue to see economies of scale across the business, but particularly in sales and marketing where we recognize continuing revenue from prior period contracts, though a significant portion of the cost of acquisition was incurred in those prior periods.
With respect to the add-backs used to calculate these measures, we’ve presented our adjusting items here by cost category. As a reminder of what we told you at midyear, we booked a catch-up adjustment in the first half of FY22 to reflect our decision to capitalize the share-based payment charges related to other capitalized R&D labor now that those amounts have become material.
Lastly, we’re now providing a free cash flow measure with our annual results and have established our FCF definition based on those used by similar companies. For FY22, free cash flow increased by 290.2% to $99.5 million, driven by the economies of scale and other factors we discussed that improved our earnings measures. This represented approximately 108.9% of adjusted EBITDA, which is above our stated 90% target within the typical 75% to 105% range. We provide this plus-or-minus 15 percentage point of target range because we know that in any period, free cash flow can vary significantly because of invoicing, collections, and other cash flow timing.
With our audit of FY22 now complete, we are confirming the expectations for FY23 we provided in our July trading update. Let me first remind you that for purposes of reporting constant currency ARR and related measures, we have reset our constant currency rates and opening ARR balance for FY23. At FY23 rates, we have an ARR balance of $484.9 million at 30 June 22, which is what we’ll measure constant currency ARR growth against for FY23.
In maintaining our previously stated FY23 guidance, we are continuing to monitor the strong demand for cyber security products balanced against the uncertainties inherent in the current global economic environment. For constant currency ARR, we confirm our expectations for FY23 year-over-year growth of between 31% and 34%. Measured against our final FY22 numbers, this implies year-over-year growth in net constant currency ARR added of between 4% and 14%.
Driven by our ARR expectations and based on our final FY22 revenue, we are increasing our FY23 percentage growth expectations to between 30% and 33% for revenue. This maintains the U.S. dollar revenue expectations for FY23 that would have been derived had revenue we were recognizing in FY22 not been reallocated to FY21.
I’ll also remind you that our revenue growth expectations incorporate the impact of significant exchange rate movements in late FY22. To size this impact for you, our guidance represents approximately 45% less revenue and 6 to 7 percentage points lower revenue growth than we would have been presenting if monthly exchange rates were equal to those in effect in FY22. This impact will be particularly apparent in year-over-year growth comparisons for the first six to nine months of the year, which are expected to be dampened by the significant year-over-year movements in sterling and the euro relative to the U.S. dollar.
As a reminder, our business has significant net ARR added seasonality across the finance year and typically experiences softer first quarter sales and new ARR generation. Because of the high percentage in each financial year’s revenue that is under contract prior to the start of the year, however, these seasonal patterns do not apply to revenue. Additionally, in line with previous patterns, we currently expect that approximately 45% to 46% of both constant currency net ARR added and revenue will be recognized in the first half of FY23. This pattern should be further supported by our recent launch of the first two products of the Prevent product family for both new and existing customers. We anticipate these will begin to contribute positively to our growth and net retention results starting in the second half of this year.
Turning to profitability, we are confirming an expected adjusted EBITDA margin for FY23 of between 15% and 18%. While we expect to maintain many of the true economies of scale evident in our ’22 financials, please remember that as well as having to reflect the current exchange rate environment, we are also bridging from FY22 where travel and entertainment, facilities and other costs were suppressed by pandemic restrictions for a large portion of the year.
Moving through later FY22 and FY23, restrictions have been released and we see these costs returning, but now further burdened by inflationary pressures across our costs. While we acknowledge that these overarching economic factors may be with us for a while, we do not believe they will have any impact on our long term economic model which anticipates adjusted EBIT margins in the mid-20s. This high level model of our steady state financial expectations is available in the appendix to this presentation.
We’re also confirming guidance for free cash flow that we provided for the first time in our July trading update. For FY23, we continue to expect free cash flow to be approximately 60% to 65% of the year’s adjusted EBIT. For this year only, we’re predicting lower than our typical 75% to 105% range due to unusually high cash payments for employer taxes related to the vesting of grants made to a broad group of employees at IPO as a part of the transition from private to public company share plan structures. As these cash payments begin to normalize, we expect our free cash flow generation to move back within our typical range, where it is primarily impacted by variable trends in invoicing, collections, and other cash-related timings.
Finally, in line with our previous statements, we expect that for FY23, dilution from securities issued under employee share plans will be limited to approximately one percent of outstanding shares. Given the vesting structure of the transition grants we made at IPO, we expect the combination of share-based payment and related tax charges to remain high through FY23 before they begin to normalize.
In summary, we’re very pleased with our positive FY22 performance reflected in the robust and sustainable growth across our various customer and contract-related metrics and enhanced by economies of scale across our cost base. We not only delivered constant currency ARR and net ARR added growth of 43% and 37% respectively, but we did so with 22% adjusted EBITDA margin and with almost $100 million in free cash flow. Those are great results, and we are not stopping.
In what is clearly a challenging global economic environment, I’m pleased to confirm what continues to be a strong set of expectations for FY23, and with that, I’m going to hand it back to Poppy to talk about our plans for the year ahead.
Poppy Gustafsson
Thank you Cathy. As I said at the outset of this call, there is so much we are excited about as we look ahead to the full year 2023, and we’re hard at work to deliver on our strategic objectives.
Let’s start by looking firstly at how we’re planning to deliver on our cyber AI loop, which we believe is the next generation of cyber security. It’s impossible to overstate how important the loop is both for Darktrace and the wider cyber security industry. It represents a fundamental shift in how we think about cyber security and artificial intelligence with next generation capabilities allowing security teams to get out in front of attackers.
As we said earlier, with the rollout of Prevent, we are giving security teams unprecedented proactive tools to predict and preempt the most complex cyber attacks ever, inside the organization and outside on the attack surface. The next build in the loop will be the release of Heal, which will allow organizations to increase cyber resilience through automation of remediation and recovery planning. Based on groundbreaking technology from our AI research center, Heal will enable businesses to restore assets and systems affected by cyber attacks back to trusted operation state. Guided by our cyber AI analyst, explainable AI which produces clear reports to help human teams prioritize tasks, security teams will be able to make quicker and confident decisions when it comes to identifying assets affected by a cyber attack, their condition and how best to restore them. All of this is being designed to take place during an attack and after with a goal of keeping the business up and running. Taken together, these Prevent, Detect, Respond and Heal will reinforce each other, creating a virtuous circle where each AI brain feeds into the next.
Cyber security is not a static state of being. It is fluid, constantly shifting and adapting as your business and the treat evolves. The loop will continuously optimize an organization’s state of security, reassessing decisions in light of new information to ensure your business’ resilience, whatever the threat of tomorrow might find.
Secondly, let’s turn to what we’re doing to support our people at Darktrace, who are the driving force behind every innovation that we deliver and every sale that we make. You may remember that in our half-year results, I showed you the results of a company-wide survey. Since then, we have conducted a second survey with an even greater participation level and maintained our strong score of 7.8 out of 10, which is above the industry and benchmark. The areas we are focused on personal growth and ensuring employees feel recognized for their contributions and can feed into wider business processes. We are taking further steps to ensure that employees have the training and support they need and that their feedback is being taken into account as we continue to [indiscernible] our systems and processes.
We also have set up an employee forum chaired by Paul Harrison, our Chair of the Audit and Risk Committee, and an independent non-executive director. The forum represents a cross-section of employees across our regions and departments and gives employees the opportunity to express their views and ideas on a range of topics for consideration by the Board.
Finally, a quick update on the evolution of our sales team structure as we keep evolving the business to lean into the large market opportunity that we see ahead of us. As many of you know, in October 2021 we started the process of segmenting the sales team according to the size of the customer’s organization, which will provide another lever for growth. This is all about building in optionality as we scale up the company to go after every one of potential Darktrace customers out there. Now that process is completed, we’re building further on those changes, looking more carefully at the most appropriate POV for the size of the organization, where we are sourcing the lead, and what the up-sell journey looks like. This is all spearheaded by the sales team but also involves collaborating with other team members from areas such as customer success.
As ever, the task ahead of us is to get our groundbreaking technology into the hands of as many organizations as possible. With over 150,000 companies that could benefit from our AI, 20 times our current customer base, we have a huge runway of organic growth ahead of us. This large addressable market is a primary driver of our revenue growth and will remain so in the coming years. The beauty of Darktrace’s AI is that it can be applied to companies of almost all sizes, across all sectors and geographies, and is complementary to traditional security solutions.
To wrap up, I repeat the comment that I started with – we have had a very busy year and we are just starting to explore the opportunity that lies ahead of us. Having consistently outperformed across all of our key metrics, our focus is now on building on this strong performance and pushing the boundaries of how AI can be used to create cyber resilience. With the inevitable uncertainty and distraction of an offer period now removed, we are fully focused on leaning into the opportunities we see ahead of us.
I believe passionately that we have a real edge in the work that we do. We are hugely excited by the continuing evolutions the R&D team are driving in our underlying technologies. We see great opportunities to drive up-sells across our existing customer base, and we continue to advance on getting our proof of value demonstrations to prospective customers around the world and across a wide range of industries.
We remain fundamentally driven by innovation, and our market leading technology combined with a talented workforce means we are well placed to capture the large market opportunity ahead of us onwards to a bright future.
Question-and-Answer Session
Operator
Operator
Be the first to comment