Globant: Better Be Cautious And Wait For A Security Update (NYSE:GLOB)

Some may have read about the March 30, 2022, cyberattack on Globant S.A.’s (NYSE:GLOB) IT systems by Lapsus$, a hacking group. Now, with increased monetization of cybercrimes through ransomware where corporate data is encrypted and rendered useless by hackers until thousands of dollars are paid to them, it is unusual for the company to have only suffered from a data leak without any damage to its software itself.

Thus, this seemingly minor incident may be the reason why after a brief dip below the $240 level, the stock promptly recouped some of its losses to trade in the $263-$264 range the following day, as shown in the chart below.

However, I view this market reaction as complacent in view of the breach committed, and, with this thesis, I assess whether investors are right about investing in the stock or need to be more cautious. First, I try to figure out how this small fish is managing to prosper in a market full of big sharks.

The reason for Globant’s high growth

Globant is an IT consultancy and software development company with a market cap of $11.5 billion. It generated revenues of $1.4 billion in 2021 after delivering a year-on-year increase of 59.32%. Despite growing at such a frantic pace, with over 23,500 employees worldwide, Globant is profitable. This is in sharp contrast with other software companies I have covered for SA which are also growing rapidly but generating fewer revenues than what they are spending on human resources and marketing.

The company has seen steady income during the last nine years and ended 2021 with an operating profit of 12.35%. This may be explained by the list of high-profile clients which includes London’s Metropolitan Police, Rockwell Automation (ROK), Autodesk (ADSK), Banco Santander (SAN), Interbank, and many more. These companies have the ability to pay big money for services and normally allocate contracts to larger IT consultancy plays like Accenture (ACN) and Wipro (WIT), but still choose Globant.

Therefore, there should be some strong differentiator which explains why Globant, despite its relatively smaller market cap of only $10.35 billion, is not only managing to stand up to Accenture (valued at $214.38 billion) but also thriving with quarterly growth figures nearing 60%.

Looking at the industry, corporations look for IT consultants to support them during their digital transformation journey. In this case, in order to differentiate itself with respect to larger competitors having at their disposal considerably higher sales and marketing budgets, Globant had to go a step further than others in the application of technology. In this respect, I listened to a presentation by the CEO Martin Migoya recorded in November 2019 and entitled “Reinventing Digital: 3 Steps to Succeed in the Jungle.” Here, I found that the company started by applying AI and predictive analysis to its functions, like coding, which consists of writing lines of instructions using a programming language.

Going into detail, Globant’s strategy has consisted of using AI to create algorithms to actually understand the functions performed by the code, rather than having to go through the less productive and more time-consuming tasks of writing descriptors that describe what the code actually does.

This means a higher degree of automation and usage of fewer manhours for software development, translating into a better competitive position.

Competition and risks

Furthermore, predictive analysis is applied to the recruitment process, which reduces the probability of staff leaving the company. Diving into its organizational structure, the company has also charted a clear career path for all of its staff and also encourages continuous learning through Globant University. These are useful narratives to tackle the “Great Resignation” dilemma facing employers, especially in the U.S., where many employees simply do not want to commute back to the corporate office after having been addicted to working from home since Covid.

As a matter of fact, Globant’s attrition rate was only 18.7% in the last reported quarter. This compares favorably with one of its competitors, Cognizant (CTSH), as shown in the IDC chart below. Cognizant’s rate peaked at 37% during the third quarter of 2021 from less than 25% in 2020.

Furthermore, Globant’s predictive algorithms, which also make use of past experiences to ensure that employees stick to their jobs instead of switching to the competition, have enabled the company to retain top talent – those who make the difference when dealing with customers. This has translated into a leadership position alongside some big names in the software development and consulting space as shown in the leader’s circle above.

On the other hand, this leadership position may be tainted after the company confirmed that it had been hacked on March 30 as part of a news update as shown in the extract below.

While Globant’s software or infrastructure was not compromised and the Lapsus$ hacking group consists mostly of teenagers who appear to be practicing their skills at cracking passwords and trying to become famous, the incident has nonetheless been treated as a cybercrime by the U.K. police. Some of the perpetrators have been arrested.

For Globant, this means that the damage is significant from the trust perspective as it shows that there is a vulnerability in its own cybersecurity protection.

The problem may be exacerbated by hostile nation-state actors who are now knowledgeable about the weak points (including some credentials which have been leaked) of using Globant’s software. They may access its client’s IT systems in what is termed as a supply-chain attack. This is where hackers use workarounds to compromise their targets instead of orchestrating a direct attack. This was the case when SolarWinds’ (SWI) seemingly-harmless monitoring software was used to adversely impact Microsoft’s (NASDAQ:MSFT) Active Directory during the Sunburst attacks in December 2020.

Valuations and key takeaways

At that time, SolarWinds’ shares had plummeted by over 25%. Hence, potential downside risks are the reasons why investors must wait for a comprehensive update as to the measures which have been put in place by Globant to prevent any such attack in the future. Details as to the cybersecurity companies protecting the company’s IT assets should also be disclosed as well as the reason why no alert was triggered, with evidence of the hack only obtained through torrent, used for file distribution over the internet.

As for valuations, operating in a sector that should see over $10 trillion of spending over a five-year period, Globant, despite the risks, is certainly not a stock to ignore. With its ability to use AI for predictive analysis, Globant’s services are likely to be continually solicited as enterprises move to the next phase of digital transformation, one where more actionable functions are required.

Along the same lines, Globant’s growth, gross profit margin, and debt to equity metrics are superior with respect to peers (table below). Also, with its presence in India, access to the relatively cheaper Indian software developer talent pool constitutes a positive to face the high wage inflation prevailing in the U.S.

As for my take on the stock, investors will note that I am neither bearish nor calling for a sell-off. In fact, Globant is more of a hold for now due to its competitive strength in the IT consultancy and software sectors. Also, to be realistic, cyberattacks do happen and the kids at Lapsus$ can also boast to have had the mighty Microsoft on their list of successful hacks.

Finally, that communique by Globant is not sufficient considering the threats facing U.S. and western interests after the escalation in the East European conflict. This is especially true given the fact that Globant’s customers include entities like banks and government agencies which are prime targets for hackers. Thus, it is better to be cautious and not resort to any dip-buying until the company issues a comprehensive security update.