Verimatrix and Inside Secure – two of only a handful of innovative DRM players in the market, have cut a deal this week for one to acquire the other. The structure of the deal is complex because Inside Secure is a public company in France, and Verimatrix is a US VC-funded start up we first came across 15 years ago. Our take is that this deal is a case of what happens when a group of VC investors get too long in the tooth, and need to get out of a particular investment.
Technically, Verimatrix is being sold to the smaller Inside Secure and for the first time accurate numbers from the previously private Verimatrix are included, showing it to have revenues of $78.7 million with $14.5 million in EBITDA in the twelve-month period ended September 30, 2018.
So there is some tail wagging the dog here, with Verimatrix shareholders looking like the shadow movers behind the deal – and a simple truth about the two businesses, they may not have been the best of friends in the past, but their customers and technologies do not share a significant overlap, but are close enough to one another, for the deal to make sense.
Both offer content protection and DRM – Inside Secure mostly an on-device agent in apps on handsets, and Verimatrix supplies full multi-DRM to about 800 operator customers – and both have been looking for new markets.
Inside Secure sold off its security semiconductor business to WISeKey, and has had successful forays into whitebox encryption, a form of mathematical key obfuscation, when it bought Metaforic, and also into advertising verification and mobile payments. Meanwhile, Verimatrix has acquired two small businesses in video QoE analytics, and built its own Verspective analytics product, and recently launched Viewthority, a content distribution platform for rights holders.
And both definitively see their future in protecting IoT end points, such as connected cars – with immature offerings which they can now merge and accelerate to market. But this deal has taken some doing, with the key enablers being attracting debt players on both sides of the Atlantic to buy out the Verimatrix shareholders and lay a carrot to the existing management for a multi-million dollar earn out.
The geographic split is also interesting, with Inside Secure having some success in Asia Pacific, as well as its native Europe and some business in the US, while Verimatrix is split mostly across the US, and Europe, although it does have customers around the world, in Asia and Latin America.
When we asked about the deal, we were told that few details have been decided yet, like who will run which parts of the business, who will be on the earn-out team at Verimatrix and what brands they will do business under. It seems likely that the public Inside Secure CEO, Amedeo D’Angelo, will be in overall charge because there is an issuing of more shares and options to him as part of this deal, with 220,000 performance shares. But they are only contingent upon him working there for a further two years and completing the Verimatrix deal, so he could bow out at that time.
We did hear murmurs about a year ago that a number of private equity groups were sniffing around the security market, trying to make things happen – some kind of roll-up which could involve Verimatrix. We were ourselves interviewed by one such investor on what we thought of a variety of security players. This may not be any more than an echo of that rumor, but this is how investors in companies that are both profitable and which have cash, have to work for an exit, especially in an unattractive IPO market. They have probably talked quietly to everyone in the market and this is the final plan of action.
The deal is clearly only a day or so old, and is an intent for Inside Secure, which has revenues on track for between $38 million to $42 million this year (against the $78.7 million of Verimatrix) – to acquire the US firm. That puts them on course for $119 million of revenues post-merger, with a $21.5 million EBITDA. Cross-selling alone to existing customers might inflate this by $10 million in the first year and over a couple of years, about $10 million in cost savings will make it a fundamentally more profitable company.
The interesting thing is that between them they expect to reach $150 million in revenues within two years, and should complete in early 2019. That could make them a diversified security group, including IoT and cloud cyber security, and not one overly dependent on the meagre margins of media DRM, which has been their thin gruel of late. The involvement of the major browser companies – in Microsoft, Apple and Google – in DRM, has dropped price expectations dramatically in this core market.
The price of the deal is $143 million all in cash, nice and simple for all the shareholders of Verimatrix. But since Verimatrix has $18 million in the bank, that values the enterprise at $125 million, not far short of 2x revenues. There is an earn-out which is likely to reach $9 million payable in Q2 2019 (maximum of $15 million), so expect those who are leaving to make their move then.
The deal has been funded by existing Inside Secure cash at $38 million, debt of $54 million from London-based Apera Capital and the distribution of fresh Inside Secure debt-equity. We suspect that this deal would have diluted insiders at Inside Secure, hence the provision to raise the existing CEO’s share pool and a pool of 1.3 million additional stock options and performance shares available to be issued to other executives.
One Equity Partners (OEP), the private equity arm of JP Morgan, will take much of that new stock in the form of convertible bonds, and it will be available to fund the earn out and cashflow into the future, if the French financial market doesn’t find it attractive to do so. If not redeemed in two years, this will convert to shares and OEP gets a seat on the board. Verimatrix has 300 people in 20 countries, but most in California and in Germany, we believe Inside Secure has around half that number of employees.
Tom Munro, CEO of Verimatrix said, “This transaction allows a great combination of technologies and expertise, bringing two well-respected market players together. It’s exciting to create a company with such a clear focus, a global presence, and a depth of expertise in the applications of security and analytics across critical market segments.” For once, we think the quote provided in the release actually adequately describes the deal, and we have expected something like this for the past 4 or 5 years.