After nearly four years of operating in “stealth mode”, Temasek-StarHub-owned pure-play cybersecurity firm Ensign InfoSecurity has emerged. On Nov 28, the telco hosted its first-ever Investor Day with a sole focus on the cybersecurity unit, which was formed as a merger between cybersecurity firms Quann and Accel Systems & Technologies in 2018, resulting in a 60% ownership by Temasek and 40% ownership by StarHub CC3 .
In StarHub's most recent 3QFY2023 business performance update, the telco said that it has retained assigned rights over Ensign for an additional two years, bringing its effective interest to 55.73%.
Analysts and media had largely been kept in the dark about Ensign’s development, product lines, and go-to-market strategies. But on Nov 28, its group CEO Tammie Tham revealed its playbook of the past few years — this includes seeing a revenue growth of more than 3x, at a CAGR of consistently above 30% over the last five years.
Tham says that the unit brought in a revenue of $253 million in FY2022 ended December. As of the 9MFY2023 ended September, Ensign recorded $244.1 million, a 22.1% y-o-y increase from $199.9 million in the same period a year before.
Analysts from DBS note that Ensign is growing fast and is more valuable than what is reflected in its share price. However, with the inclusion of its indirectly owned subsidiary D’Crypt, Ensign is still loss-making as it continues to invest for growth, says DBS.
According to Nikhil Eapen, CEO of StarHub, Ensign — without the consideration of D’Crypt — has been profitable since 2021. Today, it brings in about 15% of the telco’s total group revenue, which is nearly equally split between its commercial and enterprise segments.
CGS-CIMB analysts Kenneth Tan and Lim Siew Khee say that while Ensign’s ebit contribution to StarHub’s total is relatively small, at about 9% of FY2022’s ebit, they believe the subsidiary is well positioned to capture longer-term tailwinds from growing cybersecurity spending across Asean.
For now, Ensign generates the bulk of its business here, with 76% of its clients from Singapore — comprising more than half from the public sector and about half of its product revenue from managed and professional services. About 70% of its revenue is attributable to system integration.
Tham attributes this higher mix of government clients to the high interest rate environment which has resulted in commercial clients slashing budgets.
DBS analysts note that based on peer average of 4x–6x for cybersecurity companies, and assuming a conservative 2x–3x price to FY2023 revenue for its relatively smaller size, they estimate Ensign to be worth between $600 million and $900 million.
“Given StarHub’s 55.73% effective stake in Ensign, the stake is worth $330 million–$500 million in our opinion, or about 17%–26% of the group’s current market capitalisation of $1.9 billion,” they say.
StarHub has retained the assigned rights of Ensign for an additional two years, with the automatic termination date being fixed for Oct 4, 2025.
The Ensign flywheel
Four components make up Ensign’s product offerings — consultation, design & build, operate and respond. First, Ensign takes an audit of its client’s cybersecurity posture and builds out a programme or framework that details the steps the client has to take over the next three to five years.
Then, Ensign recommends the controls that need to be put in place for the client. This typically comprises a mix of products it may resell from a slew of existing partners, in addition to its in-house system build which will “close the gap” to make up a robust security detail. Tham says that about 20% of its products offered are proprietary and developed in-house.
The cybersecurity unit then offers a security operation centre (SOC) practice for the client, in which it can employ 24 by seven monitoring for anomalous and malicious activities. These can either be done at Ensign’s office in Singapore, or outsourced to the client’s office.
Unlike providing a variety of systems and products for its clients, Tham says that Ensign’s purpose is to improve business resilience and continuity by stitching together solutions.
“Our strength is to glue all this together and operationalise it,” she says. “It’s not just about buying the different controls or different brands of products. At the end of the day, you may not improve your security posture.”
This portion of the business is the largest division within Ensign, taking up about a third of the total workforce, Tham adds.
Ensign then provides manpower to the client to run the cybersecurity framework it has designed, and manages any incidents of suspected breaches of attacks.
At its investor day presentation, Tham demonstrated six different solutions — with a distinctly Mount Olympus flavour — that it has built for its clients. Named after Greek Gods — Melissa, Ares, Helios, Artemis, Apollo and Zeus — each solution addresses a specific client need, from tracking emerging threats to monitoring the threat landscape of a physical location.
Looking ahead, Tham explains three pillars of growth for Ensign: to serve as a single point of accountability for a client’s evolving cybersecurity needs, to innovate on new research and development projects which will strengthen and supplement its proprietary technology stack, and to expand into more overseas markets.
Besides Singapore, Ensign has in-country offices in Malaysia, Indonesia, Hong Kong and South Korea, and serves clients in Brunei, India, London and Australia. Tham aims to expand the firm’s international footprint, beginning with a pure entry into Australia which is 3.5x the size of the cybersecurity market in Singapore.
“We want to be there as a trusted adviser for peacetime and wartime. That means we protect you and detect anomalies during peacetime, and when things start going down, we’ll send in our responders,” says Tham.
