Darktrace ‘cleared by EY’ following short seller attackby
Cybersecurity company Darktrace has said it has been cleared by EY, after it hired the Big Four firm to review its books following accusations of financial inaccuracies by a short seller.
The British-American company’s accounts won’t be altered following the external investigation, it said, as EY did not produce findings that would “change their belief that those financial statements fairly represent Darktrace’s financial position”.
The auditor did note several areas of the Cambridge-headquartered businesses systems that could be improved, including errors and inconsistencies in new channel contracts.
It did not say if EY agreed that its accounts should not be amended.
Darktrace said it was already aware of the historical weaknesses and that report will be sent to the UK’s Financial Conduct Authority (FCA) and Financial Reporting Council (FRC).
“In addition, Grant Thornton’s audit opinions for prior years remain unchanged and the audit for FY 2023 is in progress,” the firm added in a statement to investors.
‘Report should be made public’
The firm’s share price jumped 19% on the announcement, having been rocked in January following the release of a 70-page dossier by New York-based short seller Quintessential Capital Management.
Quintessential said it feared that “sales, margins, and growth rates may be overstated and close to a sharp correction”.
The firm said EY’s investigation should be published, adding: “Darktrace’s announcement of EY’s findings does little to mollify our concerns.”
“It is noteworthy to mention that the decision on the materiality of these errors and inconsistencies, as well as the decision not to proceed with accounting restatements, appear to be the sole judgments of Darktrace and its board, rather than recommendations from EY,” the company said in a statement.
“The report should be made public for all to assess. We even wrote an open letter to EY urging them to do so,” it said.
However, a Darktrace spokesperson said the report contained “a lot of commercially sensitive information in there and [it] was never intended for wider dissemination,” adding that it would be checked by regulators.
Founded in 2013, Darktrace specialises in cyber-defence and has a second headquarters in San Francisco’s Silicon Valley. It is listed on the London Stock Exchange and is inside the FTSE 250 Index.
Rumours of a takeover were scotched last year when US private equity firm Thoma Bravo ended its interest after Darktrace missed its own forecast for revenue.
The cybersecurity firm said $3.8m of revenue should have been reported in the prior financial year, and the error resulted in revenue coming in at $415.5m, 45.7% higher than the restated 2021 figure.
Darktrace’s share price plummeted, and was pushed further down by short selling months later.
While demand for cybersecurity services is booming, the company’s financial processes were questioned by Quintessential, which said it was “deeply sceptical about the validity of Darktrace's financial statements”.
It alleged to have found flaws in Darktrace’s accounting, including “round-tripping” and “channel stuffing” practices that seek to inflate revenue, and said sales and growth rates may have been overstated.
Darktrace hit back at the firm, maintained there were no flaws in its bookkeeping, and immediately called in EY to carry out the independent probe.
Mike Lynch, the British tech entrepreneur ruled by a judge to have conduced an elaborate corporate fraud when he sold his company Autonomy in 2011, was an early investor in Darktrace.
The Times reported that Lynch’s wife sold another multimillion-pound stake in Darktrace following the share price recovery this week. Lynch used about £50m worth of shares in Darktrace, plus $15m in cash as security for his bail in America.
“I doubt even a highly redacted version of the EY report will appear given the circumstances, but Darktrace’s statements have been bullish, so if there really is an issue, it would only make the situation much worse to have acted in this way,” an accountant who asked not to be named told AccountingWEB.
Despite giving itself a clean bill of health, the company admitted in this week’s regulatory filing it faces multiple threats to its business model from the latest wave of generative AI chatbots.
“The release of ChatGPT late last year created a significant shift impacting consumers and, perhaps more importantly, enterprises,” said CEO Poppy Gustafsson. “The risks of IP loss, data protection breaches and evergreen novel attacks at scale are now much higher. AI is increasingly fighting against AI so building a bigger database of known attack data is not enough.”
Looking to FY2024, the company said it expected a slow start with sales to pick up later in the year, in line with returning customer confidence, and it is confident in its subscription-based business model and general direction.
"We have a culture of continuous improvement at Darktrace,” said Cathy Graham, CFO.
“As you would expect and as we said in our FY22 Annual Report, we have an ongoing program to advance our systems, processes, and controls. We have developments already underway, on our roadmap or under consideration across relevant areas of the business, including those covered in EY's review.
“EY provided some valuable recommendations for how we could implement these planned improvements as we move through this journey.”