Good day, thank you for standing by. Welcome to the proposed acquisition of Imperva conference call. At this time, all participants are in a listen-only mode. After the speaker's presentation, there will be a question and answer session. To ask a question during the session, you will need to press * one one on your telephone. You will hear an automated message advising your hand is raised. To withdraw your question, please press * one and one again. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speaker today, Bertrand Delcaire. Please go ahead.
Yes, hello. Good morning. Welcome, thank you for joining us on such short notice. This morning, we will discuss our announcement regarding the acquisition of Imperva. I'm Bertrand Delcaire, the Head of Investor Relations at Thales. With me today are Patrice Caine, Chairman and CEO, Philippe Vallée, Executive Vice President, Digital Identity and Security, and Pascal Bouchiat, CFO of Thales. As usual, this presentation will be in English and followed by a Q&A session, which is webcast live on our website at thalesgroup.com, where the slides and the press release are also available for download. A replay of the call will be available in a few hours. With that, I will now hand over to Patrice Caine.
Thank you, Bertrand. Good morning, everyone, and again, thank you for joining us on such short notice. Let's start with slide number 2. As you have seen, we have announced this morning the acquisition of Imperva. This acquisition represents a rare opportunity for us to create a world-class leader in premium cybersecurity products. As Philippe will show in a minute, Imperva is a market leader in the data and application security markets, which are among the fastest growing cybersecurity product market segments. Its business model is robust. On a standalone basis, we expect it to sustainably follow the so-called Rule of 30, with double-digit growth and an EBIT margin around 20%. From a strategic point of view, its offering is very complementary to ours, massively increasing our total addressable market in these very attractive areas.
More broadly, it allows us to change scale in the overall cybersecurity market. Of course, it creates a lot of shareholder value with $110 million in run rate pre-tax synergy and a significant enhancement of the financial profile of DIS, which is why we are comfortable deploying a significant amount of capital in this acquisition. What are the key financial parameters of this transaction? I'm now on slide number 3. We intend to acquire 100% of Imperva's share capital. The closing shall be pretty rapid by the beginning of 2024, and is, of course, subject to regulatory approvals. The transaction price is based on a $3.6 billion enterprise value. I won't comment on all the valuation multiples here. Obviously, multiples are much higher in the cybersecurity software market than in aerospace and defense.
Let me point out that including run rate synergies, the ratio, EV on EBIT for next year amounts to 17 times, which is a lower multiple than what analysts use today when they value the digital solution part of the DIS, which is above 20 times. The transaction is significantly EPS accretive in the medium term, and Pascal Bouchiat, of course, will come back on this point, on this topic later. Turning to slide four. Let me stress why we are so interested in cybersecurity assets. There are three main reasons. Number one, this is indeed a very attractive market. Cybersecurity is a core challenge for societies as they digitalize, driving decades of fast growth for this market.
No need for me to come back on the exponential growth in the volumes of digital transactions, the numbers of connected devices, and how this trend is further accelerating with the generalization of AI. Like in all of our other markets, advanced technology is essential to deliver it, and it is very much aligned with our purpose: building a future we can all trust, and by doing so, building a sustainable digital future. Number two, it is a market in which we already have a critical mass. We've disclosed the number back in March, and last year, we generated EUR 1.5 billion in sales in this market. Our portfolio includes world-class positions in a few niche product categories and more local positions in sovereign protection products and in projects and services. Number three, cybersecurity is an essential enabler across all our businesses.
Digital connected cockpits, collaborative combat platforms, new generation telecommunication satellites, each of these products absolutely needs state-of-the-art cybersecurity to function. As we explained in the past, for us, introducing digital innovations opens up opportunities to expand our addressable market. I could, for example, mention the adoption of cloud technology by our customers on both civil and military markets, or all the opportunities around secure connectivity. Moving now to slide number 5. Here you see visually how material this transaction will be on the profile of the DIS. With this acquisition, the DIS will become the undisputed second pillar of the group. Combined with the acquisitions we announced last year, it will drive a 60% increase in our total addressable market in civil cybersecurity to EUR 36 billion, giving us plenty of room for long-term growth.
In addition, within civil cybersecurity, it positions us on faster growing markets. You see the external market growth forecast moving up from +10% to +13%. Turning to sales, once the acquisition is completed, i.e., early in 2024, we expect the full DIS portfolio to sustain a solid organic growth pace, 6%-7%. Finally, it will materially increase its EBIT margin potential. We now target a 16.5 EBIT margin for DIS in 2027. In absolute terms, this represents almost EUR 400 million of additional EBIT by then, EUR 350 million if we put aside the internal transfer of the defense and security, civil cybersecurity business to DIS, on which Philippe will elaborate later. All, all in all, this really transforms DIS into a world-class cybersecurity leader and materially enhances its financial profile.
After this quick introduction, let me now give the floor to Philippe, who will explain why he and his team are so positive about this asset and how we expect to generate a lot of value with it.
Thank you, Patrice. I'm now on slide 7, starting with Imperva's identity card. Imperva is a leading global enterprise cybersecurity software company, uniquely positioned on the data security and application security markets. Imperva was founded in 2002 in San Mateo, California, has brought to market, along these 20 years, proven and leading-edge innovative solutions for the cloud and in the cloud. Leading by its market presence, at scale, with around $500 million of revenues, $300 million generated by application security, $200 million generated by its data security value proposition. With a strong presence in all geographies, over half of its revenues come from North America, which is the lead cybersecurity market in terms of size and innovation, also in Europe and in Asia Pacific.
Imperva has more than 6,000 loyal customers, among which 35% belong to the Fortune 100 list, 7 of the top 10 banks, and 6 of the top 10 telecom operators, together with good, cheap, demanding customers, which have the same profile as Thales DIS customers. Turning to slide number 8, looking at the markets Imperva serves. Data security and application security are 2 of the 5 fastest growing market segments, fueled by the combination of the increase in the number of, and the impact of cyberattacks targeting enterprise and government data, like ransomware, and by the growing number of regulation, mandating data protection, like privacy-related laws enacted in the European GDPR, and this is growing nearly by the day. Imperva's data security solution address 3 key dimensions of data security solution.
One, knowing where an enterprise sensitive data is stored or used, being able to classify this data in specific categories like personal data, payment data, etc. Two, implementing governance rules, defining who or what group of people and which application are allowed to access data. Three, monitoring data access to make sure that the governance rule are actually enforced, and nobody is trying to get access. Imperva uses advanced AI to learn what is normal data access pattern and detect abnormal behaviors from users or application. The data security market is a fairly large market of about $9 billion in 2022, growing at a pace of +13% to an even more significant $15 billion total addressable market in 2026.
On application security solutions, Imperva protects application, keeping them running and running only the way they were meant to run after they are deployed, and they protect the data those applications use. Imperva was created around its flagship product called Web Application Firewall, and extended its capabilities to DDoS, which is Distributed Denial of Service, advanced bot protection, and more recently, what we call the API, Application Programming Interface security, as more and more applications rely on APIs today. The application security market is also a sizable market, the size of $3 billion in 2022, doubling in 4 years to reach $6 billion by 2026. Moving now to slide 9.
Imperva has been recognized as a leader in both data security and application security by the top market research companies. As you can see on the upper left, on the slide, KuppingerCole position Imperva as an overall application security leader and ranks Imperva third in its leadership compass. Gartner, another very influential market analyst, position Imperva as a leader for web application and API protection. In the last 2 years, only Imperva garnered many awards in both categories for its technologies, innovation, and customer ratings. Turning now to slide number 10, let me discuss the business and financial profile of Imperva. First, we are talking about an established player with 20 years of accumulated R&D and expertise. I just showed you how technology analysts recognize its product as clear leaders.
Second, its revenue base is, by nature, very recurring, with typically 90% of sales coming from existing customers. Third, as mentioned by Patrice, it has a very robust cybersecurity software business model. On a standalone basis, we expect it to deliver a sustained double-digit growth over the coming years, as it did in the past. Its profitability is similar to other mature software players. It delivers around 80% gross margin, with a cost base of 20% for R&D and 40% for SG&A, for a targeted EBIT margin of around 20%, which we expect to achieve by 2027. In addition, these business models are very cash generative. Excluding interest cash out, we expect to generate around 20% of free cash flow margin by 2027, i.e., a similar level to the EBIT margin.
This business is operating at scale in the U.S. and is now accelerating its global expansion. As part of our due diligence, we analyzed in detail the financial performance over the past three years, and its slightly lower growth and EBIT margin is explained by the important growth investment it conducted over the recent period. First, Imperva decided to migrate its data security customers from a licensed model to a subscription model. This type of migration is very attractive in the long run, enhancing the recurring nature of revenues, but in the short term, it significantly dilutes growth, as you recognize less revenue in the year that you sign or renew a customer contract, hence, the lower growth profile over the past two years. We expect a rapid return to double-digit growth going forward.
Imperva started to see this, by the way, in H1 of 2023, where it recorded an 11% sales growth. Second, it scale up its IT infrastructure. In particular, it materially increased the number of points of presence it operates. Point of presence, which are really needed to deliver application security on a worldwide basis. Finally, it steps up both R&D, and sales, and marketing to ensure a successful migration to this subscription model. In short, as you understood, this is a very attractive company on the standalone basis. Let's start, let's turn to slide number 11, to tell you how complementary is this combination. Now on slide number 12. Data is the most critical asset of company today and will remain in the future. The more digital, the more AI, the higher is the value of data.
At the same time, the volume of data is growing exponentially, and the places where enterprise data is used, or is stored, or is computed, are also more and more diverse. It can be in the public cloud, it can be in private cloud, it can be in a form of hybrid setup. The combination of Thales identity and access management solution, of Thales data security solution, of Imperva data security solution, and Imperva application security solution is fully complementary. At the same time, there is no overlap at all between the two companies, which makes this combination even more appealing to our customers. Thales was not present in application security, and Imperva, for example, was not present in identity and access management. In data security, each company comes from a different starting point. Encryption and key management for Thales, data access monitoring and data governance for Imperva.
In short, Imperva understands what data is where and monitors who is accessing data, and Thales makes sure the data is encrypted and that is accessible, unencrypted only in a permitted use context. The depth and breadth of the combined solution will address three key field of modern software architecture: identity, data, application. Identity, identity theft is one of the preferred, if not the preferred method for initiating a cyberattack. Holding your data secure in all circumstances, it is just not an option. Making sure your application, which create, process, store, transmit data, are also secure is closing the loop. Identity access management, data security, and application security solution finally share the same foundational technologies, namely strong authentication, encryption, access management, policy orchestration, and enforcement. These technologies are deployed in public cloud, in private cloud, and in hybrid setups.
Pulling together Thales R&D teams and Imperva's R&D team will enable customers to benefit from even faster and more impacting innovation in all these three fields. The complexity of enterprise of having to use tons of different cybersecurity product is a key concern for their chief information security officers. We call them CISO in the industry. Even more in a context where cybersecurity resources are scarce. Bringing under the same umbrella solutions that span identity and access management, data security, and application security is a step change in reducing this complexity and implementing an end-to-end security policies and offering a kind of one-stop shop solutions to the chief information security officers of this world. Turning to slide number 13. The combination will be particularly attractive on the data security market. Thales CipherTrust Data Security Platform and Imperva Data Security Fabric are both recognized leaders in their respective categories.
By bringing both together, we are building a first-class global data security platform that follows the path of the successful integration of acquisition that were done in the past on both sides. Namely, SafeNet by Gemalto in 2014, Vormetric by Thales in 2016, and the six acquisitions that Imperva made over the past nine years. On both sides, technology and innovation are recognized as top class. The most frequent use cases or key functional areas will be covered, and the scale-up of R&D team of over 700 highly skilled engineers dedicated to data security, leverage the best and most efficient talent pools in the U.S., in the Silicon Valley, in Texas, in Florida, but also in Israel, Canada, and India. Looking at slide 14. Looking at the synergies we expect from this combination.
Let me first stress again that this is a private acquisition, meaning that we were able to conduct a detailed assessment of the synergy opportunities together with the Imperva team. Starting first with the cost synergies. The biggest bucket there will be related to SG&A. These cost categories represent around 40% of sales in both Imperva and our own cybersecurity product business. We are talking of a revenue scope of more than EUR 2 billion by 2027, so a pretty large cost base we can work on. In addition, we expect to capture threshold settings on procurement costs, for example, regarding cloud operations or the purchase of licenses, as well as on real estate.
In terms of ramp up, more than 80% of this cost synergy should be captured by 2027. We expect the full run rate level of $50 million by 2028. As usual, revenue synergies will take a bit longer to materialize. Of course, we intend to rapidly leverage the joint sales, customer success, and digital marketing team to upsell and cross-sell all the products that we will have in the portfolio. This is major demand from large customers who really want suppliers to manage this complexity for them. As I showed on the previous slide, we expect, in particular, a lot from our new Data Security Platform, combining the best-in-class capabilities on both sides.
We also expect synergies with the cyber consulting and managed security services provider, MSSP, that will come from other activities of Thales and join DIS in the near future. Altogether, on the revenue synergy side, we expect 5% incremental revenues for the combined entity by 2019, generating around $60 million of incremental EBIT. Combining costs and revenue synergies will amount for a total of $110 million by 2028. Let me finish by stating that there are two reason, two key reasons why these synergies amounts are so high. First, the two businesses we are combining are growing fast, meaning that the cost base we are working with is not the $400 million we are agreeing now, but much larger going forward.
Second, we are putting together two very similar businesses, sharing similar corporate culture, and we have a track record of combining cybersecurity businesses. This is what we did back successfully in 2019, 2020, when we merged SafeNet and Thales eSecurity. We are very confident regarding the ability of the teams to capture these synergies. Moving now to slide number 15. It shows the shape of our global cybersecurity portfolio on a pro forma basis. Once the acquisition of Imperva is completed, it also includes the revenue of Tesserent, the ongoing acquisition in Australia on the service side. It should generate around EUR 2.4 billion in sales in 2024, 70% more than what we delivered in 2022. We are really here scaling up this business.
The breadth and quality of this portfolio will be quite exceptional, driving significant synergies within the business itself, and of course, supporting sales and differentiating across the entire Thales portfolio, like Patrice said a while ago, a minute ago. To facilitate the capture of the synergies, Patrice has decided to regroup both the service business and the global product business under DIS to the global business unit I'm today managing. As you see on the right, the overall financial profile of this business will be quite robust, delivering double digit organic growth and sustaining EBIT margin above 15% building up on. We will have a world-class portfolio protecting data and all path to it, trusted by the most demanding customers, banks, telco, health companies.
A network of 11 security operations centers scattered in four continents, ensuring global and permanent monitoring of cyber threats and being the trusted partner for government and institution in Europe for major sovereign and defense projects. This represents a total of 8,000 employees, of which 5,800 are cybersecurity experts, one of the largest security expert team on this planet. Turning to slide 16, here you see the impact of today's announcement on our total addressable market in civil, or let's say, commercial cybersecurity. Our current total addressable market is around $22 billion, $4 billion for data security, $9 billion in identity and access management, and around $9 billion in services.
The already announced acquisition of OneWelcome, S21sec, Excellium, and soon to be Tesserent, add approximately $5 billion in total addressable markets and in power, $8 billion. This is roughly 6%, 60% higher than our current scope markets we are addressing. In addition, as you can see on the side of the chart, these moves allow us to address materially faster growing market. Analysts, market analysts estimate that our new addressable market grows on average at 13% per year, so 3 points faster than our previous scope. Let me wrap up with slide number 17, showing you the financial profile and the sales mix of DIS once this acquisition is completed, and the target we are setting today for the segment in consequence.
Starting from the consensus sales for next year of circa EUR 3.6 billion, Imperva will add a bit more than EUR 500 million. The transfer of the civil cybersecurity business from defense and security segments, roughly between EUR 350 million-EUR 400 million, so that the new scope on a pro forma basis will generate around EUR 4.5 billion next year. At EUR 2 billion, cybersecurity will be by far our biggest business within DIS, representing 44% in sales. You remember the growth target we fixed back at the Thales capital market day in 2019, namely that DIS will grow by 4%-6% in the midterm.
Considering the dynamics of the cybersecurity portfolio, we now expect the overall segment to grow organically by 6%-7%, reaching between EUR 5.4 billion-EUR 5.5 billion in 2027. From a margin point of view, the improvement will be quite material as well compared to the current consensus of 14.4% for 2024. We are now targeting a 16.5% EBIT margin in 2027, 200 basis point improvement. Please explain it in absolute terms earlier, this corresponds to an EBIT of around EUR 900 million in 2027. Really a very material enhancement in our financial profile.
Let me now hand over to Pascal, who will address the value creation aspects of this deal.
Thank you, Philippe. I'm now on slide 19. Let me start here by addressing first valuation multiples. Considering the growth and cash generation quality of cybersecurity software companies, the market often looks at EV over forward sales multiples, and the multiple for this acquisition is of 6.1x next year expected sales, in line with trading comparables and below transactions comparables, which are typically 7x-8x next 12 months sales. We believe this is a reasonable multiple for an asset of such high quality. Philippe has presented its financials and its robust standalone dynamics. This multiple is also only slightly above the one Thoma Bravo paid when it acquired it, at a time when it was much less profitable. Of course, considering its very synergistic nature with our own operations, it's also pertinent to look at the multiples, including run-rate synergies.
On a 2024 basis, and including them, the EV over EBIT multiple is around 17x. Not many analysts who follow us use the sum of the part valuations, but the ones who do, and who actually assign a EV to EBIT multiple to our digital business within the DIS, actually use a higher multiple than that, above 20x. It also compares favorably with trading multiples in this space, which are typically around 30x next 12 months EBIT. On a 2027 view, post synergies, the EV over EBIT comes down to 13x, i.e., lower than our group multiple today. In short, attractive multiples for an asset of this quality. Turning to the value creation side, our M&A policy has always been focused on improving the financial profile of our core businesses, accelerating growth, improving margin, and enriching our technology portfolio.
Obviously, as Philippe demonstrated in details, from this point of view, the impact is really material. We now expect the DIS to generate EUR 900 million of EBIT by 2027, compared to a little less than EUR 500 million last year, which was already a record year for the segment. In the near term, considering the level where interest rates are today, the impact is very small in the first year following the acquisition. Considering the strong cash generation profile of this acquisition, we felt more appropriate to look at the cash watch shape, i.e, comparing its unlevered free cash flow generation to the capital invested in the transaction. We expect this metric to be above WACC in the fourth or the fifth year post-closing.
This is not surprising, considering the long-term nature of synergies. Moving now to slide 20, looking at balance sheet and capital allocation. On a pro forma basis, taking into account the various ongoing acquisitions and disposals, and starting from a consensus net cash positions of EUR 2.2 billion at the end of 2024, the net debt over EBITDA leverage will be around 0.7, implying that we'll keep our solid investment grade profile. This allows us to confirm our overall capital deployment framework in terms of both dividend payouts and the ongoing share buyback program. Finally, for the coming years, we plan to stick to a bolted M&A strategy with the same discipline as before. Let me now hand over to Patrice for a few words of conclusion.
Thank you very much, Pascal. I'm now on slide 21 for a short wrap-up. I think you've understood that all the key messages about this transaction, let me recap. 1, this represents a rare opportunity to be the global leader in one of the most attractive cybersecurity product segments, driving very significant synergies. 2, it really changes our scale in civil cybersecurity. 3, you saw how it is very accretive to DIS financial profile, and how it is now affecting our investment grade profile.
... not affecting, sorry, our investment grade profile. Number four, altogether, it fits perfectly with our long-term strategy, focused on improving the structural quality of the portfolio. It is really in the same vein as the decision to dispose the transport business, to dispose the business of Cinterion, all to acquire, vice versa, premium businesses like Cobham Aerospace Communications, and what we are announcing today with Imperva. Combined with all the internal transformation initiatives, this is the best way to maximize shareholder value creation. This concludes our presentation. Many thanks for your attention, and now together with Pascal and Philippe, we are now pleased to take your questions.
Thank you. As a reminder, to ask a question, please press * 1 1 on your telephone and wait for your name to be announced. To withdraw your question, please press * 1 and 1 again. Please limit yourself to 2 questions per person. We will now take the first question. From the line of Aymeric Poulain from Kepler Cheuvreux. Please go ahead. Your line is open.
Yes, thank you. Good morning. Congratulations on the deal. The pro forma figure you provide for DIS in 2024 implies that you're about to transfer the civil cybersecurity of defense into DIS. What are the margins and profit contribution of this business to defense today? That's the first question. Secondly, you mentioned the multiple, the trading multiple that you compare this transaction with. You obviously paid also 1x sales for Tesserent, clearly defense assets have a lower multiple, too.
What would be, in your view, the blended or the best guess for the blended multiple to apply to the new cybersecurity component of DIS? Thank you.
Okay. Good morning, good morning, Aymeric Poulain. I mean, starting with the, I mean, the level of profitability percent of EBIT margin of this service business that we are moving from defense to DIS, which is very much about what we call MSSP, Managed Security Service Provider. It's really a service-driven type of business, which also help us as a go-to-market to sell, to sell products. It's a business where today, and the profitability is rather limited. Overall, out of this EUR 350 million that we mentioned, overall it's today, a low single digits EBIT margin.
it's true that, in particular, with the acquisitions of Tesserent, it's a business that we believe in the next four years should be able to report a level of EBIT margin, probably around 8%. This based on, in particular, the overall leverage effect as we acquired both Tesserent and S21sec last year. Your second questions was the overall, I mean, blended multiple relating to our overall cybersecurity business. Was it your questions?
Yeah. Obviously, the multiple depend on the quality.
Yes
... of each component, and of course, perhaps you can have in mind, a peer in, listed peer, in the market, just to get a sense of what would be the right, blended multiple for the new, cybersecurity, part of DIS.
Now, I mean, when overall looking at this global cybersecurity business within the DIS, taking, I mean, the 2024 level of revenue around EUR 2 billion, the, I mean, the vast majority is really, I mean, a product type of business, where, I mean, margin is rather stronger, typically, I mean, close to 20%. This is the typical level of margin that we expect in this product component of this overall global cybersecurity business. The what I've relating to your first questions, the service components represent today 15% of the overall EUR 2 billion.
This is where, I mean, profitability is, at this point, quite smaller, as I mentioned, low single digits, but probably moving up to, as I mentioned, 7%-8% in the next 4 years. You see, on one side, you compare our business with overall, EBIT margin 20% plus, and which of course, I mean, is in line with quite high level of multiple, and this is really the bulk of, our cybersecurity solution business.
... and the service part, where our profitability is lower and which, of course, is in line with lower multiples.
Great. Thank you.
Thank you. We will now take the next question. From the line of Olivier Brochet from Redburn, please go ahead.
Yes, good morning. Thank you very much for taking my questions. I will have two, please. The first one is regulatory approvals. Do you have any antitrust matters to deal with and serious questions to take care of? The second question, have you identified the key employees that you need to retain? Have you done what is needed to make sure that they stay with the company, please?
Good morning, Olivier. Let me take the first one, and I will leave Philippe to answer the second one on key guys, key employees. Yes, on the regulatory approval, no, we do not expect, I would say, any difficulties. As explained by Philippe, our business is a fully complementary. There is no overlap with Ipanema, Imperva, sorry, business. Should be a no-brainer, honestly. On the issues standpoint, we have, I would say, a long-lasting track record in the U.S. Here as well, we do not anticipate any difficulty. We just have to follow the process and to send all the documents to get a different approval.
That's why we foresee, a closing, beginning of next year. Philippe, on the second one?
Yeah. As far as the key management, the key management team currently running Imperva, we have secured a deal with each and every individual, very sensitive. The is we have a sort of extended vesting of their stock together with a sort of bonus plan, which is let's say aligned with the business plan. We intend also to work with Imperva management on a specific retention plan for our key technical member or key members of the community. This retention plan has been fully factored in the business plan we are proposing today.
Shall I add, some other elements, Olivier? This Imperva acquisition has been co-built between the two teams.
Yeah.
co-construction uh which uh secure I would say uh the uh all the figures and numbers that we have uh forecasted for uh 2027 2028 and so on and so forth uh This is very important and it's not I would say an open tender when you where you buy a company without any due deal We've had extensive due diligence uh the team has been very professional on the other side No surprise but they they've been very professional So uh uh this is uh for me a very secure transaction uh uh thanks to this uh I would say proper process and and what I call the co-constructed business cas
Lastly, the two teams, the one which is under the leadership currently of Philippe and the one of Imperva, has really the same DNA, the same corporate culture. They are very close to each other. By the way, they knew each other before the deal, in fact. They were in discussion to have some kind of commercial arrangement, and because the offerings were complementary. It's another, I would say, element that, for us, de-risk significantly this kind of transaction.
When did you start the negotiations?
A while ago.
You're very curious, Olivier. Very curious.
I am very, very curious. Thank you very much, Patrice.
Thank you. We will now take the next question. From the line of Ben Heelan from Bank of America. Please go ahead.
Yes, morning. Thank you for taking the question. I had one first on pro forma leverage, I guess, for Pascal. You say pro forma leverage in 2024 is gonna be 0.7 times. I'm assuming that that is pre the Cobham deal that you announced a couple of weeks ago. When we think about deals and appetite for deals going forward, should we assume that this is gonna be the last large deal for the next couple of years while you digest these two existing deals? Then a second one, I guess maybe for Patrice.
If I look at slide 17 and look at the portfolio of the DIS business today, you're clearly growing a lot in cyber, how are you thinking about the other verticals of DIS when you look at mobile and biometrics? Is there anything else in that portfolio that you think doesn't make sense and you're considering divesting? How do you think about the rest of the DIS portfolio there? A final one on the Cobham deal, you said that you were going to do that deal from available cash. I'm assuming you're gonna have to raise some debt to complete this deal. How are you thinking about the debt that needs to be raised and how we should think about financing rates for that? Thank you.
Mm-hmm.
Good morning, Ben. Thank you for your question. On the first one, the 0.7 is a pro forma end of 2024 net debt to EBITDA, assuming, both, I mean, the Imperva transaction, but also taking into account the current transactions. It takes, I mean, both, I mean, the acquisitions that we have just announced, those two acquisitions that we have announced, but also, it also take into account the disposal of our transport business.
Of course, I mean, this level of leverage, 0.7, is very much consistent, in my view, very much consistent with the current level of rating of status and allowing us to preserve the strong investment grade rating from rating agency, which, as you know, is very important for us for the long term. I mean, going forward, it's quite obvious that we have announced two large acquisitions. I mean, first, I mean, those two acquisitions will be integrated into different global business units. As we mentioned, Cobham will be integrated in our avionics business and Imperva in the DIS business.
As we kept saying, that we are looking to quite easy to integrate acquisitions, and it's gonna be the case for those two transactions. However, it's quite important to say that we need, of course, I mean, to digest those two large size acquisitions, and of course, to deliver on our commitments on those two acquisitions. This is what I can share with you, having in mind that I may be clear that what we are looking for, potentially for the mediums is bolt-on, pure bolt-on M&A, I mean, potential transactions. Very, once again, very much focus on core business and of course, attractive to our financial profile.
At this point, it's really about us to integrate and to deliver on those two significant acquisitions that we have announced. This is really the top priority for Thales.
Can I take the second one, Pascal?
Yes.
Hi, Ben, thanks for the your question. The second one is related to DIS profile. Indeed, DIS is, I would say, is a interesting, I would say, balance of activities. On one hand, as you have mentioned, I would say fast growing activities from digital, growing from, let's say, 10% up to 20% in the product, cybersecurity solutions. Highly profitable, very profitable, clearly very, I would say, very promising for the future. On the other hand, we have, I would say, more mature activities indeed, the so-called banking and payment and mobile connectivity. These two activities clearly are not, I would say, are growing at a fast pace, it's a flattish 1%-2%, but very cash generative.
It's a good mix between, I would say, activities generating, I would say, a lot of cash and activities that are fast growing and profitable. Last, perhaps, element, just to say that for the moment, I do not anticipate I will see any change in the mix of DIS, I would say, business, is the fact that on the two, I would say, mature activities, banking on one hand and mobile on the other hand, we are willing to, harvest two, I would say, important, technological conditions that will, still create value for all of us. Clearly, on the mobile, connectivity, mobile and connectivity side, there is this transition, to 5G and the transition from R SIM to eSIM and iSIM.
Again, this business is going to move from a purely or largely hardware business type of model to a software business model. This is very interesting, because it will be highly relative. On the other hand, for the banking and payment side for activity, again, there is this very interesting transition to a digital payment. Again, the credit card and all that goes with it, which is full of innovation, by the way, still is a nice business because profitable and cash generative. There is this, I would say, a transformation from, I would say, hardware to digital banking and digital payment, which is again very promising.
If this is well understood by everybody, these two, say, so-called mature activities, have still a lot of potential in terms of value creation for the future.
Pascal? Last point, Ben, was about, I mean, the way we will fund this, these acquisitions. What we have in mind is to fund half of these transactions for available cash from the balance sheet and half through new debts. Now in term of overall, what does this mean in term of interest rate and interest expenses?
I mean, considering the return on available cash on our balance sheet and what we see today in terms of, I mean, interest on new debts, a blended interest rate for you to model, I mean, the impact of the transactions is between 3.2% and 3.3%, in terms of overall, blended interest rate.
Super clear. Thank you.
Thank you. We will now take the next question from the line of Charles Armitage from Citi. Please go ahead.
Good morning, and thank you. Couple questions. First of all, what WACC are you using? The second one is, I'm kind of interested by the implied growth rates versus the market growth rate. Application security market growing at 18%, data security growing at 13%, so that's probably about 16% market growth. If you say 6.1 times 2024 sales versus just under $500 million in 2022, that's 9% CAGR. If you take 13 times 2027, knock off the synergies and 20% EBIT, that's about 11% CAGR. It seems what, why are you undergrowing the market?
Okay. I mean, your second question was quite clear about about WACC. So, I mean, today, assessments of WACC role for Thales is between 8% and 8.5%. That's really the average, which, by the way, is what we see on on many on many analyst paper. So this is what I have in mind. On the-
Okay.
Yes, please. Okay. I mean, second, that I will let, of course, I mean, Philippe, to discuss about that. No, I mean, your math, absolutely correct. 2023, 2024, overall, we see a blended organic growth, slightly above 9%, and from 2023 to 2027, 11%. We expect, I mean, overall, the organic growth of Imperva, I mean, to move up gradually year after years. Philippe will explain why, I mean, we are quite positive on the overall midterm trajectory in terms of top-line goals.
Yeah, yeah. Thank you, Pascal. The point I covered a little bit quite quickly during my presentation in my remarks, was the fact that at Imperva over the past two years, they have conducted a very significant business model evolution from a starting point where they were almost selling everything under the perpetual license model. You sell everything at once, and then you wait for the next renewal to something which is based on the sort of subscription model. In this transition pattern, they have started that move, that evolution in both of their segments, so in application security and in data security. By the way, they are not exactly at the same stage.
One is more at 90%, the other is more at 60% of customers converted to this new model. There is a sort of U-curve, so to speak, which is in this process, you are growing less than the market, but we expect a sort of mechanical rebound once we have all our customers, all Imperva customers on the subscription model. The maximum, the selling, being 90%, because you still have some integration services which are one-off at the beginning or at some point. This is the reason why we expect the market, we expect the company, after that mechanical rebound, to grow as fast, if not better than the market.
This is really the transition phase, which is explaining this so-called performance during that transition phase. A transition like that, when you have a customer base of several thousand customers, I mean, 4,000 customers, it's not something easy to do because you need to train your salespeople. You need to measure your retention rate. You need to measure the customer success of your existing product to make sure you can upsell. It's not an easy transition that you do in a quarter. It takes you really between 2-3 years.
It should be done by end of 2024. Is that a reasonable assumption?
24, 25, yeah. Yes.
Okay. Thank you very much.
Now, Charles, if you, if you allow, my view is also, I mean, to consider that, in particular on the application security segment, I mean, we are today probably a bit cautious, in term of expected organic growth. It's really, I mean, what Philippe mentioned, in overall, I mean, the expected growth of Imperva in the next few years is really, I mean, the commitment from the team. I mean, I think that, in particular, the AppSec security, that is a bit of a more new market for us, new segment for us. We might have been probably a bit overall cautious in term of forecasting the next few years of the top line growth.
My view is that, hopefully, we will be able to do maybe slightly better than the figures that we present to you today.
Excellent. Thank you very much, indeed. That's clear.
Thank you. We will now take the next question. One moment, please. From the line of Christophe Menard from Deutsche Bank, please go ahead.
Yes, good morning. Thank you for taking my question. I had two. The first one is, you moving the civil defense and security activity into DIS, so that's clear. Are there any synergies? I mean, now you have a much bigger cyber business in civil with this acquisition. What about the defense activity in cyber? Will there be any synergies with that, or is it, I would say, an isolated activity now for compared to what you're gonna have in DIS? The second question is synergies. I mean, quite obviously, there are, I mean, these are, I mean, high synergies. The question is, from your point of view, are they conservative or are they ambitious? And is it, I mean, you provided some details on...
I mean, I understand it's SG&A, essentially, a little bit of real estate licenses, but it's really SG&A. Is it all about cross-selling? Just trying to better understand whether this is really within reach or whether it's quite ambitious.
Thank you for that. Starting by the synergies between what we call the MSSP, or the SOC, Security Operations Center, what you have to understand is that Imperva, by design, is monitoring, for example, the application, when they offer application security value proposition, they understand what's happening in the application by being connected through a network and different point of presence. They have a sort of a threat analysis team, which is, let's say, fueled, or, let's say, by this capacity to understand what's happening when they detect abnormal behavior within the application.
By having this kind of threat analysis in advance of time, so to speak, this is a very important feed for the SOC, for the MSSP, because they can, let's say, receive those information events and somewhat anticipate a little bit what could happen on a more general basis with the customer basis. There's a sort of mutual benefit on both sides, by having this kind of threat analysis in advance of time, in particular for the, what we call the zero-day attack. On the front, I think Pascal mentioned it, MSSP also, which is service business, and they are advising our customers, and they are reselling a solution. The idea is obviously for MSSP business to become a channel of Imperva solution.
That's the civil synergy question.
Christophe, if I just follow up on the I would say, cyber defense activity, where the synergies here are with the civil cybersecurity are clearly more on a technological standpoint. Let me take just one example to illustrate that. Encryption, you find encryption, or I would say, specialists in terms of encryption, both in the civil, I would say, cybersecurity part, and in the defense security part. This is clearly, I would say, a nice and interesting technological synergies. Secondly, I would mention that cyber defense, you see the best of the worst, if I may say. It's a very, very demanding, I would say, environment. By the way, as a consequence, it's so-called it elevates the playground, if I may say, for experts.
These experts on the defense part, I would say, are able to feed in return the experts on the civil cybersecurity part. It's true that the go-to market are different. That's why we consciously decided to leave this, I would say, cyber defense activity within the defense and security business segment, because clearly, the go-to market is governments, governmental agencies, MODs all around the world, which is very synergistic with the whole defense and security business segment.
The last question is was about synergy. Christophe, maybe I will start giving you my points on cost synergy, then I will let Philippe to discuss about revenue synergy. Overall, when we look at as cost synergies, what we expect in term of one-way cost synergy is to be at $50 million in 2028 with $40 million that we have generated by 2027. This is basically presented on page 14. What is quite important to assess the level of synergies is to consider the underlying cost basis.
Overall, in 2027, the Imperva plus the existing data security business at Thales, those two businesses in 2027, overall, their level of revenue will be around EUR 2 billion. EUR 2 billion with overall, I would say, the SG&A R&D cost basis, that will represent 60% of those EUR 2 billion, so overall, EUR 1.2 billion. And you see, I mean, $40 million, out of EUR 1.2 billion, overall, I mean, it represents something like around 3%. I think that it's, here again, my view is that it's, here again, quite a cautious level of synergy. We should be able to do probably a bit more than that.
It's also probably true that when it comes to cost synergies, we work in two steps. The first step that we put in place quite quickly in the, in, as early as 2024, and that probably will be delivered in 2024, 2025. Then we will consider probably a second one of cost synergies once we have started to streamline the overall organizations, in particular, in term of sales, marketing, and GNA, to consider a second round of cost synergies that will probably materialize in 2027, in 2028. This is how I see the situation. Overall, my view is that run rate, $50 million is, in my view, quite conservative considering the earned underlying cost basis of the combined entity.
Revenue, synergies?
Yeah. Yes, on the revenue synergies, like, Patrice said, I mean, we had the opportunity to do a very thorough analysis. In order to prevent any gun jumping as we, as we see in antitrust, we have supplied our key customer data to an external lawyer, together with Imperva, who did the same. The return, the analysis, the feedback we got from the lawyers, is that the two customer base are pretty distinct. Makes us think that we have a good opportunity when it comes to cross-sell, cross-selling. The second element of sales synergy is coming from the fact that there is today not any single overlap between the two platform in terms of data security.
Data Security Fabric, on one hand, from Imperva, and CipherTrust platform from Thales. By combining those two platform, we think that we can have a very important, very nice value proposition, combining the two platforms, the two product solutions to offer upsell to our customers. Both upsell and cross-sell, we think that we have something which is a fair assessment of what we could generate in terms of sales synergies by 2027.
Thank you. That's very clear. Thank you very much.
Thank you. We will now take the next question. From the line of David Perry from JP Morgan, please go ahead.
Yes, good morning, gentlemen. I'm sorry if my question sounds a bit pedantic. I'm just trying to make the math work, in terms of your takeout multiples, and it, again, it comes back to the synergies. If I look at slide 3, you have a footnote there, footnote B, and in it you say, "Run rate cost and revenue synergies of EUR 110 million." I think, and if I've got this wrong, I apologize, but I think you're assuming EUR 110 million is EBIT there, to get the takeout multiple of 13x on 2027. That seems to work for me. Similarly, on your bar chart on page 14, you have a comment there saying, "Dollar EBIT impact," as a strap line.
To be clear, I'm assuming EUR 110 million of revenue synergies or the red bit, sorry, the EUR 110 million is flowing to EBIT, when you think about the takeout multiple, or just the red bit of the bar on page 14. It means it's a difference between synergies being something like 8% of sales, being maybe 4%-5% of sales. I hope the question made sense. I'm just trying to understand how you're presenting this scheme.
David, I'm not sure that I fully understood your question. Maybe I will explain the, I mean, overall, this level of synergy. Let's take page 14. Here, I mean, what you see here is, yes, I mean, the EBIT components of synergies. Now, and basically, I mean, one turn is EUR 60 million of EBIT coming from revenue synergies. Out of a global level of revenue synergies in 2029, excuse me, that will be EUR 130 million. Overall, I mean, the overall move from revenue synergies to EBIT synergy is 45%.
45% of revenue synergy will be translated into EBIT. EUR 60 million EBIT impact from revenue synergies coming on top of EUR 50 million cost synergies. All of that is in million of U.S., dollars, which is fully consistent with the EV to 2024 or 2027 EBIT multiple that you see on page 3. This is now, this is absolutely consistent. This I can assure you that this is fully consistent.
no, it makes sense to me now, but I just wanted to clarify. It just strikes me as a very high level of EBIT contribution coming from the synergy.
yes.
But, uh-
David, thank you for these points. You really need to understand the type of PNL of this type of assets. We are not, we are no longer part of the classical defense aerospace type of gross margin, where we've got, to make a long story short, a level of gross margin, which is between 25%-30%. Here, we are discussing about assets, where gross margin is between 70%-80%. It has nothing to do, which means that the conversions from revenue synergies to EBIT synergy is much higher than it is in, I would say, classical aerospace and defense type of businesses. Hence, this conversions ratio that I share with you, which is something around 45%.
In other terms, 45% of our revenue synergies will be translated into additional EBIT.
It's very clear. Thank you for clarifying.
Thank you. We will now take the next question. From the line of Hervé Drouet from CIC Market Solutions, please go ahead.
Yes, hello. Yes, thank you very much for taking my question. Two question as well on my side. First one is, I understand that the Imperva is mostly, you know, a civil business, but I was wondering, is there any contract with the MOD in the U.S., in the different side? As well as a long-term contract, if it is the case, being secured from that perspective. That's the first question. The second question is, do you see any combination with the part of Gemalto, which is based in the U.S., with that entity that can help you as well to leverage on the sell side, other things, like cybersecurity?
as well, do you think, in term of size, you will need potential additional bolt-on, especially in post-conflict, cryptography? Thank you.
Yeah. First of all, first answer, first part of your question, as far as governmental contract are concerned or let's say, defense related, we know, we don't know that in detail for sure, but we know that Imperva has limited businesses with the famous three letter agencies in the U.S. We don't think that business will require any proxy build-up. It's like we have, by the way, already from the former Gemalto business in the U.S., like you mentioned. The fact that Imperva will be integrated within DIS, it means that business will be integrated within the business segment of DIS, which is coming from the former Gemalto acquisition.
Indeed, we'll benefit from product synergies, revenue synergies, and cost synergies coming from our U.S.-based business, obviously.
Mm-hmm.
I take the one on any follow on bolt-on. Well, to be clear, and by the way, it's not specific to cybersecurity, we do intend to continue to look at, I would say, bolt-on acquisitions in any of our core business, namely Defense and Security, Aeronautics and Space, and the DIS, and the DIS, so it's not specific to the DIS. My answer is quite generic, because clearly this is our strategy. Our strategy has not, I would say, has changed since now, several years in terms of where do we want to allocate our money in terms of M&A. Now, typically, for the DIS, if there is any additional need, we will see, probably.
... The priority is, first of all, to digest, if I may say, this acquisition. Clearly, looking at the future, I would say, overall portfolio of use cases or let's say, solutions that would be embraced by the combination of Imperva and Thales DIS. This is very wide and comprehensive. There is no, I would say, thing that we would miss desperately. So, I think we have built up or we are going to build up very, I would say, a strong, compelling and comprehensive player that will, this is what said by Philippe, and I would like just to insist on this point for a few seconds, that will help large enterprises to simplify the complexity they face.
When we discuss with, I would say, large companies, international groups, our customers, in fact, and typically the chief information security officer, the famous CISO, they all face a huge complexity, both in terms of, let's say, fights, but also in terms of solutions to address the very large variety of fights they have to deal with. Having a player tomorrow, like Thales, I would say, taking it on their shoulder, on our shoulder, I would say, a lot of these, I would say, concern is of great help and is a real added value for them. Last question on the post-quantum cryptology. We do already have this expertise within Thales, so growing this expertise on an organic standpoint seems quite natural.
Doesn't preclude small acquisition, but this is already something that we do matter. I just remind you that one of the post-quantum crypto algorithm that was selected and stamped, if I may say, by the NIST, is ours. It's named Falcon, and this algorithm has been designed by Thales team a while ago now. You be, I would say, confident that we do master this technology, that is clearly needed to address, I would say, future fights in the years to come.
Thank you. That's very clear. Thank you.
Thank you. We will now take the next question. From the line of George Zhao from Bernstein, please go ahead. Your line is open.
Yes. Hi, good morning, everyone. first one, when you say continuation of the ongoing share buyback program, you're already more than halfway done through the current program, and it could even wrap up by the time this deal closes next year. you know, do you think there will be capacity to continue the buyback beyond the current to your program, considering the this deal? second one, just a clarification. Imperva was acquired in 2018 for $2.1 billion. Were there material acquisitions done by the business since then, such that, you know, what we're looking at, the $3.6 billion, is not comparable to the $2.1 billion price back then? Thanks.
Maybe George, I mean, I will start with, I mean, the first question about our share buyback program. As we made it very clear that this program, which is well advanced, I mean, we mentioned that by the end of June, we have, I mean, 58% of this program has been completed. As we mentioned at the outset of it, we said that it will be completed by the end of March next year. Now, I mean, going forward, at this point, it's probably too early. I mean, we get your questions.
It's typically the type of discussion that we will have at our board in 2024. We'll see, I mean, what makes sense on this, on this matter. Making a long story short, we'll complete, as announced, the completions of the current share buyback program end of March next year. We'll see with the board, I mean, next year's, what will be the most meaningful way to look at the future. Second questions?
I think the second question was linked to the number of acquisitions that Imperva made, I think from 2019, which is the year of the acquisition by Thoma Bravo, right? Well, actually, before 2019 and after 2019, altogether, Imperva was, is a build-up story. They acquired, roughly 6 companies, helping them to secure, I'm not going to enter into the details, but helping them to secure on both ends, on data security and application security, their breadth and width of what they are offering to their customers. Indeed, Imperva was created in 2002, and at least 6 significant acquisition were made before or after Thoma Bravo acquisition in 2019.
I think this is time to close the Q&A session, and that's what Bertrand at least told me. Bertrand, he is the master of the ceremony. Thanks very much. Let me close now with a few words this session. As you understood, the of course, the entire management team is absolutely excited by this move, absolutely excited by this move, which is so value creative for DIS and for the group as a whole as well. Clearly, with Pascal, I really look forward to speaking with you in the upcoming investor road shows and conferences, mostly after summer break. We need a bit of rest, if I may say.
We'd be more than happy to discuss as soon as possible with all our investors and of course with all of you. Thank you very much, and have a good day.
Thank you. Ladies and gentlemen, if you didn't have a chance to ask your question on today's call, please do not hesitate to send your question to Thales Group Investor Relations at ir@thalesgroup.com, and we will get back to you as soon as possible. Thank you all for your participation. You may now disconnect.