Ladies and gentlemen, good day and welcome to Quick Heal Technologies Limited Q1 FY 2025 earnings conference call. As a reminder, all participant lines will be in the listen-only mode, and there will be an opportunity for you to ask questions after the presentation concludes. Should you need assistance during the conference call, please signal an operator by pressing star, then zero on your touch-tone phone. Please note that this conference is being recorded. I now hand the conference over to Mr. Anuj Sonpal from Valorem Advisors. Thank you, and over to you, sir.
Thank you. Good evening, everybody, and a very warm welcome to you all. My name is Anuj Sonpal from Valorem Advisors. We represent the investor relations of Quick Heal Technologies Limited. On behalf of the company, I would like to thank you all for participating in the company's earnings conference call for the first quarter of financial year ending 2025. Before we begin, let me mention a short cautionary statement. Some of the statements made in today's earnings conference call may be forward-looking in nature. Such forward-looking statements are subject to risks and uncertainties which could cause actual results to differ from those anticipated. Such statements are based on management's beliefs as well as assumptions made by and information currently available to management. Audiences are cautioned not to place any undue reliance on these forward-looking statements in making any investment decisions.
The purpose of today's earnings conference call is purely to educate and bring awareness about the company's fundamental business and financial quarter under review. Now, let me introduce you to the management participating with us in today's earnings conference call and hand it over to them for opening remarks. We firstly have with us Mr. Kailash Katkar, Managing Director, Mr. Sanjay Katkar, Joint Managing Director, Mr. Vishal Salvi, Chief Executive Officer, Mr. Ankit Maheshwari, Chief Financial Officer. Without any further delay, I request Mr. Vishal Salvi to start with his opening remarks. Thank you, and over to you, sir.
Thank you so much, Anuj, and good evening, ladies and gentlemen. I am Vishal Salvi, CEO of Quick Heal Technologies Limited. Welcome to our Q1 FY 2025 earnings call. Having completed a year with Quick Heal, I'm thankful for the trust and empowerment granted to me and my team by our founders, Kailash and Sanjay Katkar, and I'm excited to start FY 2025 with a strong result and work towards continuing our growth momentum in FY 2025. In FY 2025, it is our year of executing the strategies that we have defined last year, and I'm pleased to see our delivery right from the start. In this call, I'll walk you through the five key areas, including products, marketing, people, delivery, and our overall growth.
Products are a very critical component of the cybersecurity industry as the threat actors evolve every day, and we must always stay one step ahead to protect our customers from existing and future attacks. Just in Q1, we prevented 128 million attacks, including over 400,000 ransomware attacks for our customers. We have evolved from a consumer AV company to a holistic cybersecurity company. While we maintain our stronghold on AV security, we have developed our Horizon 2 products like XDR, Zero Trust, etc., over the past three, four years, which have generated good customer traction from Q1 onwards. I'm also very happy to announce that we have launched our on-premises EDR in Q1, which will cater to the industry need, especially coming from the Indian government.
We are also building Horizon 3 products, enhancing our offerings under the Zero Trust and data privacy, and introducing new solutions like Threat Intel, Malware Analysis Platform, and use of GenAI, reinforcing our commitment to innovate and provide a state-of-the-art solutions for our customers. It is important to highlight the criticality and the implications of the recent blue screen IT outage impacting the globe. The event happened due to the release of a faulty update by a global cybersecurity vendor being sent to customer base, impacting more than 8.5 million endpoints worldwide. This underscores the criticality of the work that we do and the need to be right every time.
We can confirm that none of our customers got impacted due to this event, and we would like to assure our stakeholders, including customers and investors, that we constantly strive to keep our systems and processes error-proof, and our track record for the past three decades is evidence of that fact. AI has become a buzzword in the IT landscape. There are two facets to AI. AI for the core protection, which we have integrated into our products through GoDeep.AI for several years, and the GenAI or the conversational AI, which we are incorporating to simplify security for our customers at the product interface. We are having a vision to integrate all the advantages of GenAI in all our products to deliver our mission of simplified and democratized security, and you can expect more announcements from our side in the near future.
On the marketing and the brand-building exercise, as we all know, Quick Heal is a household name in the consumer space, and we continue to strengthen this position. Seqrite, our enterprise brand, is being recognized as a thought leader in the cybersecurity market, which we continue to bolster through events, webinars, and threat reports. We have participated in major cybersecurity events like DACS, FinTech, and GISEC in Dubai. Recently, we refreshed our brand to reflect our core purpose of innovate, simplify, and secure. The heart of the organization is our people and the culture we uphold. We recently launched our Culture Code , representing 11 values we stand by. We have strengthened our performance-linked incentives and opportunities to drive motivation and meritocracy-based within the organization. Through the past year, we have focused on onboarding leaders and mid-management to strengthen our execution and delivery further.
I'm also pleased to note that attrition is on a steady decline. We are driving automation and digitization within the organization and upgrading our backend solutions like CRM, sales, and marketing operations to deliver more synergies and process optimization. Despite being in an investment phase, we have managed to deliver profitable growth, remaining cost-prudent. On the financial performance, traditionally, Q1 has been a weak quarter for us due to seasonality. Yet, we have delivered a strong result this year. I'm pleased to announce that 37% year-on-year growth for this quarter. Despite market challenges, we have significantly improved our consumer businesses. We are committed to creating consumer awareness, leveraging social media platforms and micro-influencers, and developing innovative adjacent offerings to address evolving challenges with new launches expected in the near future.
Our enterprise business continues to move up the value chain to capture the mid and the large enterprise markets, competing successfully against global players. In fact, we have big news, big wins in the quarter, and it fills me with immense delight and confidence. We eagerly await the enforcement of the DPDP Act, which will significantly impact how cybersecurity is implemented in India, and we expect Quick Heal to play its part in helping our customers to comply with the provisions of the act. With three decades of domain expertise at making India success story, unparalleled threat intelligence from Seqrite Labs, a strong team, a robust partner and distribution network, and local presence, we are well-prepared to seize the market opportunities and deliver maximum value to stakeholders.
We are proud to be a leading cybersecurity product company from India, contributing to our goal of Atmanirbhar Bharat, critical for the country's cybersecurity sovereignty. With this, I would like to invite Ankit, our CFO, to walk you through the financial performance.
Thank you, Vishal, and good evening, everyone. We have kicked off the year with impressive numbers. Our consolidated revenues for the quarter stood at INR 70 crore, marking a 37% increase year-on-year. The revenue distribution between our consumer and enterprise business is 58% and 42%, respectively. Having said that, on a quarter-on-quarter basis, there is a decline of 12% in the revenues due to Q1 being a sluggish quarter, as Vishal also highlighted, and deferment of government deals due to central elections. The consumer business has shown resilience against market challenges, thanks to all the initiatives within the business that we have taken. Our enterprise business continues to perform robustly, generating INR 32.5 crore in revenue. Most importantly, our new products have begun to contribute significantly, with several large clients adopting our EDR, XDR solutions, successfully competing against established global cybersecurity companies.
This reaffirms our confidence in our product strategy as we embark on developing the next generation of cybersecurity solutions. Our growth is aligned with our commitment to profitability. For this quarter, our EBITDA stands at INR 2.6 crores, as against negative EBITDA of INR 15 crores last year, same quarter. Our PAT stands at INR 4 crores in the current quarter. Through effective cost management, we have maintained steady expenses at INR 68 crores, despite increased investments in innovation and R&D. We follow prudent accounting practices, expensing all of our R&D investments. Additionally, we continue to invest in sales and marketing to enhance consumer awareness and bolster the Seqrite brand through events and various sponsorships. Our balance sheet remains strong, and we are a cashless company focused on creating long-term value for our stakeholders.
We are poised to harness the market opportunity with a clear vision and strategy, a solid team with the right culture, strategic partnerships, and relentless focus on execution. With that, I would like to open the floor for the question and answer session. Thank you.
Thank you. We will now begin the question and answer session. Anyone who wishes to ask a question may press star and one on the touch-tone telephone. If you wish to remove yourself from the question queue, you may press star and two. Participants are requested to use handsets while asking a question. Ladies and gentlemen, we will wait for a moment while the question queue assembles. The first question is from the line of Pratham Shah from Niveshaay Investment Advisors . Please go ahead.
Hello. Good evening. Thank you for this opportunity. I want to understand that with the new DPDP Act coming, how many firms do you think will have to upgrade their cybersecurity system? What will be the scale of the implementation, and how do we see it translating into numbers?
Thank you so much, Pratham, for that question. See, the objective of the DPDP Act is to make every business accountable for maintaining the privacy and the security of the personally identifiable information that they're collecting from all their shareholders and stakeholders. And of course, if you don't comply and if you're found wanting to implement these controls, then there are strict penalties and penalty fines against such incidents or such attacks. So we have seen many examples of similar regulations happening in different parts of the world: GDPR in Europe, the California Privacy Protection Act in the U.S., and so on and so forth. And what we have seen is that on the event of such regulations, there is an overall increase in adoption of privacy and cybersecurity controls for those governed entities. And we expect the same thing to happen.
I think it's a very positive sign that India is adopting DPDP, especially because of the way in which India is leapfrogging in the digital infrastructure, both in government as well as in private. And so it is timely that we are having this act in place right now. And what we expect is that every corporate will take cognizance of this and start enhancing its overall control over protecting the personal identifiable information of its stakeholders.
Sir, can you explain how that will translate into numbers? If you could give a rough estimate.
Yeah. So basically, what we have seen in other parts of the world is that overall, it is 4%-5% increase in the spend when specifically the act comes into play. And over a period of time, it staples on. But given what we are seeing in India, I think we can expect similar trends where the corporates will spend a part of their IT and the cybersecurity budget in compliance to this act.
Another question I had was regarding our partnership with EET Group and M Technologies. So how are these partnerships translating into revenues, and why do we need these middlemen companies in the enterprise segment?
I think overall, if you closely look at the enterprise cybersecurity market, especially in products, it is deeply dependent on the partnerships and the distributor network that vendors have across the globe. So in the past, also, we have called it out. It is a very important strategic part of our strategy to ensure that we have partnership with global as well as local distributors and channel partners just to make sure that we are able to increase our reach and coverage as far as our customers are concerned. So what we are doing and announcing here is actually a part of that execution of that strategy. And given the fact that these are very early days of these partnerships, we will have to wait and see how we are able to deepen our partnership and therefore extend our revenues through these.
But we are extremely positive that these are going to yield and help us in our revenue growth in the future.
The last question I had was, why is there a circularity in the revenue? Like you repeatedly mentioned that Q1 is the weakest quarter. Why is that so?
There are obviously end consumer preferences which are there. There is also in terms of the overall inertia and how the Indian market works as far as the paid AV is concerned. This is a very India-specific phenomenon that we have seen. Yeah, obviously, we can control some part of it, and some part of it is there to go with what the market demands here.
Just one last query. In the enterprise segment, how much revenue would you say is coming directly from Seqrite, and how much is from our dealers and third-party partnerships that we have in percentage terms?
Yeah, we don't maintain such kind of a split, to be honest, Pratham, but we'll probably try to keep it handy for the future. But right now, we don't. But it's not really very important statistics for us because, like I said, the majority of the enterprise product business is sourced through the channel partners and the distributors.
Okay. Thank you so much, sir.
Thank you. The next question is from the line of Mihir Manohar from Carnelian Asset Management. Please go ahead.
Yeah, thanks for giving the opportunity. And congratulations on a good set of numbers. Lastly, I wanted to understand, I mean, Vishal, you mentioned that you had a couple of big wins during the quarter. If you can throw some highlight over here, which are these large deal wins which are there during the quarter? That was the first thing. The second thing was on the pipeline. If you can throw some highlight, how is the pipeline that we are looking at, the conversations that are happening maybe on the enterprise side, on the Seqrite side, that will be helpful to some sense as to how should we see the growth momentum for the balance part of the year. That was the second thing. The third thing was on the, I mean, investments.
I mean, last time on the call, we had mentioned that we have identified certain areas of investments, and we will be making those investments. If you can just provide any, are those additional investments flowing in through P&L at this point in time? I mean, are we taking it directly through P&L, or are we taking it through balance sheet? Those were the questions.
Thank you, Mihir, and good to hear from you today. See, as far as the large deals are concerned, we don't really disclose the details of our customers or the size. What we have obviously disclosed is the number of users for this one. What is the good thing about this is that it is also part of our new product family of EDR and XDR, which is giving us the confidence of how we can start scaling in our new products as well. So that's really what I can share with you right now. As far as the pipeline is concerned, we are very comfortable with our pipeline as it stands right now, while we continue to work on it and add more, both as far as enterprise is concerned and the government business is concerned.
And as we start looking at the coming quarters, we hope to actually get better conversion and keep improving on that. On the investments are concerned, see, we have taken a call that we will be expensing out all our investments in a P&L, like what Ankit mentioned, and we will not be taking it from a balance sheet. So the things that we have confirmed the last quarter in terms of the investments that we had decided we would be doing, I'm happy to share that all of that has actually started. So we started work related to the areas related to the ecosystem that we talked about in consumer market or in terms of our threat intel platform or our malware analysis platform.
We are strengthening and adding more upstream and downstream solutions for our data privacy solutions so that we are able to cover all the use cases and more for the customers when they start complying with the DPDP Act and so on and so forth. So all of that actually is already started. The projects have been greenlighted, and the work will commence. Some of it is already started, as I said. And now we are also embarking on GenAI and how we can start embedding GenAI into the interface so that we can simplify the interface for our users. So yeah, that's really where we are on as far as our investments are concerned.
Okay. How do you?
Just to add, there is no change in the accounting policy for capitalizing our R&D expenses. We will continue to expense it off to the P&L. So there is no change.
Sure. Sure. Understood. And just lastly, on the sales team side, I mean, any incremental hiring over there because we were looking previously to strengthen up the sales team. So any development over there?
Yeah. So I think last time we had announced that Sathyajith Samuel had joined us as a head of sales. We have also hired a new head of digital business for both consumer and enterprise. So that person has come on board. So we continue to hire people at mid-management level as well. And the plan to strengthen our sales organization further is also still underway. So that work continues.
Sure. That's informative. Thank you very much.
Thank you. The next question is from the line of Ishpreet Kaur from RelaxCap. Please go ahead.
Thank you, Pratham. The opportunity. Just wanted to check with you, as you mentioned in the previous question about expensing the investments to the P&L. So just if you could give us some understanding on the broader picture as to how margins would behave because in one way, we are scaling up in terms of business, but on the other hand, being a technology company, that would be required to stay ahead of technological changes. So if you could give a very broad picture for the next 2-3 years as to how we could look at the margins.
Yeah. Hi, Ishpreet. Good to hear from you. So look, I think we have to do that fine balance between investment and profitability. But we have embarked, like I mentioned, and also Ankit mentioned, while we are investing, we are also ensuring that we keep a deep sight on productivity and improvement. And with the advantage of getting AI tools and automations available, we believe we can get in more productivity in terms of the work that we do and in addition to other areas where we could identify some areas where we can reduce cost. So we are looking at it two-pronged. We will not shy away from doing the necessary investments which are required so that we will continue to build and keep on adding more products in our portfolio and in a timely manner.
At the same time, we will also keep sight of our cost so that we will also make sure we remain profitable. And so what we can expect is that the way we have been maintaining our profitability for the last few quarters, we will continue to do that, and we will ensure that that will continue. Having said that, what you can see is a trajectory is that once our revenue starts growing, we expect and anticipate that the gap between the revenue and the cost will widen. And as a result of that, we can expect a better EBITDA as we look at the three-year horizon, Ishpreet.
Sure. By any sense, is there a number in mind, say, if the revenue crosses INR 500-odd crore in whichever year, any number as to what is the kind of margin that we could look at at that scale?
Ishpreet, at this stage, we don't disclose any of such projections. This is broadly what we will show to you, right? You've seen that we've been talking about it for the last four quarters, and we've been maintaining that. If you look at it from an opportunity point of view, you can make your own estimate in terms of how that will go.
Right. Just another from my end, I think we've also requested this in the past. On the enterprise side of the business, if we could get the number of clients that are there and also on a quarterly basis as to how many clients are we adding, that would be very helpful to gauge the growth rate.
Sure. Sure. Sure. We'll note your request, and we'll start seeing how we can share that in the future.
Also, so say if the existing client is already taking your base package, say, which was there, the Seqrite version that was there a year back, plus you've developed new APIs and new service and functionalities. So just to understand as to if the existing customer is now climbing the ladder by taking on the additional services also that you've launched. So I think by the clients that you mentioned would give us a fair picture of where the business is headed. Anything that you could comment now on how that is?
Yeah. I think overall, our overall product strategy is actually tapping that aspect from our client point of view because all our products and solutions are interlinked and are complementary to each other and add incremental value the moment our clients start using them together. Okay? And our integrated architecture and modular architecture that we have created, which is aligned with the Cybersecurity Mesh Architecture, actually gives a single client interface, single policy, single agent, single infrastructure bus, single database. So all of these, I mean, I know I'm getting a little technical, but then these are all architecturally aligned towards achieving the objective of working seamlessly as a platform rather than looking at it as different components. Now, we don't right now share details around how we are going upselling and cross-selling on these solutions.
But as we mature as a company, we will start adding those KPIs in our disclosures as well.
Okay. On the business side of the revenue, the growth could be seen maybe higher because the base is still small if we look at. The expectations were that the growth would be much higher than what we are seeing, so.
Yeah. So see, I think if you see in the last 3 or 4 years, we have moved our enterprise revenue from 20% to now 42%. Okay? So that's almost doubled in the 3 years, right? So from that point of view, there is a good trend that you can observe on a quarter-over-quarter and a year-over-year. Okay? You need to understand that our enterprise business is still very young. Okay? And a lot of the new products that we have talked about are just introduced into the market. They are just 1 year, 1.5 years old. So generally, the fit for market comes for cybersecurity or product industry somewhere between 18-24 months. So it will have its inertia, and it will have its time that will be required for the products to mature and get adopted into the market.
Got it. Got it. Great. Thank you so much for all the answers.
Thank you. The next question is from the line of Tej Patel from Niveshaay Capital. Please go ahead.
Yeah. Thank you so much for the opportunity, sir. So I have a couple of questions, sir. I know you already touched upon this topic, but if you could put a number to it and kind of give a broad idea on, let's say, let's suppose that the act gets implemented. So what could be the number of firms coming into the ambit of that? If you have worked on numbers on your side, what would the ambit of number of firms could come under the ambit of this act, and what could be your potential TAM on this category once, let's say, the acts get implemented?
So Tej, the act will ensure that every single body corporate will be under the act. Okay? So everybody will have to comply. And basically, it enforces a very clear mandate on how in future, in digital business, data will be collected, how consents will be managed, and how consents given by the customers will be fulfilled by the service provider or by the entity. Okay? So that is the expectation. Now, when it comes to adoption, I've given you a view of what has happened in the West. And generally, we have seen a 4%-5% uptick in the IT spend when it comes to the deployment of this. So we anticipate that the same thing is going to happen as far as India is concerned.
Now, of course, when we're talking about so many different corporates who are under Ambit, the ones who are forward-looking, the ones who are early movers will actually be the first ones to adopt. Our technology helps them to get a visibility of the personal identifiable data, inventorize that, and take action in terms of what they need to do to do the remediation. Within that, we are also building a consent management framework which will help them to make sure all the consents are maintained in a system. We will also give them governance so that they are able to manage the whole lifecycle and governance of this discovered asset. So that's really what we're going to give. Now, we don't want to guess as to how the Indian corporates are going to respond.
But whatever we have seen, wherever we have engaged, everybody is thinking about and just waiting for the enforcement guidelines to come from the Government of India. And once that comes in, they will start thinking about securing necessary budgets so that they can start implementation. So we can't hazard a guess here right now because we have to wait and watch exactly how. But clearly, given that it is a mandate and it's an act, if you don't comply, there is a fine up to INR 200 crore which can be applicable if your data is breached and you are not following and complying to the guidelines.
Okay. Okay. Got it. Got it. Got it, sir. So just in again, I'm going to suggest an estimate regarding, let's say, I know your target market for this, the corporate also, since starting your studies MSMEs, right? If I'm not wrong. But then what would be the average, let's say, the average deal value for this MSMEs? Do you have those numbers?
I think it's very difficult to give you any guesswork right now. Not have we done a detailed calculation, scientific calculation for me to give you a number. But since you're asking, let me give you a broad brush for you to make your own assessment about our business model. See, by the virtue of all the solutions that we are introducing into the market, we are increasing our serviceable operatable market in FY 2025 to around INR 300 crores. And as you go to FY 2026, it goes to INR 3,500 crores, and as you go to FY 2027 to INR 4,000 crores. So if we start adding more additional tools and solutions, that market will also grow. So if you look at it from our SOM perspective, one is about increasing the scope by adding new solutions, and the other is increasing the scope by going into geos.
Right now, we have a tactical approach to go to international. But as far as the solutions are concerned, given the host of solutions that we are developing, we are constantly working to increase our SOM.
Okay. Great, great, sir. Thank you so much, sir. That's all from my side.
Thank you. A reminder to all participants that you may press star and one to ask a question. The next question is from the line of Rusmik Oza from 9 Rays EquiResearch . Please go ahead.
Sir, thanks for the opportunity. So I was just looking at the financial table that's given in the presentation and in the press release also. In one, you are giving employee expenses, which is roughly around 63% of revenue in Q1. And in the presentation, there's one more breakup in the form of R&D expenses, which is 55% of revenue. Just wanted to understand what could be the mix of R&D spend actually in terms of manpower and in terms of technology. And so that's one question. And second is, you mentioned some new product initiatives or some new launchpad this year, Horizon 3. If you can just give us some color on what is this initiative and by when this could probably get completed.
So thanks, Rusmik. Generally, R&D expenses consist of AWS cost and the manpower cost. So manpower cost is a significant part in our R&D. And because it includes manpower, we have to give increments, and there is a headcount which keeps on adding due to our Horizon 3 requirements. So we are seeing an uptick in this cost. In addition to this, there is an AWS cost because most of our new products are cloud-hosted. So we have to incur the AWS cost on an annual basis, quarterly basis.
Okay. So sir, just to clarify, in the presentation, you've shown INR 35 crore as R&D expenses, which is roughly around 49% of revenue. Going forward, what could be the quarterly or the annual run rate on this R&D expenses, either in absolute number or as a percent of revenue? If you can just provide some input on this, it will be helpful to understand the future growth trajectory on this count.
Generally, we don't give any guidance. But to answer your specific question, generally, this cost is fixed in nature unless we are adding more clients which are based on AWS. But this cost more or less will remain in the same levels. It will grow, but not in the same proportion as the revenue will grow. This cost, as I mentioned, is mostly manpower cost, which is fixed in nature. Does this help?
Yeah. Thanks for the clarity. In Q1, sir, there was a 63% jump in the retail business because this retail business actually has been quite saturated and has been stagnant for some time. So I just want to know, is there anything new or different which has happened in this quarter where we have seen a 63% jump in the retail segment business?
Yeah. So I'll answer that question. But before I do that, let me answer your earlier question. So when we talked about the Horizon 3 platforms, see, we are sitting on data which we collect from 9 million endpoints of our customers. So every single day, we are able to get signals around what's happening on these devices, what are the threats coming in, what are the different actors, what are their methodologies, what are their techniques that they use, and so on and so forth. So all of this data, we are going to package it into a threat intel feed and also create a platform because we understand malware very deeply.
Because over the three decades of our understanding of working on malware, we are creating a platform, which is a malware analysis platform, which can automatically help you to diagnose an infected file and give you all the statistics of what's happening to that file. Okay? Apart from that, I mentioned about data privacy and the upstream and the downstream work that we are doing around that. We are also investing in our roadmap and our strategy on Zero Trust Network Access, ZTNA. We have already introduced our product called Zero Trust User Access, which is doing very well in the market. But now we are embarking on the journey to start ZTIA and CASB and secure that gateway and so on and so forth so that we are able to complete the whole suite.
The common layer of this is going to be the GenAI, which is going to give you a simple user interface to interact and work with our solutions so that we can democratize cybersecurity and make it commonly available for a common user to perform meaningful activities in cybersecurity without a need to have a good domain understanding, right, and still achieve cybersecurity. These are some of the things that we are doing as new-gen solutions. You can expect that some of it can be released within the next six months. Some of it will take another one and a half years for it to be fully ready for the market.
On the growth related to the consumer businesses concerned, look, I think we have shared this in the past as well, that we are investing, and we are also looking at multiple levers which are available at our disposal to counter the headwinds in the consumer business. What we are seeing as a result is the outcome of the result from those interventions that we have done. We are constantly at it. Our retail team is fully charged up to work on all of the strategies and the go-to-market initiatives that we have planned. Now we are focusing on execution so that we are able to continue to demonstrate the same level of progress and momentum that we have created in quarter one.
Okay. Thanks for this, sir. One small connect between what you said and the R&D expenses is that you have projects which will go from 6 months to 1.5 years in the future. The last quarter, R&D expense was INR 35 crore. If annualized, it goes to almost around INR 140-150 crore. So does that mean that this run rate of INR 140-150 crore R&D expenses will remain for this year and next year?
So I think I answered that question slightly differently for Ishrit. I think she was asking something similar. So let me attempt again to share with you what we are looking at. How we are looking at it? You see, we are looking at it as a fine balance. If we want to embark and do all of these things that we talked about, it will be a combination of improvement and productivity and how we optimize our R&D work that we do. That's number one. Number two is about prioritizing all the roadmap and looking at what we need to do for our existing product and how much of talent we can allocate for the new product. And number three, additional investment that we need to bring in to augment that capability and be able to drive it.
So all these three things will, and by doing all these three things, we have to also balance out to make sure that we have an eye on the profitability as much as we continue to add new products and innovate. So I think all of these things are important, and it's a fine balance. But we are very confident that we will be able to maintain a good balance so that we are able to meet the expectations of our stakeholders.
Last question from my end. Now, since a lot of these expenses are fixed in nature in terms of structure, so your big delta in margins could only come by a disproportionate jump in the revenue. Internally, have you worked out anything that what kind of revenue growth you need to maintain for the next two to three years to generate this delta in EBITDA margins so that they can improve sequentially from year on or in future?
Yeah. I think, Rusmik, as is the case with all the companies, we have our business plan. We have our business plan for this year, and we have a business vision plan for the next three years. We have factored in all the things that we need to do to ensure that how we are going to manage our top line and bottom line. All those things are already there in our plan, baked into our strategy, and therefore baked into our go-to-market. So yeah, I think I can share with you that it is there. Of course, we don't disclose it outside at this stage. Internally, all the plans are worked out, and we know exactly how the financial business plan is defined there.
Any thought you can give in terms of what kind of EBITDA margins you can expect 2-3 years down the line, not in the very near future, not quarterly also, but at least 2-3 years down the line, once everything is streamlined, you have your go-to-go product launches, everything going smoothly, what kind of EBITDA margins we can look for in the next 2-3 years, sir?
Yeah. I don't think we want to give any guidance around that, Rusmik, unfortunately, at this stage. But one thing we have committed is that we will be constantly focused on profitable growth, and we are committed to that. You have to study some of the global cybersecurity vendors and look at their trajectory for the last 15, 20 years. And if you then compare the way we are doing it, you will find that very few have actually focused on profitable growth initially. But we are. And so but you're absolutely right. I think as we start maturing in our new product, we can have a very good upside on the revenue, and that's for sure. And once that starts happening, we can also see the positive impact of that on the EBITDA.
Thank you so much, sir, for the patient hearing and replies. I appreciate it. Thank you, sir.
Thank you. A reminder to all participants that you may press star and one to ask a question. The next question is from the line of Jitendra Agarwal from RelaxCap. Please go ahead.
Hi. Good evening.
Hi. Good evening, Jitendra. How are you?
Very good. So I have two questions. One is, there is this mention of a Gartner rating of 4.6 out of 5 for the security solutions. If you could explain what is the relevance for that in terms of either mid-corporates or large corporates, and why did you go for that rating? My second question is related to this DPDP Act, and it may sound a bit stupid, but what I want to understand is, so let's assume I'm a corporate. I have some customer data which is confidential or which can disclose the identity. Are they not spending anything as of it so that they only just because the act comes in place, and they will start spending on the next day? I'm unable to understand this correlation. If you could explain. Thank you.
Yeah. So both are great questions, Jitendra. See, I think when it comes to Gartner's peer review, right, it is not something that we control. Basically, it's Gartner who publishes our technology and gets some feedback from use of our technologies by our customers. And one or two some of our customers would have participated in that peer review and would have given that rating for us. And that's why it is so special that they have rated us so well on that particular product. And it gives a third-party validation of the quality of the products that we have, right? Now, as far as the DPDP Act is concerned, see, I think what happens is that not everybody is fully aware of the implications of privacy and cybersecurity in the corporate world. The same is the case even as individuals, right?
So if I could just give you a data point, 50% of the individuals in the U.S. use paid AV, whereas in India, that percentage drops to around 20%. So that is largely because of the lack of awareness of which is there. So I think there is some work required to be done. Now, similarly, when it comes to privacy and cybersecurity, see, the reason you have seen different countries adopt these kinds of guidelines is when they start seeing that digital starts impacting and becoming a systemic risk for a country. The good example of that is the recent IT outage that happened where 8.5 million devices were shut down by a bad update by a cybersecurity vendor, right? It shows and underscores the importance of availability of our systems today for business to carry on.
We know that billions and billions of dollars have been lost by that just one shared incident. So similarly, the government realizes that these are systemic risks, and that's when regulations come in, right? That is exactly what happened in the U.S. That's exactly what happened in Europe. And with the big push that India is doing right now in digital, when we're talking about the whole government infrastructure being fully digitized, and you can't imagine any body corporate actually functioning without digital and technology. So hence, the government sees this as a systemic risk and does not want to wait for each company to find it in their own hard way, but to actually start building robust mechanisms and interventions so that overall, the maturity of the infrastructure and the processes that we follow for compliance to the personal information are protected.
So that's really I'll give you one more example, Jitendra. You see how easily right now, company and data is available in the black market, right, in India. And that's largely because we don't have enough controls over how information is controlled. So I think all of these are examples. Now, we should not take it casually. And now, with these controls coming in, there will be more people made accountable in case something like this is happening in the future.
But there would be these same corporates, let's assume XYZ as a corporate, right? So they must be currently spending an X amount or a Y amount already on this data.
Okay. So.
Yeah. So I think, see, the privacy, right, as a concept, in terms of digital privacy, is still very new to India. You can take the same argument for Europe, right? Before GDPR, GDPR came roughly around 7-8 or maybe a decade back. Before GDPR, the level of compliance to personal data by corporates was very, very minimal. It increased the moment GDPR came into play. So regulations have proven to improve the overall maturity of privacy and security practice in organizations. Now, you can always say that there will be certain things which the companies will be following. I was in bank for 20 years, and there is a Banking Regulation Act which also defines what is private and what is not. All banks, I know they comply to it. So there is something which is already there.
But the consent management, how you collect data, how you maintain data, how you purge data, all of these are sometimes ignored by corporates. And this will help them to compare to think about it and ensure that they don't allow data to proliferate beyond the limited means that they need to. Okay. Very small, just a connected. So the INR 4,000 crore addressable market, whichever is by FY 2027, that includes the DPDP, right?
Yes, that includes.
Perfect. That is very helpful. Thank you. Thanks a lot.
Thank you, Jitendra.
Thank you. A reminder to all participants that you may press star and one to ask a question. The next question is from the line of Jalaj from Svan Investments. Please go ahead. Sir, your line has been unmuted. You can proceed with your question.
Hello. Am I audible?
Yeah, Jalaj, go ahead.
Yeah. Thanks for the opportunity. So I had a question with regards to the enterprise side of the business. So where do we stand currently? So I have two parts to it. Where do we stand currently and exactly maybe amongst the multiple products on both acceptance and maturity of the product? Because I'm sure you would be having discussions with clients or possible clients who can be in the future. So that would be one. And could you talk a little about the GTM for both from a perspective of doing it in-house and via the sales channel partners or maybe bigger SIs? Could you talk a little about that? Thank you.
Yeah. So Jalaj, see, basically, when you look at our portfolios, right, and we have defined our portfolio in three categories: Horizon One, Horizon Two, and Horizon Three, which is currently the work that we are going to start. So Horizon One is our core, and that is still delivering the majority of our revenues, which is our enterprise protection platform, okay? But now that we have introduced our Horizon Two products, which is our EDR, XDR, MDR, Zero Trust User Access, mobile security, and so on and so forth, they are now starting to generate revenues, right? Now, all of these products are at different stages of maturity.
On a lighter note, I must say that just last week, we got a call from one of our large customers saying that, thanking us, that they moved from the erstwhile EDR solution to us and saved themselves from a major IT outage that recently happened, right? So they're very happy with our EDR solution and seeing significant value from the incident and the threat that they identified for them. Similarly, our Zero Trust User Access solution, our EDR solutions are being used by many corporates now and delivering significant value. So we have already started seeing that the Horizon Two products are maturing and getting adoption into the corporates, right? To answer your second question on the GTM, see, I think we have a very clear strategy of partnering with GSIs.
So we are talking to all the top GSIs in the country, which are global GSIs, and looking at how we can partner with them so that they can actually build our solutions in the large deals that they have. So that is pretty much part of our strategy, apart from going through distribution network, through channel network, and partners. So all of that is going on together.
Understood. Understood. And maybe a little detail into the point that you mentioned for Horizon One and Horizon Two. So currently, if I were to see directionally, Vishal, so does it form Horizon Two currently forms a major chunk of the revenue, or how do you see it going forward and currently what it is?
Yeah. So if you go back to where we were maybe 3 or 4 years back, we were majority of our revenues were coming from consumer, and enterprise was just beginning, right? In the last 5 years, the enterprise business has become 42% of our revenue, okay? Now, that 42% of the revenue, major part right now is our core products, which is Horizon One. But as we go and see the next 3-4 years, we expect the same stories that happened of the mix that we got between consumer and enterprise should happen for Horizon One and Horizon Two. So that's really how we are looking at it. And in future, we're also gearing up for Horizon Three.
Understood. Understood. Thanks a lot. Best of luck.
Thank you, ladies and gentlemen. That was the last question for today. We have reached the end of the question and answer session. I would now like to hand the conference over to the management from Quick Heal Technologies Limited for closing comments.
Thank you so much for engagement throughout this call and for all the questions that you have asked. I hope we have been able to answer them satisfactorily. Until we meet again next time, thank you so much.
Thank you.
Thank you. On behalf of Quick Heal Technologies Limited, that concludes this conference. Thank you for joining us. You may now disconnect your lines.