While a first-day leap is a pretty common phenomenon on China’s three-month-old Nasdaq-style marketplace (read more about it in our report – download), most of the stocks thereon typically retreat within the following days, keeping pace with the bearish trend that appeared in the venue right after the first wave of hype around it ebbed away.

There are, as usual, some exceptions. DBAPPSecurity (安恒信息, 688023:SH) is one of them. Pricing the IPO at CNY 56.50 (USD 8.05) apiece at 72 times earnings, the network security solution provider, indeed, expected some post-listing agiotage. It consequently raised CNY 1.05 billion (USD 148.98 million) on November 5, when the stock kicked off trading. 

Predominately quick-profit-seeking, Chinese traders rarely make long-term bets on the country’s financial markets. However, there are some (quite traditional) factors that may trigger investors to join the rush, boosting demand for a fresh stock once its issuer goes public. If experience is anything to go by, outstanding funding history (to be more precise, big money raised and mighty backers) is often able to stir capital-movers to at least ponder over open-market equity bids.

DBAPPSecurity seems to have several solid reasons for being appreciated by local investors. In this article, we scrutinize the company, talking about its core business model, growth drivers, market positioning and financial results. We also zero in on the information security market, which has lately been getting traction, spurred by the vast, ever-expanding troves of data generated, stored and moved by a plethora of Internet companies worldwide.

The firm

Founded in 2007, the Hangzhou-based software developer has grown into one of the dominant players in the Chinese information security market. The company provides a set of full-cycle cybersecurity solutions as well as other professional services in the fields of big data, cloud and Internet of Things (IoT) security. Its product mix contains four main directions: security platforms, professional services, software products as well as hardware customization and resale. 

Catching the hottest emerging trends, this ‘security service supermarket’ has been developing solutions for various technological concepts and business models; it is now marketing a number of value-added data protection mechanisms that are calibrated exclusively for realms like the Internet of Things (IoT) and smart cities (that, in many respects, can also be called ‘IoT’). Dealing with both cloud and the edge, the firm operates across several industries such as finance, mobile and retail.

With several dozen invention patents, relatively high – and continually growing – R&D spending (20.8%, 22.3% and 24.3% of revenue in 2016, 2017 and 2018 respectively), DBAPPSecurity leverages significant resources and research capabilities. The recent aggressive hiring campaign has almost doubled the number of people directly involved in the innovation drive: in 2018, there were 454 – or roughly one in three – employees that were pushing the company forward by making attempts to generate brand-new methods of managing bits and bytes.

In the digital world, a vast majority of enterprises want to see their precious data protected. Therefore, information security field players have an excellent chance to diversify the downstream pool – the scope of their client base varies from mid- and large-sized Internet companies to universities and government organizations at different levels.

Names and ‘names’

There is another exciting thing about the firm’s positioning – precisely, the physical presence. Unlike most other types of software businesses, information security is a realm where geography matters.

As Hangzhou – the city of the company’s headquarters – is known for being the residence of the most towering China’s tech titan – Alibaba Group (BABA:NYSE), the interaction between the e-commerce behemoth and DBAPPSecurity is more than likely to happen. Given Ali’s data-heavy business and its recent attempts to crack into the global cloud market, we may conclude that it’s almost inevitable.

One emerging distinctive trend among global tech giants is their willingness to build ecosystems by allocating capital to independent startups and projects that complement their respective supply chains and might be potentially acquired. This case is no exception: in November 2015, Jack Ma’s corporation led the security firm’s Series D round of financing, taking over more than 34% of its total equity, as reported by investment database ITjuzi. China’s ‘top one’ by market cap pumped hundreds of millions of yuan into its hometown offspring.

Besides, there have been six more investment events in DBAPPSecurity’s history. With Chang’an Capital (长安私人资本), Haibang Venture (海邦投资), Addor Capital (毅达资本), Silicon Paradise (天堂硅谷) and some other locally renowned names behind it, it grew into a semi-unicorn, which quickly morphed to an even bigger creature with a market cap exceeding CNY 8 billion (USD 1.14 billion) after the first week on the Shanghai Stock Exchange Star board.

The company’s founder and current CEO, Fan Yuan (also Frank Fan; Chinese: 范渊), a San Jose State University alumnus, has a profound experience in the sector. Before founding the firm, he spent several years working for Silicon Valley software market player ArcSight (a subsidiary of Hewlett-Packard since 2010) and integrated information technology governance startup Agiliance. According to the prospectus, a bunch of other people with international careers in Information Technology (IT), Internet, big data and other adjacent fields are working for the security products developer at the moment.

Over the past three years, DBAPPSecurity has not only doubled the operating income, reaching CNY 640.41 million (USD 91.29 million), it also grew in size from 691 people in 2016 to 1,332 in 2018. Meanwhile, the firm has just started earning money, recording a net profit of CNY 52.11 million (USD 7.43 million) and 75.74 million (USD 10.79 million) in the last two years.

Risks and perils

There are some concerns about the financial statistics. For one, some signs of inequality can be observed: the higher management took home nearly 20% of the company’s net profit in 2018. Though highly qualified personnel prevail (80 Masters holders and more than 850 employees holding Bachelor degrees), they might be underpaid. This fact, indeed, is a definite disadvantage for a rookie trying to make a play on the harsh Chinese software scene.

It is of note that another – probably the most essential – risk category comes from stiff competition in the data security sector. In the Middle Kingdom, which is famously evolving into a Daedalean digital citadel these days, we find both traditional players like China Electronics Technology Cybersecurity (CETC, 中国网安) and ambitious upstarts such as Beijing-based Trusford (芯盾时代), which snagged CNY 300 million (USD 42.75 million) from CBC Capital in its Series C earlier this year.

What’s more, as the nature of data changes, becoming a cross-border phenomenon along with major value-added businesses, international competition is also taking on a more complex shape. The likes of Nasdaq-listed FireEye, lavishly (USD 207.5 million in two rounds) funded New York-based upstart BlueVoyant and J.P. Morgan-backed Menlo Security are posing multiple treats to all the companies from emerging markets that dream about global presence, and DBAPPSecurity is not an exception.

Together with its Suzhou-based nemesis Hillstone Networks (688030:SH), which was also listed in the tech marketplace a few weeks ago, and several other Mainland China-based security companies that were included in the Cybersecurity 500 list, it is about to challenge the abovementioned juggernauts on a global scale. It has way fewer chips in the stake than these and other heavyweights however; it is rather a potential challenger than a guaranteed disruptor.

Big-wave surfing

Nowadays, technology is universally used among the keywords when it comes to talks on ‘world-shaping.’ As the digital universe evolves, crime, fraud and other phenomena that modern society considers evil are also migrating to the new dimensions. Consequently, information security is not only ballooning in terms of scale and scope, but it is also becoming an attractive area for doing business – flexible and sometimes even, as Nassim Taleb would say, antifragile.

In fact, data abound in the cloud and edge across the globe. As a result, more and more technologically advanced firms try to leverage it in order to make profits. The changes have been occurring in a fast manner, so the legal institutes in this field aren’t able to keep up with the frequent shifts happening in the real world.

In other words, the law stays underdeveloped compared to the immortal combination of business and technology, which means that an ex-ante analysis represents the only option for those who try to deal with uncertainties and prevent information theft and other types of new-era crime. 

The digital ecosystems boost in size and mingle, and the global security industry is thriving in the train of it. Each and every segment of this market has been snowballing. With a 57.51% compound average growth rate (CAGR) over the past two years, cloud security has seen the highest speed among them. Talking absolute numbers, ‘security services’ – a broad category that includes various types of 2B (to-business) paid activities – took the crown, with an extra USD 12 billion added just in two years.

At first glance, the big picture looks like smooth sailing for young and locally active players like DBAPPSecurity. However, the sector might (and it, indeed, seems to have started to) lure top global Internet companies that will shake the scene by launching weighty projects or undertaking huge acquisitions. As always, the pursuit of the prize is laced with risks. And any risk has a chance of yielding a bonanza.