This article first appeared in The Edge Malaysia Weekly on November 25, 2024 - December 1, 2024

LGMS Bhd (KL:LGMS) is on an aggressive hiring spree that has seen it raise its team of cybersecurity specialists by more than 40% in less than a year as it looks to better position itself to take a larger slice of the growing cybersecurity business. This is despite a short-term dent to the group’s earnings.

The firm, which prides itself as a pure-play cybersecurity company, added 70 new hires between January and November, pushing its work force to 160, according to co-founder and executive chairman Fong Choong Fook.

“Today, we have the largest pool of cybersecurity consultants in the country,” the 48-year-old tells The Edge in an interview.

LGMS isn’t done yet. The group is still in “expansion mode” and expects to grow to 200 employees by the end of this year.

But the rapid employee growth comes at a price, including significant upfront expenses. Staff costs have been edging up over the past 1½ years and will likely continue at least until the middle of next year, when the group hits the brakes on hiring.

LGMS brought in RM34.24 million in revenue last year, up 4% from RM32.79 million in 2022. However, net profit slipped 3% to RM11.22 million from RM11.55 million, as the group expanded its workforce to include more cybersecurity specialists, its 2023 annual report shows. The total employee benefits expense in 2023 stood at RM13.36 million — 26% more than the year before.

Employee benefits expense shot up a further 35% to RM7.89 million in the first six months of 2024 (1HFY2024) from RM5.86 million a year ago. At the same time, net profit rose 17% year on year to RM6.1 million on higher revenue, which climbed 32% to RM20.14 million from RM15.21 million a year earlier.

“We are up to our necks in work. We will need more cybersecurity experts to support this growth,” declares Fong.

He points out that the group has strict hiring requirements, ensuring only candidates with a good attitude and honesty are hired. “To us, personality is more important than technical skills because we are going to train the new hires to become hackers or cybersecurity advisers/analysts. That’s why we spend a lot of time evaluating candidates before we take them in. Also, our probation period for new recruits is six months. The good news is there is no shortage of applicants.”

According to Fong, LGMS is conscious of the fact that growth has been linear and not exponential.

Indeed, since the entry in April last year of Japan’s Mitsui & Co Ltd as a substantial shareholder in LGMS with a 25% stake, the group has been undergoing an organisational transformation, which involves crafting its go-to-market strategies and identifying new target markets.

“During this transformation period, we don’t expect a surge in our profits, although we will remain profitable, as we will be reinvesting money back into research and development (R&D), hiring and expansion of our business for the next few years,” explains Fong.

Leveraging Mitsui’s international platform, LGMS is also eyeing global expansion. According to Fong, about 30% of the group’s revenue comes from international markets such as Singapore, Cambodia, Vietnam, New Zealand, South Korea and Japan. “Our intention is to grow our international contribution to about 40% or 50%, but we don’t have a timeframe for that. The reason for this is that more mature countries are more willing to pay for [cybersecurity consultancy] services.”

Explaining the firm’s desire to remain independent, he says: “We are actually controlling our growth. We want to see exponential organic growth, not superficial. If we want to, a fast way to experience [fast] exponential growth is by becoming system integrators. In fact, many clients have asked us to provide them software and hardware products since we are already offering them cybersecurity consulting services. But we don’t sell third-party products. If we did that, we would no longer be objective. We want to remain as a cybersecurity specialist … being neutral is our philosophy.”

In the interim, Fong will have to hold out shareholder pressure to increase its profits. “We tell [our] shareholders, ‘Let us do our business’. I have been driving the business for more than 20 years. I know what is best for the company. You can switch the company to a different mode and see exponential growth. Shareholders will be happy, but it’s not in the best interest of the sustainability of the company because we lose our unique proposition in the industry. We believe that when the market hits maturity, then our business will surge,” he says.

According to market research firm Statista, revenue in the Asean cybersecurity market is projected to expand at a compound annual growth rate of 10.09% until 2029, reaching US$7.07 billion by 2029 from US$4.37 billion (RM19.5 billion) in 2024.

While all of this adds up to opportunity for cybersecurity companies like LGMS, confusion among buyers in the country remains.

“When it comes to cybersecurity, many consumers or buyers cannot distinguish between a specialist and non-specialist,” observes Fong.

“Some business owners may think, ‘I need a cybersecurity health check, I can get it from a company that offers the lowest price or from a reseller who also offers a wide range of products’. It’s a frustrating setback — trying to educate consumers. When you want to do a proper security consulting or health check, the party has to be neutral. If I am a reseller of several security products, how am I going to give you a neutral and objective consultation? Obviously, I am going to be biased and steer towards pushing my products. That’s exactly what is happening in the cybersecurity industry,” he laments.

He is hopeful that the Cyber Security Act 2024 (Act 854), which came into force in August will elevate the awareness of cybersecurity in more organisations, particularly those within the 11 Critical National Information Infrastructure (CNII) sectors. “We hope that Malaysia’s cyber maturity will grow to the level of Australia, Europe and the US.”

In a July 3 report, Kenanga Research noted that LGMS is a good proxy to the growing cybersecurity awareness in Malaysia on the heels of the enactments to the Cyber Security Act 2024.

“This act affects both individuals and businesses, particularly those within the CNII, by mandating compliance with cybersecurity standards. Many cybersecurity incidents in Malaysia have gone unreported due to the lack of disclosure requirements, an issue the act aims to address,” the research firm says. “Under the act, company directors may face personal liability for offences if found negligent in their cybersecurity preparedness.”

Following the enforcement of the act, LGMS has been approached by an increasing number of organisations from non-traditional sectors like agriculture, plantation and transport that want to make sure that their networks cannot be broken into.

Today, LGMS’ clients are large enterprises in traditional sectors such as financial services and telecommunications, which are concerned their organisation will be hit by a cyberattack. “Most Tier-1 financial institutions and e-wallet service providers, major telecommunications operators, internet service providers and major airlines are using our service,” says Fong.

Still, while waiting for the country’s cybersecurity industry to mature, LGMS is counting on its plug-and-play device StarSentry, which is tailor-made for small and medium enterprises (SMEs), to push for exponential increase in its revenue.

“There is a chance to make a breakthrough happen by tapping the SME market using the lower-cost [cybersecurity] solution. When we reach the tipping point, that is where our revenue will surge exponentially,” Fong explains, but notes it is difficult to specify a timeline when this will be achieved.

StarSentry made its debut in June after about two years of R&D. The plug-and-play device connects to users’ networks and autonomously analyses all connected devices for vulnerabilities.

“This solution is basically emulating what our cybersecurity consultants are doing except that it is being done at a lower cost and is designed for SMEs. For instance, when business owners engage us to carry out a vulnerability assessment, we would deploy our experts to the site, set up our equipment and start scanning their systems, servers and applications before coming up with a report, which lists down the things they need to do. The entire project delivery lead time would take about a week to half a year, depending on the complexity and scope of the work process.”

With StarSentry, LGMS enjoys a higher profit margin of about 50% to 60% compared with a profit margin of some 30% to 45% when deploying consultants.

“However, the scope of the audit at larger enterprises is usually more complex and requires consultants to physically visit the site. For SMEs, it is simpler; therefore the pricing advantage. For example, the value of a cybersecurity consulting project can start from RM50,000 to as high as RM5 million, depending on the scope of work. With StarSentry, the subscription fee is about RM13,000 per year. We are looking at volume for the SME market,” says Fong.

The group is also constantly on the lookout for acquisition targets to grow its cybersecurity business and is particularly interested in software development companies or information technology solution providers to help develop more cybersecurity solutions, says Fong.

“We have a few security initiatives in the pipeline that we want to roll out. It doesn’t matter whether the acquisition targets are local or foreign,” he adds, noting that discussions are ongoing with several candidates although there is no certainty the acquisition will proceed or materialise.

“We may reach a deal earliest in the first quarter of 2025 if ever there is one. There is no need to raise funds for the acquisition. We will use internally generated funds.”

The group’s cash and equivalents stood at RM67.7 million at end-June with total borrowings of RM754,000.

Fong is currently LGMS’ single largest shareholder, owning a 36.411% direct stake. He also holds another 10.805% through his wife Goh Soon Sei, who is co-founder and executive director of LGMS.

Fong pledges that there will not be any more changes to LGMS’ shareholder structure after Mitsui. “Many people, including public-listed companies, have approached us about potentially taking a stake in the company. I am not selling. First of all, we don’t need the cash. However, what we need is market outreach. We don’t want to remain only in Southeast Asia. We want to do global business. Mitsui naturally fell into the picture. In fact, we spent 1½ years doing due diligence and valuation before we finally decided to sell [the 25% equity interest] to Mitsui due to the exposure they can bring us.”

LGMS does not have a formal dividend policy, but has been paying shareholders 50% of earnings in the last three years. So far this year, LGMS’ share price has risen 37% to close at RM1.26 last Thursday, giving the company a market capitalisation of RM574.6 million. 

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.