Report Entitled "Cyber Systems Failure"
Spruce Point Capital Management is pleased to provide a critical update on Mercury Systems, Inc. (Nasdaq: MRCY) ("Mercury" or "the Company"). As a result of our forensic investigative analysis, we reiterate our "Strong Sell" opinion, and see 50%-60% downside risk ($20.60 to $25.75 per share)
Our detailed research report is available on our website. We also encourage all of our readers to follow us on Twitter @sprucepointcap for regular updates. Please review our disclaimer at the bottom of this email.
Spruce Point finds evidence to suggest that Mercury could be one of the companies affected by the alleged Super Micro Computer, Inc. (SMCI / Supermicro) hack, and can demonstrate recent actions taken by management to obscure the relationship. We believe the Street is structurally misunderstanding the magnitude of delays in revenue and rising cost for cyber compliance that Mercury – a company presently without a Chief Information Security Officer (“CISO”) who just resigned in August – will face going forward. Based on our expert calls, we believe that cybersecurity costs could mount to 10% of revenues. Given that management felt it necessary to hide its relationship with Supermicro, we believe Mercury needs to disclose to investors the materiality of its exposure to Supermicro motherboards, the financial impact of any product changes/recalls/replacements, and what plans it has on a go-forward basis to ensure “security” of its mission-critical products.
Exposure Emanating From “Technology Partner” Supermicro
- On October 4th, Bloomberg published an in-depth article highlighting how China infiltrated 30 U.S. companies by inserting a tiny chip into Supermicro motherboards. Navy systems were mentioned specifically as an affected target. Mercury Systems and two of its recent acquisitions – Themis Computers ($175 million / Feb 2018) and Germane Systems ($45 million / July 2018) – each sells to the Navy and other military branches.
- Providing secure and resilient solutions to prime and government customers is the essence of Mercury's business. Mercury mentions the words “secure” and “security” over 100 times in its annual report.
- Mercury, Themis, and Germane all listed Supermicro as a “technology partner” on their respective websites until last week, when nearly all references to the relationship were abruptly and surreptitiously removed between October 8-9 without explanation
- The existence of Supermicro motherboards in Mercury’s rugged servers presents a difficult-to-quantify tail risk, but could force product recalls and expensive supply chain adjustments, among other costly actions. As a precedent example, the Navy placed restrictions on IBM’s BladeCenter server line in 2015 over supply chain security concerns, less than a year after China’s manufacturer Lenovo acquired IBM’s server business. USNI Article
Cyber Compliance Is Likely To Drag On Revenue Growth And Materially Increases Costs
- A recent U.S. GAO entitled “DOD Just Beginning to Grapple with Scale of Vulnerabilities” highlighted how testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected. Based on conversations with industry experts, we believe that the requirements for winning government business will be rewritten with an emphasis on cyber resilience and a much higher cybersecurity standard. We suspect that awards of new contracts are likely to be delayed as a result.
- Based on our research, Mercury appears ill-prepared to address these new requirements given its relative shortage of cybersecurity personnel, and the fact that both its long-time CIO and Chief Security Information Officer recently departed in August 2018. We estimate that Mercury could have to spend up to 10% of revenue on cyber-related costs going forward, or otherwise make a costly acquisition to comply with these new customer expectations.
- Mercury has quietly hinted at some of these concerns through subtle changes to its 10-K risk factors and safe harbor provisions, and through recent job postings in supply chain procurement and quality control
- Mercury just announced on Oct 8th it added "Over 50 Models To Its Rugged Server Line" - the timing of these new models is curious - is this tacit admission of product replacements?
Deteriorating Financial Metrics, Undisclosed Signs Of Strain, And Evidence Of Misrepresentation
- In our first report, we highlighted Mercury’s risk of losing its small business status for government contracts. Mercury lost this status earlier this year, which has coincided with rising inventories relative to backlog convertible to revenues in the next 12 months.
- Mercury’s gross margins have now fallen below its “low target” of 45%, and could compress further due to Defense Federal Acquisition Regulations Supplement (DFARS) compliance issues and potential product recall costs from the Supermicro fallout
- Additionally, Mercury recently amended its credit agreement for a third time in late September 2018, but never disclosed that it had amended the agreement a second time in December 2017, just as it began factoring accounts receivable. Factoring accounted for a substantial 43% of FY18 operating cash flow.
Mercury’s Irrational Valuation Multiple Could Materially Contract
- Mercury currently has the highest valuation in the Aerospace & Defense industry (greater than leading primes such as GD, BA, RTN, LMT, HRS/ LLL despite posting the sector’s weakest cash flow as a percentage of revenue and average organic revenue growth (ex: $100m contribution from Themis/Germane)
- Sell-side analyst see just +9.5% upside in its share price, but haven’t factored in complications arising from its Supermicro relationship and rising cyber compliance costs
- Taking these issues into consideration, and discounting Mercury’s multiple to the industry average, we estimate 50%-60% downside
Thank you very much for your continued interest in our investment research.
This research presentation expresses our research opinions. You should assume that as of the publication date of any presentation, report or letter, Spruce Point Capital Management LLC (possibly along with or through our members, partners, affiliates, employees, and/or consultants) along with our subscribers and clients has a short position in all stocks (and are long/short combinations of puts and calls on the stock) covered herein, including without limitation Mercury Systems, Inc. (“MRCY”), and therefore stand to realize significant gains in the event that the price of its stock declines. Following publication of any presentation, report or letter, we intend to continue transacting in the securities covered therein, and we may be long, short, or neutral at any time hereafter regardless of our initial recommendation. All expressions of opinion are subject to change without notice, and Spruce Point Capital Management does not undertake to update this report or any information contained herein. Spruce Point Capital Management, subscribers and/or consultants shall have no obligation to inform any investor or viewer of this report about their historical, current, and future trading activities.
This research presentation expresses our research opinions, which we have based upon interpretation of certain facts and observations, all of which are based upon publicly available information, and all of which are set out in this research presentation. Any investment involves substantial risks, including complete loss of capital. Any forecasts or estimates are for illustrative purpose only and should not be taken as limitations of the maximum possible loss or gain. Any information contained in this report may include forward looking statements, expectations, pro forma analyses, estimates, and projections. You should assume these types of statements, expectations, pro forma analyses, estimates, and projections may turn out to be incorrect for reasons beyond Spruce Point Capital Management LLC’s control. This is not investment or accounting advice nor should it be construed as such. Use of Spruce Point Capital Management LLC’s research is at your own risk. You should do your own research and due diligence, with assistance from professional financial, legal and tax experts, before making any investment decision with respect to securities covered herein. All figures assumed to be in US Dollars, unless specified otherwise.
To the best of our ability and belief, as of the date hereof, all information contained herein is accurate and reliable and does not omit to state material facts necessary to make the statements herein not misleading, and all information has been obtained from public sources we believe to be accurate and reliable, and who are not insiders or connected persons of the stock covered herein or who may otherwise owe any fiduciary duty or duty of confidentiality to the issuer, or to any other person or entity that was breached by the transmission of information to Spruce Point Capital Management LLC. However, Spruce Point Capital Management LLC recognizes that there may be non-public information in the possession of MRCY or other insiders of MRCY that has not been publicly disclosed by MRCY. Therefore, such information contained herein is presented “as is,” without warranty of any kind – whether express or implied. Spruce Point Capital Management LLC makes no other representations, express or implied, as to the accuracy, timeliness, or completeness of any such information or with regard to the results to be obtained from its use.
This report’s estimated fundamental value only represents a best efforts estimate of the potential fundamental valuation of a specific security, and is not expressed as, or implied as, assessments of the quality of a security, a summary of past performance, or an actionable investment strategy for an investor. This is not an offer to sell or a solicitation of an offer to buy any security, nor shall any security be offered or sold to any person, in any jurisdiction in which such offer would be unlawful under the securities laws of such jurisdiction. Spruce Point Capital Management LLC is not registered as an investment advisor, broker/dealer, or accounting firm.
Disclosure: I am/we are short MRCY.