This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.

Rubrik, Inc.
3/13/2025
rubric fourth quarter and fiscal year 2025 results conference call. At this time, all lines are in listen-only mode. Following the presentation, we will conduct a question and answer session. If at any time during this call you require immediate assistance, please press star zero for the operator. This call is being recorded on Thursday, March 13th of 2025. I would now like to turn the conference over to Melissa Franchi. Please go ahead.
Hello, everyone. Welcome to Rubrik's fourth quarter and fiscal year 2025 financial results conference call. On the call with me today are Bipul Sinha, CEO, Chairman, and co-founder of Rubrik, and Karen Chaudhry, Chief Financial Officer. Our earnings press release was issued today after the market closed and may be downloaded from the investor relations page at www.ir.rubric.com. Also on this page, you'll be able to find a slide deck with financial highlights that, along with our earnings release, includes a reconciliation of GAAP to non-GAAP financial results. These measures should not be considered in isolation from or as a substitute for financial information prepared in accordance with GAAP. During this call, we will make forward-looking statements, including statements regarding our financial outlook for the first quarter and full fiscal year 2026, our expectations regarding market trends, our market position, opportunities, including with respect to generative AI, growth strategy, product initiatives, and expectations regarding those initiatives, and our go-to-market motions. These statements are only predictions that are based on what we believe today, and actual results may differ materially. These forward-looking statements are subject to risks and other factors that could affect our performance and financial results, which we discuss in detail with our filings with the SEC. Rupert assumes no obligation to update any forward-looking statements we make on today's call. With that, I'll hand the call over to Bipul.
Thank you, Melissa. I want to start by thanking everyone for joining today. The fourth quarter was an exceptional finish to what has been a milestone year for Rubrik. This quarter, we once again exceeded all top line and profitability guided metrics. There are five key numbers. First, subscription ARR reached a billion 93 growing 39% year over year. Yet again, a clear indication that we are winning the cyber resilience market. Net new subscription ARR reached over 90 million in the fourth quarter, which is a record for us and a standout for a cybersecurity company at our scale. Second, our subscription revenue was 244 million, growing 54% year-over-year. Third, our subscription NRR remained strong above 120%. Fourth, customers with 100K or more in subscription ARR reached 2,246, growing 29% year-over-year. Customers with 1 million or more in subscription ARR reached 162, growing 64%, year over year. Finally, on profitability, we once again made material improvement in subscription ARF contribution margin up over 1400 basis point year over year. On cash generation, we are very happy to report that we had over 75 million in free cash flow this quarter and approximately 22 million in free cash flow for the full fiscal year. Overall, Our total revenue grew 47% year over year, and we generated 29% free cash flow margin in the quarter. We believe this combination of top line growth and free cash flow margin at this scale is rare, which is truly a tremendous achievement. We continue to be very confident about our business and our leadership of the cyber resilience market. Therefore, we are guiding fiscal, 2026 numbers ahead of the consensus. Now let me unpack what is fueling the strong performance of our business. I spend significant time meeting with CIOs and CISOs around the world. In fact, I had over 400 customer meetings last fiscal year. What is clear is that companies are undergoing multiple technology transformations to find success in the AI era. As organizations prepare their infrastructure for generative AI and re-platform to accelerate cloud adoption, they quickly realize the need for a modern data security strategy that provides robust cyber resilience. This is why we continue to win significantly against all our competitors who struggle to deliver cyber resilience across the full breadth of customer transformation initiatives. What we see is that Customers turn to Rubrik to provide cyber resilience as the re-platform across data centers and pivot to multiple clouds. As they deepen their cloud and SaaS investments, we help them orchestrate uniform and consistent data security controls through a single policy engine. When a customer's identity service is compromised, we help them quickly recover by automating a painfully manual recovery process, all while avoiding malware infection. As our customers look to modernize how they manage their unstructured data for GenAI readiness, we help them securely mobilize their unstructured data to the cloud. When our customers halt their GenAI deployment due to overexposed sensitive data, we help them strengthen their data security posture so that they can confidently deliver GenAI services. Our unique platform allows us to solve all these problems and more. First, our differentiated architecture positions us at the nexus of data security and AI. While other players are forced to consolidate, we continue to take market share away from the competition. Second, as companies shift deeper into cloud and gen AI, they choose Rubrik to deliver comprehensive cyber resilience and quicker recovery times across their data from enterprise to cloud to SaaS applications. These are the key contributors to our exceptional growth at this scale. Now let me highlight a few customer wins with cloud and SaaS protection. This quarter, a European insurance company selected Rubrik to provide complete cyber resilience for its critical cloud workloads. Rubrik aligned with its key CEO initiatives to reduce the risk of downtime from a cyber attack ensure DORA compliance, and reduce IT spend. Through a comprehensive proof of concept, Rubrik provided a single pane of glass to manage data security across AWS and Azure, as well as demonstrated a 24% total cost of ownership reduction, plus savings of over $400,000 per year by reducing infrastructure and storage costs. A Fortune 50 organization selected Rubik Security Cloud, or RSC, to protect M365, one of its most critical SaaS applications with tens of thousands of users. Rubik stood above other new gen backup and recovery providers because of our demonstrated expertise in protecting the world's largest M365 environment and our strategic partnership with Microsoft. We also demonstrated an ability to recover 98% faster than native recovery tools, avoiding billions in potential losses upon a successful cyber attack. In the words of the customer, quote, this is about the survival of our company, unquote. A U.S. business conglomerate bought our RSC Enterprise Edition, including Rubrics Universal Cloud License, task data protection for M365, and unstructured data protection. This organization's CIO and CISO selected Rubik due to our superior capabilities, such as threat hunting and faster recovery times compared to legacy and new gen alternatives. With this purchase, the company was also able to consolidate nine backup and recovery tools into a single platform for complete cyber resilience. The move to public cloud infrastructure and greater adoption of SaaS applications is also driving strength in Rubrik's data security posture management, or DSPM, business. This quarter, we announced the full integration of our DSPM into Rubrik Security Cloud, allowing customers to rapidly enable DSPM for increased data visibility and sensitive data control from their existing RSC instance. Our integrated DSPM solution empowers organizations to proactively reduce data risk across fragmented cloud, SaaS, and enterprise environments and ensures their sensitive data remain protected regardless of where it lives. Rubric DSPM plus Rubric Cyber Recovery offers complete cyber resilience, and this makes us unique in the marketplace. Let me give you an example. This quarter, an existing large financial services customer upgraded their highest RFC addition for access to Rubik DSPM and enhanced protection for their cloud and enterprise workloads. This customer also expanded Rubik data protection to include critical structured and unstructured workloads in their AWS environment. With this purchase, this customer addressed a key business challenge of identifying where sensitive data lives on-premises and in the cloud. The customer was also able to retire several legacy backup tools. CIOs look to Rubrik as a trusted partner in their journey to secure their critical enterprise databases and modernize their data centers with replatformization initiatives. Along these lines, we recently announced our expanded support for Red Hat OpenShift virtualization and PostgreSQL databases will continue to expand our capabilities to cover critical platforms across traditional and modern infrastructures. Companies are also turning to Rubik to secure their massive unstructured data estates, a trend we believe will continue as enterprise AI initiatives gain more speed. In Q4, a US airline expanded their Rubik footprint by adding unstructured data protection. We demonstrated a 65% reduction in operating expense over 36 months by freeing up data center capacity while enhancing the protection of the critical data sets. This quarter, we also added a lighthouse government organization in Southeast Asia. This customer elected to replace their legacy backup vendor with Rubrik across structured and unstructured data in their data center as well as their cloud. Our functionality was unmatched by legacy incumbent and new gen competition. Additionally, this customer noted our robust and built-in security features, including threat monitoring and anomaly detection. This purchase also included Rubik DSPM for complete cyber resilience and cyber preparedness. We continue to accelerate innovation to keep ahead of the threat landscape. Over a year ago, we launched our capabilities to secure Microsoft Active Directory, or AD, and Entra ID. These identity services are universally used and are primary targets for attackers. In fact, 90% of global 1,000 use AD to authenticate and authorize users. Over the past year, we have seen significant customer adoption of our immutable access control backups for Active Directory and Entra ID. Our customers can leverage their existing Rubric Security Cloud platform to restore their AD and intra-AD services without reintroducing malware or misconfiguration. This quarter, we deepened our innovation in identity with the general availability of orchestrated Active Directory forest recovery. When an attack compromises Active Directory domain controllers, recovering the entire AD forest becomes an administrative nightmare. particularly for large organizations. Our orchestrated AD forest recovery allows enterprises to rapidly and automatically recover entire AD forests to desired point in time while avoiding malware reintroduction. What once was a manual recovery that can span weeks is now transformed into recovery within an hour. We have already seen a number of wins across orchestrated AD forest recovery which is currently sold as a standalone offering. One highlight is with a state lottery organization that is standardized on Rubrik Security Cloud this quarter. Adding Rubrik orchestrated AD forest recovery. Already protecting enterprise data, they also added cloud native workloads for Azure, SaaS data protection for N365, and Rubrik DSTM to enhance cyber preparedness. In addition, a global investment bank purchased Rubik orchestrated AD Forest recovery this quarter to shorten the recovery of Active Directory to just few hours versus five days previously. In closing, I'm proud of our unwavering customer focus and relentless execution as we create a new vision for the cybersecurity industry based on cyber resilience. However, we are still early in Rubik's journey to realize the company's full potential. In calendar 2025, we aim to accelerate our product innovation, generate groundbreaking ideas, and lay foundation for continued future growth. I'm confident that what is ahead of us is even more important and exciting than what we have previously achieved. Thank you to all our Rubricans, as well as our customers and partners around the world. The best is yet to come. With that, I'm pleased to pass it over to our Chief Financial Officer, Kiran Chaudhary.
Thank you, Bipol. Good afternoon, everyone, and thank you for joining us today. Q4 was a record quarter to date. It was highlighted by solid top-line growth at scale, driven by our leadership in the growing market for cyber resilience and significant expansions within our customer base. It was also marked by strong and continued improvement in profitability. Let me start by briefly recapping our fourth quarter and full year fiscal 2025 financial results and key operating metrics, and then I'll provide guidance for the first quarter and full year fiscal 2026. All comparisons, unless otherwise noted, are on a year-over-year basis. Subscription ARR best illustrates the momentum of our business, and we are very pleased to have ended Q4 with subscription ARR $1 billion and $93 million, growing 39%. We added $90 million in net new subscription ARR. We continue to drive adoption of our rubrics security cloud, which resulted in $876 million of cloud ARR, up 67%. Our subscription ARR growth benefited approximately two percentage points from transitioning our declining maintenance base to subscription. We have a differentiated land and expand model where we have multiple avenues to acquire new customers and expand the relationship with our customers after the initial contract. We can expand through the growth of data in applications already secured by Rubrik to the expansion of our footprint of applications secured and or by the addition of more security functionality. As a result, we continue to see a strong subscription net retention rate which remained over 120% in the fourth quarter. All vectors of expansion are healthy contributors to our NRR, highlighting the meaningful runway we have to more deeply penetrate our customer base. Adoption of additional security functionality is slightly over a third of our subscription net retention rate, up from approximately 29% in the year-ago period. We ended the fourth quarter with 2,246 customers with subscription ARR of $100,000 or more, up 29%. These larger customers now contribute 84% of our subscription error, up from 80% in the year-ago period, as we become an increasingly strategic partner to our enterprise customers. For our fourth quarter in fiscal 2025, subscription revenue was $244 million, up 54%. Total revenue was $258 million, up 47%. Revenue in Q4 benefited from our strong ARR growth and tailwinds as we progressed through our cloud transformation journey. We also saw higher non-recurring revenue, which was accounted for as material rights related to our cloud transformation, which contributed a few points of growth this quarter. Turning to the geographic mix of revenue, revenue from the Americas grew 48% to $185 million. Revenue from outside the Americas grew 47% to $73 million. Before turning to gross margins, expenses, and profitability, I would like to note that I'll be discussing non-GAAP results going forward. Our non-GAAP gross margin was 80% in the fourth quarter compared to 78% in the year-ago period. Our gross margin benefited from the revenue or performance, including higher non-recurring revenue. Our gross margin also benefited from improved efficiency of our customer support organization, offset by continued investments in our cloud hosting infrastructure. We anticipate total gross margin to remain within our long-term target of 75 to 80% in fiscal 2026. As a reminder, we look at subscription ARR contribution margin as a key measure of operating leverage supporting our path to profitability. We believe the improvement in our subscription ARR contribution margin demonstrates our ability to drive operating leverage and profitability at scale. Subscription ARR contribution margin was positive 2% in the last 12 months ended January 31st, compared to negative 12% in the year-ago period, an improvement of over 1,400 basis points. The improvement in subscription ARR contribution margin was driven by higher sales, the benefits of scale, and improving efficiencies and management of costs across the business. Free cash flow of $75 million compared to $9 million in the fourth quarter of fiscal 2024. For the full year, free cash flow is $22 million compared to negative $25 million for fiscal 2024. This increase was primarily driven by higher sales and improved operating leverage, offset by higher expenses, an increasing mix of annual and monthly consumption payments, and shorter contract terms related to the year-ago period. Turning to our balance sheet, we ended the fourth quarter in a strong cash position with $705 million in cash, cash equivalents, restricted cash, and marketable securities, and $322 million in debt. Let me now provide some context on our outlook for fiscal 26. We remain confident about the strength of the cyber resilience market and demand for our differentiated offerings. We believe these drivers, alongside our strong and consistent execution, will deliver strong subscription ARR growth ahead. As a reminder, we run our business on annual net new subscription ARR, but I'd like to give some guideposts on our current perspective on quarterly seasonality. We continue to expect higher net new subscription ARR in the second half of the year versus the first half. While this is relatively in line with normal seasonality, this is also reflective of a shift to the annual sales comp plans this year was a semi-annual previously. Currently, we expect the first half to comprise approximately 40% of the full-year net new subscription ARR, with Q1 specifically contributing approximately 24% of full-year net new subscription ARR. As we have mentioned before, revenue and revenue growth can fluctuate due to a number of variables. In fiscal 26, we expect revenue will continue to see tailwinds from our cloud transformation, including a few points of growth from non-recurring revenue due to material rights. In terms of operating expenses, we expect to maintain a disciplined approach to investing across our business in order to drive future growth as we continue to scale globally. Innovation remains a top priority for us, and we'll continue to invest in R&D while driving modest leverage in sales and marketing and G&A. I'd also like to note some seasonality in subscription error contribution margin, due to the quarterly timing of net new subscription ARR and operating expenses. Specifically, we expect Q1 contribution margins to be up from Q4 before moving lower in Q2 and Q3, then proceeding higher in the fourth quarter. For free cash flow, we expect Q1 and Q4 to be our seasonally strongest quarters and the first half to be approximately breakeven. Now turning to our guidance for the first quarter and full year fiscal 2026. In Q1, we expect revenue of $259 million to $261 million, up 38 to 39%. We expect non-GAAP subscription ARR contribution margins between 4% and 5%. We expect non-GAAP earnings per share of negative 33 cents to negative 31 cents based on approximately 192 million weighted average shares outstanding. For the full year fiscal 2026, we expect subscription ARR in the range of $1,350,000 to $1,360,000, reflecting a year-over-year growth rate of approximately 24%. We expect total revenue for the full year fiscal 2026 in the range of $1,145,000 to $1,161,000, implying approximately 30% growth. We expect non-GAAP subscription ARR contribution margins between 4.5% and 5.5%. We expect non-GAAP earnings per share of negative $1.23 to negative $1.13 based on approximately 198 million weighted average shares outstanding for the full year. We expect earnings per share to decline from Q1 to Q2 and increase in Q3 and Q4. We expect free cash flow of $45 million to $65 million. In closing, we are pleased with our performance in the fourth quarter and in our first year as a publicly traded company. Looking forward, we believe we are well positioned to continue to deliver efficient and durable growth given our leadership and innovation in the large and growing opportunity for cyber resilience. With that, we'd like to open up the call for any questions.
Thank you. Ladies and gentlemen, We will now begin the question and answer session. Should you have a question, please press star one on your touchstone phone. You will hear a prompt that your hand has been raised. Should you wish to decline from the polling process, please press star two. If you're using a speakerphone, please lift the handset before pressing any keys. please be reminded that everybody is limited to one question only. One moment, please, for your first question. Your first question comes from Saket Kalia of Barclays. Your line is already open.
Okay, great. Hey, guys, thanks for taking my question here, and nice finish to the year. Thank you. Thank you. Absolutely. Bipple, I'll keep it to one question, and Bipple, maybe it's for you. So you spend a lot of time with customers. How are you feeling about the TAM here for data protection? You know, you talked about how customers need a more modern data protection tool as they move to the cloud and deliver Gen AI. I think we see the share shift in numbers, but curious if you feel the TAM here is expanding significantly through that sort of cloud and gen AI transition as well.
Thanks, Akit. As you might recall, during IPO Roadshow and in our subsequent quarterly updates, we have done a fundamental transformation of the traditional data protection market. We brought DSPM and cyber recovery together to create a new platform to deliver cyber resilience. And this platform, Rubric Security Cloud, is a true data security platform. So by bringing this idea of data risk, data threat, and cyber recovery on a single platform, we massively expanded the TAM for our market. And as we had mentioned in our IPO prospectus, it's over $50 billion market. What is exciting is that as customers are taking a Gen AI journey and preparing for Gen AI, as well as doing Cloud transformation, the need for cyber resilience and data security is only increasing. As they are adopting more SaaS platforms, they need to secure that data. They need to ensure that the right data is available to the right user on the right platform at the right time for the right duration. And all of it is expanding the time for us. So from where we sit, and as you can see this quarter results, We are not opportunity constrained. We are the only cybersecurity company that sits at the intersection of data security and AI. And it is on us going forward is how do we prioritize our product development as well as inorganic tuck-ins to really accelerate our journey to the AI future.
Very helpful. Thanks, guys.
Thank you, Saket.
Your next question. comes from Kash Rangan of Goldman Sachs. Your line is already open.
Hi, thank you very much. Congratulations on the end of the fiscal year. Spectacular finish. What a year it's been you in public. You've put up a few quarters. Nice performance. As you, Bipul and team, as you look into the next fiscal year and beyond, there's a core thesis of why Rubrik has worked so well for your customers. You've been at least two to three years ahead of your industry. And I hope it continues to be that way. But as you look at customers evolving requirements, what are the new battles to be fought and won? As you look to your most cutting edge customers that are leading the company into your next two to three years of strategy, what are your leading edge customers telling you as to what the leading edge requirements are? Because we all know that one way to look at this market is it's merely a replacement market of old technology being replaced with new, but then that's not always right. There are things that you've been doing with your DSPM, et cetera, to extend the frontiers. What are your best customers telling you as to what you need to be doing for the next two to three years? And finally, if you can, if you have the time to comment, your take on the tariffs, et cetera, impacting the economy, and what are your customers saying about their spending priorities with RSC? Thank you so much. Thank you, Cass.
Let me focus on the first question first. If you look at Rubrik, again, our core focus is cyber resilience. And if you look at cyber resilience, what we are telling our customer is that assumed breaches will happen to you. And if you have to have an assumed breach posture, how do you ensure that you understand the risk in your most critical asset as well as your services? And how do you ensure that your services are up and running? even when confronted with cyber attacks. And this is where we are doubling down, building like our data security platform to deliver cyber resilience across cloud, across SaaS. And if you think about the fundamental risks to the data comes from the user interaction with the data. Both user could be human or non-human identities. So that's why we are also focused on building the next S-curve around data identity-related threat and whether it's Active Directory or ANTRA ID. And we are seeing interesting momentum in that market. We launched the first identity recovery product about a year ago, and it had a very significant traction. And then our recent forest recovery release has really proven that we are on the right track with respect to the identity. So around cyber resilience, we continue to focus on data security, identity security, and delivering cyber recovery and the risk posture. And then we also have this other unique opportunity because we have all of the customer data and plus the governance and security and integrity on the data. And our Annapurna platform is that how do we leverage this data lake, the next-gen data lake that we are naturally creating to deliver cyber recovery because we have the source of food for the data to power customers' AI applications. And that's where we are actually iterating and figuring out what is the product market fit. If you look at our success today, as you said, Cash, our success today is the result of the work that we did four or five years ago, where we built a platform that was futuristic, where we took the market risk and built a purpose-built platform for cyber resilience. And we are thinking about what do we do on Annapurna and all of these other new vectors of growth so that four or five years from today, we still have a high growth curve. And that's how we want to build a generational company. So a lot of opportunities, as I said before, for us, we're not opportunity constrained. We need to ensure that we invest in the right market focus and continue to drive, again, a very profitable growth business. In terms of tariffs and macro investments, We continue to see a very strong secular demand for our product because cyber don't care about market cycles. Cyber don't care about what is happening in terms of the public market because on a down market, the customers get more worried about protecting their business and they want to ensure that their businesses are continuing operation. So again, we are not seeing any demand shift for our product. Cyber resilience continues to be the number one topic for cybersecurity, and our customers are investing to ensure that they are continuing operation even when they are confronted with a successful cyber attack.
Terrific. Very clear answers. Thank you so much, Bikul.
Thank you, Kash. Your next question comes from Fatima Lani of Citigroup. Your line is already open.
Good afternoon. Thank you so much for taking my questions. Kieran, this one's for you. I wanted to drill in on the very substantial improvements in subscription ARR contribution margin, both in period over the course of last year, in this period, and what you're contemplating in the outlook. I know you did discuss a lot of the high-level drivers, and it seems like the confluence of the business hitting a bigger scale, more rigorous expense management are contributing factors. but i was hoping you could drill in on maybe some micro level factors uh with respect to um you know sales efficiency potentially being an area where you're seeing some you know outsized or better leverage um as as well as um just maybe the inference that your deal sizes are getting bigger your average transaction sizes so i was hoping you could add a little bit more color outside of just, you know, some of those other broader stars aligning and just more disciplined expense management, if there's anything intrinsically inflicting in the business from a deal size perspective. Thank you.
Sure, Farima. Thanks for your question. So we are really pleased with the progression we've had in profitability. As you know from the results, we are subscription contribution margin positive as of the reported quarter as well as cash flow positive for the full year. And we've been hard at work on a number of fronts to achieve that, and we've accelerated our path to profitability over the past year. We improved our subscription-era contribution margin 1,400 basis points year-over-year, and the guide for fiscal 26 will indicate further improvement. I think you addressed the broader areas in setting up the question. The key leverage areas of efficiency came from big investment areas in sales and marketing and R&D. Out of the 1,400 basis points and margin, 1,200 basis points approximately came just from sales and marketing. And a number of drivers there. One is productivity. I think you mentioned sales efficiency. Productivity is a key driver of sales efficiency. As Bipul has talked about, we are investing in multiple different levels from a product perspective. And more products to sell drives greater productivity. We're also investing in enablement to make our reps and sales team more productive. in the messaging around cyber resilience. I'll also add that there's a natural leverage we're getting in our model at scale, which is the growth and renewals. It's still a minority of our revenue near our base, but it's fairly efficient from an investment perspective in renewing in our market and our product areas. So that is giving us quite a bit of efficiency as well. And then the last point I would say in R&D, we've talked about previously as well, We hire from a global talent pool. And in addition to being able to attract great talent outside the HQ, we are also able to get more cost leverage as well by leveraging our presence in India and Israel. I think you had a point, you know, question around deal sizes and ASPs as well. The one metric I'd point to is, you know, we reported in our earnings transcript that the contribution from 100K plus customers actually growing year over year, it's now 84%. And that just implies that we're becoming more strategic to customers and we're able to do larger transactions, both land and expand.
Very helpful. Thank you.
Thank you, Bettina.
Your next question comes from John DeFucci of Guggenheim Security. Please go ahead.
Thank you. Thank you. My question, I think, is for Kieran. Karen, the top line was really impressive, as you guys have pointed out, but also the other questions on the call. I think I want to lean a little bit more into Fatima's question. By the way, the top line was actually the best we've seen across our entire coverage universe this period. But cash flow was also impressive. I mean, you're a year ahead of what you thought you'd be at perhaps a year ago. And I know the top line and bottom line are sort of related. because we know the greatest expense in any software company is sales and marketing, and that's all spent on new business, and your new business is really what stood out this quarter. At the same time, when you look at your balance sheet, you see accounts receivables up by much more sequentially than they have been in the last two fourth quarters, so I was kind of glad it made sense that you said the first quarter and the fourth quarter would be the strongest for cash flow and feel good about that for next quarter. But how should we be thinking about that, especially in the context of your annual guide for moderation of cash flow in fiscal 26? Is that just sort of a place to start? It's the beginning of the fiscal year, or is it just, you know, is it prudence or there's something else we should be thinking about when it comes to cash expenses?
Sure. Excellent question, John. So, I'm very pleased with the progression on cash flow for the past year. There's a meaningful year-over-year improvement, 600 basis points of improvement. The guide would imply another couple of hundred basis points or a little higher improvement as well. The key drivers in our business for cash flow is scale of the top line, leverage, best indicated by margin, subscription contribution margin, and then timing of collections. As you know, timing of collections, we largely... still majority of our contracts are multi-year and multi-year collections upfront. But we have been experiencing over the past couple of years, a billing duration compression gradually, I would say high single digits compression, mid to high single digits compression year over year. And we are assuming that continues. Obviously that varies quarter to quarter. So we have assumed some further compression as we look to the guide. Now it's early in the year, we're just starting our first full year guidance as a public company. What are we really thoughtful?
that's where we wanted to start makes total sense thank you very much nice job guys thank you thank you your next question comes from andrew nowinski of wells fargo your line is already open okay thank you for the question this afternoon and congrats on uh good results um i wanted to ask about
the divergence between revenue growth and ARR. It looks like, you know, you got to do about 30% revenue growth for this coming year and 24% ARR growth. And I was thinking maybe it's related to the mix of on-prem and cloud and how that revenue is recognized. But I'm just wondering if you could provide any more color on what might be driving that divergence between the two growth rates. Thank you.
Sure, Andrew. I'll take that one. So as you're familiar with our business, we are... progressing through a cloud transformation, which we started for two years back. We're in the third year of it. And the early part of the transformation, revenue growth lagged subscription ARR. And that's why we run our business on subscription ARR because it truly represents the momentum of the business. Now, as we progress towards the latter half of the transformation, revenue growth is catching up and it's actually benefiting now. And that's what you see, even in this quarter, total revenue growth of 47% versus ARR of 39%, and that is what is represented in the guide as well. We're guiding to the midpoint of a 30% revenue versus ARR of 24%. There was one point I made in the prepared remarks as well. The Q4 revenue growth benefited for about four points of non-recurring upfront revenue from material rights related to the cloud transformation, and we expect that to continue in fiscal 26 as well, a few points of growth. And that's adding further tailwinds to revenue.
Thank you very much.
Thank you, Andrew.
Your next question comes from Brad Zelnick of Deutsche Bank. Your line is already open.
What an amazing end to a great year. My question is for, I guess, for Bipol and Kiran, we'd love to hear whoever, whoever wants to speak to it, but I'm curious why now is the right time to move from six-month comp plans to 12-month comp plans, and what behavior you're incentivizing this year, and what impact do you expect that these changes might have beyond the seasonality impact that you've called out? Thanks.
Hi, Brad. Thanks for the question. This is Kiran, and I'll address it. As you know, we run our business on annual net new error, and that's what we've been focused on for a few years now as we move to a subscription model. And having an annual comp plan best aligns the sales team and execution and the field to how we run the business, how we plan, and how we invest. So that is a goal we had in mind for some time, and we are basically transitioning to that in terms of this change we're making in the company. And when you look at it, and we did benchmark as well, when you look at companies of our size, a billionaire plus, this is more common. So we feel good about making the decision. It obviously has some impact on seasonality, which are factored into our guidance on the top line as well as free cash flow. But that's really the driver is to align it with the way we run the business.
And Brad, in terms of like our sales team, our sales leader has come from at-a-scale companies. where they have run the business on the annual basis. And so we are essentially following large-scale software SaaS companies, how they align their yearly net new era number with the sales team quota and how they proceed through the year.
That makes perfect sense, and I appreciate it. We've seen it as companies mature, and any company of your scale would typically do this. I was also asking beyond that, at the beginning of a fiscal year is often when we see companies make changes to go to market, other changes to the comp plan, which was just asking if there was any other behaviors that also you were looking to incent. But that was very clear. Thank you.
Thank you.
Thank you, Brad.
Thank you. Your next question comes from Eric Heath. of key bank capital markets. Your line is already open.
Hey, thanks for taking the question. I thought it was interesting in terms of the announcement you made with DSPM and making it native inside the RSC console. So I was just curious if you could talk about the benefit you expect to see and how maybe this could accelerate adoption now that it's native into the console and users could probably more easily pivot and explore and tinker with that new capability.
Thanks, Eric. Rubrik always had this platform strategy. We want to give a single platform for all the data security capabilities to deliver complete cyber resilience and now AI to Annapurna. So our idea is that our customers can easily enable DSPM directly on their existing RSC instance to be able to secure and understand the risk in their data. And if you combine the DSPM plus cyber recovery, Rubric Security Cloud is unique in terms of delivering complete cyber resilience. And as Gen AI acceleration is happening within the enterprise, we believe that DSPM is a critical piece of that puzzle to be able to secure the data before the data is fed into models or RAG and enterprise deliver responsible AI. Just to give you an example, financial services organization added DSPM this quarter for Microsoft Copilot. Essentially, our DSPM empowered them to quickly and securely adopt Copilot and realize the full productivity gains that they anticipated from Copilot. And that's the story that we believe is going to be critical. As businesses adopt AI, they need to understand security of the data they need to understand, sensitivity of the data, and ensure that only the right data is delivered to the right users.
Thanks, Vipul.
Your next question comes from Greg Moskowitz of Mizuho. Your line is already open.
Okay, thank you, and I'll add my congratulations on a very good key forward, a terrific year. Bipul, you alluded to this briefly, I think, in your script, but what are you hearing or seeing so far from your European customers following the implementation of DORA, the Digital Operational Resilience Act, and what do you think the impact of DORA will be on Rubrik going forward? Thanks.
If you think about regulatory tailwinds, data compliance and resilience requirements are very, very important to every business with any data or application of any significance. And CISOs have this as high priority because it concerns the, obviously, continuing operation of the business as well as having the regulatory audit, past the regulatory audit. And we believe that this is a secular tailwind for our business from a variety of drivers, including financial regulations such as DORA. Just to illustrate, a European insurance company, we had a win there this quarter, and DORA was a key factor for that deal. So obviously, regulation is an aspect of the cyber attack and cyber resiliency and recovery, in addition to the business imperative of being an ongoing operation. So we feel very good about how we have created our offerings, And our customers have easier time passing the DORA audit because of the cyber resiliency, including cyber recovery capabilities that we are driving.
Great. Thank you.
Thank you, Greg.
Your next question comes from Joel Fishbein of Truist. Your line is already open.
Thank you, and congrats on a great quarter and solid execution. My question is around sales capacity and traction with the channel partners. If you could just give us an update there on how you're thinking about your coverage for, you know, 2026 and 2027 from a sales capacity perspective, that would be great.
Thank you. Thank you, Joel. In terms of the sales capacity, we believe that we have the right capacity on the ground to execute to the opportunity. But at the same time, as any prudent business would, we always look for fast ROI market pockets where we can make an investment and take advantage of the growth opportunity that could be in front of us. So we continue to kind of make sure that we look at the market and we are appropriately investing in the GTM capacity. In terms of our channel partner, we have the right number of channel partners in every uh major market we operate in we have the right routes to market identified and we want to kind of double triple down on our existing partners to ensure that they build continue to build a big business around rubric and drive an ecosystem great thank you thank you joel your next question comes from keith backman of bmo your line is already open
Yes, thank you very much for taking the question. Kieran, I think this is for you. I wanted to understand a little bit of context around the guidance. So in this past year, you did $309 million of net new, two really strong quarters to end the year, not just Q4. Q3 was very strong. And you're guiding the $265 call of net new at the midpoint. So lower year over year, We've gone through quite a few things on this call, including DSPM and how it's adding to the capability and sales capacity. I'm just wondering if there's anything you wanted to call out about why net new would be lower year-over-year in 26 versus 25, given all the tailwinds that seem to be at your back. For example, was there any deals that may have closed early in the January quarter? Anything you want to call out about why net new would be down year over year? Many thanks.
Sure, Keith. Let me give you some thoughts on that. So really pleased with the growth we witnessed in fiscal 25. Obviously, as I said earlier, we planned the business on net new at hour, and it has strong growth and delivered ahead of our expectations. A few things to call out to give context on the guidance. One, we've talked about earlier as well, and I mentioned that in the script, we got about two points of benefit to our ARR growth in fiscal 25 from the remaining part of the maintenance to subscription transition. That impact on net new ARR is higher than the ARR base. I'll also say that we are early in the year. We are giving our first annual guide as a public company. We want to be really thoughtful. As Bipol has talked about, we see strong demand, continued demand for cyber resilience, but also want to put numbers we feel really confident about and look forward to finishing the year strong.
Okay, many thanks.
Thank you, Keith.
Your next question comes from James Fish of Piper Sandler. Your line is already open.
Hey, guys. Nice way to finish the year. First, just want to understand what you're seeing on the competitive landscape in DSPM given competitors, and in some case here, partners are more like data in motion players than sort of data at rest. And second, any way to think about the penetration of DSPM either into the entire install base or even just the greater than 100K ARR customer cut, especially as you guys think about that enterprise plus edition being bundled?
Thank you, Jen. In terms of the DSPM, I would say it's still a very early market. The awareness of this market is building, and now people are realizing that they need to understand the data risk, data being the core asset of the business. And our strategy was to combine DSPM with cyber recovery to create a true cyber resiliency platform where a customer can assume reach. and understand what risk that entails and to be able to deliver a complete cyber preparedness and cyber recovery. So that's the angle we are taking. We are not competing with infrastructure security players who have DSPM solution because their use case is different. And if you look at this reason for success for Rubrik, the reason for success for Rubrik is around is around driving this complete cyber resilience and combining of DSPM and data and cyber recovery on a single platform. And that's what is driving our success in the marketplace. And if you look at the displacement of we are doing for the legacy platform as well as the new gen vendors, a lot of it is because of this complete cyber resiliency that we are driving to be able to give them peace of mind that their business will be up and running no matter what attack happens.
Your next question comes from Shrenik Kothari of Baird. Your line is already open.
Hey, yeah, I will echo my congrats on the great quarter and execution. Thanks for taking my question. So, people, you mentioned about Microsoft-related developments, the 365, co-pilot data protection, and Active Directory recovery. Can you elaborate on how Rubrik's strategic partnership with Microsoft has evolved in strengthening our position, and how do you see it evolve further to to address the emerging challenges, opportunities in Azure environments and Microsoft environments? Thanks.
We have a very strong partnership with Microsoft. In fact, Microsoft is one of our strongest partners. And this partnership is based on complementary offering that both Microsoft and Rubrik has. Microsoft is focused on on cloud security and Rubrik is focused on data security and delivering cyber resilience, including cyber recovery. At Microsoft, we are driving a lot of workload on Azure native applications and 365. We also at Ignite showcased Rubrik as one of the four or five key partners that is building security graph at Microsoft. You might have noticed that. Microsoft gave Rubrik Partner of the Year in the US and UK in 2023, and last year they gave us the Healthcare Partner of the Year. So we continue to have a deep, again, deep partnership with Microsoft, co-engineered products, both on M365 as well as on Azure Native, and we continue to build solutions for our customers. In fact, last quarter we had one of the very large wins for M365, Again, delivering cyber resilience to M365 for one of the largest Microsoft customers, leveraging the Microsoft infrastructure.
Your next question comes from Param Singh of Oppenheimer. Your line is already open.
Yeah, hi, thank you for taking my question. And it's always good to see a company execute well in a tough environment. Now, my question was, as you look to your quarter and towards 26 fiscal, what part of your AR do you think is coming from greenfield versus brownfield opportunities where you're taking share? And in that vein, have you seen any change in the competitive environment as Veeam is trying to push more upstream? and now that Cohesity has closed the acquisition of Veritas. Thank you.
So Rubrik is an equal opportunity, as I said in the past, replacer of all technologies, including legacy and new gen vendors. In fact, if you look at the legacy environment, Fortune 500 Biotech went all in with Rubrik, replacing a 20-year foothold by a legacy vendor, and they wanted a single pane of glass for faster cyber recovery. And there are so many examples of it. Another example is a Fortune 500 logistics company replaced, again, a legacy provider that you mentioned, with RSC as the shift workload to Google Cloud. Also selected rubric for enterprise apps, M365, and Google Cloud Protection. And in terms of legacy versus replacement versus new workload, obviously as the customer takes the cloud transformation journey, We are securing their cloud as they adopt more SaaS platforms. And as SaaS platforms become more mission critical, we are expanding those horizons and delivering data security. At the same time, transforming their enterprise workload landscape to ensure that they can deliver complete cyber resilience, including cyber recovery when confronted with successful cyber attacks.
Got it. Thank you so much, Agrippa. And if I could really squeeze in one on Anupurna, I wanted to get a sense of what early conversations have you had around that, and would you need to expand Annapurna's capabilities beyond bedrock to see more meaningful adoption across LLMs? Thank you.
We are early in Annapurna. We are still doing market discovery discussions, figuring things out, and as I said before, Annapurna is the next three, five-year strategy for us, and it is one of those initiatives that we do to ensure that we have continued growth and success in the next horizon as we create the next S-curve. And we see opportunity for Annapurna all across multiple clouds, including Azure and GCP, as we continue to kind of build out the capabilities and figure out the product market set.
Got it. Thank you so much for sharing, Bipul. Appreciate it.
Thank you. There are no further questions at this time. I would hand over the call to Bipul Sinha for closing remarks. Please go ahead.
I wanted to thank everyone on this call, including our analyst friends who cover us, plus Rubrik customers, partners, and Rubrikans all around the world for their relentless focus and diligence to help Rubrik realize its full potential. Again, I'll repeat, It's early days for the company. Our ambitions are very, very large. We have a unique opportunity to continue to build out the company and build out the platform at the intersection of data security and AI. And I'll repeat, the best is yet to come. So stay tuned. Thank you for your continued support and talk to you next quarter.
Ladies and gentlemen, this concludes today's conference call. Thank you for your participation and you may now disconnect.