Yahoo Finance Mimecast Limited (MIME) Q1 2020 Earnings Call Transcript
Image source: The Motley Fool.
Mimecast Limited (NASDAQ: MIME)
Q1 2020 Earnings Call
Aug 5, 2019, 4:30 p.m. ET
Contents:
Prepared Remarks
Questions and Answers
Call Participants
Prepared Remarks:
Operator
Good day, ladies and gentlemen, and welcome to the Q1 2020 Mimecast Limited Earnings Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions will follow at that time.
[Operator Instructions]
I would now like to introduce your host for today's conference call Mr. Robert Sanders, Director of Investor Relations. You may begin.
Robert Sanders -- Director of Investor Relations
Welcome to Mimecast's earnings call for the fiscal first quarter of 2020 ended June 30, 2019. I'm Robert Sanders, Director of Investor Relations. With me on the call tonight are Peter Bauer, our Co-Founder, Chairman and CEO; and Rafe Brown, our CFO.
Tonight's conference call is being broadcast live via webcast. A replay of this call will be available two hours after the live call has ended.
On this call, we will make forward-looking statements, regarding future events and the future financial performance of the Company. These forward-looking statements are subject to risks and uncertainties that could cause actual results to differ materially from those in the forward-looking statements.
We caution you to consider the important risk factors that could cause actual results to differ materially from those in the forward-looking statements contained in today's press release and on this conference call. These risk factors are further defined in Mimecast's most recent form 10-K filed with the Securities and Exchange Commission.
During this call, we will present both GAAP and non-GAAP financial measures. These non-GAAP measures are not intended to be considered in isolation from a substitute for or superior to our GAAP results. A reconciliation of GAAP to non-GAAP measures and the reasons for our representation of the non-GAAP information is included in today's press release, which can be found in the Investor Relations section of our website.
The date of this call is August 5, 2019. Any forward-looking statements we make today are based on assumptions that we believe to be reasonable as of this date. We undertake no obligation to update these statements as the result of new information or future events.
We are reporting first quarter 2020 results in accordance with ASC 842, a new standard related to the accounting for leases. The Company adopted ASC 842 on April 1 2019, the start of our 2020 fiscal year.
Now, I would like to turn the call over to Peter Bauer. Peter?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Good evening, and thank you for joining our first quarter 2020 earnings call. I'll begin with an overview of our key financials and discuss the success we're having in attracting customers to our platform. Next, I'll discuss some of the factors supporting our growth. We'll introduce some of the innovations our team are delivering to the market and then I'll provide examples of how we're enhancing cyber resilience for organizations. Finally, I'll hand over the call to Rafe Brown, our CFO, to take you through the numbers in greater detail, and then we'll take your questions.
To begin, I am delighted to report that we've again exceeded our expectations for constant currency revenue growth. Revenue of $99.2 million, grew at 27% year-over-year as reported and 32% in constant currency over the prior year's achievements. We added 900 net new customers to our platform with sales across our 10 services, and are today, 39% of our customers use four or more services, benefiting from our integrated suite of capabilities that combine security, data protection and integrity and high availability services. Notable was the strong adoption of our targeted spread protection and internal email protection services. Our ability to keep customers safe from advanced threats continues to distinguish Mimecast from competitors.
Also, our awareness training service, which strengthens employee cyber skills, continues to see adoption, as businesses across all industries can benefit when employees are kept aware of the threat landscape and how to deal with it. So let's look at what's behind the demand we're seeing. Well, bad actors continue to assault organizations and target their data. Recently, we read about highly disruptive attacks on municipalities, resulting in system failures impacting tens of thousands of citizens.
Other communities have been ransomed for the return of their data, and these headlines exemplify the need for strong cyber defenses, including protection from email-borne threats and stronger data protection and assurance.
Additionally, we believe the regulatory environment has raised the stakes for organizations regarding the cost of breach data, as recent fines levied under GDPR are orders of magnitude larger than previously observed. Our archiving services help organizations comply with a wide range of regulatory requirements, including GDPR, HIPAA and FINRA.
We were recently recognized as the best email security solution by SC Awards Europe, and this builds on our reputation as a leader and positions the Company well for customers across the region.
Now I'm very excited to announce that Brandon Bekker, almost 12-year veteran of the firm, who previously led our African and Middle East business has been elevated to a newly created role as the SVP of EMEA. Approximately half of our revenue today is generated outside of North America and the EMEA region represents the majority of that.
We're seeing exciting opportunities to continue our growth in our more mature markets like the UK and South Africa, as well as continued successful expansion in the Middle East and Continental Europe. Brandon's experience in leading growth from our South African business will be a great asset, as he supports the respective regional leaders. He'll be based out of London. I'd like to thank Brandon for his years of service and leadership within the Company.
Now we continue to invest in the best people and provide a culture that encourages their best work. This enables us to innovate and deliver better protection and new functionality to our customers. The recently introduced Mimecast Threat Intelligence capability is seeing an excellent response from our customers, with over a 1,000 customers currently accessing the new Mimecast Threat Dashboard feature.
Our Threat Research Group also recently published research regarding a Microsoft Excel weakness, allowing it to be exploited by remote payload. Mimecast customers are protected from this type of exploit, being trafficked through email and through our advanced deep pausing and deobfuscation techniques -- technologies that came through our acquisition of the Solebit business in Israel last year.
In past calls, I discussed our deep application interface capabilities enabled through Mime OS. After several quarters of increasing use of our APIs and a rapidly growing ecosystem of companies relying on these services, we've now launched our Cyber Alliance Program to allow tighter integration between security vendors and our platform, benefiting customers further. Partners also benefit by deploying integration solutions from multiple vendors that are more effective and easier to manage. And currently we have over 100 API integrations with leading vendors like Splunk and Palo Alto benefiting from this program.
One of the largest security bars in North America recently deployed a solution for customers leveraging threat intelligence from Fortinet and Mimecast, integrated through our API with Splunk Phantom for orchestration and remediation of threats. These integrations that support customer use cases with greater flexibility are of particular interest to our larger customers.
I'm excited to announce that we're hosting our first major global customer event in October. The Mimecast Cyber Resilience Summit will bring together IT and security professionals within our customer base to learn network and focus on best practices. Until now, our rapidly growing user community has existed virtually on an online forum, which we call Mimecast Central.
Bringing this group together, physically will strengthen our ties and promote deeper levels of understanding of each other and our technologies. Additionally, we're announcing that we'll be hosting an Investor Day in early calendar 2020 and we look forward to connecting in person with our analysts and shareholders and we'll share some additional details, as we draw closer to the event.
Now let's have a quick look at some examples of the types of solutions that we're providing customers. Firstly, a cyber security company of about 9,000 employees was exposed to spearfishing and zero day attacks and required a solution to protect against the latest impersonation or whaling attacks in their Office 365 deployment. Additionally, this customer sought to automatically remove internal emails containing malicious content, freeing up resources and simplifying IT.
Mimecast was evaluated against other leading vendors and selected for our ability to keep those customers safe with our cloud-native architecture and our flexible integration to their SIEM environment enabled through our APIs.
And secondly, an enterprise software company with 18,000 users is running an on-premise email security system found it increasingly difficult and costly to respond to the latest threats with this platform. Mimecast was evaluated alongside two other leading security vendors, and we were selected for the efficacy of our advanced threat detection, the simplicity of our user experience and the flexibility we offered to work with the identity system.
And thirdly, a US healthcare company of about 27,000 employees was using a another email security solution. And they looked at an advanced archiving solution to better manage and protect unstructured data. Now the tight integration of the Mimecast platform offering not only advanced security and daily prevention, but also uptime assurance and archiving together proved to be very compelling. Additionally, our awareness training service was selected to replace their existing vendor in the space, making this a great solution for the customer and an exciting multi-product deal for Mimecast.
Finally, an existing Mimecast customer with about 65,000 employees sought to add additional protection from threats originating within their organization. So they upgraded from our S1 offering to S2 bundle. That includes internal email protect. Now, with IEP, they gained the ability to automatically hunt for intermediate threats inside their email network. These newer innovations on our platform are helping to make Mimecast more sticky and grow the lifetime value of our customer relationships.
So in summary, we had another strong quarter, exceeding our guidance in attracting new customers to our platform. Growth drivers fueling our success will remain in place, as we execute on the large opportunity in front of us. And further penetrate the global market for cyber resilience services. The competitive environment remains favorable, as we continue to innovate and deliver advanced solutions that address today's requirements.
Now let me turn the call to Rafe Brown, our CFO to review our results in more detail. Rafe?
Rafe Brown -- Chief Financial Officer
Thank you, Peter. I'm pleased to report that for the first quarter of fiscal 2020, we exceeded the high end of our guidance for both revenue and adjusted EBITDA. Despite significant currency headwinds, in the first quarter, we generated revenue of $99.2 million, which represents growth of 26.6% over the prior year in absolute dollar terms.
Adjusting for the $4 million of currency headwind we face, our constant currency growth rate over the prior year stood at 31.7% for the quarter. Since providing guidance last quarter, foreign currency negatively impacted our first quarter results by $400,000. Adjusted EBITDA for the first quarter totaled $13.5 million, representing an adjusted EBITDA margin of 13.6% compared to $10 million or 12.7% in the same quarter of the prior year.
On a net basis, we added 900 customers in the quarter, in line with the first quarter of last year. Our total customer count now stands at 35,300. Consistent with recent trends, we saw an increase in our average order value driven by both customers buying multiple services from us and the mix shift, whereby we are now selling to a blend of larger customers. Currently, the average order value of all customers stands at 11,300, up approximately 15% in constant currency terms.
Average services per customer across our base increased to 3.2 services per customer. Our positive trend with customers using Microsoft Office 365 continued in the first quarter, with 46% of our customers now using Mimecast in conjunction with Office 365, up from 34% in the first quarter of 2019. Particularly compelling with customers using Office 365 is the fact that they continue to purchase a higher number of services per customer, 3.5 services per customer compared to 2.9 services per customers who are not using Office 365.
Importantly, our trailing 12-month revenue retention figures remained strong at 111% as our existing customers continue to renew their subscription and purchase additional services. From a geographic perspective, the United States and Australia turned in solid first quarter performance, against our expectations. We continue to see growth in the EMEA region, but now we saw some softness within the region in the back half of the quarter.
Given there are a number of factors complicating the business environment across the EMEA region, including the current UK political situation, which is significantly impacting the pound, and political challenges within South Africa and their impact on its economy, we are watching our performance within this region closely. This said, as you will see in our guidance, we remain confident in our ability to achieve our full year performance targets.
Turning to gross margin for the first quarter, we recognized a 75.8% non-GAAP gross margin, up 190 basis points from Q1 of the prior year. First quarter non-GAAP operating expenses totaled $68.6 million, compared to $54 million for the same period in the prior year. Non-GAAP R&D expense stood at 17% of revenue in Q1 compared to 15% for the same period in the prior year. This increase reflects our view of the importance of investing in our product offerings and the differentiated services we deliver to our customers.
Non-GAAP sales and marketing expenses increased in absolute dollar terms, but declined to 39.9% of revenue, down from 41.3% of revenue for the same period of the prior year. Non-GAAP G&A expense was 12.3% of revenue, down slightly from 12.6% of revenue in the prior year. Improving the efficiency of our G&A functions over time is an organizational priority, and we expect G&A to gradually be a source of leverage in the coming quarters.
Adjusted EBITDA was $13.5 million in the first quarter, representing an adjusted EBITDA margin of 13.6%, compared to $10 million or 12.7% in the same quarter of the prior year. Our non-GAAP operating profit for the first quarter was $6.6 million or 6.7% of revenue, up from $3.9 million or 4.9% of revenue in the prior year.
In bottom line terms, our first quarter GAAP net loss was $4 million or a loss of $0.07 per basic and diluted share, based on 61.4 million weighted average shares outstanding. This was net of stock-based compensation charges of approximately $10 million and tax charges of approximately $230,000.
We expect full year GAAP tax charges to be approximately $2.5 million, a slight improvement since our last projection. Our non-GAAP net income for the quarter was $5 million or $0.08 per diluted share based on 63.9 million fully diluted weighted average shares outstanding. Our non-GAAP tax rate was 31.5% for the quarter. We continue to project a full year non-GAAP tax rate of approximately 31%.
Turning to cash flow. Our operating cash flow for the first quarter totaled $28.5 million compared to $16.6 million in the same quarter of last year. Even that of the approximately $7 million benefit from the advance payment of our tenant improvement allowance that I mentioned in our prior earnings call, this represents a nice uptick in our operating cash flows, driven by strong collections in the first quarter.
We generated $19.4 million in free cash flow for the quarter compared to $9.1 million in the previous year. As a reminder, in last quarter's earning call, we discussed the fact that office buildouts and grid expansion would drive unique CapEx requirements during FY '20. With these projects now under way, we expect our Q2 capital expenditures to total approximately $16 million.
Turning now to the balance sheet. And as of June 30, Mimecast had a $196.8 million in cash and short-term investments. The balance sheet also reflects the adoption of the new lease standard, ASC 842, the summary effect of which is to grow up the balance sheet by approximately $110 million, adding both leased asset and leased liability lines.
Noting that currency headwinds, at present, have become quite challenging, let me now turn to guidance. For the second quarter of fiscal 2020, we expect year-over-year constant currency revenue growth to be in the range of 26% to 27% and revenue to be in the range of $101.1 million to $102.1 million.
Our guidance is based on exchange rate as of July 31, 2019, and includes an estimated negative impact of $2.3 million, resulting from the strengthening of the US dollar compared to the prior year. Adjusted EBITDA for the second quarter is expected to be in the range of $17.6 million to $18.6 million.
Full year fiscal 2020 revenue is expected to be in the range of $414 million to $422.6 million or 25% to 27% growth in constant currency terms. Foreign exchange rate fluctuations are negatively impacting this guidance by an estimated $11.1 million compared to the rates in effect in the prior year. The prior guidance for fiscal year 2020 provided in May was $420.3 million at the midpoint.
Our over-achievement in Q1, coupled with the strength we are seeing in our business, is leaving us to raise the midpoint of our full year guidance by $3.8 million in constant currency terms. However, this raise of $3.8 million is being negatively impacted by $5.8 million of foreign exchange headwind that has risen just since the rates used in our May call, resulting in the midpoint of our full year guidance moving down by $2 million in absolute dollar terms, from $420.3 million to $418.3 million. Full year 2020 adjusted EBITDA expectations are being raised to a range of $71.6 million to $73.6 million.
In summary, I am pleased to see that despite currency challenges, the Mimecast cast team was able to once again deliver results that exceeded our expectations and that we are raising our full year guidance for revenue in constant currency terms and for EBITDA in both constant currency and absolute dollar terms.
With that, I would like to thank you for your time. And operator, can you please open the line for questions?
Questions and Answers:
Operator
[Operator Instructions] Our first question comes from John DiFucci with Jefferies.
John DiFucci -- Jefferies -- Analyst
Thank you. Thanks for taking my questions. And it's -- never mind, Don't DiFucci just maybe --
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
I think, I think it's DiFucci John.
John DiFucci -- Jefferies -- Analyst
Seriously, you can kiss my ring next time, but anyway, Rafe, thank you for all that detail on the foreign exchange, especially its impact on guidance. That's really helpful. So thank for that. I guess, my question is something that came up. I think I was looking at the transcript for last quarter and I looked at the -- or the cash flow statement this quarter in CapEx, I know you talked about building out the infrastructure and office space. But this quarter, you had mentioned something last quarter about a $5 million one-time CapEx this quarter, I think. And it looks like you had it, it was in there. Can you give us a little more detail on this? I think you spoke about like a North American opportunity. Is this -- can you give us some more light on that?
Rafe Brown -- Chief Financial Officer
Sure. And let me just start with a quick refresher on some complicated discussion from last quarter. We called out that there would be some one-time CapEx investments that take place this year, at totaling $28 million, it's largely the office buildouts in London and South Africa and then the grid expansion that you just referenced.
Actually those are really kicking in going forward here over the next few quarters. So the grid expansion is still yet to come. In the quarter, we did receive and got a benefit from a tenant allowance. That I had mentioned that as well last quarter. That actually flows through operating cash flow, if you're tracking it down.
But we still had really a nice uptick in operating cash flow, even having backed that out. What you would expect then is the CapEx as it's building over the next three quarters, both on the real estate front and the grid expansion to take place. And I would call it just to kind of help everybody with all this complicated math that we're expecting total CapEx of approximately $16 million in Q2.
John DiFucci -- Jefferies -- Analyst
Okay, great. And that grid expansion, is that just an increase to just to be able to handle more capacity? Just generally in North America? Or is it something specific beyond that?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah, so, John, we haven't announced more specifics on it, but it's a discrete additional opportunity in the North American region that we would put down a new grid facility for.
John DiFucci -- Jefferies -- Analyst
Okay, cool. We'll look forward to hearing that. We also look forward to hear for your first customer event and actually the Analyst Day too. So that's good to prepare for. I guess, one other question. It sounds like things are humming along. You guys have been putting up above 30% constant currency growth for some time now, which is pretty impressive.
And you're doing it in a market, in which I think is underappreciated as far as the size of the market, because not just email security, but the archiving and the continuity. But often, like you -- it seems to me that given the architecture that you have that there's other things that you could be moving into. And I'm just wondering, if you could talk a little bit about that, Peter, perhaps like what areas? Like one of the areas, I think about is identity, but I'm just curious, if you have any thoughts on that or any other areas and that makes sense for Mimecast to become more relevant?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah, that's a great question. So I think, as you identify, there's sort of two interesting pieces. The one is, this underlying integrated architecture that's a microservices architecture, we call Mime OS. And the fact that it's multi-tenant that allows us to provision and serve a very large customer base with a very smooth and cost effective provisioning capability. And then be a multi-product suite on top of that with this continuous suite that we built up that really deals with a large number of use cases, very efficiently simplifying IT for customers. But on the other hand, being very margin accretive for us, as customers buying more of the products over time.
And what we've done? Obviously, we started out and we have a very strong heritage in the email-centric use cases and a considerable amount of our growth has been derived in this very important area of email security and many of the additional requirements that have been needed over the last few years around targeted threats and ransomware and impersonations and so on. But we've been able to leverage this platform to expand into some additional adjacencies.
And sometimes, we've used M&A to catalyze those, not necessarily by a full stack capability somewhere else and then sort of host that and pretend that it's part of the suite, when it's really independent, but we've been able to acquire componentry and skills and domain expertise in other areas, like web security and like user awareness training, and then expand the continuous suite into that.
What's interesting is, those are discrete sort of monetize-able use cases on their own. But what we're finding is that as we have more and more of these capabilities, that will allow us to craft unique value propositions that sort of exist at the intersections of these things. We're very excited about what that is setting us up to be able to do in the coming years to really change the frame of how our customers think about solving cyber resilience and security solutions.
Now, there are numerous areas, just to walk around a show like RSA will tell you that, there's an infinite amount of complexity that customers are having to deal with. Identity is an important area and it's an area where there are many vendors in and there are many different sort of flavors of requirement. And, without talking about any specific areas that we may or may not head into, what I would say is, we've really invest in our API strategy, so that we can -- with or without having modules or capability in a particular space. We have the ability to integrate seamlessly with other applications, be those other players, strong players in identity or next generation firewall or endpoint security or SIEM or SOAR type functionality.
Our API strategy on the new Cyber Alliance Partnership program that we've just announced really helps us to continue that promise of strengthening cyber resilience and security, but also simplifying it at the same time for customers.
John DiFucci -- Jefferies -- Analyst
Okay. Okay. Great. Well, thank you very much, guys and nice job.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah. Thank you.
Rafe Brown -- Chief Financial Officer
Thank you.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Thanks, John.
Operator
Our next question comes from Matt Hedberg with RBC Capital Markets.
Matt Hedberg -- RBC Capital Markets -- Analyst
Oh, hey, guys, thanks for taking my questions. So in the prepared remarks, I think, Rafe, you mentioned, you were watching the UK and Australia. It certainly sounds like you had good results and obviously the guidance would imply you guys are probably not seeing anything, but I just wanted to maybe dig into that comment a little bit more. I mean, you called it out, just a little bit more color around some of the specifics in those two, obviously, Brexit. But is it changing customer buying, some -- just a little bit more detail would be helpful.
Rafe Brown -- Chief Financial Officer
Yeah. We've -- at the end of every quarter, we have our QBRs with all the sales teams worldwide and had a number of discussions. And I don't think there -- we could say there's anything like that going on. It is a bit of a complicated time for the UK, it's certainly showing up in the pound, but it does seem like it's a bit of a cloudy time in terms of overall confidence and direction in the comfort area in the country. So we're just paying particular attention to it to make sure that we're on top of anything that happens there.
And as you noted, being able to have a nice beat on the quarter and have constant currency revenue growth at 31.7%, as well as to be able to raise the full year guidance kind of gives you the bigger picture of how we're looking at it.
Matt Hedberg -- RBC Capital Markets -- Analyst
Yeah, it certainly didn't look like it showed up in numbers or guidance. So that's great. And then I guess, Peter, you mentioned on the call sort of when you started off, you saw strength in TTP, which we've seen. But, can you continue to call it IEP, I believe, it has about 3,000 customers. That's great. I mean, their products hasn't been in the market that long. If you look out longer term, I think we're often asked, what is the next TTP product?
I mean, does IEP have that potential to get to some of the same attach rates longer term. And is that the kind of product that you or the demand that you're seeing here?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah. I think that's a great question. The TTP has been such a runaway success and such a great driver of growth. It's an obvious question what's the next TTP. We have several products that perhaps collectively can conspire to create the next TTP like effect. And so, it's difficult to forecast what the trajectory and timing of any one of those offerings is going to be. I think IEP is a very compelling capability. It's a very natural addition to a TTP customer to buy, and we're seeing strong interest in it.
I think, it also very much fits this kind of zero trust model, where you think about traffic and people on your -- inside your network and inside your environment, you sort of treat them with the same level of scrutiny and suspicion from a cyber security point of view, as you do your external parties. And so IEP really brings that sort of zero trust strategy dimension to your East-West traffic and traffic was trying to get outside of -- get out of your network from within and providing that scrutiny and that assurance to that traffic from both Data Leak Prevention and also from a sort of malware or other kinds of nefarious content that an attacker might be trying to leverage from inside your organization once they've gotten in.
So, yeah, I think IEP is a really -- a really exciting product and we continue to evolve it and add capabilities and tied in with our threat protection and IEPI strategy too.
Matt Hedberg -- RBC Capital Markets -- Analyst
That's great, congrats, guys.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Thanks, Matt.
Operator
Our next question comes from Saket Kalia with Barclays.
Saket Kalia -- Barclays -- Analyst
Hey, guys. Thanks for taking my questions here. Pretty straightforward quarter on the results. Maybe just a higher level question for you, Peter Bauer. A nice uptake -- continue to see a nice uptick in security awareness training. As that business gets more settled in at Mimecast, can you just talk about whether the buyer there is usually the same that Mimecast usually sells to. And then just strategically, if you put yourself into the seat of customer, is there any synergy for a customer to buy their email security tool and their security awareness training tool from the same vendor? Can you just talk a little bit about the synergies between those two businesses, if you will?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah. That's great. So awareness training a big issue for organizations. The employees being a very important part of the cyber security framework historically referred to as the weakest link in and increasingly with vendors like us providing options to really enroll the employees as allies in the security program, which requires education and compelling content and forms of engagement that really drive up their awareness and make them a lot more cyber security savvy. That is very important.
Now, it's interesting in terms of who buys that. Frequently, it is a security team that is looking at this and is given this as a task to go and fulfill. And particularly where they are looking for telemetry or measurements, they want to be able to benchmark how susceptible employees are to scams and to threats. And so that aspect of the product appeals to security folks.
Where the compliance buyer comes into quite frequently is, is really around the training. Have employees consumed training and have they assimilated the information and the knowledge that was expected from that training? And so in terms of that, there is quite often on the compliance side of the organization some budget and some motivation to drive that. So we see that as well on compliance and risk management. And then on the IT side as well.
Now your question of -- is this and -- does this fit naturally or more naturally with a gateway provider? We certainly think so. And we've certainly seen a lot of enthusiasm for our combined offering and particularly the roadmap that we've been articulating, where we can take sort of actual employee behavior and incorporate that into the telemetry that security folks are looking for.
And we can take actual live threats that are being targeted at an organization and we can defang those essentially and release those and use those as phishing simulations rather than having pure template-driven or more fictitious phishing simulations that you're trying to drive your benchmarking from.
So we think there's really strong -- there's really strong synergy. There's obviously strong operational synergy, because it allows the administrator, who's trying to take care of email security and trying to set up policies to have this extra tool in their tool bag directly within the administrative and management sort of paradigm and tool set that they're using with us. And so we do think that it makes a lot of sense as part of a suite and as opposed to just it being a stand-alone option.
Saket Kalia -- Barclays -- Analyst
Makes sense. Rafe, maybe for you just a quick follow up. Honestly, I think we all see the FX variability on the topline, especially for some key currencies like pound and the rand, but just for the benefit of everybody in the call, can you just remind us the amount of expenses that you have in those currencies -- well, in those respective currencies as well? So we could just think about the degree of natural hedging.
Rafe Brown -- Chief Financial Officer
Yeah, we actually have quite a nice level of natural hedging overall. So typically on the bottom line, it is just a de minimis impact. So that's why we don't really breakout those figures on constant currency numbers. As you're probably aware, the company is started in the UK and it's our largest office by headcount. So the natural hedges to the income statement are quite helpful.
Saket Kalia -- Barclays -- Analyst
Got it. Very helpful. Thanks, guys.
Rafe Brown -- Chief Financial Officer
Thank you.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Thanks, Saket.
Operator
Our next question comes from Keith Bachman with BMO.
Keith Bachman -- BMO -- Analyst
Hi. Thank you. I wanted to ask two questions, if I could. The first is on the competitive landscape and there's been some indirect questions around this, but I think there's a growing investor concern that eventually Microsoft will become more competitive just like they did with over some period of time with Power BI versus the data visualization vendors.
And so are you seeing any changes in your win rate? And the corollary of the question is going back to what Don von DiFucci [Phonetic] was asking is on adding to the value proposition. And I understand you want to -- your partner in certain areas, but just how do you approach the partner versus bill? Because well I think that's a worthy strategy, you could see the value creation going on. And just to pick an area of the identity focus.
There's a lot of value in that area. So if you could just talk a little bit about your competitive wins and how that might or might not be changing. And then, how you approach the build versus buy or partner thesis to try to create sustained differentiation?
Rafe Brown -- Chief Financial Officer
Yeah. So, Keith, great. Yeah, so first, just on the competitive front, I mean, we've seen a pretty consistent competitive landscape. Microsoft in particular, our win rate with Office 365 continues to be strong. We now have 46% of our customers using us with Office 365. And that's up from 34% a year ago. And those customers, they buy more products, as we've discussed beforehand. They run about 3.5 products on average per customer versus 3.2 products as our -- the average across our base. So we're seeing continued popularity of our offering with 365.
And I think that is -- a fair amount of that is to do with our efficacy and the value that we add as an additional layer of email security. But also the broader value proposition, I think you're talking a little bit too that in terms of expanding the suite. The things like data protection and archiving, the business continuity capabilities that we offer to 365 and on premise exchange as well. Our secure messaging offering, our large file transfer offering, some of the unique capabilities around awareness training and web security. So that is driving demand broadly, but a fair amount of the demand continues to be the importance of having really robust email security protection on top of 365.
Generally, from a competitive landscape point of view, a great quarter with 900 new customers coming onto the platform and continued up sell within the base with 39% of our customers now having four or more products. So we feel really good about the value proposition and the strength of the platform today and as we look out at this buy versus build capability or partner versus build or buy opportunity, I think we have to be pragmatic. We can solve lots of problems for customers with things that we built and extended into the suite. But we want to make sure that we're building things that we can introduce and then mature and really win that over time by adding maturity and capability. And that we can compete both in terms of a feature function point of view, as well as the value of having stuff within a suite on the unfair advantages that we have through the deep integration of our platform.
So we're mindful of that and we're really opening up with the API strategy to allow partners and to allow other vendors to create a much broader solution set that we can be part of within the security ecosystem. And that's something we've heard time-and-time again from customers that they have a real appetite for. And because of our cloud architecture and our cloud-native architecture that we both from day one on, we have a tremendous advantage in terms of being able to expose really easy to consume consistent APIs across the platform, across all of the features and functions of the platform and introduce those to partners.
And likewise, when we identify partners or players in the market that we may want to acquire. And then bring in as part of an integration, that same API strategy really allows us to make that available to customers in a simpler and more easy to consume and well integrated fashion as well.
Keith Bachman -- BMO -- Analyst
Okay. Yeah, it's a tricky balance -- tricky balance. Well, thank you for that. And I'll just sneak my last one in and I'll see the floor. If you could just give a quick update on Germany. You mentioned UK and South Africa were weak, but just any updates on Germany? And that's it for me. Thanks very much.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah. Great. So Central Europe, we -- as you know, we've put on our data centers there in the summer of last year. So coming up for a full year and we've hired a team in that market, it's a really large market opportunity. From a revenue point of view, it's going to take a while before it shows up in revenue, largely because we have -- these other large regions that are also growing really quickly. So we're adding customers and it's a very positive market opportunity. And something as well that we're excited about the opportunity, particularly seeing some of the things going on with GDPR in that marketplace.
Operator
Thank you. Our next question comes from Sterling Auty with J.P. Morgan.
Matt Parron -- J.P. Morgan -- Analyst
Hi, guys. This is Matt on for Sterling. Thanks for taking my question. So actually I have a few [Phonetic] questions. So the first of them being, you know, you mentioned 46% of the customers already using Office 365. So shouldn't most of -- the large customers move already to that? And if so, what do you guys think is left to penetrate? And then in terms of the product mix, I know you guys mentioned a couple of highlights, but are there any changes in the mix of products that you're seeing the biggest uptake? Thanks.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah. Great, Matt. So Office 365 penetration within our bases of 46%. I think we've said this on prior calls as well that the percentage of our new business that we sign in quarter, so the new cohorts that we're bringing on, the percentage of those customers using Office 365 already is a fair bit higher than 46%. It's more than -- more than half of our new business comes with Office 365. So, from a business growth point of view, while the migration to 365, and the activity that they consider when they planning a move, while that certainly has been a catalyst to finding and signing up with us, where we're seeing real interest with customers that are already on Office 365 are adding us off to the fact to their accounts. So that's a positive. And if you wouldn't mind just repeating, what was the second part of your question?
Matt Parron -- J.P. Morgan -- Analyst
Yes. So in terms of the business mix, the product mix, is there any difference that you guys have seen in the mix of products? Which products are seeing the biggest uptake?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah, great, so the core email security with TTP and IEP continue to be the strongest use case and drivers of new business. We've had some good growth with archiving, too. That's been an interesting progression. So, we've done some things with our archiving product like [Indecipherable] I think explain it. So we're now at 14,800 archiving customers, was adding about 300 new customers last quarter alone.
And we have a leadership position from an archiving perspective for the fourth year in a row. I think we the highest ranked leaders in the Gartner Magic Quadrant for enterprise information archiving certainly probably one of the largest scale cloud archiving providers in the market today. We have very large volumes of data and over 300 billion emails that we manage within the archive, and that's all the attachments and other content associated with it.
So it's a unique value proposition that deals with now just compliance, but also data protection and recovery, business value, APIs for developers to have opportunities to interact with the data as well. So a really good home for companies to put their unstructured data for a long term retention and management of that data.
But the two things that we've added recently to the platform are tools for the financial services vertical. So supervision tools for FINRA and the immutability requirements of the Section 17a-4, the certifications that we needed around that, which is relatively new. So surprising in a sense that we've been able to build quite a formidable archiving business without particularly going deep on the financial services vertical. So we're excited now to have more of those capabilities.
And then secondly, there's still a fair sized opportunity in legacy archiving with organizations having on-premise archives. Full of data that are very difficult to get away from and get off those older platforms and dealing with that format. So they simply migrate acquisition that we did earlier this calendar year is really enabling us to provide much -- a much more seamless end-to-end experience for migrating data, a more cost effective experience for migrating data out of legacy archives on top platform. So that's been another really a key part of our growth story this year and this past quarter too.
Matt Parron -- J.P. Morgan -- Analyst
Great. Thank you so much for that color. It was very helpful.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Thank you.
Operator
Our next question comes from Catharine Trebnick with Dougherty.
Catharine Trebnick -- Dougherty & Company -- Analyst
Thank you [Phonetic] for taking my question. Nice print with the headwind. So, Peter, in your prepared remarks, you talked about some new customer wins that you had some relationships with Fortinet and Palo Alto. So it seems like and it had to do with your new API strategy. Can you just level, base me on, when you started working with these different vendors and implementing the API strategy and how you've introduced that into the channel such that you're getting some good traction on this? Thank you.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah, thanks. Thanks, Catharine. So we have certain of the relationships are with vendors directly collaborating and working on integrations and we'll certainly be talking more about that over the coming months. I think the example that we called out then in particular was actually driven by a channel partner. So it was a channel partner that was working with a customer and builds up leveraging the APIs, pulled together the integration between ourselves and some of the other vendors that the customer had in their environment or was part of a solution that the partner themselves was bringing to the table.
So, I think the beauty of the API strategy is that while we may sort of legislate for certain outcomes and invest in certain capabilities and provide those to the market, it really does afford us an opportunity to benefit from an organic and really flexible set of innovations and customer solutions that really are outside of our control and don't really require much effort from us at all, but bring together much better solutions for customers. And at the same time underline the relevance and the value that we provide as being part of that ecosystem and part of that stack. And so we're delighted about that. And really, our focus today is on educating partners about those possibilities and those opportunities and then bringing more sort of pre-packaged integrations and design wins and scenarios to our partners and to our customers, so that they can really get on board on this train and have mine cost adding value to the broader set of solutions that they're selling or implementing or managing in their environments.
Catharine Trebnick -- Dougherty & Company -- Analyst
All right. Thank you. Appreciate the details.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Thanks, Catharine.
Operator
Our next question comes from Jonathan Ruykhaver with Baird.
Jonathan Ruykhaver -- RW Baird -- Analyst
Good afternoon. Looking at the opportunity to increase average order value, the key levers include up-sell, cross-sell and growth to large accounts. So Peter, when looking at your expectations for fiscal '20, can you kind of help us frame those two levers? Should we anticipate maybe lower net new customer adds, but larger sized customers to be the more material dynamic relative to up-sell, cross-sell? Or will it be fairly balanced?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah, I think it's balance. I mean, it's difficult to break out exactly how that's going to play out. I think the one trend that we do see is that is that in that net adds number, we generally are where there's churn, it's on the lower end, the sort of sub-50 seat space. And generally we're replacing those churns with larger customers. And generally over time, we're finding new customers who may have started their journey with one product or two products are now starting their journey with us with perhaps two products or three products. So we're getting not only slightly larger customers into the basin. And bear in mind, it's a big base. So this takes time to change and evolve.
We're getting bigger customers into the base. We're also getting slightly bigger initial product adoption and purchases. And then naturally, as our portfolio has broadened up, we've got even more to offer customers. That up-sell and that cross-sell opportunity is there and supporting that gross revenue retention number, which is an important part of our growth as well.
Jonathan Ruykhaver -- RW Baird -- Analyst
Yeah. Okay. That makes sense. Indeed the other question I had is on the Solebit acquisition. I think it's been about a year, but can you just talk about how that web security service is performing relative to your initial expectations? And given how competitive that market has been historically? Just help us understand there is any differentiation relative to some of the more traditional web security products in the market?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah. Great. So just to clarify, yes, you're right. The Solebit acquisition is kind of one year and a week or something in terms of its -- the anniversary since the acquisition. Solebit brought us a technology that was super innovative and unique in its ability to identify malware at high speed inside data files. So not particular to web security specifically, but a broad based technology that actually has enormous compelling value inside our email stack. And we partnered with OEM, the technology for them -- from them in our email offering, since it was part of the TTP offering, for almost a year or prior to that acquisition.
So we've got this tremendous engine, this capability, this unique ability to very efficiently find malware. And that has driven our efficacy program pretty strongly and helped us win several accounts competitively in the market and sustain our advantage for customers against a very dynamic threat landscape and in a competitive environment too, as we've moved upmarket. So really successful acquisition.
Now, I think we mentioned at the time of doing the acquisition that the technology is really interesting, because we also announced our upcoming at the time web security offering and that this technology will be relevant to our web security. And in fact, any other forms of security that required a high speed deep inspection of data files for threats. And so that has been integrated into our web security solution and provides actually quite a nice differentiator for our web security offering, as one looks at file downloads from websites, scanning goes through the Solebit engine provides additional assurance that bad files aren't easily coming in from websites or from social media sites, things like that as customers surf the web.
I think the web security opportunity is a really large opportunity. As you point out, there are both new -- newer companies that are gaining some momentum in that space is also a considerable amount of legacy installed base around web security on premise technologies, UTM appliances and the like. And then there are also a considerable number of companies that frankly have no particular web security technology in place. They may just have a firewall on their network and users are free to roam and do what they like on the web.
So we see all of those as opportunities. The high end web security companies are not a good fit for every type of organization. It can be an over engineered solution, it can be an expensive solution, can be more than what a customer needs. The UTM and appliance type solutions, the on-premise solutions, again not that fit for purpose in a cloud first world. They have limitations. And then of course, the greenfield scenarios where customers don't have anything at all.
Each one of those is an opportunity for us and we have a particular opportunity within our customer base where customers already chosen our deep technology and security stack for protecting them against email-borne threats and are interested in leveraging that capability in web security. So we continue to invest and we're currently working on our version 1.3 of the product. We're adding customers. We've also just added an automated trial capability. I think that goes live right now where customers are able to existing mine cost, customers are able to discover this capability, switch it on for themselves, give it a whirl and deploy it and then make a purchasing decision afterwards with that. So there's a lot of work going into it. And we're excited about what it can represent as an opportunity going forward.
Jonathan Ruykhaver -- RW Baird -- Analyst
Great. That's very helpful. Thank you.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Thanks, Jonathan.
Operator
Our last question comes from Eric Lemus with SunTrust Robinson Humphrey.
Eric Lemus -- SunTrust Robinson Humphrey -- Analyst
Hey, guys, thanks for sneaking me in here at the end. But I have one question for you and I wanted to circle back to another asset that you guys added roughly a year ago with the awareness training. I just want to see, have you guys seen any change in what you guys are replacing in awareness training, whether it'd be a single point solution or is it mostly greenfield opportunities?
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Yeah, it's a great question. I think today it's mostly greenfield opportunities. There is a little bit of competitive displacement. If we're displacing with our suite, another vendor that might have had a part of this, we may have a competitive displacement. I think today, for the most part, it's greenfields opportunity. And the penetration of this type of solution is still probably less than a third of the market has something like this today. So we're mainly we're mainly picking up net new or first time buyers of these types of technologies.
Eric Lemus -- SunTrust Robinson Humphrey -- Analyst
Great. Thank you.
Operator
Ladies and gentlemen. That does include the Q&A portion of today's conference. I'd like to turn the call back over to Peter Bauer.
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Great folks. Thank you for joining our earnings call this quarter. And we appreciate your time and your questions. We look forward to giving you our results again in a few months time. Good luck.
Operator
[Operator Closing Remarks]
Duration: 59 minutes
Call participants:
Robert Sanders -- Director of Investor Relations
Peter Bauer -- Co-Founder, Chairman and Chief Executive Officer
Rafe Brown -- Chief Financial Officer
John DiFucci -- Jefferies -- Analyst
Matt Hedberg -- RBC Capital Markets -- Analyst
Saket Kalia -- Barclays -- Analyst
Keith Bachman -- BMO -- Analyst
Matt Parron -- J.P. Morgan -- Analyst
Catharine Trebnick -- Dougherty & Company -- Analyst
Jonathan Ruykhaver -- RW Baird -- Analyst
Eric Lemus -- SunTrust Robinson Humphrey -- Analyst
More From The Motley Fool
This article is a transcript of this conference call produced for The Motley Fool. While we strive for our Foolish Best, there may be errors, omissions, or inaccuracies in this transcript. As with all our articles, The Motley Fool does not assume any responsibility for your use of this content, and we strongly encourage you to do your own research, including listening to the call yourself and reading the company's SEC filings. Please see our Terms and Conditions for additional details, including our Obligatory Capitalized Disclaimers of Liability.
Motley Fool Transcribers has no position in any of the stocks mentioned. The Motley Fool owns shares of Mimecast. The Motley Fool has a disclosure policy.
This article was originally published on Fool.com
