Endpoint Protection Platforms (EPP) , Endpoint Security , Security Operations

BlackBerry Cuts Cylance Spend to Focus on Profitable Areas

Company Shifts Cyber Focus to QNX and Secure Communications as Key Growth Drivers
BlackBerry Cuts Cylance Spend to Focus on Profitable Areas

BlackBerry plans to shift resources from the company's unprofitable Cylance endpoint protection business toward more promising areas in cybersecurity like QNX and secure communications.

See Also: 5 Critical Steps in Your Endpoint Security Strategy

The Ontario, Canada-based vendor will in parallel explore options for the Cylance business, which BlackBerry acquired in February 2019 for $1.4 billion. Reduced investment in Cylance is part of a turnaround effort for BlackBerry's cybersecurity business focused on stabilizing revenue streams and taking additional steps toward profitability after significant cost reductions, according to CFO Tim Foote (see: BlackBerry to Separate Cybersecurity, IoT Businesses in 2024).

"When we look at Cylance, we have invested heavily. We are currently investing heavily," Foote told investors Wednesday. "When we consider the level of investment required to grow this business such that it reaches scale and therefore profitability, we see that's going to be substantial and it's going to be required for a number of years. We no longer think this is the optimal use of the company's capital."

Why BlackBerry Wants to Cut Its Losses With Cylance

Cylance has been a major drain on BlackBerry's cybersecurity business, and is expected to record an EBITDA loss of $51 million for the fiscal year ending Feb. 28, 2025. Instead, Foote said BlackBerry will target growth areas like its QNX embedded systems business - which has strong market potential - and its secure communications unit, which is expected to record an EBITDA profit of $52 million this year.

Specifically, Foote said BlackBerry's secure communications business has EBITDA margins of around 20% while the QNX unit benefits from a stable customer base and expanding opportunities in new verticals. Modest investment in both product and go-to-market for BlackBerry's QNX and secure communications business will position the company for further profitable growth, according to Foote.

"We are going to take immediate actions to significantly reduce the level of investment in Cylance, and in addition, in parallel, we will explore opportunities for this business," Foote said. Cylance has given up market share in the endpoint security space, with the company's share falling from 1.5% in 2021 to 1.3% in 2022, IDC found. Cylance was the 15th-largest endpoint security vendor in both 2021 and 2022.

BlackBerry's cybersecurity division has been stabilized through substantial cost-cutting efforts, reducing expenses by $100 million. Despite a decline in revenue, BlackBerry's focus on R&D efficiency, reduced sales plays and consolidation of facilities have led to margin improvements. The division is expected to break even in the current fiscal year, and profitability is projected over the next two fiscal years (see: BlackBerry Cancels IPO, Separates Cybersec and IoT Units).

"The cyber division has moved from losing approximately $79 million a year back in fiscal year '23 to likely to achieve break-even this current year," Foote said. "We were just trying to do too many things. We've narrowed our focus. What we're doing is fewer things, but better. All of this has allowed us to very much reduce our cyber facilities footprint, exiting 14 cyber facilities in the past year."

Cylance Shifts Focus From Software to Managed Services

BlackBerry is focusing heavily on AI and machine learning advancements, particularly in managed detection and response and extended detection and response, said Shil Sircar, senior vice president of Cylance data science and engineering. Over the past 18 months, Sircar said the company has expanded from four machine learning models to 18, increasing the platform’s capability to detect and respond to threats.

"We've taken a LLM, contextualized it, fine-tuned it, and integrated this in our MDR services and product to give meaningful insights into new threats, provide explanations of novel detections and make the SOC workflow simpler," Sircar told investors.

BlackBerry has strengthened its position through its partnerships with law enforcement agencies including the FBI and Interpol, and has become a key player in cybersecurity policy-making, Sircar said. This collaboration enhances BlackBerry’s credibility and helps it influence decisions at the highest levels, including contributing to global cybersecurity coalitions such as the International Counter Ransomware Initiative, he said.

"We modernized our Cylance cloud experience, allowing us to also drive significant cost efficiencies," Ismael Valenzuela, BlackBerry's vice president of threat research and intelligence, told investors. "We have also partnered with leaders in data analytics, like Databricks, allowing us to rebuild our entire back-end in the cloud, allowing us to scale and to have better innovation."

Customer satisfaction and retention have improved due to BlackBerry’s modernization efforts and cost reductions, Sircar said. The firm has seen positive trends in renewal rates for its MDR services, reflecting customer satisfaction with its AI-driven cybersecurity solutions, according to Sircar. BlackBerry's stock is up $0.06 - or 2.4% - to $2.56 per share since announcing plans to significantly cut its Cylance investment.

"We're seeing improving overall customer satisfaction, as seen by the renewal rates trending in the right direction for MDR services," Sircar said. "And we're able to do this with a 54% reduction in our overall cloud cost. So, we've modernized and optimized our technology to deliver this service in the most effective and the most efficient way."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.