Rubrik, Inc. (RBRK) Q2 2025 Earnings Report, Transcript and Summary

Good day, everyone, and welcome to today's Rubrik Second Quarter Fiscal Year 2025 Results Conference Call. At this time, all participants are in a listen-only mode. Later, you will have the opportunity to ask questions during the question-and-answer session. Please note today's call will be recorded. [Operator Instructions]. It is now my pleasure to turn the conference over to Melissa Franchi, Vice President, Head of Investor Relations. Please go ahead.

Hello, everyone. Welcome to Rubrik's second quarter fiscal year 2025 financial results conference all. On the call with me today are Bipul Sinha, CEO, Chairman and Co-Founder of Rubrik; and Kiran Choudary, Chief Financial Officer. Our earnings press release was issued today after the market closed and may be downloaded from the Investor Relations page at www.ir.rubric.com. Also, on this page, you'll be able to find a slide deck with financial highlights that, along with our earnings release, includes a reconciliation of GAAP to non-GAAP financial results. During this call, we will make forward-looking statements, including statements regarding our financial outlook for the Q3 and full fiscal year 2025, our expectations regarding market trends our market position opportunities, including regarding generative AI and growth strategy product initiatives and expectations regarding these initiatives and our go to market motion. These statements are only predictions that are based on what we believe today and actual results may differ materially. These forward-looking statements are subject to risks and other factors that could affect our performance and financial results, which we discuss in detail in our filings with the SEC. Rubrik assumes no obligation to update any forward-looking statements we may make on today's call. With that, I'll hand the call over to Bipul.

Thank you, Melissa, and thank you everyone for joining us today. Now, let's get started. We delivered an outstanding Q2. We outperformed across all guided top-line and profitability metrics, and are raising our annual guidance. Here are a few numbers that highlight the quarter. Our subscription ARR reached $919 million growing 40% year-over-year. Our subscription revenue was $191 million growing 50% year-over-year. Our subscription NRR remained strong above 120%. And finally, our all-important profitability measure, subscription ARR contribution margin improved by over 1300 basis points year over year. We continue to focus and make great strides in improving our business efficiency and profitability. Now, let me give you the broader context of our business that enables these great results. Rubrik is winning in the cyber resilience market. As more and more organizations realize that cyber-attacks and breaches are inevitable, cyber resilience is becoming the number one topic in cyber security. In my conversations with CIOs and CISOs around the world, what is clear is in spite of spending millions of dollars in cyber-attack prevention tools, it is not a question of if, but when they will experience a successful cyber-attack. Every Board of Directors is asking for a cyber resilience strategy to ensure that their business get back up and running as fast as possible. The recent global IT outage is a great reminder that resilience is required in an interconnected digital economy that can easily be disrupted by human error or a threat actor. What is driving Rubrik's result is our highly differentiated platform, purpose built to deliver complete cyber resilience. Rubrik's Security Cloud combines DSPM or Data Security Posture Management with cyber recovery in a Zero Trust data security platform. We are the only vendor in the market to offer integrated DSPM plus cyber recovery, which enables cyber resilience Our unique AI-powered architecture delivers data risk, data set and rapid cyber recovery that is scale, enabling our customers to deal with situations before, during and after cyberattacks. Other products in the market generally make cyber recovery time up to 100 times longer, because they can't natively deliver four things needed for fast cyber recovery. Number one, the scope of the attack number two, time of infection number three, sensitivity of impacted data and finally, number four, malware hunting and quarantining. These are complex problems to solve. We solve these because our architecture leverages AI and machine learning inside our integrated dataset engine. This is how we deliver cyber resilience natively, not with bolt-on security tools or third-party integrations. Our customers choose Rubrik because we can confidently meet their cyber recovery time objective. We transform cyber recovery from a long drawn out existential affair to a simple short operation, so organizations can continue running their businesses. As a result, we win the vast majority of deals in head-to-head competition. This quarter, a Fortune 500 European Automotive supplier selected Rubrik as its de facto cyber resilience platform, replacing their complex legacy data protection solution, which they believed less than vulnerable in case of a cyber event. Another example, an American multinational investment bank and financial services organization replaced a competing new gen vendor solution with Rubrik, given our superior cyber recovery, speed at scale, and our more robust and integrated security capabilities. We've been in the marketplace because of our differentiated single management and security controls across enterprise, cloud and SaaS workloads, while delivering incredible simplicity, performance and scalability. This quarter, a U.S. Insurance company replaced its existing data backup and recovery vendor with RSC or Rubrik Security Cloud Enterprise Edition and SaaS data protection for M365. This customer was dissatisfied with their current WAN provider. A competing new-gen vendor as it could not operate at the scale and speed the business required nor protect their M365 environment. During the proof of concept, we demonstrated a recovery time of about 35 seconds, compared to over five hours for the incumbent. The customer security team also endorsed Rubrik for our suite of native security features such as anomaly detection, threat hunting and monitoring, and sensitive data discovery, which their existing vendor lacked. We are also striking a chord with customers operating in the public cloud, due to our ability to drive immediate cloud cost savings, while delivering fast cyber recovery time. A Fortune 500 global leader in prestige beauty expanded their RSC footprint by purchasing cloud-native protection for Azure, extending Rubrik for complete cyber resilience across both datacenter and cloud workloads. This customer selected Rubrik for our ability to deliver complete cyber resilience in addition to significant cloud cost savings. We also significantly expanded our cyber resilience footprint at ARIA, the innovation company in Italy across cloud-native and unstructured workloads to secure company's digital transformation. ARIA manages sensitive healthcare data of 10 million Lombardi citizens. In addition, we have helped hundreds of customers quickly come back online, after the recent global IT disruption. Our customers were grateful for our ability to get their business back up and running quickly. An IT leader at a large hospital network wrote, ''Rubrik was instrumental in helping the hospital continue services during this massive outage. We did not have to cancel any appointments, and we were able to provide all services to patients. It would have been a different story with our previous solution.'' What Rubrik does, matters. Now moving on to DSPM. Our view is that, cyber resilience not only requires cyber recovery, but also data security posture. Cyber recovery is about wartime, while data posture is about before and during cyber-attack preparation. DSPM gives visibility into sensitive data exposure to minimize surface area of attack and the risk of data exfiltration. This quarter, a large European agricultural company expanded Rubrik cyber resilience footprint by adding Rubrik DSPM to reduce the risk of data exposure and exfiltration. This customer displays their existing DSPM vendor, noting Rubrik's superior ease of use and greater visibility across multi-cloud environments. Another example, a U.S. consumer services company added Rubrik DSPM to provide visibility into where its sensitive data resides and reduce its attack surface. Rubrik automated the discovery and classification of company's sensitive data in only a few hours, which would have otherwise taken months of manual work across 10 full-time employees according to the customer. In addition, what we are seeing is that, generative AI brings urgency to DSPM. Before an organization's proprietary data gets fed into LLM, data sensitivity and user access must be managed. AI trust, safety and preparation must be established and DSPM plays a critical role in this. Now, let's talk about our partnership across security and data landscape. These relationships are a key part of our go-to-market motion. We recently made a few notable announcements that deepened and widened our partner relationships. Last month, we announced a new partnership and technology integration with Mandiant, part of Google Cloud. This collaboration offers our customers a tightly integrated end-to-end solution spanning cyber threat detection, incident response and data recovery. Through this partnership, joint customers will be able to ensure that in an event of an attack, the Mandiant and Rubrik team will work together to help the business get back up and running as fast as possible. We continue to strengthen our partnership with cloud providers as well. As an example, this quarter Rubrik was named Microsoft Healthcare and Life Sciences Partner of the Year for 2024. This award comes on the heels of our win last year as Microsoft Partner of the Year in the U.S. and in the UK. This accolade represents our commitment to protecting all data, including patient data, while enabling seamless operations in healthcare organization and driving innovative solutions in partnership with Microsoft. Now, let's turn to business efficiency and profitability. This quarter, we improved our subscription ARR contribution margin by over 1,300 basis points year on year. We are pleased with the margin improvement, and we are relentlessly focused on opportunities to continue these improvements. While we invest in our innovation platform and go to market engine to capture the cyber resilience opportunity, let me be very clear. We are equally focused on delivering leverage and profitability in our business model. These are key components to building and enduring business and we are executing well on that path. A big thank you to all Rubrikans around the world for their hard work and diligent focus. In closing, I will leave you with three takeaways. First, cyber resilience is where the cybersecurity market is going, and we are a leader in cyber resilience. Second, we are winning against the competition because of our highly differentiated and unique architecture. This is why our customers can rapidly recover from cyberattacks at scale. And finally, in addition to growth at scale, we believe our path to profitability is clear, and we continue to make great strides in building a durable business. With that, I'm pleased to pass it over to our Chief Financial Officer, Kiran Chaudhary.

Thank you, Bipul. Good afternoon, everyone, and thank you for joining us today. As Bipul shared, we've had a very strong second quarter all around. Notwithstanding the broader macro environment, our team continues to execute very well and take advantage of the market opportunity, which is reflected in our results. The quarter was highlighted by continued prioritization of cyber resilience amongst our customers, momentum in large deals and notable improvement in profitability. This drove results ahead of the high end of our guidance across all of our key operating metrics including subscription ARR and subscription ARR contribution margin. Today, I will briefly recap our second quarter fiscal 2025 financial results and key operating metrics and then provide guidance for the third quarter and full-year fiscal 2025. All comparisons unless otherwise noted are on a year-over-year basis. As a reminder, our key top-line metric is subscription ARR, which we believe best illustrates our success in acquiring new customers and maintaining and expanding our relationships with existing customers. Our highly differentiated platform combining DSPM and Cyber Recovery drives our leadership in the cyber resilience market. This is highlighted by our second quarter performance. Subscription AR was $919 million in the second quarter, up 40%. We continue to drive adoption of our Rubrik's equity cloud, which resulted in $678 million of cloud ARR, up 80%. Our subscription ARR growth benefited a couple of percentage points from transitioning our declining maintenance base to RSC. Our strong results were driven by a combination of new logo lands to Rubrik and existing customer expansions. We have a compelling land and expand model that allows for a significant expansion opportunity after our initial contract. The three main vectors that drive expansion with our customers are: One, the growth of data from applications already secured by Rubrik; Two, additional applications secured on our platform. And three, adoption of additional data security products. As an example, adoption of additional security functionality now contributes over one-third of our subscription net retention rate up from approximately a quarter in the year-ago period. This land and expand motion drove another quarter of greater than 120% average subscription net retention rate. We ended Q2 with 1,969 customers with subscription ARR of $100,000 or more up 35%. These larger customers now contribute 81% of our subscription ARR, up from 78% in the year-ago period as we become an increasingly strategic partner to our enterprise customers. For our Q2 in fiscal 2025, subscription revenue was $191 million, up 50%. Total revenue was $205 million, up 35%. Turning to the geographic mix of revenue. Revenue from the Americas grew 36% to $147 million. Revenue from outside the Americas grew 34% to $58 million. Before turning to gross margins, expenses and profitability, I would like to note that I will be discussing non-GAAP results going forward. We are committed to balancing strong growth at scale with improving profitability. We are focused on delivering strong gross margins, improving our subscription ARR contribution margin and growing free cash flow. Our non-GAAP gross margin was 77% in the Q2, in line with the year-ago period and up from 70% in fiscal 2023. Gross margin benefited from changing product mix and improved efficiency of our customer support organization. These benefits were offset by higher cloud hosting costs due to the development in and growth of our cloud solutions, which we expect to continue to scale in the future. We anticipate total gross margin to stay at the lower end of our long-term target of 75% to 80%. As a reminder, we look at subscription ARR contribution margin as a key measure of operating leverage supporting our path to profitability. This is calculated as subscription ARR less non-GAAP cost of subscription revenue and less non-GAAP operating expense and then divided by subscription ARR. We find this to be a more relevant metric to demonstrate improvement in operating leverage than operating margins or free cash flow because it removes the impact from our cloud transformation as well as evolving contract duration and payment terms. We believe the improvement in our subscription ARR contribution margin demonstrates our ability to drive operating leverage and profitability at scale. Subscription ARR contribution margin was negative 8% in the last 12 months, compared to negative 22% in the year-ago period, an improvement of over 1,300 basis points. Last 12 months operating expenses in this calculation includes the $23 million in employer payroll taxes we accrued in Q1. Adjusting for this onetime expense, our subscription AR contribution margin for Q2 would be negative 6%, an improvement of 1,600 basis points from last year. The improvement in subscription contribution margin was driven by our growing scale and continued focus on driving efficiencies across the organization. We are pleased to see the leverage in our go-to-market spend in particular with sales and marketing expense as a percent of revenue moving down 1,200 basis points year over year as we see the benefits of increasing productivity from our sales force, a ramping renewal base, organizational efficiencies and improving effectiveness in our cost of acquisition. However, we believe we are still in early innings of these benefits. In particular, as our renewal base continues to scale and becomes a bigger part of the revenue, we expect to see further improvements in sales and marketing expenses as a percentage of sales. Free cash flow is negative $32 million compared to negative $13 million in the second quarter of fiscal 2024. The decrease in free cash flow related to last year was primarily due to an increasing mix of annual as well as monthly consumption payments due to growth in our cloud and SaaS products. Also related to the last year, we incurred expenses associated with the acquisition of Laminar, which was completed in August 2023. Despite these headwinds, we improved free cash flow margin year-over-year during the first half of this fiscal year, excluding the impact of one-time employer payroll taxes related to the IPO. Turning to our balance sheet, we ended the second quarter in a strong cash position with $607 million in cash, cash equivalents, restricted cash and marketable securities and $307 million in debt. Turning now to our outlook. We remain confident about the demand for our differentiated offerings and the powerful secular cyber resilience trends fueling our growth. We expect to continue to execute well and deliver strong subscription ARR growth ahead. Revenue on revenue growth can fluctuate due to a number of variables including the pace at which we add new RSC customers and the pace at which we continue to migrate our existing customers to RSC. In terms of operating investments, we plan to continue to make focused high ROI investments in R&D and go to market to drive innovation and momentum in the large and growing market we operate in. We assume contract duration and payment terms continue to contract modestly through the second half with the growth in our Cloud and SaaS products, which will be headwinds to free cash flow. Hence, we point subscription ARR contribution margins to measure operating leverage and profitability. Now turning to guidance for third quarter of fiscal 2025. In Q3, we expect revenue of $216. Million to $218.5 million up 31% to 32%. In terms of profitability, we expect non-GAAP subscription ARR contribution margins of negative 8% to negative 7%. We expect non-GAAP EPS of negative $0.41 to negative $0.39 based on approximately 185 million weighted average shares outstanding. For the full year fiscal 2025, we are pleased to raise our guidance across both our top line and profitability metrics. We now expect subscription ARR in the range of $1.026 billion to $1.032 billion reflecting a year-over-year growth rate of 31% to 32%. To help with modeling seasonality for the year, we expect net new subscription ARR in the third and fourth quarter to be roughly equal. We expect revenue for the full year fiscal 2025 in the range of $830 million to $838 million implying 32% to 33% growth. We plan to continue to invest into this enormous opportunity ahead of us, while delivering efficient growth at scale. We expect non-GAAP subscription ARR contribution margins between negative 7% and negative 6%, reflecting further margin improvement from Q2. We expect non-GAAP EPS of negative $2.12 to negative $2.06 based on approximately 155 million weighted average shares outstanding for the full year. We expect free cash flow of negative $67 million to negative $57 million or negative $44 million to negative $34 million excluding the $23 million in one-time payroll tax associated with our IPO. This implies positive free cash flow in the second half of the fiscal year. In closing, the large and growing market for cyber resilience, our vision for this category, unique strength of our product offerings and proven go-to-market motion collectively support our subscription ARR growth outlook. We are proud of our performance this past quarter and look forward to continuing the momentum into year-end and beyond. We look forward to seeing many of you on the road in the coming months, including at the upcoming Goldman Sachs Technology Conference. With that, we'd like to open up the call for any questions.

[Operator Instructions]. We'll move to Saket Kalia with Barclays. Your line is open.

Okay, great. Hey, guys. Thanks for taking my questions here and nice result.

Thank you, Saket. We are excited.

Absolutely. For sure. Bipul, maybe for you, can you just talk a little bit about what customers are saying about cyber resilience in the wake of the CrowdStrike outage? I mean, you mentioned some interesting things in your prepared remarks about how well protected your customers were, but and I'm sure it's early to see any financial benefit from CrowdStrike. But I'm just kind of curious how this is changing customer thinking about cyber resilience, if at all?

Cyber Resilience is top of mind for every organization around the world, because what folks have realized is, they have invested millions of dollars in cyber prevention tools and they still are not sure whether they can continue operating their business in an event of cyber breach or successful cyber-attack. So, every Board of Director, every CEO is thinking about how do they keep their businesses up and running. And our results reflect that. If you look at our subscription and ARR growth, we grew 40% year-over-year to over $900 million If you look at our total revenues, grew 35%, but the subscription revenue, which is the real indicator of our business grew 50% year-over-year. And these are the trends that are helping our business. In fact, this CrowdStrike event was little unfortunate human error. CrowdStrike is a great partner and we jointly helped hundreds of customers recover. But this particular incident people saw this as a preview of what could happen if you have a real cyber incident or real cyber-attack that can take down global economy that can have massive global impact on the IT systems and everything else that goes with it. So, this particular issue has triggered a lot of discussion, lot of Board of Directors is asking question about resilience. And that is one of the many factors that in both coming months quarters will help bring more focus to this particular market segment. And we believe that there will be much more momentum around cyber resilience.

Super helpful. Thanks, Bipul.

We'll move next to Fatima Boolani with Citi. Your line is open.

Good afternoon. Thank you for taking my question. Bipul, just a question for you about the market landscape and a little bit from a competitive lens, but just kind of broadly speaking. You know, we've seen a lot of activity in the data security posture management space, both in the private markets from, newer companies, but also certainly, customers voting with their wallets in, driving better attach rates for you and your products around DSPM. So, I'm just wondering if you can sort of comment and maybe give us a little bit more quantitative granularity as to how much better those products are tracking with, one year in with laminar. And then, relatedly a large enterprise SaaS company, that you do have a partnership with, just kind of acquired a backup and recovery company. So, I was hoping you could kind of set the record straight on how does, this doesn't diminish your advantages and your differentiation when there are potentially call it embedded options in some of the data stores that you do actively protect. Thank you.

Thank you, Fatima. There are like three questions in that question. And let me first give you my sense of this Salesforce issue and then I'll come back to competition and DSPM. Look, this Salesforce acquisition of Own actually validates our strategy. We are telling customers and organizations and governments around the world that SaaS data is important to protect. SaaS is becoming mission-critical. And a SaaS vendor buying a SaaS data security, SaaS cyber resilience company validates our whole strategy. But we are focused on all the applications across enterprise, cloud and SaaS landscape. Salesforce is one of the 20 plus applications that we actually provide cyber resilience on and businesses want a single policy engine, a single security control across all of their application landscape. Otherwise, they are turning 30, 40 knobs to make sure that the business is running. So, this actually is very positive for us and it brings the focus into why cyber resilience is important and Salesforce is our partner. In fact, we jointly created solution with them. And what we are hearing from our customers, I'll give you an example, a large health insurance company, Fortune 500 health insurance company called us and said they want to consolidate their data protection cyber resilience landscape on a single platform. So, it's very positive for us. If you look at our results, coming back to the competition, if you look at our results and our success in the marketplace, we are winning the cyber resiliency market. And if you look at our, again win rate, we are winning vast majority of deals across both our legacy competition, as well as new-gen competition. In fact, a very large financial data company, we had more than $1 million ACV land, which replaced a new gen vendor over their cyber recovery capabilities and they saw Rubrik as a native cybersecurity platform that deliver cyber resilience. So, and architecture matters when you are talking about cyber resilience. And what Ruby did, we natively built data risk, data threat and cyber recovery capability into an integrated platform across all the data landscape. So, we have, again, a very unique product in a very large market and that's what is leading to our wins. You talked about DSPM. In fact, DSPM is an integral piece of the cyber resilience strategy because data risk and data threat is essentially DSPM, and which is our expanded view of the DSPM. And generative AI is also accelerating the demand for DSPM because before people feed their data into LLMs or RAG models, they want to understand what is the risk, who has access to this data, are we feeding data that falls in the wrong hands. So, Gen AI trust, Gen AI security, Gen AI responsibility depends upon the data that gets fit into it. And we see interesting traction in that space. Obviously, DSPM is a new product for us, but we now have more than 50 customers using our DSPM product. In fact, a leading cybersecurity company brought cloud cyber resilience with combination of DSPM plus cyber recovery. And we are seeing this in a number of cases around the world.

Thank you for the detail. I appreciate it.

We'll move next to Andrew Nowinski with Wells Fargo. Your line is open.

Great. Thank you. Congrats on another great quarter post your IPO. I guess I want to ask you a question about the pending Veritas acquisition or merger, I should say. Now once the deal is closed and they're merged with Cohesity, it sounds like they'll be able to migrate most of those customers, those Veritas customers over to the Cohesity platform using an automated tool. So, won't it be harder to convince those former Veritas customers to switch to Rubrik and still be on a much better platform than they were previously on?

Thank you, Andrew. In fact, when we first heard the Cohesity-Veritas merger and we actually had that discussion within our company. And what we concluded was that Veritas product is a single product in the customer environment, unlike Cisco or Microsoft or one of those large companies with lot of products in the customer environment, where they have in some ways of relationship and durability with the account. When you have a single product and if you're trying to replace that single product, the customer will naturally ask what else exists out there in the marketplace. And cyber resilience is the number one concern of every business. And if they're looking around in the marketplace, they will definitely give Rubrik a chance. And if you look at our win rate against both legacy and new-gen competition, we are winning vast, vast majority of deals. So, in fact, Cohesity prodding Veritas customer for change is actually going to set lot more customers lose in terms of them looking around to find what else is out there That we believe is a tremendous opportunity. Moreover, whenever you have two companies merging, there is a lot of rationalization that needs to happen, both in terms of product, people and roadmap. And if I'm a Veritas customer today, I'm thinking all my product like promised roadmap, will they be delivered? It's an open question. It's a good question. And that creates opportunity for us.

Thank you so much, Bipul.

We'll move next to John DiFucci with Guggenheim Securities. Your line is open.

Great. Thank you and good afternoon, everyone. This is Howard Ma on for John. On Rubrik Security Cloud, it's either for Bipul or Kiran. You called out the increased contribution to NRR from adoption of additional security products. That's obviously positive. But can you comment more on the two other pieces, so workload expansion or upsell and additional apps secured by Rubrik? And this is kind of a two-part. The first part is, are you seeing any signs of slowdown in these two other drivers? Or do you still see a lot of white space in both cloud data protection and cyber resilience? And the second part is, can you remind us of your product roadmaps related to the first? If there is a lot of white space out there, which additional applications are you adding in the near term? Thank you.

Thank you, Howard. If you look at the Rubik's offerings, we have a very comprehensive data security platform. And what we are doing is we are going to customers and saying that, hey, you have a legacy backup and recovery architecture. How do we transform that architecture into a data security platform to deliver cyber resilience? And in our data security platform, we have a comprehensive suite of data security products that we attach as part of our enterprise addition, as well as business addition. And if you look at our product expansion, a third of our NRR is contributed by data security product that we attach on our platform. So, we are not seeing any slowdown in terms of the customer demand or attachment of our data security product. In fact, more than 50% of our new customers again this quarter came in to adopt enterprise addition at the first purchase. So, we are continuing to see strong demand and strong expansion on our platform. Obviously, you saw us announce Salesforce.com as the cyber resiliency target for us as the next SaaS. And as these SaaS platforms becoming more and more critical in the enterprise, we will continue to expand our platform to cover more and more SaaS apps. And our strategy is, which by the way our customers really love is the consolidation of cyber resilience across all apps, all the apps that are in their data center, all the apps that are across AWS, Azure, GCP as native cloud apps, as well as all the apps in their SaaS landscape and a single policy engine, a single security control across all apps, so that when chips are down, when you are under attack and you have to go recover, you are not turning 20, 30 knobs as I said before. That's the Rubik's native advantage of a unique platform in a large and growing market with cyber resilience emerging to be the number one category within cybersecurity.

We'll move next to Gregg Moskowitz with Mizuho. Your line is open.

Your line is open. Okay. Thank you, very much, and good afternoon, guys. I had a follow-up to Saket's question just regarding, the CrowdStrike IT outage. Bipul, from what you can ascertain, I was just wondering if the outage has led to an increase in pipeline build or velocity for Rubrik or is that simply too difficult to gauge? And then secondly, curious about how the usage has been looking for Rubrik AI, if you could give us an update there as well? Thank you.

Thank you, Gregg. In fact, when that global IT meltdown happened, we were also discussing the ramification of such an outage. In fact, CrowdStrike and us together, as I was saying before, recovered 100 of customers and it showed the power of Rubrik platform that we could isolate a single file and recover at a scale, large number of systems. Obviously, it's too early to gauge the impact of this particular outage, but anecdotally, we are hearing a lot about Board of Directors calling their security and IT leaders saying that what's the plan to bounce back upon such an incident? And if this is a preview to what could happen in cyberattack, how do we keep our business ongoing operations? They've all spent a lot of money in preventive solutions, but you can't prevent the unpreventable. And what we saw was a small human error can really take a global digital economy down in such rapid pace and with such significant scale. So, we believe that it will be one of the many factors that will only propel this market going forward. Your second question is around Ruby. Just as to set this up, Ruby is the Rubrik's generative AI agent, and we are focused on increasing productivity of IT and security operations team because more and more IT teams are being asked to do cybersecurity work such as threat hunting, threat quarantining, IOC management, which they are not equipped with or they have not been trained on. And so, we have created Ruby as our multi-year strategy to really bring productivity to cyber resilience work. And what we have done is, we have created this as our standard offering as part of our Enterprise Edition because all the capabilities that Ruby support is supported on Enterprise Edition. And our goal is to really extend the Ruby skills going forward. And it will continue to evolve the Rubrik platform as the advancement in generative AI, agentic system and everything else happens around it. Our ultimate goal is that if you can use Facebook, you should be able to do complete cyber resilience. And so, Ruby is -- think of Ruby as somebody that we are shipping, a person that we are shipping with our product, where that person is handholding our customers to a cyber resilience outcome. And you'll see us do a lot more in terms of really building this platform and continue to add skill sets to it. But it's not a separately monetizable event for us, because we believe that all the productivity gain amounts to our customers.

Terrific. Thank you.

We'll move next to Joel Fishbein with Truist Securities. Your line is open.

Thanks for taking the question and congrats on the strong execution. Kiran, one for you. Obviously, you made some significant progress on the margin side of the business. I just would love to drill down a little bit deeper maybe on where will we see leverage come from moving forward? I know you about sales and marketing, but if you could give us a little bit more granularity that would be really helpful. Thank you.

Hi, Joel. Thanks for your question. So yes, we have made a significant progress on margin. And as you know, the key margin metric for us is subscription AR contribution margin, because we run the business on ARR given our cloud transformation and we have improved that metric quarter-over-quarter by 240 basis points. And if you remove the impact of the payroll tax rate of the IPO that is a 1,600-basis point improvement year-over-year. And the key areas of driving efficiency here are the big investment areas, which is primarily sales and marketing and R&D. And we've been and it worked for some time and continue to make progress. I'll just highlight a few areas. In sales efficiency, it's primarily coming from more productivity. We are generating multiple delivering multiple products, which allow our sales force to land and expand. With greater productivity, we are doubling down on enablement and leadership development and also getting more return on investments in some of our growing markets like international and federal. We are also continuing to work hard on lowering the cost of acquisition in terms of marketing efficiency, targeting account focus and more partner leverage as well. And the last area I would say is a natural leverage for us with scale is renewals. It's still a minority in our business, but as we grow and renewals base grows, we get natural leverage in our model. And then in R&D, the second largest day of investment, we continue to innovate really well using our global R&D centers, which gives us the ability to innovate with greater leverage or cost leverage as well. So those are the two areas I would say we are very focused on driving efficiency in the business.

Thank you for the color.

We'll move next to Eric Heath with KeyBanc Capital Markets. Your line is open.

Great. Thanks for taking the question and really strong set of results here. So, I just wanted to come back to the conversation on data security and DSPM. Bipul, maybe if you could just share kind of how the evolution is going in terms of your engagement with customers. Is this driving more conversations and engagement with the CISO or the Chief Information Security Officer, in that organization? And then maybe just given some of the early proof points with the adoption of 50 customers, what kind of uplift you're seeing with the adoption of the enterprise proactive tier? Thanks.

Thank you so much for your question. Let me first talk about what I'm hearing from the customers. So, a large multinational fast food company, which is an existing customer, CISO who is looking at the SPN really said Rubrik is the secret sauce because they are confident that he can go to the board and say company is able to withstand a cyberattack. And the reason they are looking at DSPM is because they want to understand data security risk and data security threat. Risk is what is the sensitivity of the data and who has access to the data and threat is who is doing what to the data. Unless they understand the data and being able to again deliver cyber recovery, they will not have peace of mind. Another example is the Fortune 50 oil and gas company. In my CISO conversations, they actually had major focus on cyber resilience, like really overhauling cyber resilience by replacing legacy vendors. Another Fortune 500 Healthcare Company CIO conversation was all about strategic partnership to deliver cyber resilience because that was a board mandate. So, see in all of these cases, the data security, DSPM and cyber recovery is emerging to be a very, very strong use case. And that's why we are focused on cyber recovery plus DSPM on our platform to deliver complete cyber resilience. Obviously, it is very early in refining our packaging and how we package and how we bring all of these capabilities together. We are seeing a strength in attaching DSPM with our enterprise addition. And as I mentioned before, over 50 customers now with DSPM. So, we are seeing interesting traction, obviously, how we package and how we put these things together will evolve, but we are seeing a strong traction in the SPM Plus Enterprise Edition.

Thanks, Bipul.

We'll move next to Yi Fu Lee with Cantor Fitzgerald. Your line is open.

Congrats on the strong back to back fiscal 2Q. Thank you for taking my question for Bipul or Kiran. My question revolves around the Mandiant Threat Intelligence collaboration. It does make total sense for us that you're joining first class man Mandiant incident response with Rubik's ransomware response team together. So, the question around, my question is revolve around the penetration of Google Cloud sector. How do you think about that, Bipul and Kiran? We understand you're very strong with the Microsoft partnership, Microsoft Azure Cloud. And any color on AWS as well, later on in the future roadmap? That's it for me.

Look, we love all our partners. We are not partial to one. And we want to build a multi-partnership strategy where we create win-win partnership across Microsoft, Google, AWS and all other vendors, because we are a Switzerland solution. We deliver cyber resiliency across numerous platforms whether it's on premises, datacenter platforms, or cloud platforms, or SaaS platform. And our Mandiant partnership is a significant step in that direction. If you think about Rubrik's data security intelligence, that is data security capabilities and Mandiant's cyber defense solution, two of us has come together to give our customers complete threat intelligence, comprehensive incident response and clean room recovery on Google Cloud. If you think about Rubrik's customers overlap with Mandiant, our customers can now integrate the threat feed that they are getting from Mandiant and use it on Rubrik. Now think about it, we're pre-calculating as what is the threat exists that in the data by taking the feed as we are running the operations. And that's the power of these relationships. Together, we are delivering on parallel level of cyber resilience. And look, I will continue to do more of these partnerships, truth starts with product at the customer. If we are creating value for our customers, if it is a true product engineering integration and one plus one equals to five, it completely makes sense to us to create more partnership, deliver more value to the customer. Ultimately, we want to be a generational company and we want to create value in our ecosystem.

Thanks for that, Bipul. Congrats again.

We'll move next to Todd Coupland with CIBC. Your line is open.

Yeah. Good evening. I had a two-part question. One, I just will follow-up on the Veritas-Cohesity question. You talked about how it's opening up a window. Has that started yet? And when would you expect it to ramp up over what time period? And then I had a quick follow-up.

We are definitely seeing customer calling us more and being worried about cyber resilience, have the questions around the uncertainty of the Veritas-Cohesity coming together. There's lot of noise in the marketplace, and they're worried about their roadmap of their stability of the roadmap on the features they need. So, this is definitely we are starting to hear more and more about it and we are definitely responding to those calls. Obviously, we have a superior product and a unique platform that combines DSPM and cyber recovery that includes before cyber-attack, during cyber-attack and post cyber-attack capabilities to be really prepared for assume breach posture that everybody is thinking about. And that's what we are delivering in the marketplace and we believe that will open up more opportunities for us.

Great. Thank you. And then the follow-up is, we haven't really talked about the economy and impact on enterprise spending. I understand cyber is a priority and CrowdStrike incident certainly raises that point as an obvious conclusion. But what impact, if any, is the current economy having on pipeline size of deals, time to close, et cetera. Just give us an update on that. Thanks a lot.

So, I'm a fiscally conservative guy. And I always think about what am I missing? I always look around and see is there -- are they leading indicator that we can read the tea leaves on and try to adjust. But we are not seeing any change, particularly for our product and our demand. Our market momentum remains unchanged. We are not seeing any change in macro in our segment. And cyber resilience is top of mind for our customers, for all the board members around the world. Our biggest worry is that what are the conversations that we are not part of because those are the only deals we are losing because we are winning vast, vast majority of deals. So, we are excited about what's ahead of us. We delivered an outstanding first half. We are confident about the rest of this year, and we are looking forward to finishing it strong.

Thank you very much.

We'll move next to Brad Zelnick with Deutsche Bank. Your line is open.

Great. Thanks so much for taking my questions. And congrats on a great first half and raising the full year guidance. Kiran, I was just wondering if you can comment on the confidence level that you have and the visibility to the guidance here that we have implied for the back half? And maybe if you can frame it in terms of just the methodology that you've been using thus far. Anything that we should know, I know the prior question asked about macro. But any factors and key assumptions that we should be thinking about or changes would be helpful. Thank you.

Brad, thanks for the question. So as Bipul shared, we had strong momentum and outperformed the quarter. The first half, when you look at the growth rate, we had double-digit growth in net new ARR, and that's really given us the confidence to raise the outlook for the second half. And if you look at the implied guidance, the second half net new ARR, we have raised by over 5% heading into this half. Obviously, our execution has been strong, but there is still an uncertain macro environment, and we are being prudent and thoughtful with the guidance, but we feel pretty confident in the outlook based on the pipeline we see and our ability to execute this market.

Makes perfect. And I’m glad to hear you said that. Thanks for taking my question.

Thank you, Brad.

We'll move next to Dan Ives with Wedbush Securities. Your line is open.

This is John [Indiscernible] on for Dan. Congrats on the quarter. Given the strong subscription ARR growth seen throughout the quarter and the addition of new customers, more bird's eye view on strategic initiatives that are in place to sustain or accelerate growth looking really into the remainder of the year and maybe into full year '26. Thank you.

Thank you so much for the question. As I was saying before, I always think about what am I missing and where do we go next? And if you look at, we are already coming up to a $1 billion ARR and that's a big milestone for us. But I'm thinking about $3 billion as the next major milestone and beyond. And what are the things that we need to put in place to continue to like grow the business at high speed and continue to scale and provide diversity of products in the marketplace to go $3 billion and beyond. And that has been the core focus, although we have not lost sight of the fact that many software vendors without a strategic vision are struggling in the market. If you look at their growth rate, they have diminished. So, we always think about where we are today and what's the next milestone and how do we build to that next milestone so that we continue to grow and give Rubrik the best opportunity to reach its highest potential.

Thank you.

We'll move next to Shrenik Kothari with Baird. Your line is open.

Hey. Yeah. Thanks for taking my question, and congrats on the great quarter. Hey, Bipul. So with Rubrik, being named Microsoft Healthcare and Life Science Partner of the Year and as you are set to host your first healthcare summit coming up this week, can you just elaborate, like, how is Rubrik, uniquely positioned to first address the unique healthcare challenges, and what is driving the success in the vertical and how the strong relationship with key partners like Microsoft, as the recognitions seems to suggest can be central to our go to market, in this particular vertical? Thank you.

Thank you, Shrenik. Look, what you're seeing in the marketplace today, we have been working on it for last three years. That's why we always think ahead, where the market is moving, how the market would respond and how do we build product and solutions today to go and really create an impact in the marketplace. If you look at Healthcare market segment, I call it protect the unprotected. The healthcare market segment is going through tremendous digital transformation to gain efficiencies because cost of healthcare is always high. And so, if you look at the result of that digital transformation, average healthcare organization has 3 times more sensitive content than any other organization in the economy and in the marketplace. As a result, it is a very target rich environment and attackers are going after healthcare market segment, because number 1, they still have not gained the maturity that you need to be able to deliver cyber resilience. And as a result, they are looking for solutions to keep hospitals up and running, to be able to admit patients, to be able to deliver healthcare outcomes even when they have a successful cyber-attack. In fact, one of the largest healthcare systems in the US Partnered for cyber resilience with Rubrik and doing a massive migration to Azure. So, our ability to deliver healthcare outcome across all the mission critical healthcare system, whether it's electronic health record, whether it's cloud transformation, whether it's their email systems, whether it is their active directory or other user management system or authentication system, we have a most comprehensive solution in the marketplace. And as I was saying before, we have been working on it for last many years to be able to have this position that we have a unique offering for this unique market.

Appreciate it. Thanks.

And we'll take our last question from James Fish with Piper Sandler. Your line is open.

Hey, guys. Thanks for the questions here. Circling back actually on Fatima's around Salesforce. First, how are you guys how should we think about Rubrik's exposure to Salesforce today within that expansion driver of applications? And second, you guys talked about a lot of wins in which you really consolidated down vendors. I guess what type of TCO benefits are customers seeing on consolidating down to Rubrik, and how many backup solutions are typically in these environments that you're replacing. Thanks, guys. Good quarter.

Thank you. So, if you look at our offering, we are consolidating cyber resilience for over 20 distinct apps onto Rubrik, and Salesforce is one of the 20 apps and we just announced the support for Salesforce. Obviously, when we sell Rubrik platform, we are consolidating many, many tools. So, tools around like your enterprise data protection tools around your native cloud data protection, tools around your SaaS data protection. We are consolidating on tools around your database data protection. We are consolidating tools around unstructured data security. Then we are doing data security posture management for cloud. We are doing data security posture management for data center -- and then we have cyber resilience for Active Directory or intra ID. So, we are consolidating seven or seven, eight categories of products into our platform. And our customers enjoy over 25% TCO savings when they adopt Rubrik in totality. But customers don't have to start everything on Rubrik day one. If they just adopt our cloud-native solution, we deliver the significant cloud cost savings, hard cloud cost savings. Same thing when we start with their SaaS or on-prem solutions, so we have this platform strategy. And as I was saying before, we have been working on these platforms for many, many years. This is not something that two persons in a garage can build it in a quick time. These are very deep and wide solution that has a lot of technology built into it and we have been on it for over 10 years.

Thank you, ladies and gentlemen. This does conclude the Rubrik Second Quarter Fiscal Year 2025 Results Conference Call. We appreciate your participation. And you may disconnect at any time. Have a wonderful evening.