James Foster: That’s right. And I will say that the public sector customer that Tim just referenced was not only a renewal, but an expansion, which was nice to see that we were able to continue to kind of expand the adoption and expand the value that the government is getting to that program. And then on that large gaming contract, it was also nice to see that we extend that protection from kind of a regulated one-year requirement to a two-year contract with that organization. So we are seeing our customers kind of adopt more of the platform and feel more comfortable where they’re also doing larger TCV-based contracts in addition to ACV — large ACV-based contracts.
Brad Reback: That’s great. And Foster, maybe switching our focus to subscription revenue. How should we think about the long-term sustainable organic growth rate for that line?
James Foster: Yeah. Look, I think we’re — right now, if you look at the lines, we’re in the 20s, Brad. We see an opportunity to improve that in the coming quarters. For fiscal ’25, right, we think that there’s going to be an opportunity to grow from the mid to the kind of upper 20s just based on what we’ve got right now. The key is balancing profitability, right? We need to be cognizant and recognize the market and where we think we will get recognized and rewarded on that ounce (ph) of profitability. As I was telling Joe, just a second ago, I think we’ve done a really nice job in the last two quarters putting up consecutive back-to-back free cash flow quarters where we grew it almost double quarter-over-quarter here in Q3.
But we’re not done yet and I think the market will expect us to continue to grow that profitability line on a quarterly basis. And once I think we’ve reached the right level of profitability, we’ll continue to make sure we optimize our growth as well and get efficient growth. So I think we would start with probably low 20s next year and try to outperform.
Brad Reback: Perfect. Thanks very much.
James Foster: Thanks, Brad.
Operator: Thank you. And our next question comes from Yi Fu Lee with Cantor Fitzgerald. Your line is open.
Yi Fu Lee: Hi. Good morning, Foster and Tim. Congrats on another strongly executed quarter on revenue momentum and free cash flow generation. I guess two questions for Foster and one for Tim. So thanks for publishing the external cyber threat report, especially the ones on the Middle East conflict. I was wondering, has the elevated threat environment helping the pipeline building generation as well as deal expansion activities? And is there any pushback from customers in terms of like, let’s say, budget concerns because we’re still in a challenging macro environment?
James Foster: I heard a couple of things there, Yi, and good morning as well. Look, I was talking to somebody yesterday. Just maybe something comes to mind and I think it’s relatively relevant. The number of attacks and the number of successful data breaches that are out there continues to rise, right? LockBit 3.0 has been the most successful threat actor and kind of affiliate group we’ve seen in this space in 20-plus years. And there’s changes that’s happening out of the macro. And one of the things we were talking about that was the reported yesterday, was that the number of financial services companies targeted by LockBit and its affiliates in 2023 on a pro rata basis is up 50%. And so there are some tactics and techniques that are changing.
I think the threat actor groups are changing and their targets are changing. And this, combined with like another really interesting thing that we continue to monitor on our side, given the amount of large breach response work we do. We see customers, in general, about 60% of the time still paying ransomware, right? And so there’s this imbalance in the market that’s happening right now on what exactly to do. When you’ve got the U.S. federal government and the FBI saying, don’t pay ransomware, yet the majority of customers that we engage or know of still paying it and still getting hit, I think it becomes a real challenge. And probably the most concerning stuff that we’ve been monitoring inside from our intel team is organizations that have been hit with ransomware once and pay, get hit 80% of the time within three years again.
And so there’s a causation or correlation line on, are you getting hit again because you paid or are you getting hit again because you still haven’t covered the basics? And as we’ve said here, like the basics require three fundamental pieces of your tech stack now to protect yourself. You’ve got to have something on the inside, on the endpoint. You’ve got to have something that separates the inside from the outside and you’ve got to have something on the outside protecting your external attack surface. And we see a lot of our customers that have adopted that kind of modern security Triple Crown, but there’s still a lot of customers out there working on the basics and still trying to drop — adopt those three things.
Yi Fu Lee: Thanks for the color on that Foster, it sounds like that’s the Asian bank for the U.S. treasury situation. And then like moving on, right, there’s a recent attack on a, let’s say, cloud-native identity player on their customer support system that happened this quarter. Within their public disclosure, right, they mentioned that because client lists are compromised, right, that they may be susceptible to elevated phishing attacks going forward, right? I’m thinking about the services offered by ZeroFox, external cyber protection as well as speech (ph) response, right? Do you think there could be additional opportunity in addition to this? Because I think you mentioned there is a gaming company that you helped in addition.
