Head for the Exits, Security Firms: Rapid7 Files for IPO

Tech IPOs have not been very fashionable as of late. But cybersecurity has. Now a Boston tech company is putting those elements together—and foreshadowing a number of other exits in the sector.

Rapid7 has filed paperwork to go public on the Nasdaq. It lists its maximum aggregate offering price as $80 million, but that’s mostly a placeholder for now. The IT security company would trade under the symbol “RPD.” Its lead underwriters are Morgan Stanley and Barclays.

The company was founded in 2000, originally named after a commuter train that its founders—Alan Matthews, Tas Giakouminakis, and Chad Loder—regularly rode in New York. Rapid7 has raised some $90 million in venture capital to date, the most recent money being a $30 million round last December. The company had 554 employees as of March 31.

Cybersecurity has evolved a lot in recent years, and so has Rapid7’s product. The company makes software that helps organizations find security flaws in their IT infrastructure, check whether they’ve been fixed, and detect and respond to attacks. The firm also offers strategic services to help big enterprises manage security programs.

Rapid7 has had increasing sales over the past few years, but it isn’t close to profitable. Its annual revenues have grown from about $46 million in 2012 to $60 million in 2013, to almost $77 million last year. Its net losses have also grown: $12.4 million, $18.9 million, and $32.6 million over the same three years, as the company has increased its spending on sales and marketing. For the first quarter of 2015, Rapid7 made $23.6 million in revenue and had a net loss of $7.7 million.

The top stakeholders in the company are Technology Crossover Ventures, Bain Capital Ventures, former director John Devine, co-founder and chairman Alan Matthews, former CEO Michael Tuchen, and current CEO Corey Thomas.

If the deal goes through, Rapid7 could be the first IPO of the year in the Boston-area tech scene. Cybersecurity would be a likely sector to do it in. Healthcare security firm Imprivata and enterprise security company CyberArk both went public last year. A couple of other local veterans, Bit9 and Veracode, are also getting close to exiting, whether by acquisition or IPO. Others to watch in the sector include Mimecast and LogRhythm. (In recent years, New England security firms including Q1 Labs, Trusteer, and NitroSecurity have been bought by tech giants.)

By comparison, at least five local biotech companies already have gone public this year (Blueprint Medicines, Inotek Pharmaceuticals, Flex Pharma, Collegium Pharmaceutical, and CoLucid Pharmaceuticals), with at least that many additional firms having filed paperwork for IPOs (Seres Therapeutics, Catabasis Pharmaceuticals, RainDance Technologies, PureTech, and Gelesis).

Gregory T. Huang is Xconomy's Editor in chief. E-mail him at gthuang [at] xconomy.com. Follow @gthuang

Trending on Xconomy