Specialist
Executive at IT service provider and Executive at private lender
Agenda
- Customer assessment of LastPass (GoTo/LogMeIn) as a vendor and implications of the company’s December 2022 security breach
- Impact of the breach on customer perception – outlook for churn risk and LastPass’s competitive moat
- Vendor evaluation criteria, pricing dynamics and competitive positioning across 1Password, Microsoft (NASDAQ: MSFT), Okta (NASDAQ: OKTA), Cyberark (NASDAQ: CYBR) and others
- Operating environment and implications around GoTo’s intent to spin off LastPass
- Industry consolidation and demand outlook for H1 2023
Questions
1.
LastPass disclosed a security breach in December 2022, in which a threat actor stole personal customer information, including billing addresses and encrypted website login details. As a key decision-maker and enterprise customer of LastPass, did the compromise impact your perception of the vendor’s integrity or core product?
2.
If you were to rate your pre- and post-breach confidence in LastPass on a scale of 1-10, 10 being the greatest, what would those ratings be?
3.
What’s your opinion on the impact of the breach across the average enterprise customer’s perception? How much of an increase in enterprise churn would you expect to result from this?
4.
How high are switching barriers? How might this impact churn decisions and customers looking to leave LastPass? You commented that this is clearly a consideration. Could you elaborate on what these barriers look like?
5.
How costly would it be to churn and select a new vendor?
6.
Considering the pressure on individuals in your position – and leaders at the executive level of IT departments – and the potential negative reflection from choosing LastPass, how disappointed were you to see the breach? Are any difficult conversations happening with your ELT [executive leadership team] that might increase a decision to churn?
7.
What would it take for LastPass to earn back customer trust? What material change needs to occur?
8.
Could you elaborate on the theme of a half-life, specifically how long the switching process takes? What churn time frame do you expect with LastPass’s enterprise customer base? Given the breach, when might any churn materialise and what would be the necessary length of time to switch?
9.
Could you quantify the churn impact? I appreciate it is difficult to get visibility, but what would be your percentage estimate for how much increase in churn LastPass will see because of these breaches?
10.
How satisfied were you with LastPass’s response? Was there anything the customer support team should have done that wasn’t?
11.
How large is the cross-sell opportunity for enterprise customers converting employees into retail users? Do enterprise customers put an element of pressure on employees to adopt LastPass for personal use? What level of penetration into an enterprise employee base can the company get for retail usership?
12.
What adoption percentage would you expect?
13.
How often are employers requiring their employees to adopt LastPass free tier as individual users?
14.
What vendor valuation criteria are most important when selecting a password management tool? How well does LastPass deliver on each of these criteria?
15.
What is your perception of LastPass’s competitive positioning vs 1Password? What primary criteria drive a win or loss vs 1Password in an evaluation?
16.
How might the December 2022 breach tilt in favour towards 1Password in a head-to-head bake-off?
17.
When assessing LastPass’s other direct competitors, names such as Bitwarden, Dashlane, Microsoft, Okta and CyberArk crop up. Aside from 1Password, which other vendors do you consider to be LastPass’s most direct competitors? How does the company stack up against them?
18.
Looking at LastPass’s class of players – the more point solution-like toolset – does any name come to mind outside of 1Password that is very competitive with LastPass?
19.
Does single sign-on through offerings by vendors such as Microsoft add an extra layer of protection to enterprise customers of LastPass? Would that mitigate the impact of the December 2022 breach?
20.
What’s your understanding of the most sensitive information that was stolen during the December 2022 breach?
21.
Given GoTo’s long public intent to spin off LastPass, do you have any broader commentary or expectations for whether this breach may pose an additional challenge for the sale? What might that spin-off look like?
22.
LastPass reportedly faces a class action lawsuit over the recent breach, filed in the US District Court in Massachusetts. What’s the likelihood of the average retail user churning from LastPass given the breach?
23.
What’s your 1-3-year outlook for LastPass, especially given the horse-race analogy between LastPass and 1Password, and product roadmap dynamic with companies future-proofing themselves to try and stay relevant?
