Five takeaways from the report that Darktrace customers and partners should be aware of from the QCM report.

On Feb 6, Quintessential Capital Management (QCM) published a report and warned investors about multiple questionable business practices used by UK cybersecurity vendor DarkTrace. Upon release of the report, QCM took a short position of 1.3% in Darktrace shares. London-based hedge fund Marshall Wace also shorted Darktrace shortly after the report was released. QCM is an “activist investment firm” whose stated aim is “exposing fraud and criminal conduct in public companies around the world,” They claim a 100% success rate in their anti-fraud campaigns.

The commentary below focuses on five critical areas in the report that should concern existing Darktrace customers and partners. The overriding question raised by several Darktrace users is how do we quickly and efficiently shift to an alternative technology?

System changes impact an organization well beyond signing contracts and completing financial outlays. Because of this, organizations are often reluctant to change vendors, even in times of great uncertainty.


Because CyGlass is a 100% cloud-native platform, we’ve removed the complexities of deploying legacy appliance-based solutions (like Darktrace). Partners and customers who switch from Darktrace to CyGlass no longer need to worry about appliances and network collectors. The CyGlass platform can be rolled out in hours and a few days in the case of complex deployments with multiple locations.

In terms of capabilities, CyGlass delivers award-winning AI-based threat detection and response across network and cloud threat surfaces, just like Darktrace, while operating at a significantly lower TCO.

The QCM report contains multiple accusations of improper accounting and even outright fraud, and at the moment, these remain unproven accusations. If indicted and found guilty, there will be much greater consequences. Still, beyond these claims, the 70-page report includes some critical information that should raise the eyebrows of customers and partners. Here are five important takeaways for Darktrace customers and partners:


1. Unsustainable R&D spending

As a partner or customer of Darktrace, there has always been a comfort in their advanced AI computing capabilities, the cornerstone of their offering. QCM uncovered that their R&D spending is consistently less than 10% of sales over the past five years. Analyst reports place R&D spending for a mature software company at around 20%(1), which aligns with the 18%(2) that Symantec Corp (now part of Broadcom) spends in R&D and the 19% that Crowdstrike spent in 2022(3). Growing cybersecurity companies, like CyGlass, are usually private firms. Still, across the six cybersecurity startups I have been a part of, that number runs around 40% during the company’s first ten years.

QCM’s comment: “DT.’s allocation seems grossly deficient and unsustainable. DT claims its AI and model allow the company to function on a structurally lower R&D cost base. We are unconvinced because DT is not the only cybersecurity player using AI.”



2. Overspending in sales and marketing

While Darktrace greatly underspends in R&D, it significantly overspends in sales and marketing. As clearly shown in the chart below, Darktrace’s SG&A is a colossal spend as a portion of their revenue. Marketing expenses are included, and SG&A costs and QCM’s research allocates “a vast majority of SG&A spend is marketing.” This excessive spending, exceeding 100% of sales until 2019, is the basis for much of QCM’s fraud complaints.

For partners and customers, the spend also represents some aggressive and unappealing sales practices of which we are aware of, including:

  • Take deals and renewals directly, undermining partners.
  • Strong-arming customers into longer-term deals with uncertain terms.
  • Over hyping the product’s actual capabilities with complex messaging like their new “CyberAI” life cycle.
  • Excessive spending in marketing and sales in terms of events and people at the expense of continuing to build out robust technology. You have to love the new Darktrace name on the McLaren F1 car fin.

As QCM states, “Even if all these expenses were legitimate, we question the sustainability of a business that needs to redeploy all of its revenue in marketing expenses to sustain growth.”



SG&A as % Sales


3. Hardware centric model

QCM also focuses its fraud allegations against Darktrace as it relates d to the hardware that Darktrace must use to deploy its product. Issues relating to the hardware sold or rented, or in some cases reported as one, while it is another. Indeed, a large portion of a Darktrace deal is hardware.

What should be interesting to partners and customers is that Darktrace still relies on hardware as the rest of the market shifts to the cloud (and this gives credence to QCM’s allegations.) Modern threat detection and response solutions that utilize AI operate much more efficiently and effectively when AI computing occurs in the cloud, and here are some great reasons why:

  • Cloud computing can scale to the required computing power to crunch the data instantly, whereas if you overload a piece of hardware, you have to use a more capable piece of hardware that costs more money.
  • Cloud-native systems deploy from anywhere at any time. Hardware-based systems require the box to be shipped, unpacked, moved to a data center, placed in the rack, connected, and then activated and configured. One of our customers looked at Darktrace to deploy across 8 locations, with hardware being deployed at all 8. Darktrace was 60% more expensive than our cloud-native deployment, and it would take over a month for all the hardware to arrive.
  • Data correlation is greatly simplified with a cloud-native deployment because all the collected data moves to a single data lake for enrichment, correlation, and processing. Darktrace collects data into multiple pieces of hardware at numerous locations limiting correlation and threat detection capabilities.


4. Growing complaints

OCM interviewed multiple Darktrace customers to create their report, and while a few individuals had a reasonable opinion of their products, the majority were skeptical and shared the following complaints(4):

  • System’s failure to detect attacks (both in testing and real ones)
  • A high number of false positives even after the initial “learning period.”
  • Fancy user interface perceived as “smoke & mirrors.”

CyGlass has replaced Darktrace at multiple accounts in the last

six months and the complaints we often hear are that the ongoing costs to operate the product are too high, and other than a really “cool” dashboard, the product is quite challenging to use.

These product complaints and the new customers, including MSSPs that moved from Darktrace to CyGlass, back up another OCM finding; that the churn rate at Darktrace is closer to 30% and not the 7% they report.


5. Distraction from customer success and service

First, it was co-founder and current significant stockholder Mike Lynch being indicted on fraud charges in the US. Then US private equity firm Thoma Bravo walked away from a takeover deal. Now it is  QCM’s report warning investors about the validity of Darktrace’s financials. Darktrace stock is falling, and the lawsuits and investigations from the QCM report have not even started. The simple truth is that Darktrace will now have to spend even more money and resources defending themselves. They will not be focused on the success of their customers and partners in the coming years.

Whether or not you buy into QCM’s unproven fraud and irregularities accusations, there is no doubt that Darktrace finds itself in a difficult position. As a current Darktrace customer or partner, it makes business sense to review your relationship with them and look at more alternative solutions.


CyGlass, a superior alternative to Darktrace for medium and small enterprises and organizations.

If your company has 150 to 20,000 employees (my definition of the small and medium-sized market) and is currently operating or looking to deploy Darktrace, you should compare it to CyGlass. CyGlass is a 100% cloud-native solution with award-winning AI delivering advanced threat detection and response across networks, cloud environments (Azure, AWS), cloud applications (including M365), and Active Directory. On average, CyGlass costs half of what Darktrace costs, deploys in ¼ of the time, and can be operated by existing headcount. The CyGlass platform is simple to deploy, simple to operate, and highly effective at detecting and stopping ransomware attacks, supply chain attacks, and data theft attacks, to name just a few.

Learning more about how customers have moved off Darktrace to CyGlass and hear testimonials from customers who have seamlessly migrated off Darktrace.

Don’t hesitate to contact us if your organization is concerned about these latest Darktrace revelations and how they will impact your cyber defenses. CyGlass has a simple, painless migration path that will fully migrate your organization in days with minimal disruption.


Read more about CyGlass

Read our migration from Darktrace Case Study here.

Read the entire report from QCM here.

Read the QCM eBook version of the full article here.