AvePoint at Piper Sandler Conference: Cyber Resilience and Growth Goals

On Thursday, 11 September 2025, AvePoint (NASDAQ:AVPT) presented at the Piper Sandler 4th Annual Growth Frontiers Conference. The discussion highlighted AvePoint’s strategic focus on cyber resilience, AI integration, and ambitious growth targets. The company aims to leverage its strong financial position and market opportunities to achieve significant expansion, while also addressing challenges in data governance and AI project ROI.

Key Takeaways

• AvePoint targets $1 billion in annual recurring revenue (ARR) by 2029, with a compound annual growth rate (CAGR) in the mid-20s.
• The company launched the Risk Posture and Command Center in Q2 to enhance risk management and regulatory compliance.
• AvePoint is investing in channel partnerships and digital strategies to boost market reach and brand awareness.
• The company holds $430 million on its balance sheet, with no debt, supporting strategic R&D and M&A investments.
• Cybersecurity and AI-driven solutions are central to AvePoint’s growth strategy, especially within the Microsoft ecosystem.

Financial Results

• AvePoint aims for a $1 billion ARR by 2029, driven by a mid-20s CAGR.
• Current ARR growth is 112%, with a target to increase to 115% and beyond.
• The company has invested $60 million in primary capital and maintains a debt-free balance sheet with $430 million in cash reserves.
• Less than 10% of AvePoint’s business is in other clouds, such as Google, AWS, and Salesforce.

Operational Updates

• The Risk Posture and Command Center, launched in Q2, provides a unified view of risk and policy alignment.
• AvePoint’s platform now supports multi-cloud environments, including Google Workspace, AWS, and Salesforce.
• The company focuses on channel partnerships to accelerate market entry, especially in EMEA, where 80% of sales are channel-sourced.
• AvePoint targets the SMB segment with SaaS models, contributing nearly 20% of recurring revenue.

Future Outlook

• AvePoint plans to reach $1 billion ARR by 2029 through organic growth and acquisitions.
• The company aims to increase market penetration within the Microsoft ecosystem, with a focus on regulated industries.
• Expansion into multi-cloud environments will support evolving customer needs.
• Investments in R&D will enhance AI capabilities and proactive remediation.
• AvePoint is exploring new growth opportunities in Japan, with significant potential in India, Indonesia, Malaysia, and the Philippines.

Q&A Highlights

• The demand for cyber resilience remains strong, especially with the complexities introduced by AI.
• Cybersecurity is a top priority in tech discussions at the executive level.
• Effective AI implementation relies heavily on high-quality data.
• Scaling policy deployment is crucial for organizations of all sizes.

For a detailed understanding, readers are encouraged to refer to the full transcript below.

Full transcript - Piper Sandler 4th Annual Growth Frontiers Conference:

Jim Fish, Analyst, Piper Sandler Research: Good morning, everybody. Thanks for joining us. Jim Fish here with Piper Sandler Research. We have AvePoint with us today. Appreciate you guys joining us.

TJ, Executive, AvePoint: Yeah, thank you.

Jim Fish, Analyst, Piper Sandler Research: You guys have had quite the year or two here. A lot of demand drivers going on. You know, TJ, I feel like we’ve started talking about cyber resilience even more so, post-Delta and the outage there.

TJ, Executive, AvePoint: Yep.

Jim Fish, Analyst, Piper Sandler Research: From the work that we’ve done, it seems like that’s maintained its momentum, actually, which is surprising, you know, a year plus later. Why is that demand driver around resilience remaining resilient?

TJ, Executive, AvePoint: I was actually just with a Deputy CISO of Microsoft last week, and you probably heard they had an incident last month of all the on-prem environments. With the advent of AI, this cat-and-mouse game between attackers and defenders is even more complex and evolved. That will not go away. I was also with a Program Manager at DARPA who manages a $350 million program around cybersecurity. He was actually saying mathematically, you cannot prove any of the digital systems fully secure. It’s just the nature of digital systems. I think this is the new paradigm we have to live with for the foreseeable future, as long as there’s adversaries at the national level, as long as there’s criminal syndicates. There are about 150 ransomware syndicates around the world. Of course, all the kiddie script people that are now using AI to do vibe coding and attack people.

Also, the most sought-after assets in cyber attacks are emails and documents, because these are basically really articulating what companies are doing from a business perspective, from a financial perspective. Yeah, it will not go away.

Jim Fish, Analyst, Piper Sandler Research: Gotcha, gotcha. One other thing that we’ve noticed in the space is, I’ll say, a change on two flavors. Vendor consolidation itself, meaning your competitors, you know, Cohesity, Veritas, for example, as well as consolidation by customers to a degree. How is that, how are each flavor kind of impacting you in terms of what you’re seeing for your overall business?

TJ, Executive, AvePoint: That’s a great question. Overall, first of all, we don’t just do backup and ransomware detection recovery. We view it because we come from an enterprise content management space. We view the birth and retirement of digital assets as a continuum. Obviously, you start with backup, recovery, ransomware detection, recovery. Then you talk about data archiving, data retirement, tier storage management. Then you talk about record management, and then governance, lifecycle management, access control, who has access to what, when, how, where. That’s our Confidence Platform. We handle all of those end-to-end. This is why we matter in the industry. If today, if you’re a customer who views your office cloud, productivity cloud, as mission critical, you choose us because we’ve been doing it the longest. We have the track record. We have all the security capabilities, cloud ops, cloud security, to defend against bad actors for our customers.

Now, specific to your commentary, some of the traditional backup vendors are expanding into the security space. The Rubriks of the world, the Cohesity of the world, after they bought Veritas. We see some of them in different segments, right? Different players in different segments. In the large enterprise, which you define as 5,000 and above, we will see folks like Cohesity and sometimes Rubrik because Rubrik came from the AWS space. We’re in the Microsoft space predominantly. Of course, now we also expand into Google, Salesforce, and AWS. In the SMB segment, we will see folks like Veeam because Veeam’s 80% of their revenue comes from less than 100 employee companies. In the governance side, which is data access control, lifecycle management, which is critically important for AI, by the way, AI deployment, enterprise side, we see different players, right? Sometimes we see Varonis, SMB, smaller players.

We also do data integration, data analytics, data migration, data movement control. There we will see some legacy players like a Quest Software or Informatica in the enterprise segment, SMB, different players. Holistically, we don’t have a singular competitor. From a vendor consolidation, from a platform consolidation, because now with obviously cybersecurity top of mind for everyone, AI and cybersecurity are the top topics when it comes to tech in boardrooms. We play well. That’s our wheelhouse. That’s how we matter as the vendor consolidation, as security becomes top of mind, as AI becomes top of mind because now, you know, data curation, data quality, it’s critically important to have good AI deployment. This is why we matter.

Jim Fish, Analyst, Piper Sandler Research: Maybe I’ll go right to the AI piece then because you brought it up here. Why is it that you really need AvePoint for this kind of AI aspect that you just alluded to?

TJ, Executive, AvePoint: That’s a great question. AI is only as good as the data you feed it. There’s no magic there, right? If you take any large language models, it’s basically a summary intern. It doesn’t really understand your business, your vertical, your specific task and roles. To get it to understand what our industry is called refinement training, you have to train with your corporate data. It doesn’t end there, right? There has been an MIT report that came out that talked about 95% of AI projects are getting zero ROI. One can argue whether their sample size is big enough or not, but what they highlight is that when people get frustrated with AI, if it keeps on making the same mistake over and over again, why does it make the same mistake over and over again? If you just take a plain vanilla AI deployment, it won’t learn.

You have to constantly train. It has to be a very intentional, customized effort for AI deployment to be successful, to be useful for the business, right? Part of that, a big part of that, is actually the quality of the stuff that you feed it. You have to feed it with relevant data, not redundant, out-of-date, trivial data. AI output, if it’s good, goes back into the input, right? You want more of the good stuff. It’s a continuous process. We used to really focus on regulated industry. In regulated industry, this data hygiene has always been baked into their governance and compliance practices. This is why, actually, in regulated industry, you see a better success rate in deploying AI today. Now, all of a sudden, all industries care about this stuff. This is why we start to matter a lot.

The big four auditing firms, some of the biggest banks on Wall Street, use us before they deploy Teams Copilot, for example, which is Microsoft AI for Teams, to prevent Teams Copilot from recommending things to you that you should not have access to. What’s happening today is people are now using GenAI as an alternative search tool, right? Before, you were secured by security. You can’t find this stuff anyway. Now, AI is actively recommending things to you because it thinks that you should have access to it. We all know enterprise permission management, enterprise data estate management, it’s messy. It’s historically been very, very messy. That’s the space we’re in. We have an end-user delegated governance framework. We can shut down access. We can shut down data content and retire them based on policies.

We also, because we have 25,000 customers around the world, can even recommend based on, hey, your industry, this is best practice. If you’re in healthcare, you have HIPAA that you’ve got to worry about. If you’re in financial services, you know, you have other things. Government, you have other things. We can actually now proactively recommend based on your industry, based on your industry peers, what kind of governance framework you should proactively deploy.

Jim Fish, Analyst, Piper Sandler Research: Gotcha. You framed a lot of competitors across each of the parts that you’re competing in. How do you differentiate within each of those parts? On, let’s face it, the backup side of things, you guys actually have the governance and the sort of controls behind the scenes. Walk us through the differentiation versus some of those players in some of those categories.

TJ, Executive, AvePoint: Maybe, yeah, I’ll add, TJ mentioned the first thing we do is, we take a holistic view. If you have unstructured data, which is 80% of what companies are generating today, think of your emails, chats, transcriptions, all that. We first say, do you have a data protection strategy that allows you to recover if you have an attack on the data or if the data’s been compromised? The next thing we do is we offer you the ability to set up the policies where that data may be overexposed or if that data is being consumed by third parties. The policies really help you identify the level of sensitivity with the match of identity, who’s accessing the data and what. The next thing we do is we follow which application you’re actually using the data in. Remember, our product is designed to offer protection on productivity services.

If you think of Microsoft 365, Google Workspace, these are productivity systems. As you’re working across your documents or your files, you’re going in and out of different apps. Our differentiation has been the interoperability to be able to deliver that policy mechanism across all of the different stages of that data as it is being consumed by the productivity service or the end user. Most organizations, as TJ mentioned, the reason the competitive landscape is so fragmented is because they usually will solve one area of that problem stack. From the beginning, when we were working with many organizations, we felt it’s better to create a horizontal layer of security across all of the data that’s being consumed by the apps. Over the years, we’ve been building more and more capability.

In our AvePoint Confidence Platform, we have products in the control side, which are all meant to enable control over how do you access the environment, how do you get to the data, who’s the identity, and where in the organization is it being used. On the resilience side of the platform, we offer all of the data protection, the cleaning of data, right? TJ mentioned before, if you have redundant obsolete data, that could also damage the AI model. We help you clean that up. Look, there’s data that’s been sitting here that you haven’t used or that your workforce is not even consuming. Why are you having that data in a highly available? Why don’t we move it to a third-tier storage or archive? All of those decisions are made by the software.

We continue to differentiate by also allowing you to remediate through the platform so that you’re more proactive. A lot of the CISOs that we work with really like that approach because as we see all the signals, we can connect the signals and say, look, there’s a breach here or there’s unusual activity in this area. We probably want to change your policy. Here’s the policy that best fits the environment. That remediation keeps the organization in a proactive stance, hopefully preventing a cyber attack or giving the organization a better readiness so that they don’t lose their data.

Jim Fish, Analyst, Piper Sandler Research: Yeah, on that resiliency side of things, obviously, there was a bunch of regulation in the last year or two between DORA or the Australian version. How has that impacted your business? What are you guys seeing in terms of implementations, especially in that EMEA region?

TJ, Executive, AvePoint: Yeah, we were just talking about this. I think, you know, many organizations, you know, you have DORA, you also have the EU Act that just rolled out in the EMEA region. The first part was operationalizing this is important for the organization. The top-of-mind thing now is how do we prove it? How do we actually prove that we’re doing all these things? The resilience means continuity of information, availability. We want to make sure we have an audit trail that we show the data lineage. We do that in the platform. The governance means are the guardrails in place? Do we have the right controls? We have a rich catalog that also aligns with regulatory requirements. You know, TJ mentioned before HIPAA, but think of FINRA or other regulatory requirements in regulated industries. We give you that.

It’s easy for a CISO to say, here’s proof that we’re actually implementing the DORA regulation or the EU Act regulation. That’s super critical now, especially if you’re turning on AI models, because believe it or not, even at the board level, there’s going to be accountability. Did you guys have in place the right framework to track and audit all of the ways in which that AI agent was consuming data and so on? I think as regulation starts to come in, our goal from the start is to make sure we give you the proof points and we show it in a way in which the automation is clearly leaving that audit trail for you. We actually had an example. It was United Technology before they got acquired by Northam.

They were able to save tens of millions in fines by actually implementing our solution for ITAR regulation, which is a weapons control kind of regulation that they have to go through. Companies and enterprises have to demonstrate that they have the ability to do this for their data, you know, governance and security and governance. That’s also why they also come to us.

Jim Fish, Analyst, Piper Sandler Research: Gotcha. Jamie’s going to kill me if I get this number wrong. I think it’s 90% of your environment, essentially, is tied to Microsoft, roughly, give or take. How should we think about what’s left in terms of white space penetration within your install base at this point of that Microsoft ecosystem? What surprised you the most, either from the positive or what you guys would like to see in that ecosystem?

TJ, Executive, AvePoint: That’s a great question. We started in the regulated industry, right? Because again, that’s where this whole data governance, compliance, security thing is the most relevant. We’ve been around for 20 years. Today, we estimate that we have at least 20% of the Microsoft productivity cloud when it comes to the regulated industry. The beauty is that outside the regulated industry, now everybody cares about data governance and data curation, data estate management due to AI. Even in the regulated industry, we have much headroom to grow. Outside of the regulated industry, of course, is the net green field. We also look at by segments. We have enterprise, mid-market, and SMB. Historically, we also focus on not only just regulated industry, but large enterprise, 5,000 and above employee-sized companies. Thanks to SaaS deployment models, thanks to cloud security, cloud ops, we’re a lot more accessible to smaller to medium businesses.

Literally in the last four years, we went from almost nothing to now just under 20% of our recurring small businesses, less than 500 employees. That’s growing very, very fast. For Microsoft, to give you context, it’s 40% of the revenue comes from that segment.

Jim Fish, Analyst, Piper Sandler Research: Yep.

TJ, Executive, AvePoint: We have segment headroom to grow. We have industry headroom to grow. We also have multi-geo, like you mentioned EMEA. EMEA is one of our fastest growing segments when it comes to SaaS growth because we are just 80% channel source. This channel flywheel is operating super well in EMEA. We’re now bringing that in the process of doing the 100% channel model in our mid-market in North America to replicate that success. North America, we’re very, very good at enterprise. We’re also bringing that to EMEA. In Japan, we’re very focused on enterprise. That’s also because Microsoft’s success in the cloud started with enterprise. Only recently, thanks to AI, more small to medium-sized businesses in Japan are going to Microsoft Cloud. Now we have a small and medium business segment, then new greenfield growth in Japan. In Australia, like EMEA, and then APAC, we’re headquartered in Singapore.

Jim Fish, Analyst, Piper Sandler Research: Right.

TJ, Executive, AvePoint: Historically, we’ve done 90% of business with the government of Singapore and generating IP. Now, thanks to channel, thanks to SaaS, we’re growing hockey sticks now in India, in Indonesia, in Malaysia, in the Philippines. It’s exciting, right? We have truly many areas of growth. If we can fire on all cylinders of cross-segment, cross-geo, cross-industry, this is why we give that $1 billion ARR mark of 25% CAGR. If we fire on all cylinders, we should be able to do that faster.

Jim Fish, Analyst, Piper Sandler Research: Got it. Within that Microsoft ecosystem, you know, everybody in the space wants to talk about Microsoft 365 and the opportunity it provides. I guess where are we at with the penetration of that? It seems as though from an industry, we’re talking hundreds of millions of users, yet you kind of stack up the number of, I’ll say, endpoints under governance and we’re scratching the surface. Where does that, how do you guys feel about that Microsoft 365 opportunity? What prevents it from getting to 50% penetrated as an industry?

TJ, Executive, AvePoint: Yeah, like we said, we actually think, you know, we’re only just 20% now in the regulated industry. There’s 80% headroom to grow. Of course, the rest of the industry, we’re just scratching the surface. For the first time, people just correlate questions like, what took you guys so long, right? We’ve been around 20 years. I think we’ve just been too fiscally conservative in the past. We built this business with just $60 million primary capital, no debt, right?

Jim Fish, Analyst, Piper Sandler Research: Right.

TJ, Executive, AvePoint: When we went public in 2021 at $2 billion market cap, now that we’re very well capitalized, we have about $430 million on balance sheet, no debt, and we’re growing double-digit growth, double-digit profitability. We think we should do faster. We also invested in channel. Channel allows the flywheel to happen because, as you know, we’re not a small organization, but nor are we so big that we can be in every conversation. We need the channel to accelerate the go-to-market. You’re right, even within the Microsoft ecosystem, we’re underpenetrated. Now we’re also expanding to multi-cloud. Less than 10% of our business is in other clouds: Google, AWS, Salesforce. We’re investing there because customers today are multi-cloud.

For us to even just continue to work our way to increase our ARR from today’s 112% to 115% and beyond, we are now expanding with the existing customers’ multi-cloud support, but also leverage that to go after new customers in those new markets.

Jim Fish, Analyst, Piper Sandler Research: What technically did you have to do maybe differently to have AvePoint ready to be able to handle, you know, Google, for example? I think you guys have talked about it, especially the Microsoft ecosystem.

TJ, Executive, AvePoint: The short answer is the platform that we had been designing for years, we started supporting other sources when we were doing the data protection side. We already had connectors into Google, AWS. We saw an interest from many organizations that started to consider maybe Google Workspace or other technologies as part of our digital environment. The API framework we already had in the platform was ready for us to start to connect. We decided last year, let’s move the platform into GCP, the Google Cloud. We launched it in April. Now you have all the products that give you the protection on the unstructured data set ready and available. Our goal is to also start delivering that for additional areas where in the digital environment, you may still want to use an identity provider like Entra ID or Okta. We’re going to start supporting those as well.

The decision to also offer data protection to the Salesforce community was, again, customers saying to us, we want one comprehensive set of policies that comes from one single pane of glass. We also have a pocket here of a Salesforce instance. Can you protect that? We have now the connector framework for that. The platform and the fact that we’re a cloud-first company, we have the agility to actually, within months, add other connectors and other sources. Presently, we’re committed, as TJ mentioned, to offer more multi-cloud because more and more today, customers, especially with AI, are deciding that they want their digital environment to be supported by different suppliers. That supply chain is made up of your cloud service providers, your cloud infrastructure providers. We believe we could really be that mission-critical system for that data security layer.

Jim Fish, Analyst, Piper Sandler Research: Yeah, so speaking of data security, I think in Q2, you guys launched the Risk Posture and Command Center.

TJ, Executive, AvePoint: Right.

Jim Fish, Analyst, Piper Sandler Research: Talk about what that brings to the table here, and what’s the early feedback been?

TJ, Executive, AvePoint: Yeah, so the feedback’s been great. The Command Center was an opportunity for us to offer a view into when you’re getting ready to deploy an AI agent. You know, is that AI agent going to surface data that, you know, hasn’t been properly classified, tagged, or are users that shouldn’t have access going to be exposed to information? That was top of mind for, you know, C-suite executives. That Command Center does that. It also gives you a risk score, which is a really nice way for you to say, do all my policies match the regulatory requirements that I have for my business? If they don’t, what should I do about it? Immediately, we start to offer recommendations. It allows the organization very quickly to be able to start making the changes.

Now, remember, we’re doing this because we see all the signals of the environment, and we can do it holistically. For an organization that’s either 500 employees or 10,000 employees, being able to deploy these policies at scale matters. That was the first step. Reaction has been great. The next step there is we’re doing a lot of remediation with AI capabilities where we have an AI model that will say, we know the signals, we know your policy, we know your business regulatory requirements. We’re going to actually tell you when your policy should change ahead of time. Having that proactive, you know, point of view in the Command Center, hence the name, really allows the organization to say, you know, through AvePoint, we really want to monitor and watch what’s happening.

CISOs are really keen on these dashboards, as well as, you know, folks over on the CIO office that really care about maintaining the integrity of the environment. That’s also the opportunity for us to show you that there’s a more intuitive way to experience the platform. It’s given us our ability to do more cross-sell-ups across all the other capabilities.

Jim Fish, Analyst, Piper Sandler Research: Yeah, so maybe just the last few minutes here, TJ, you mentioned the billion-dollar goal by 2029, I think it is. The mid-20s kind of CAGR. What gets you there? What’s kind of the equation look like between, you know, expansion with the base, whether it’s cross-sell or upsell, or what you got to land in terms of new business to get to a billion?

TJ, Executive, AvePoint: Yeah, we’ve been talking about this internally as GO and galvanizing GO for the organization for a year now. We actually do a bottoms-up approach to make sure that all the things I talk about, the growth opportunities in EMEA, in APAC, in Americas, through channel, through multi-cloud, through SMB. When you add up all the building blocks from a bottom-up approach, we think that this is what gives us confidence as a public company to give a statement and be able to hit that statement. All of this is organic, by the way. Since we’ve gone public, we’ve done six small tuck-in acquisitions. Now we have a very strong balance sheet. We can actually accelerate that by doing some bigger acquisitions to accelerate go-to-market, to accelerate even faster growth rates in some of these markets that I talk about.

This is what gives us confidence to make sure that as we continue to grow our space, we’re clearly in a very, very hot space, right? AI and security. We can get to that $1 billion ARR number quickly.

Jim Fish, Analyst, Piper Sandler Research: Maybe last one then. How, what kind of go-to-market investments are you making, whether it’s direct or with the channel, to drive that increased brand awareness?

TJ, Executive, AvePoint: Yeah, it’s a number of campaigns that are designed to leverage more of our digital reach. We’re probably showing up in more of the social platforms. We’re bringing the brand out to a lot of account-based marketing experiences. I mean, as TJ mentioned before, part of our recognition was we need to get more of our message out. I think our story is so strong. Certainly, in front of customers, we win often when they understand the full story. Telling the full story in a way in which our brand is actually reflective of that, I think outside even Microsoft ecosystem to the bigger story, will be very helpful to getting us there. Also, channel. We realize the channel is a huge part of our growth strategy. It also allows us to increase sales and marketing efficiency. We have a new point system, the channel program that released out.

It’s very well received. We’ll continue to recruit more MFD partners. We’ll continue to increase the amount of business we drive through this channel.

Jim Fish, Analyst, Piper Sandler Research: Gotcha. Gotcha. I think that’s a good spot to end it. Thank you very much for joining us. Great story.

TJ, Executive, AvePoint: Thank you. Have a good chance, TJ.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.