SaaS Benchmarks – Security and Performance Costs Drive Up Cost of Revenue

April 8, 2014

Security and performance investments, among other items, are driving up Cost of Revenue for SaaS growth companies.

The ultimate goal of a subscription business model is to reduce the cost per subscriber and increase profitability. That does not mean, however, that cost ratios follow a smooth downward trend as revenues grow. 10 years after went public in 2004, we are seeing that SaaS COGs may trend upward, and hit several plateaus along the way. Security and performance investments are two major drivers of the increasing costs experienced by most of the leading SaaS companies today.

In the early days of Cloud computing, SaaS vendors worked hard to convince customers, particularly enterprise customers, that their confidential data was safe in a Cloud-hosted system. That argument has become easier over time as SaaS and subscription services have become more accepted. Cloud providers typically have better security than most companies can afford individually since the Cloud provider can spread the cost of security infrastructure and measures across all customers. SaaS applications are built on an infrastructure that provides the security, performance, and reliability normally found in only the most sophisticated IT departments.

However, maintaining the highest security levels is a continually evolving investment, both because the threat keeps changing, and because the technologies and industry standards keep evolving. Of course, fallout from NSA snooping hasn’t made it easier for US companies either. In addition, as the SaaS model has become more accepted worldwide, and SaaS vendors grow revenues overseas, supporting far flung customers requires greater investments in infrastructure to deliver high levels of performance. Further, many successful SaaS companies move their customer base upstream, from small to mid-sized customers and departmental use, to larger customers and global enterprises, with much higher performance demands.

Security investments fall into a number of areas: physical security of the servers, network security, application security, internal systems security and operating systems security, as well as following the most up to date third party certifications. Investments to improve and expand performance similarly fall into a number of areas; chief among them are often database and data center expansions and improvements.

Take a look at Salesforce, since their IPO in 2004. Salesforce achieved $4B in recognized revenues in the fiscal year ending January 31, 2014. They led the way in the business strategy of building brand in the small and mid-market, then moving upstream to larger enterprise customers, as well as growing a single application into an enterprise platform. As Salesforce has grown customer usage dramatically, expanded worldwide, and offered more applications and functionality to enterprise customers and a platform to partners, Salesforce’s COGs’ trendline displays periods of increasing expenditures, then some reduction, then a higher peak in percentage of revenue spent on Cost of Revenue.

Salesforce’s COGs as a percent of revenue were almost 24% in FY 2014, growing 33% from the 18% it was in 2004 when revenues totaled $96M. In the meantime, revenues have averaged 50% growth year-over-year in the 10 years. Despite rising over time, Salesforce’s COGs growth rate is lower than the company’s revenue growth rate, so the per subscriber Cost of Revenue has been reduced -- the ultimate goal of a SaaS business.


Compare Cost of Revenue at the time that Salesforce went public in 2004 to those metrics for some SaaS companies that went public recently. Here’s the most recent data for these companies for FY 2013:


These high growth SaaS companies all have higher COGs ratios than Salesforce does currently and significantly higher than Salesforce did when it went public in 2004. In looking at the 2013 filings for 30 SaaS companies under $300M, COGs averaged 33.2% of revenue. It will be interesting over the next 10 years to see whether these companies have to increase their COGs ratio in a similar fashion to Salesforce or whether this initial higher investment means that their COGs ratios can be reduced as revenues grow.

Key take aways:

• COGs as a percent of revenue are not being reduced as fast growth SaaS companies expand, but actually increasing for many companies as they extend their market reach;
• On-going and evolving security and performance investments are major drivers of COGs, and
• Company growth plans should regularly benchmark these costs and COGs overall against peers and market leaders as new technologies and evolving hosting models are changing the ratios.

OPEXEngine’s Software and SaaS benchmarking has COGs data for private and public vendors, with peer group break-outs by size of revenues, business model and average contract size categories so that like companies can be compared more closely. For more information, go to: