A look at Amazon financials (2013 – 2018)

My understanding of Amazon’s business model is as follows:

  • Successfully become a household online store for shoppers and build a loyal user base (Prime members in particular)
  • Leverage the infrastructure (supply chain) for the online store to allow sellers to fulfill orders and sell products through their stores (3rd parties)
  • Leverage the IT infrastructure built to maintain online stores to offer Enterprise IT services (AWS)
  • Leverage the immense traffic to its online sites and ability to turn traffic into orders to sell advertising services to brands

In my free time, I like to go through annual reports of companies to understand their businesses and performance, in addition to reading the news from sources such as WSJ, Techcrunch, CNBC, to name a few. I did it before for Adobe, Spotify and Apple. Below are my findings from digging through Amazon’s financials from 2013 to 2018. Unavailable figures are due to the lack of reporting from Amazon.

Amazon’s total revenue has been growing increasingly fast in the past 5 years

In terms of net income, except for 2014, it has been growing as well, with 2018 as the standout year

With regard to revenue breakdown, every segment, except online stores, has seen its influence on the total revenue grow for the past 3 years (two for physical stores). AWS, in particular, is making up around 11% of Amazon’s total revenue. Amazon started to report on physical stores’ revenue in 2017. As of 2018, it made up around 7% of the company’s revenue.

Despite making up only 11% of Amazon’s total revenue, AWS is responsible for the majority of Amazon’s operating income. The reason seems to be that the company lost money from its International segment

Much has been discussed about the growth of advertising and AWS. The two segments have indeed been impressive. Advertising has gone nuts for the past three years while AWS’ growth has never been lower than 42% since 2013

Shipping costs have been growing at a 2-digit clip since 2013, a concern that many analysts and investors expressed. However, the growth rate has slowed down since 2016

Expenses have been growing at a two-digit clip in the past 5 years

In terms of expense breakdown, Cost Of Sale is still the dominant item, though its contribution to the total expense has been declining steadily. There is one item called Other Expenses in the reports, but I decided to ignore it since it wasn’t significant compared to other items.

Amazon looks to have been successful in diversifying its business, transitioning to more profitable segments from merely relying on the low-margin online stores. With its dominant market share in the cloud and companies moving to the cloud, I believe AWS will continue to grow its importance to Amazon’s first and bottom lines. It also won’t be a surprise to see a middle two-digit growth this year for advertising.

How big are AWS and Apple Services?

AWS and Services have gained increasing attention in recent years for their role in Amazon and Apple’s growth respectively. I gathered revenue data on both and compared it to the comparable figure of some famous brands. The comparison should put the size of AWS and Services in perspective. The figures were retrieved from the latest available annual reports of the companies.

The two growing business segments of Amazon and Apple generated more revenue than some of the global household names. In the past 6 years (when the data is available), the segments have grown impressively fast. According to my calculations, from 2013 to 2018, the CAGR of Apple Services and AWS is 18.22% and 52.66% respectively.

Facebook & Privacy First Mentality

Quite a week for Facebook

It has been quite a few days for Facebook. First, two days ago on Techcrunch:

Facebook has confirmed it does in fact use phone numbers that users provided it for security purposes to also target them with ads.

Specifically a phone number handed over for two factor authentication (2FA) — a security technique that adds a second layer of authentication to help keep accounts secure.

Then, a bombshell was dropped yesterday. Per Wired:

ON FRIDAY, FACEBOOK revealed that it had suffered a security breach that impacted at least 50 million of its users, and possibly as many as 90 million. What it failed to mention initially, but revealed in a followup call Friday afternoon, is that the flaw affects more than just Facebook. If your account was impacted it means that a hacker could have accessed any account that you log into using Facebook.

Facebook’s track record in data security and privacy hasn’t been particularly stellar recently. 2018 is not 2010. Facebook doesn’t have the same dominant position as it used to in the social network market any more. Users have plenty of alternatives and substitutes to spend their time on. These scandals, coupled with its role in the “free speech vs hate speech” row, don’t do any good to Facebook’s image as well as its appeal to users when privacy has become more and more pressing as a concern to users.

Privacy & regulations

I have been resigned to the fact that there is no anonymity on the Internet and that complete privacy isn’t possible. Yet, when users trust a company with their data, whatever the data is, it’s the company’s responsibility to protect such data. As many important aspects of our lives take place on the Internet, the need to feel safe online is more overwhelming than ever. Without feeling safe, how could users feel comfortable using a service? Privacy and data security will be, if not already is, expected by default of companies. It’s not a nice-to-have feature any more. It’s a do-or-see-your-competitors-get-ahead game.

But companies are not in the business to lose money. If they are not legally required to bolster their security, don’t expect them to. That’s why companies fought hard against GDPR or privacy laws passed in California this year. And this is where I don’t understand the criticisms of some towards regulations such as GDPR. Yes, no law is perfect, especially in the beginning. That’s why we have amendments. GDPR is not an exception. It is a great first step to give power back to users and force companies to be liable for their actions/inactions.

A common criticism that I came across towards GDPR is that it makes it too expensive for small companies and startups to comply, widening the moat or competitive advantage gap between giants such as Google/Facebook and SMBs. Well, if a company with a deep pocket and better security measures has 10% of its 500,000 in user base breached, the impact is 50,000 users. If a small company with fewer recourses and much weaker security measures loses all of its 50,000 users, the impact is the same as in the first scenario. Hence, breaches at SMBs can have significant damages and ramifications as well.

Sure, the best case scenario is to have different levels of compliance applied to companies of different size. I’d love to see that happen. Nonetheless, without privacy regulations, imagine how much companies would care about our data and how much of a mess it would be. Despite having HIPAA in place, every year has been a banner year of cybersecurity in healthcare in the US and healthcare organizations spend 3% of their IT budget on cybersecurity. Verizon reported in their 2018 Payment Security Report that only 40% of all interviewed companies in North America maintained full compliance with PCI. Despite all the scandals related to data security in the past, Facebook still lets more unfortunate events happen. To be fair, I don’t imagine having impeccable security is easy. However, would companies even try to secure your data without any legal requirements?

Progress happens when we raise standards. Would cars be more environmentally friendly if we hadn’t enforced regulations on emission quality? If a university wants to raise its standard for incoming students, will it lower or raise the requirement for GMAT/SAT? Will a drug be safer for patients if the FDA enforces more or fewer tests? Big companies have the means to comply with stringent privacy regulations. Small companies/startups, though difficult, have more access to capital funding. Plus, public cloud providers are investing to have their infrastructure compliant with many compliance regulations (See more here for AWS compliance and Azure compliance). Regardless of size, companies have to take privacy seriously and consider it an integral piece of the puzzle, a competitive advantage if done right or a threat to their competitiveness if ignored.