SSH Communications Security Oyj

OMXH:SSH1V

Welcome to SSH Communications Securities Investor Call for Q1 of 2024. My name is Heine [indiscernible]. I'm a member of the SSH finance team, and I'm responsible for our Investor Relations. Presenting the result is our Interim CEO, Rami Raulas; and our CFO, Mick Kommonen. After their presentations, there will be a Q&A session. You can ask questions during the call by posting them in the chat. We appreciate if you can write your question in the chat during the presentations. This call is hosted with our own solution, SSH Secure Messaging. The call will be recorded, and the recording will be available on our website, along with the presentation slides. Now I would like to welcome our CFO, Mick Kommonen to start the presentation. So please go ahead.

Thank you Heine, and good morning also on my behalf. Let's jump into the numbers of the first quarter of 2024. So, in the first quarter of this year, our net sales grew by 6% and our EBITDA was EUR 0.2 million. So, the EBITDA was on the same level as in the previous year first quarter. Net sales reached EUR 5 million and total ARR reached EUR 19.7 million at the end of the first quarter, representing a growth of 7.4%. On the product side, our PrivX business grew strongly. Subscription sales were up by 44.5% in the first quarter. The first quarter was also the 12th consecutive quarter of positive EBITDA for SSH. On the market and portfolio side, some highlights we had in Asia Pacific, an expansion in our customer on the Japanese market. A Japanese systems integrator ordered an expansion of PrivX worth EUR 0.25 million on an annual recurring revenue basis. This is a doubling of the value of PrivX at this customer and also illustrates the land and expand strategy in practice.In the first quarter, we also secured our first commercial customer for Secure Mail 2024. And also, we successfully launched PrivX as a bolt-on, the best bolt-on to Microsoft Entra ID. Looking a bit more at the numbers, subscription sales overall grew 14.5% in the first quarter. They were then partly offset by a slight decline in maintenance sales and lower sales in license. Deferred revenues were broadly stable, EUR 12.5 million at the end of the quarter. EBITDA, as mentioned, EUR 0.2 million, same number as a year ago. EBITDA negative EUR 0.7 million, also on the same level as in the first quarter of 2023. Cash flow from operations was EUR 1 million. So, with this, I would like to hand over to our interim CEO, Rami Raulas, who will take us through the business highlights of the first quarter. Welcome, Rami.

Thank you, Michael. I am excited to lead SSH Communication Security since March onwards. Prior to joining SSH Communication Security several years ago, I used to work in a lot of multinational global companies running businesses, development, sales, and marketing. But the size of SSH Communication Security is actually ideal. We are a small, medium-sized team where everybody know each other. People act as a team, everybody matters, everybody's contribution matters and we matter as a company, as a provider of defensive cybersecurity. [Foreign Language] might be a good translation for that. And I'm really privileged to work with very smart people in the company and have indeed spent a lot of time with the teams and individuals to see how we can expedite and improve our way of working and get the excitement level even higher up. And also, to feel the pulse and move things forward, and a lot has already happened in the first month. We already worked on our organization model. I'll talk a little bit more about that. And many positive things and new starts were established in Q1 overall. But my interest is with customers. That's where I spend most of my time, have been spending and will be spending most of my time with partners and customers. It's rewarding to talk with customers and to learn from customers and to adapt and develop our solutions based on real customer needs moving forward. And indeed, I have met with many global customers recently and will continue to do so. But let's have a look at some of the highlights of the different achievements or developments in Q1. So PrivX, which is our flagship and highest growth, PrivX Zero Trust suite developed very favorably. We launched Secure Collaboration editions, Secure Mails and especially Secure Messaging, which is the platform we are using today. We received a major order for Cryptographic Solutions and Services. We continued our effort on OT, which is a very lucrative growth opportunity. We continue to deliver quantum-safe solutions and have been influencing organizations and standardizing committees to put more pressure to do the next level of securing of communications. And finally, we had quite a few new solution releases. So let me talk a bit more in detail about some of these. So, for PrivX, we launched our entrance into the larger identity and access management market with the partnership and strategy of leveraging Microsoft Entra which is already a market leader in that space. That was launched at Gartner Identity & Access Management show with more than 1,000 identity and access management leaders. And that went really well. We got really positive feedback. And we are now moving forward on the integration of that. Actually, just last week, we also released the availability of the solution from Microsoft Azure marketplace. And we have had significant progress with PrivX OT and MSP. So, service provider businesses and had a major expansion with the leading global Japan-based systems integrator for the internal use, a major order for that. Secure Collaboration, there's a real market need for Secure Collaboration platform that customers and organizations can manage the governance themselves on it, not just running it in public clouds, not knowing how things are secured, encrypted and managed. And of course, there is the big event of the large banks being fined by SEC and CFTC in the U.S. for using nonapproved platforms like Signal and WhatsApp in communicating with their customers without any knowledge of the banks of what has happened, and that needs to change. And we had the commercial start for the Secure Messaging and Secure Mail 2024 in Q1. And the Secure Messaging solution itself was completed and brought to the market as well. And then we had that order that was already announced separately as well as a stock exchange release earlier in Q1. Cryptographic Solutions and Services for the net worth of EUR 1.8 million, out of which we anticipate to recognize roughly half in this year toward the end of the year. Now on OT we have been very active in different OT seminars and events as one of the actually, very few vendors from our current peer competitors because we've been focusing on this differently to many of our IT-based competitors. And we've had significant growth in our OT customer pipeline from those and from other activities and have actually completed very large OT deployments. You may have seen some of the webinars that we hosted together with two of the top six paper and pulp companies just the other week and earlier in the quarter, talking about their successes, challenges and successes in implementing a very demanding OT security solution for thousands and thousands of users. In quantum-safe we presented our presenter, Suvi Lampila, who is our spokesperson for that area and also a member of the NIST Working Committee on standardization out of the U.S., a very successful presentation for thousands of people. And we added more and more quantum-safe functionalities to our solutions. And we released quite a few new solutions onto the market as well on secure fund transfers and secure connectivity in mainframe environments, which still is also a growth opportunity that we want to leverage a bit more. New PrivX release, Secure Mail, next second version alongside with the first customer order. And Secure Messaging was finally released and is now available also as a SaaS service from a secure private cloud environment. And we started promoting and campaigning now on Secure Messaging and you'll be seeing more of that. This was just kind of the launch. Launch for that to make the market aware that we indeed have a fantastic solution here. But I mentioned earlier that a lot has already been done in the first month. And you may have seen some of the announcements this week earlier about that as well because now it's time to accelerate for growth. As part of that, a renewed organization for improved efficiency and moving us closer to customers, adding speed and agility even more was developed. We went for discussions, negotiations, and changes. And again, I announced the internally and externally now the new organization model. We have a small healthy leadership team with me, Michael, who you saw; and Miikka Sainio, CTO, who was appointed and he was the first appointment in the new organization in the beginning of March. And now with the new change, we are simplifying the organization. We move away from kind of global process leaderships or functional leaderships into just three business units, which are fully responsible for the commercialization and market opportunity analysis of solutions and then getting those solutions, sourcing, making, partnering out to the market and the product management on those two, three regional sales units or sales organizations in Europe or EMEA, Americas and APAC. With the intention, of course, that the business units collaborate together, we leverage our technologies and development capabilities so that we have an integrated suite and the regions work in tight collaboration and cooperation with the business units to bring solutions to market. But the market drive when we talk about demand creation, prospecting, opening new dialogues with new prospects, working more on our current customers account management, moving those customers forward with our other solutions than what they are now using from us and doing presales of architecting solution consulting, professional services, helping demanding projects to get off the ground and be successful and support in supporting our customers. That is all in the regional units as a change of the organization. And I'm really happy to announce for the business units for Secure Messaging or Secure Collaboration, Patrik Forsbacka was appointed to lead that business unit for PrivX Zero Trust suite, our biggest business unit entity. I was able to appoint Samuli Lehti onto the leadership position there and Kai Lummi continues as the lead for our network security solutions. And then for the regions, Heikki Koivuaho was earlier last year appointed to lead APAC growth. And now there was an appointment from David Wishart to move to the role of leading EMEA regional units and business in EMEA. David has already earlier been in the EMEA team working on partners and partner strategies and professional services and technical support as well. And then Sean McAllister, who's been with us a few years in the U.S. U.S. sales team was appointed to lead the Americas regional sales unit. So big changes, but I already can see very positive feedback on that internally and a little bit externally as well and a lot of excitement and getting things to move even faster than earlier. And then I spoke earlier about the focus on OT. So, we will continue to develop and push forward our OT. So, there was another appointment on Monday. You will see it publicly actually today or tomorrow, later on. Massimo Nardone joined us to lead our OT business reporting to me in the CEO office with the special task team to further accelerate our activities, our offering, our strategy and, of course, our go-to-market and sales activities globally for the OT operational technology market. So, I welcome him as well on to this new organizational model. So, I wanted to say just a few words about our mission and why are we here? This was launched released a couple of years ago. There's no need to change it. I think we've hit absolutely the right focus areas on the market beginning with Zero Trust, continuing with quantum-safe. And then finally, with the growth opportunity of operational technology, cybersecurity, defensive cybersecurity for OT, whether it's manufacturing, logistics or critical infrastructure like water and electricity. So let me talk a little bit more about what has happened there in the past quarter. So, for Zero Trust, what is Zero Trust really? Zero Trust, we don't talk about the concept. We talk about the solution. How we can help customers move in the journey, to move from the hassle of having to deal with passwords. We all hate that, obviously. Moving away from having credentials like passwords and encryption and access keys because 80% of hacks and cybersecurity challenges and problems come from the credentials, let's say, passwords to simplify it, being in the right passwords being in the wrong hands because they are so easy to fish. They can be shared around. Somebody might even sell them for profit. So that all has to go away. So, Zero Trust is to get rid of permanent access, get rid of permanent authorizations, get rid of permanent credentials or even if you rotate them, they still are vulnerable and bolting sequence is not a great idea in the first place. And then to put strong identity-based access control. So, we always verify the user to a multifactor authentication, actually I can reveal the rest of it. Multifactor authentication check the user with a security token and biometrics. So that is really what you have and what you are or who you are when it's a person. And there's a lot of drive on the market as well from different organizations to demand a quick rapid move to Zero Trust. NIST, National Institute of Standards and Technology in the U.S. has a standard or recommendation on that. U.S. government is pushing the whole U.S. government quickly to move to Zero Trust for security reasons. And quite recently, U.K. financial authority also send the mandate to the financial industry to move more faster to [FMR access] and Zero Trust. And this is what our product Zero Trust suite is all about. It's all about providing that functionality. And we've been doing that now for quite some time. But now I see kind of an acceleration in the market. I think people are talking now about a formal access, which is the requirement, which they did not talk about too much three years ago. So maybe we were a little bit ahead of time, but now that's certainly materializing. Now the other part is quantum-safe. We have to remember that we're actually the pioneer in this area because in '95 when the founder of the company Tatu developed Secure Shell SSH, which is still the name of the company SSH Communication Security, that was all about putting secure communication and authentication in place in an encrypted way. So, no clear text connections, no passwords anymore. So, way ahead of time. And it has been protecting our lives and internet for 29 years. But now it's time to take the next step and move to the next generation of encryption technologies, which are in response to the potential emerging quantum computing threat, which the quantum computing threat simply means that all current encryption technologies can be broken in a matter of minutes or hours. So, we have to move forward. And we've been active on that. We were an active part in the PQC project in Finland, which was by the way [Foreign Language] annual Security Award a couple of years back. So, we've been doing this already for years. NIST, again, is coming up with standards in the summer. We are part of that working committee as I mentioned earlier. And we already have implemented those will implement those across all of our product portfolio, which is unique on the market, especially the timing. One big customer, the biggest retailer in the world said that they think we are two years ahead for instance, OpenSSH in this area. This was about a month ago. There was a new law set after the presidential order in the U.S., which went through the Senate in record time for preparedness for cybersecurity for quantum-safe. And this is more about protecting U.S. government secrets against other nations from the East. And very recently, European Commission and Monetary Authority of Singapore, both came out with recommendation and mandate for organizations to move towards quantum-safe-based securing and encryption technologies and algorithms. So, we may be earlier, so this opportunity for us as kind of the next generation moving forward. But now it looks like time has shrunk a little bit, and there's more understanding on the market and need to respond and react to this faster. And we are well equipped for that. And finally, OT, as talked quite a few times here already. So, there's one thing that's driving, of course, is compliance. The Network and Information Security Act #2 will come into play as national legislation on the 17th of October of this year. So, everybody is [indiscernible] already on that. And then there are standards for controls and security for process industries, which we, of course, adhere to and promote. But this market is not so much driven only by compliance. It's more driven by the threat because the most attack market at the moment is OT. Why? Because it's easiest to attack. There's more money to be collected from there. There was a semiconductor company who was attacked and ransomware. The production stop cost them USD 0.25 million and the ransomware they paid was another USD 0.25 million. So serious business. So, get better protected. This is the #1 risk management topic for manufacturing, logistics and critical infrastructure operators in the world at the moment. And then, of course, you have the big nations that are also attacking, especially critical infrastructure. I actually remember what [indiscernible] said publicly that there are dozens of attacks on our National Electricity Group daily. Most harmless attacks or attempts, but some serious ones as well. So, we need to be guarded. We need to be protected. We need to be prepared everywhere. And for us, of course, this is a new opportunity because there is now urgency and that's why I think we are seeing also more opportunities and customer dialogues emerging in this area. And most companies just don't have adequate measures in place because when IT technology was implemented or has been implemented into OT, cybersecurity was not on the table. So, it's an afterthought in a sense. And then we have a few very interesting development projects, CHARM which is an EU project, which is -- because this will help us develop our solution forward. CHARM is now coming to an end. It's about to develop industrial IoT, so Internet of Things solutions with an improved tolerance against harsh conditions and harsh working environments. And it's addressing critical cybercity concerns and also taking into account AI technologies. And then the new one that we joined some while ago, you may have a blog post on that and some social media promotion on that is the AIQUSEC, which is a project for AI-based Quantum Secure Cybersecurity Automation for safeguarding against evolving threats, especially in the OT space. So, two projects where, for instance, AI and IoT are hot topics, and we are definitely deep in the areas already providing solutions for that, but developing it also forward. And by the way, on AI, we have already had AI in our products. So, in PrivX, we have AI and UI by user and entity behavior analytics using deep learning, and we use Large Language Models also already in our customer-facing functions. So, AI is part of our DNA as it needs to be as well. With that, I would like to end with just an outlook, which is we don't project detailed forecasts or outlooks. But the outlook that I can say is that we expect the net sales to grow in '24 compared to the previous fiscal year, and we estimate EBITDA and cash flow from operating activities to be positive in 2024. Thank you for your interest. And I think I will hand now back to Heine for Q&A session. Michael, if you want to join me here as well?

Yes. Thank you. As has been tradition, the first question will come from Redeye Equity Analyst Fredrik Reuterhall. And after that, we will start going through the possible questions that are in the chat. If more questions arise at this point, please write them in the chat. And now Fredrik, if you're ready, please go ahead.

Good morning Rami and Michael, thank you very much for the presentation. I want to kick off with the -- I mean the subscription revenue came in pretty strong. It was up around 4% quarter-on-quarter. And I guess it's due to the strong growth in PrivX. And you talked about what was driving the growth during the quarter. But can you expand and give us your thought about what we're going to see for the rest of the year in terms of growth?

Yes, maybe I can quickly say on the first quarter. So obviously, the largest driver in the PrivX first quarter sales was the mentioned Japanese expansion deal. So, that's on the first quarter. But maybe, Rami, if you want to expand on the rest of the year.

Yes, some other -- of course, other deals from last year as well. Of course, in subscription business, we, of course, recognize the revenue over the period of the contract time. So not when the order is booked. So yes, we are not giving more detailed forecast for the growth. I think I can only say that I have a positive view on how we've been able to develop our pipeline. Our strategy is to sell with subscription, which, of course, makes the growth a little bit slower, but then stronger move to the future. I mean if we were to sell more licenses, then, of course, there will be more immediate revenue growth, but our strategy certainly is to hold on and promote, and especially another way go into more SaaS solutions as well. They are all subscription-based businesses.

Okay. I mean you talked last quarter that Asia and U.S. was strong, and I think it's very interesting that you've got a strong foothold now in Japan. You continue to see strong demand from Asia and U.S. customers or?

Yes, Asia is definitely a growth market, and we already deal with the biggest banks there. And we have now projects ongoing. So, I can see positive growth opportunity from there. And in the U.S., we are now structuring over again over with Sean's lead. So, in the U.S., we are now putting plans in place how we can more rapidly develop our pipeline, develop our opportunities. Of course, we have a huge really positive customer base, huge customers which today are only buying a small part of our portfolio. So, the focus in the U.S. will be on account management on those key accounts, whether they are large financial institutions or the biggest retailers or indeed e-tailers as well and then putting the marketing engine and demand creation engine into a new shape during Q2 and especially Q3. So, we need to definitely develop our market position in the U.S., no doubt about that.

Okay. And I will talk a bit about the Secure Collaboration launch. You started more or less last quarter. You still see good momentum in the launch there?

Yes, we did. I mean we kind of pre-launched it, if you remember, already at CMD last year, that was the intention and start of the development work. So it's been really rapid development as well. I talked about a sense of urgency, adding a sense of urgency to an organization. This development team doesn't need any sense of urgency. I can hardly keep up with them. So, it's been really fast. And we've been presenting it now to customers. First of all, we have been using this internally, secure chats, secure rooms, secure file sharing, secure e-mail and secure messaging, video calls are our focus, whether they are individual calls or group calls or whether they are on the computers or mobile phones. Our mobile phone applications have been on iOS and Android shops already for nearly a month, at least three weeks. So, we have collected a lot of feedback that way. And then we're presenting and demonstrating and having dialogues with customers now for about a month as well, just under a month and really positive feedback. So, the first proof of value test environments are being set up as we speak. We see a lot of actually positive dialogues and interest in Sweden on to this. There seems to be more drive or willingness in the Swedish market to find solutions for the current secure collaboration platforms, which, in most cases, is much of Skype on-premise, which has an end of life of '25. So, there's kind of a need also in many organizations, not only public organizations, of course, where this is really important, but also financial insurance companies. Law offices certainly and others to move to the next generation of secure collaboration. But so that you have the data sovereignty and governance under control, maybe even in your own hand of course. We deliver this solution not only as a SaaS service. Our partners provide it as a solution, as a hosted solution or as a service solution from private clouds or private VMs and then there will be some customers like we have already on Secure Collaboration and Secure E-mail that want this definitely in their own premises, on-premise, and we support that model as well.

My last question is regarding R&D spending during 2024. Will you keep it more or less the same as 2023? Or will you ramp it up?

Yes. I think a fair assumption is to expect that it will be broadly on the same level. So, we have -- that might have some decreases somewhere, some increases might come from the Cryptographic Solution that we announced in the first quarter. So slightly more R&D spend on that product itself. But overall, the overall picture is roughly on the same level as 2023.

Thank you very much. [Operator Instructions] We do have a question. How is the liquidity outlook considering the upcoming Deltagon and other payments?

Yes. So, we are monitoring the liquidity situation closely, and we expect to pay the Deltagon installment in line with the agreement that we have with the seller.

Then from our side, Michael and myself will say thank you for you and Heine will say a few words about the next steps.

Thank you very much for participating in this call. The materials for this call and our previous calls can be found in our website's Investor section. Our next investor call will be on the 18th of July when we release our Q2 report. So, thank you again, and we hope to see you in July.