Interim Results & Notice of Investor Presentation

29 September 2022 – London, UK Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, today announces its unaudited interim results for the 6 months ended 30 June 2022.


Crossword continued its strong growth in the first half of 2022. In the period to 30 June 2022 both product and services revenue grew rapidly. Group revenue grew by 85% to £1.53m compared with H1 2021 (112% higher excluding discontinued operations). The Company made and successfully integrated another important acquisition during the period - Threat Status Limited ("Threat Status”), the provider of the Trillion and Arc software products. Post period, in September 2022, the Company completed an oversubscribed £3.6m fund raise. The outlook for 2022 remains at circa 75% revenue growth to £4m and the Company is confident of delivering further revenue growth of 50% in 2023, taking revenue to £6m.


The interim report will shortly be available on the Company’s website https://www.crosswordcybersecurity.com/annual-reports


Financial Highlights

  • ARR (Annual Recurring Revenue) growth of 48% since 31 December 2021 to £1.97m

  • Successful acquisition and integration of 3 companies with strong underlying SaaS and services recurring revenue

  • Growth in Consulting vCISO recurring revenue to £1m

  • Following the period and as announced on 23 September 2022, the Company completed an oversubscribed £3.6m fund raise

  • Gross margin improvement in Consulting

  • Cross-selling of products and services from acquisitions into client base continues to increase

  • Expansion of engagement with FTSE 100 client company

  • Successful completion of the Rizikon pilot with a global aerospace, defence and security company that has over 6,000 suppliers


Operational Highlights

  • Successful integration of Threat Status Limited, following its acquisition in March 2022. Size of Trillion’s sales deals being secured since the acquisition is noticeably larger than before acquisition

  • On track to achieve 1,000 users of Rizikon by the end of 2022, from 500 at the end of 2021, with the continued growth in the membership body programme

  • Launched new integrated Supply Chain Cyber practice in response to client demand and the substantial increase in supply chain cyber threat levels

  • Local Omani team engaging with government agencies to support driving cyber security maturity across the Sultanate of Oman

  • Expansion into two new overseas jurisdictions, within one of which Crossword is working with a government institution


Outlook

  • Projected revenue growth of circa 75% to £4m in 2022, driven by organic growth and already completed acquisitions, in line with market expectations

  • Focus on optimisation of cross-sell opportunities is yielding improved results

  • Continued focus on acquisition strategy

  • Crossword’s full range of cyber security products and services will be used to help companies in the Gulf region improve their cyber security preparedness

  • Growing a team in Singapore as part of the continued investment in Nightingale, part of our threat detection and response services, to enable conversion of the pipeline of larger clients, which has been driven by cross-selling

  • Taking Identiproof to market together with continuing product development on verifiable credentials technology

  • Investment in Sales with the introduction of the MEDDICC (sales qualification methodology) framework


Tom Ilube, CEO, Crossword Cybersecurity, commented:

“Crossword’s services and products are experiencing strong revenue growth, in a sector where spend is not discretionary, driven by the quality of its offering and the rising number and constantly evolving nature of cyberattacks. Crossword’s three acquisitions completed in the last 18 months have been successfully integrated and are already delivering strong results, thanks to higher cross-selling opportunities to our growing client base and improved operational efficiencies. We are very encouraged by the outlook for both our services and products and look forward to updating shareholders on progress.”


Investor Call

Crossword is pleased to announce that members of the Executive Team will provide a live presentation relating to Interim Results via the Investor Meet Company platform on 6th Oct 2022 at 12:00pm BST.


The presentation is open to all existing and potential shareholders. Questions can be submitted pre-event via your Investor Meet Company dashboard up until 9:00am the day before the meeting or at any time during the live presentation. Investors can sign up to Investor Meet Company for free and add to meet CROSSWORD CYBERSECURITY PLC via:

https://www.investormeetcompany.com/crossword-cybersecurity-plc/register-investor

Investors who already follow Crossword on the Investor Meet Company platform will automatically be invited.


- Ends -


The information contained within this announcement is deemed to constitute inside information as stipulated under the retained EU law version of the Market Abuse Regulation (EU) No. 596/2014 (the "UK MAR") which is part of UK law by virtue of the European Union (Withdrawal) Act 2018. The information is disclosed in accordance with the Company's obligations under Article 17 of the UK MAR. Upon the publication of this announcement, this inside information is now considered to be in the public domain.


Contacts


Crossword Cybersecurity plc – Tel: +44 (0) 333 090 2587

Email: info@crosswordcybersecurity.com

Tom Ilube, Chief Executive Officer

Mary Dowd, Chief Financial Officer


Grant Thornton (Nominated Adviser) – Tel: +44 (0) 20 7383 5100

Colin Aaronson / Jamie Barklem / Daphne Zhang / Ciara Donnelly


Hybridan LLP (Broker) – Tel: +44 (0)203 764 2341

Claire Louise Noyce


For media enquiries contact:

Financial PR:

David Hothersall, Kinlan Communications

davidh@kinlan.net – Tel: +44 (0) 207 638 3435

General:

Duncan Gurney, GingerPR

duncan@gingerpr.co.uk – Tel: +44 (0)1932 485 300


About Crossword Cybersecurity plc

Crossword offers a range of cyber security solutions to help companies understand and reduce cyber security risk. We do this through a combination of people and technology, in the form of SaaS and software products, consulting, and managed services. Crossword’s areas of emphasis are cyber security strategy and risk, supply chain cyber, threat detection and response, and digital identity and the aim is to build up a portfolio of cyber security products and services with recurring revenue models in these four areas. We work closely with UK universities and our products and services are often powered by academic research-driven insights. In the area of cybersecurity strategyand risk our consulting services include cyber maturity assessments, industry certifications, and virtual chief information security officer (vCISO) managed services.


Crossword’s end-to-end supply chain cyber standard operating model (SCC SOM) is supported by our best-selling SaaS platform, Rizikon Assurance, along with cost-effective cyber audits, security testing services and complete managed services for supply chain cyber risk management. Threat detection and response services include our Nightingale AI-based network monitoring, Nixer to protect against application layer DDoS attacks, our Trillion and Arc breached credentials tracking platforms, and incident response. Crossword’s work in digital identity is based on the World Wide Web Consortium W3C verifiable credentials standard and our current solution, Identiproof, enables secure digital verification of individuals to prevent fraud.


Crossword serves medium and large clients including FTSE 100, FTSE 250 and S&P listed companies in various sectors, such as defence, insurance, investment and retail banks, private equity, education, technology and manufacturing and has offices in the UK, Poland and Oman. Crossword is traded on the AIM market of the London Stock Exchange.


Visit Crossword at https://www.crosswordcybersecurity.com/

CROSSWORD CYBERSECURITY PLC


Crossword Cybersecurity keeps organisations secure in the digital world through a combination of software products and expert-led cybersecurity services.


Since admission to AIM in 2018, Crossword has grown revenues 4-fold from £0.39 million (excluding discontinued operations) in H1 2019 to £1.53 million, through a combination of organic growth and acquisitions.


Crossword’s services have gained a strong reputation in the market thanks to a deep expertise in cyber security and a hands-on approach. Crossword’s full-service consulting team provides strategy, assessment and risk management services. The constantly evolving nature and increasing number of cyberattacks means that demand for our consulting services keeps growing strongly. Our May 2022 report Strategy and collaboration: a better way forward for effective cybersecurity” showed that over 40% of respondents believed their existing cyber strategy will be outdated in two years, and a further 37% in three years. This dynamic creates growing demand for the expert consulting that Crossword provides.


Crossword’s products are driven by research from some of the UK’s leading universities and other research-driven insights. Crossword has developed strong and extensive research and development relationships with many of the 19 UK university academic centres of excellence in cyber security. Crossword offers a portfolio of cyber security software products, having successfully integrated three acquisitions since its admission to AIM. Crossword’s products serve some of the fastest growing sectors in cyber security, including supply chain risks, threat intelligence and credentials breaches.


Cyber security industry drivers


Several inter-connected factors are driving the growth in cyber security software and services. The accelerating pace of digitalisation due to the COVID-19 pandemic and the shift in our working habits are the main motivator for improving cyber resilience, with 84% of C-level executives agreeing that cyber resilience is a business priority for their organisations in 2022, according to the WEF Global Cybersecurity Outlook Report 2022.


In addition, the constantly increasing number and growing sophistication of cyberattacks means that spending on cyber security defence is a key priority for business and governments. In 2021, the average number of cyberattacks and data breaches increased by 15.1% from the previous year. Over the next two years, security executives from over 1,200 companies polled by ThoughtLab see a rise in attacks from social engineering and ransomware as nation-states and cybercriminals grow more sophisticated. As a result, Gartner predicts end-user spending for the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026, attaining a compound annual growth rate (CAGR) of 11%.


The UK is home to the largest, most concentrated and accessible cyber security market in Europe, worth over £10bn, growing 14% in 2021 representing twice the growth on the previous year. The UK’s reputation as a centre of cyber security excellence means it is the third largest exporter of cyber security services globally, worth £4.2bn in 2020. As one of the UK’s leading cyber security commercialisation specialists, Crossword is well positioned to benefit from sector growth, both in the UK and internationally.


The above cyber security industry drivers, combined with a strong set of products and services, mean that Crossword is well positioned to keep growing strongly.




CHIEF EXECUTIVE OFFICERS REVIEW


Crossword continued its strong growth in the first half of 2022. In the period to 30 June 2022, both product and services revenue grew rapidly. Group revenue grew by 85% compared with H1 2021 to £1,525,234 (112% higher excluding discontinued operations). Consulting revenue in particular grew 72% compared with the same period last year. The Company completed another important acquisition during the period - Threat Status Limited, the provider of the Trillion and Arc software products.


Trillion and Arc are already making strong revenue progress in their new Crossword home and showing good promise. This is the third acquisition Crossword has made and successfully integrated in the past 18 months, strengthening Crossword’s reputation in the market as a business in which high quality products and their teams can grow. During the period, Crossword was also delighted to formally launch its joint venture in Oman with its partner, Al-Rawahy Holdings LLC and progress towards securing its first cyber security projects in the region.


Despite the Covid-19 Omicron wave, the demand for cyber security products and advice continues to grow. Crossword was well positioned to respond to its clients’ needs. The Company released a major research report, “Strategy and Collaboration: A better way forward for effective cyber security”, based on interviews with over 200 Chief Information Security Officers, which highlighted the continuing cyber security risks and challenges facing major organisations.


Services


Crossword’s consulting services delivered outstanding results in the first half of 2022, achieving 72% growth versus the equivalent period in 2021. We secured our first FTSE100 client project and carried out international projects in new territories such as Bermuda, a major global reinsurance hub, as well as the Caribbean and West Africa.

Crossword’s Nightingale monitoring and cyber incident response services, acquired in August 2021, supported the growth in revenues. Nightingale was deployed to a major insurance company in dual testing, new investment management clients were signed up and a major cyber security incident response undertaken for a top ten law firm. Crossword is investing in Nightingale’s capacity to support larger firms on a global basis and therefore established a team in Singapore in August this year to provide around the clock monitoring capability.



Products


Rizikon Assurance, Crossword’s flagship SaaS product, addresses supply chain risks. These are a rapidly growing challenge for organisations across all sectors. Rizikon’s user base more than doubled compared to the end of the previous period, growing 116% and on track to achieve a target of 1,000 user organisations by the end of 2022. Rizikon completed a successful trial for a global aerospace, defence and security company and is in the process of concluding a contract to roll out Rizikon to the same company’s 6,000 suppliers. Crossword’s partnerships with membership bodies are yielding positive results, with new partners signed including the Chartered Insurance Institute, British Computer Society, International Federation of Consulting Engineers, techUK and the British Educational Suppliers Association.


In March 2022, Crossword completed the acquisition of Threat Status Limited, a threat intelligence company with an excellent team and an impressive set of clients both in the UK and overseas in North America and Spain. This acquisition added two new products (Trillion and Arc) to Crossword’s portfolio of products. Cross-selling Trillion into existing Crossword clients commenced immediately post acquisition. Trillion’s outstanding product features and Crossword’s targeted sales approach means that the size of deals being secured since the acquisition is noticeably larger than pre-acquisition. Trillion is also being sold into managed service providers (MSPs) through the continued development of a channels partner programme.


Identiproof is the credentials verification wallet technology product acquired in 2021 as part of the acquisition of Verifiable Credentials Ltd. Good progress has been made with developing Identiproof, preparing to pilot Identifproof with a UK chartered institute for their digital professional qualifications and submitting a proposal to a large UK skills and qualifications body for digital credentials.


Crossword has now acquired and successfully integrated three first class cyber security product and services companies over the past 18 months and continues to be on the lookout for an acquisition that can accelerate its growth.


On the corporate front, following the period and as announced on 23 September 2022, Crossword completed an oversubscribed fundraising of £3.6 million at a price of 21.7 pence per share. This funding round ensures the Group’s path to deliver on its aggressive organic growth plans.



Outlook


Strong demand for our cyber security services and products, an able leadership team and a strengthened balance sheet, will drive Crossword’s growth and we expect to meet market expectations of 75% revenue growth in 2022, taking revenue to £4 million for the year as a whole. Additionally, the Board is confident of delivering 50% revenue growth in FY 2023 taking revenues to £6 million, in line with market expectations.





OPERATIONAL REVIEW

Services

Services experienced very strong growth of 125% compared to the previous period in 2021.


Consulting


Demand for our expert consulting services keeps growing strongly as a result of the constantly evolving and increasing number and types of cyber-attacks. During the period Crossword won its first FTSE 100 client project and carried out international work in new territories: Bermuda, the Caribbean and West Africa.


The Consulting division now numbers 16 specialists. With higher staffing levels we have been able to improve our consulting methodologies and develop a more scalable model to provide our services. This is leading to work with larger clients with multi-faceted and more complex needs.


To increase the scalability of our consulting services, we have developed services that integrate recurring revenues from several other Crossword’s products, namely from Nightingale and Rizikon. As part of this drive, we were successful in cross-selling Nightingale, Crossword’s comprehensive security monitoring service, into consulting clients. This is increasing the level of recurring revenues that the Consulting division generates.


During the period we also launched the Supply Chain Cyber practice, which offers consulting services wrapped around a new set of strategic Rizikon modules with a recurring revenue proposition. This proposition targets the needs of large organisations regarding their third party supplier cyber risk and has been well received by major clients.


Nightingale


The integration of Nightingale is delivering on expectations and saw significant successes in the period. These include new investment management clients, deployment to a major insurance company in a dual running assessment and carrying out a cyber incident response at a top ten law firm.


To service the needs of global clients, Nightingale’s capabilities were increased and we opened an office in Singapore employing a Singapore regional manager and our first SOC (security operations centre) analyst.


Products


Crossword made strong progress across all products in the first half of 2022, both in terms of product development and improvement as well as sales and business development.


Rizikon


Rizikon is Crossword’s flagship product and is strongly positioned in the market as a leading product for supply chain risk management.


Preventing cyber risk attacks in supply chains is a fast growing market. The European Union Agency for Cybersecurity (ENISA) reported in 2021 that it expected supply chain attacks to quadruple over the following 12 months. Simultaneously, supply chains are going through a period of digital transformation, with automation increasing efficiencies, whilst at the same time introducing possible vulnerabilities to businesses. As a result, industries including but not limited to banking, retail and manufacturing are under mounting financial, reputational and regulatory pressure to take control of supply chain cybersecurity risks.


To ensure Rizikon remains strongly positioned we made substantial progress in re-engineering Rizikon, by moving our coding from Java to ReactJS + Java. This will speed up future development and enable Rizikon to keep quickly addressing emerging supply chain cyber security needs. Other notable product developments for Rizikon included the completion of analysis & designs for new higher value modules, a number of improved features for Rizikon as well as a new ESG assurance question set.


For organisations of any size, the greatest threats to cybersecurity are suppliers, third parties and connected technologies because they are so hard to control. Recent research independently conducted for Crossword of over 200 Chief Information Security Officers (CISOs) found that 83 per cent. of CISOs viewed "ensuring that the entire supply chain is water-tight in its ability to defend and recover against threat actors" as a challenge.


To address this increased demand for consulting and product in supply chain cyber risk, during the period we launched the Supply Chain Cyber practice, which offers consulting services wrapped around a new set of strategic Rizikon modules with a recurring revenue proposition. The proposition targets the needs of large organisations regarding their third party supplier cyber risk and has been well received by major clients.



Trillion


Following the acquisition of Threat Status Limited in March this year, Crossword is continuing to successfully integrate its Trillion and Arc software products. This is leading to higher sales volumes of Trillion in particular, compared to prior to the acquisition. We continued with our sales strategy of seeking to include Trillion into third-party MSPs (managed service providers) and are currently exploring a Trillion opportunity with a large network operator. On the development side, we improved product functionality to support much larger multi-organisational clients as well as multi-tiered SAAS providers. This has dramatically increased the revenue universe which Trillion can target.



ARC/Nixer Cyber ML


Arc validates customer credential pairs (username and password) against databases of known leaked usernames/passwords. It does so quickly and efficiently without harming the user experience.


Nixer CyberML operates in the same sector as Arc, using machine learning to match application credentials against a list of 555M leaked username/password combinations, making recommendations if matches are made. As with Arc, it does so with zero friction to user experience.


ARC and Nixer Cyber ML operate in similar focus areas and we have started work on merging the two products in order to provide a best in class proposition to clients.


Identiproof


The advantages of being able to easily access and share qualifications through digital wallets is driving strong demand worldwide for verifiable credentials software. During the period we made good progress on both product development and go-to-market plans for Identiproof, which is our credentials verification wallet technology.


A new demo portal was made available enabling demos of Identiproof to potential customers. It covers both flows in which the verifier requests credentials to the mobile wallet, and in which users want to share their credentials as badges. Experimental R&D proof of concept work continued with grant funded development in the areas of interoperability and trustability.


The JFF Plugfest 1 project (up to $30,000) attested that Identiproof can issue credentials in the Open Badge v3 standard. The DOOR project (€25,000) allows issuers and verifiers to verify the wallet's device was not tampered by using TPM hardware. Crossword was awarded an EU NGI Atlantic research project, which commenced in September 2022 (€45,250), to lead a project to test the OpenID Foundation’s protocols for transferring verifiable credentials.


Progress was made on the second major version of the Identiproof suite of products. The new versions will have a new architecture and use later versions of the development stack for better scalability, reliability and resilience.


In parallel to product development, we made good progress on Identiproof’s go-to-market strategy. We submitted proposals to two large UK skills and qualifications bodies for their digital credentials, and prepared a pilot programme with a UK chartered Institute for professional qualifications.



Sales & Business Development


The customer success team is ensuring high retention rates and increased contract value by demonstrating the value of products to clients. We saw this markedly in the case of Rizikon, leading to high levels of contract renewals as supply chain risks increase and become more widely recognised.


During the period, Crossword’s sales team was restructured into direct and indirect/channel sales with the objective of sharpening our focus on driving results. As part of this restructure, for direct sales we are placing more focus on sector focused sales campaigns, e.g. targeting sectors such as large clients facing supply chain risks with Rizikon. For indirect/channel sales we are expanding channel sales via resellers and distributors. To generate a better sales pipeline and results overall we also implemented the MEDDICC sales methodology, whilst continuing to further develop CRM and sales reporting/automation.


We were pleased to establish several new sales partnerships during the period. Sales partnerships are part of Crossword’s indirect/channel sales and enable Crossword to reach large audiences quickly and effectively. The new partnerships included BESA (British Educational Suppliers Association), the SWCRC (South West Cyber Resilience Centre), techUK, (the UK digital technology trade association), the Chartered Insurance Institute and the International Federation of Consulting Engineers. We were also delighted that the IASME Consortium Limited, a UK Government Cyber Essentials Partner, selected Rizikon Assurance as the core platform to support a new Maritime Security certification, taking the number of certifications it delivers via Rizikon to three.




CROSSWORD CYBERSECURITY SERVICES – OVERVIEW


Crossword’s Services help organisations become more resilient to cyber-attacks & align to best practice standards