NCC Group H1 2025 Earnings Call Transcript

Quartr
Provided by Quartr
June 19, 2025
Earnings Conference Call
NCC Group H1 2025
00:00 / 00:00

There are 3 speakers on the call.

Operator

Good morning, everyone. Thank you for joining us for the interim results for NCC Group. Just to recap, these are interim unaudited results up to the 03/31/2025. I'm Mike Madison. I will start with a bit of a firstly, a recap.

Operator

I think it's important just to reset just to refresh a few points in terms of the overall group. And we've been very consistent. This is a group of two distinct businesses. We have a cybersecurity business, which supports organizations managing cybersecurity risks and S Code, which is a business that focus on providing a very diverse client base with escrow services, software escrow and verification services. We are a trusted partner to organizations, public and private, a very diverse client base.

Operator

And both our businesses operate in a market which has a number of diverse, but multiple drivers for growth. Very positively as a group, as a technology company, we have strong financials. And as we'll talk through today, hopefully that continues to come through. So just a few highlights, and I'll deal firstly with our two individual businesses. Let me start with S Code.

Operator

I'm delighted to say that as a business, we've had now ten consecutive quarters of growth. And very pleasingly and really importantly, that is sustainably improved gross margin as well. Now I would just like to confirm we are indeed investigating options for S Code and are holding a number of discussions with interested parties. Clearly, if they conclude successfully, it would enable a return of capital to shareholders, which would give us the optionality to invest in our cyber business, particularly as we see significant opportunities in that domain. Now clearly, it is a confidential process.

Operator

And as a result, I won't be taking questions on the process, although obviously, we'll be discussing in more detail the financial performance of that business as we hand over to Guy. If I could then just move on to cybersecurity. Now clearly, we've seen a slight revenue decline in the cybersecurity business. And I wanted to just give you some of the nuances of that because there's quite a lot of detail as we play through in terms of under the numbers. So firstly, let me deal with, I think the NCC historic and highly successful, let's face it, high volume, but lower value transactional business, particularly in penetration testing.

Operator

Now that's been under pressure for quite some time. And due to the challenges both what our clients face in a macro environment, but in H1 that became particularly evident and was amplified those trends which we'd historically seen. There's now more than ever a greater emphasis on larger, more strategic projects that focus on risk reduction and remediation with our clients. And that is quite a shift from a market perspective. The challenges that we see in that transactional business, the penetration space penetration testing space is not unusual to NCC.

Operator

We certainly see that in our competition. We're not unusual in that regard. In our managed services business, we've continued to win some marquee clients. The proportion of revenue from this area has increased as we always intended in terms of our strategy. That is despite an incredibly competitive environment, particularly in the renewal space and particularly in the SME sector or the mid market.

Operator

The strategic growth areas that we focused on such as digital identity and operational technology are experiencing strong pipeline growth in H1. And again, that is from a standing start. These were new areas of investment. And we're very pleased with the build of the pipeline, which we are seeing revenue growth in H2 and also into FY 2026. But these are longer sales cycles because they're more strategic, more complex and therefore need the support of an entire team to actually close out, but very positive progress in those investment areas.

Operator

I wanted now just to sort of maybe give you a little bit of a feel for the market environment as in which we're operating. And actually some of the positive market tailwinds, which I think we are very well now capital placed to capitalize on and gives us confidence for our future growth prospects. And it's really they are really important as we continue to pivot the business from where we were to our goal. Firstly, let me talk about the escalating threat. I think this is very evident.

Operator

We see it reported every day. It is very clear that a number of the sectors in which we operate are completely unprepared for the level of challenge in which they now face. This is now a core business risk. It's been elevated to the executive layer and indeed to the Board from the Chief Information Security Officer and as a fundamentally IT problem. It's also facing increasing regulatory risk.

Operator

There's greater momentum in this domain, which is something that we are very well placed to capitalize on because of our relationships within the regulatory within the regulators and also within various government institutions. There's a very clear shortage of talent globally. And that's important as we have over 1,000 deeply technical cybersecurity experts. But it's also important from a client perspective, as we see greater emphasis on strategic shifts, the need to outsource and use third party suppliers to achieve strategic change within an organization. And as I say, changing buyer habits.

Operator

This is very evident that shift from transactional compliance driven activity to strategic impactful programs of work that focus on remediation. That's driving it from an IT only issue into a C suite executive layer conversation. So they're all great things. And I think we are, as an organization, incredibly well set to be able to capitalize on it. And with that, I'd just like to maybe give a little bit of context, a little bit of a reminder of the journey we've been on as we pivot to this organization.

Operator

We put in place a strategy that reflected many of these positive tailwinds I've just talked about and to evolve this business into something that is really fit for the future. This coincided the strategy launch coincided in very early twenty twenty three with a series of significant market shifts post COVID, which highlighted many of the operational issues within NCC Group. To give you a flavor, we had very high borrowings and therefore that limited our strategic flexibility. We were a fragmented and overly complex business in some places. That was the product of multiple acquisitions over a long period of time.

Operator

And many of these had not been fully integrated to drive their inherent value. We had limited global infrastructure and systems with a number of geographical silos, with also a complex product set and quite diverse product set. Finally, I think we had an incredibly diverse client base. And we had an overreliance and concentration risk on our major U. S.

Operator

Tech firms tech firm clients. All of that in the round highlighted some significant risks for the business. We've done a huge amount and I've got to pay credit to all of the colleagues within NCC for their incredibly hard work in shifting and changing the business in a relatively short pace of time. But we continue to evolve and we are now far better positioned and more with more resilience to adapt and capitalize on a very different market environment. So today, NCC looks and feels different.

Operator

We're significantly simpler and a more focused group. The judicious disposals that we've made, most recent of which we've just concluded, which was a very complex, highly regulated Fox crypto business, means we are now debt free, which gives us far greater resilience, but I think this is really important, also far greater flexibility and strategic options. We've also signed new financial facilities on very attractive terms to give ourselves greater financial firepower. And we have a world class technical capability now in Manila, which this makes us significantly more efficient and competitive. We're undergoing a journey of transformation.

Operator

I think that's very clear. Our client in both our client base and in terms of our operations. We've successfully secured a number of marquee clients on multiyear contracts as we shift from that low value transactional work I highlighted towards broader, deeper strategic relationships with those clients. Now the way I say we are at a pivotal point in our development from being that complex provider of transaction, single capability services into what we aim to be, which is a strategic cybersecurity partner for some of the world's leading organizations and for government divisions. So let me just take that and talk about why I think we win and we are able to win well in the market.

Operator

As I say, I'm now confident that we are well set to be the business we want to be. We've set the foundations, we've built it, we've now got to leverage it. And just to recap, our aim is to drive recurring revenues, either through direct sales of our managed services, security operation centers or other as a service offerings, and then upsell our professional services capability or use the strong relationships we build through our professional services to upsell either our managed services or security operation offerings. This is what we describe as our flywheel. We have all of the touch points within a client and it's about leveraging those relationship to get a broader, deeper set of client relationships.

Operator

The flywheel to deliver the full lifecycle of cybersecurity services. Now, this emphasizes why we're able to win and often actually displace our competition. The point of differential are things like we have a truly prestigious global client base, an absolutely outstanding set of client credentials. We have broad and very deep client capabilities and multiple clients touch points, as I talked about in terms of that flywheel. We're able now, thanks to the build of our global hub in Manila to deliver globally, competitively.

Operator

And we have a strong brand, particularly amongst the technical community who understand this domain and recognize the pedigree and capability within NCC Group. And I think there are proof points. And certainly as I look at this business, there are a number of things under the headline numbers, which I think really do reflect the trajectory which we've set and which we're executing on. So to give you some of those examples, in FY 2022, only 72% of our contracts exceeded GBP 50,000. In 2025, that's increased to 82%.

Operator

That means we are addressing that lower value transactional component, the tail within the business and driving value up. Now 57% of our contracts sold in FY 2025 exceed $500,000 That's compared with 31% in FY 2022, which is a significant shift into more strategic and therefore, visible impactful projects within clients. I talked about the flywheel and the multiple touch points in clients. Well, pleasingly, 48 of clients now use two or more of our capability areas. So it's a richer, deeper engagement with our clients.

Operator

Our average win rate in since FY 2022 has increased for contracts over 500,000 by 26%. That emphasizes we are moving to larger, stickier projects, and we're winning really well. FY 2022, we had no strategic global partnerships in the technology space. Now we have Microsoft, Dragos, Splunk, where we were awarded their Global Security Partner of the Year last year. And indeed last week, we were awarded their UKNI Security Partner.

Operator

We're also the paid research partner on behalf of Google, who we do security research on, and whose behalf we publish a number of research papers. There's significant and really, really key brands, which I think demonstrate the credibility and the reputation and the abilities of the colleagues within NCC. I talked about a shifting client base and types of projects, particularly in terms of that regulatory component, the momentum in that space. Our red team, which is effectively the true hacking team who operate in that regulated space have seen sales in H1 FY twenty twenty five double compared to previous years. And in fact, it's double the average of every half since FY twenty eighteen.

Operator

We're expecting revenue growth in that domain alone to be over 25%. Now it wouldn't be a cybersecurity conversation without highlighting a very topical area, which is ransomware. And clearly incidents remain widespread, although trajectionally they were maybe less in the first half. But what we've seen is a client's response tends to be to turn immediately to the embedded technology relationships. And this emphasizes to us the need to build and maintain long term conversations at a senior level within a client and to remain stickier as that is as those are the partners that clients will turn to.

Operator

I'm very pleased to say there are great examples of how we are continuing to support a number of clients in this domain. Now clearly, quite often, it's highly confidential. But there are names within the public domain, which I'm very happy to do mention such as the British Library. There's a very, very good case study about Ironman University where we supported them through a very targeted attack. And MicroLise is again another great example where we help them through a very challenging incident.

Operator

So great work from the team around that, and we continue to be able to respond and support clients around the whole ransomware agenda. Now clearly, if I think about our areas of focus, there are many positives. We operate in a positive marketplace, but it's fair to say we still have challenges as transform the business. And there are things we need to address and areas to invest. Historically, we've not invested enough in our sales and go to market, particularly around business development and marketing.

Operator

And as we see to reflect the focus of being a multidisciplinary cyber consulting business, that requires quite a shift. More specifically, we've also need to reengineer our sales and marketing so it's aligned to strategic client needs, meeting that Chief Information Security Officer, but more importantly, the C level executive layer buyers' requirements. So you'll see us focus on that in the months ahead. There is more to do to simplify our business. Whilst we've already done a huge amount, there's still a lot of work ahead to ensure we have a single coherent go to market strategy optimized around delivery across all of our operations and around the world, leveraging the investment we have made in improving our global systems.

Operator

While we don't degenerate accepted returns or have business that align to our global model, we will continue to rationalize. Finally, upskilling our people. We have a great track record on this and it remains a significant area for all of us to focus on. We're recognizing the opportunity also though to introduce more technology to drive greater efficiency. For example, we've got a really great partnership that is developed with leading providers like Horizon AI and their Node Zero technology, which will put AI at the heart of our penetrate our network penetration testing capability, driving significant efficiencies.

Operator

So how do I bring all that together? Well, I think if I put it all together, honestly say, I'm more excited about the prospects for NCC now than at any time since I've joined. The business fundamentally looks and feels very, very different. We've done an awful lot, huge program of change. And we made great strides forward to position ourselves as the business we want to be.

Operator

With the potential sale of S Code, we may shortly be able to deliver a significant return of value to shareholders. And that return of shareholder value remains front and center to our minds. After that, we'll be able to focus entirely on our cybersecurity division, which is a series of those unique capabilities and areas that where I think we are very well placed to win in a field that has never seen greater demand. Whilst the short term results for cybersecurity do not yet reflect, think the shift that we'd hoped, we've got great confidence that we are doing the right things and we'll do so before long. With that, I'm very pleased to pass over to Guy, who'll take you through some of the numbers.

Speaker 1

Fantastic. Thank you, Mike, and good morning to you all. So I'm going to spend a few minutes going through our financial performance as normal. So in summary, our revenue was down 4.9% for the overarching reasons that Mike's just set out, and I will provide a breakdown of in the coming few minutes. Strong operational control plus proceeds from the completion of the excellent crypto disposal at the March has resulted in a 97.6% increase in our profit before tax and a transformed balance sheet.

Speaker 1

So in the coming slides, we'll go into the details of the different drivers of all that at an adjusted measures level. I'm going to start with our income statement. So everyone will be pleased to see this is much simpler than the income statement we talked through in December as we've now fully adopted all of the accounting classification changes we announced a year ago. Overall group revenue dropped by £10,000,000 from the prior year, £256,800,000 driven by Cyber, with Escode delivering strongly. Adjusted profit after tax and earnings per share were largely insulated from the revenue fall off as we maintain the benefits of improved operational control of the business that we've established over the last three years.

Speaker 1

Our GP percent improved by 0.4 percentage points. Overhead gains made previously have held, and we've taken action in half one, which will yield incremental cost benefits in FY 2026. Our tax percentage dropped to 8.3% as a result of some North American research and development provision releases and a movement in unrecognized tax deferred assets. The resilience of the P and L and balance sheet is a result of the strategic actions, which Mike mentioned, and good delivery against the FY 2025 financial framework that I set out in December and is now shown on this slide. This is the set of financial metrics, which we hold ourselves accountable to and slot in directly against the strategy for the business.

Speaker 1

As I talk through each division in the coming slides, I'll pull out areas of strength and opportunity from the financial framework, and they and this absolutely remains relevant to us as we move forward to the second half of this year and into future years and beyond. So looking at divisional performance, I'm going start with Escode. It has been another excellent half for Escode. As Mike mentioned before, ten consecutive quarters of growth, an increasing number of strategic sales wins. This slide shows on the left hand side, as normal, the revenue in the bar charts by half for each of our three geographies of The UK, North America and Europe, with an income statement beneath it.

Speaker 1

And to the right hand side, it shows the revenue by our two service lines of escrow and escrow contracts, excuse me, and verification services. Overall, our adjusted EBITDA rose to 44.4%. That's up 3.1 percentage points year on year, and that's a result of better pricing, delivering efficiencies through the P and L and cost control towards the bottom line. The business is really well set for the second half of the year and for the future. I'm now going to take cybersecurity, and I'm going to do this across two slides.

Speaker 1

Firstly, talking about the geographical performance and splitting them out by market. And the second slide will show between our four capability service lines areas. So similar to ESCO, the left hand side shows the revenue over performance by our three key geographies of The UK and Asia Pac combined, North America and Europe, and the last four halves plus on the right hand side, we have the income statement. So revenues declined for the reasons that Mike referred to earlier. We focus our efforts on more strategic, better margin, but slower sales cycle engagements, while operating in a challenging investment market for our clients.

Speaker 1

What is pleasing is that the £10,200,000 drop off in revenue was mitigated through the P and L. And that's a result of solid utilization, leveraging our global delivery model that we should now have, improved MI and strong overhead control. This was not historically the case. If I look back to the first half and second half of twenty twenty three, our gross margins dropped to 3228%, respectively. Our resilience is playing.

Speaker 1

The UK held up strongly, pegged by Asia Pac, which dropped by about 11%. North America fell at 13% at constant currency. It's in this market where we are historically exposed to a greater proportion of transactional and compliance activity, which is under the greatest market pressure for the reasons that Mike mentioned earlier. We have naturally seen a greater drop off in revenue in this market as it's further to pivot, but it is on that journey and we can see that in the sales pipeline. Gross profit percentage of the market remained consistent with the previous period, which is in no small part due to the value of our investment in global delivery and in Manila, where we're now seeing more consistent normalized utilization.

Speaker 1

Our EU business going forward will not include the crypto revenue. As sale completed on the March 31, as Mike mentioned earlier, the revenue relating to crypto in the first half of the year was GBP 11,500,000.0. Let's look at the performance by capability. So our four capabilities of testing, consulting and implementation, managed services and digital forensics and incident response. MS saw some excellent new logo wins in the first half, with renewals increasingly competitive.

Speaker 1

So that did lead to a higher churn in previous periods. We're confident that the MS pipeline will continue to build and we're very focused on improving our renewals performance. TAS and C and I experienced in the half lower demand for compliance driven activity, but we're now benefiting from very strong performance in red teaming, as Mike mentioned, AI complemented services, identity and access management and so forth, where we have invested in the previous eighteen months. New logo wins in those new services are already building pipeline across our portfolio, and this is benefiting the flywheel that Mike mentioned earlier. So what has that meant for our net debt position overall?

Speaker 1

Our balance sheet is transformed. If we think back to May 2022, our net debt was £52,400,000 Since then, we've maintained our highly valued dividend policy for shareholders. We've taken advantage of the markets of the opportunity to make an acquisition of shares for our employee trust last December, and we have cleared all of our debts following the disposal of the crypto business in March. There was a working capital outflow of about GBP 7,000,000. This was around about GBP 5,000,000 higher than normal run rates, circa £3,000,000 £3,500,000 of that was as a consequence of bonus payments for the stub periods made to our colleagues in December 2024, which didn't occur in the prior periods in comparison, and the remainder was down to a seasonal swing in our movements between payables and receivables.

Speaker 1

As mentioned recently and announced, we have agreed a new rolling credit facility of GBP 120,000,000 for four years this spring. So in summary, despite the decline in cyber, there is a tangible improvement in the quality of our revenue in both businesses, and the ESCO momentum continues. Our gross margin has been excellent in ESCO, and we expect to hold those gains going forward, and we've demonstrated clear resilience in cyber. Cost has been controlled, and we've taken action which will reduce costs further in FY 2026, and the balance sheet is transformed. With that, I'm going to hand back to Mike.

Operator

Thank you, Guy. So in summary, we are continuing to strengthen the business to make it fit for the future. Adjusted EBITDA remains in line with previous guidance, thanks to the strong operational controls Guy highlighted. FY 2025 group revenues, excluding noncore disposals, to decline marginally but with a single digit growth for Xcode as that continues to perform strongly. Our current cyber pipeline is building, particularly in those areas of investment like operational technology and digital identity, and we expect to return to revenue growth in FY 2026.

Operator

And as I previously highlighted, the discussions regarding ESCO continue with interested parties and updates will follow as appropriate. With that, I'll conclude the formal part of the presentation and hand over for questions.

Speaker 2

Thank you very much. We have a number of questions that have come in. Our first question is where do you think you are subscale or missing higher value capability that can only be addressed organically, but potentially addressed through M and A?

Operator

Thank you. So to the area I think we've invested, we have the chassis and the framework for the business, we've hired the right leadership in some of those areas. Those are predominantly things like digital identity, which is at the core actually of every single breach pretty much. And also in terms of operational technology. To scale those, I think there will be a degree of organic, which we've already done in terms of the hiring and particularly in the leadership team.

Operator

But wherever there are opportunities for inorganic growth in those domains, we'll obviously look at them as long as they make financial sense. But the leadership and everything else being in place, I think gives us that the options around those areas. We do continue and we've talked about having strategic flexibility now, now the balance sheet has transformed, where there are opportunities to either to grow into areas through M and A, we will clearly look at.

Speaker 2

Damindu from Peel Hunt has a second question. Could you talk to some sustainable improvements that you've made to the cyber business across gross margin, global delivery, etc, that you think will show up when the market turns?

Operator

I'm just trying to sustainable. I think the global delivery has been a great example, how we're now able to shift work and have a single visibility of all of our delivery colleagues globally. We're able now to identify work and move it to be able to be delivered at a price point, which is commercially advantageous. I think that's one of our the core shifts from a systems perspective. From the perspective of building capability, I think what will come through in terms of our consulting and implementation offerings is now showing really good trajectory compared to where we were twelve months ago.

Operator

We had no leadership, no team that has been built from scratch. And I think that is starting to have a very positive impact, both in terms of the way we're winning work, actually displacing competition, but also starting to drive through come through in the revenue number. So I think those are some of the very positive things which we've seen embedded now in the business and starting to pay dividends. Guy, if there's anything you'd want to add to that?

Speaker 2

Thank you. Now in order of tank, where is the competition greatest? And where is it more manageable? For example, is compliance type TAS work now priced out for NCC? And is consulting somewhere you think that you can hold your own?

Speaker 2

And where managed services has not renewed, is it always down to pricing?

Operator

Right, there's quite a lot to unpick in that one. I'll try and do it. So from a compliance perspective, we're not priced out, we've now been able to position ourselves with that more flexible global delivery model, which I think is helping. There will some be some work that we I think we are now better informed to be able to make a decision on whether it is work we wish to pursue, that it was historically not the case. I think that's that is a really important strategic shift actually to have a much more discerning view about profitability.

Operator

We're not it's not perfect yet, but I think we've made some strategic some really significant strides in that. From a perspective of the renewals, I think there are a number of a number of things just to talk about. Firstly, I think the market, if we look at historically, NCC would have played in the mid market. That is an incredibly competitive area. There are a number of very small boutiques, frankly, work.

Operator

And I think, particularly in The UK context, and actually also in our sort of Northwest Europe, I think quite at times, NCC and Fox IT, our other brand there has been the party to displace or beat or emulate. So we are seeing aggressive competition in that domain. However, the converse side of that is we are winning incredibly important strategic enterprise clients. So that is offsetting it. So but that has been an area where we've seen some churn.

Operator

From a vendor's perspective, there is definitely a market shift from the point of view of we have a huge Splunk installed base as an example, with the Cisco acquisition. There's some changes in strategy there. But we're seeing a lot of competitors to Cisco and Splunk being very aggressive in the market looking to swap out in clients. As we get larger, more strategic, bigger deals, those are very different sales. So our sales experience needs to change.

Operator

So we need longer term relationships and a very different sales force to achieve that. So that's obviously had quite a bit of an impact. And also, if we look at the sort of the revenue mix in terms of those renewals, our original sort of mid market deal size was probably in the low $100,000 type region. We're now seeing 7 figure per annum recurring revenues from some of the strategic deals. So there's a bit of a revenue mix.

Operator

So it's quite a it's a fluid, very competitive market, the managed services space, but I think we're starting to see ourselves being positioned pretty well for the future.

Speaker 2

Thank you. Our next question is a number of listed cybersecurity companies have been talking about increased focus on cost takeouts and demand for flexible purchasing, basically reduced spend without reducing protection. Are you now better able to accommodate these requests given global resourcing and ability to price better due to better tooling like

Speaker 1

Yes.

Operator

So the answer the short answer is yes. It's very interesting. That is very much one of the strategic shifts and changes in buyer behaviors that I talked about. There is definitely a need for conversations within clients to be able to do more with the same or indeed more with less of driving efficiencies. That is one of those strategic conversations, which historically, we would just not have been positioned to be able to capitalize on, but it just become a price discussion.

Operator

Now we're far better to be able to talk about driving efficiencies, operational gains for clients whilst working in partnership. That is quite a seismic shift for us.

Speaker 2

Our next question is from Tintin at Deutsche Numis. Can you give a sense of the size and shape of the M and A you would consider in cybersecurity? Given historic problems in properly integrating previous acquisitions, how would you go about avoiding those?

Speaker 1

So we don't have a limit in our minds, either large or small. It would clearly need to be something which is strategically sensible for shareholders. So we're prudent about that and something we're very confident about being able to deliver. Mike has spoken at length over the last few years about getting to a kind of consistent chassis of the business and making sure that whatever we do is integratable into what we have rather than buying something to leave it as a bolt on other side of business. So that would be a clearly a very key criteria that it's something which we can execute.

Speaker 1

We've gone through an awful lot of change as a business. So internally, colleagues have delivered an amazing amount of change over the last two, three years, as Mike spoke about. And if we're going to bring more change to the business, we'll make sure that we can build on that capability we have now developed in terms of an ability to change and move the organization and adapt, and it would be kind of building on those strengths. Are we building on the strengths of the existing business rather than to fill in geographical weaknesses? I think we could certainly say it wouldn't be about flag planting into the Far East, for example.

Speaker 2

Dimindu has another question. Could you give us more color into the strategic high value contracts, so over £500,000 where you've made good progress on? What progress have you made across the key areas within cyber to move up value chain? For example, have you managed to double the red team size?

Operator

Yes. So let me give you an anonymous but real example of a recent win that we have, which is a utility company, where we are now and this is a 7 figure project. So it's not one of the 500 Ks at the Mindu. It is a 7 figure deal where we are helping them assess, design and then implement the operational technology and cybersecurity controls in that domain, which is a displacement of a very well known competitor. Those are the sorts of highly impactful projects, which are multi month in duration, which are something historically we probably would have done on a very ad hoc basis and would have been very unusual.

Operator

It's a great example, think, hiring the right leadership, putting the right team around them and driving that into the market. So that's one example. In terms of some of the managed services that we've we're now operating and TikTok again is one where I'd highlight the things we are doing there, which is just phenomenal in terms of frankly, users across the whole of Europe and engaging with the regulators to talk about some of those things. It's just a phenomenal example of really clever thinking, having strategic impact and huge value at a level where we are having regular touch points and engagement, not at the technical, not just at the technical level, security level, but actually at a senior regulatory, legal CEO to CEO conversation.

Speaker 2

Our next question comes from Julian Yates of Investec. Can you talk about how you see TES in a couple of years' time in terms of margins and mix of higher end value contracts? How much lower end do you think needs to fall away still?

Operator

Sorry, I missed that one, sorry.

Speaker 1

The question is on TAS, to what extent do we think the lower end will continue to fall away? And how should we think about margins? So I think on margins first, we're not seeing we now have a level of MI that never used to exist to be able to see what our profitability engagement says, and we're able to price on a profitability basis, whereas we used to price on a day rate basis. So there's definitely an element now of some of the fall away as we're not bidding for work, which was never going to be profitable, which I think we're pretty relaxed about. There are within the margin, though, even at the kind of the more transactional level, there are investments that we're making into the utilization of software and into the global delivery model in terms of where work is delivered and training, which will mean that we'll have a lower cost to serve model to our clients, which will enable us to reduce day rates for them providing better value.

Speaker 1

So we don't see this as something this is not bad work. This is good work. There's things that we can do through our globalized model to make that very compelling to come to us from a cost point of view, as well as the fact that we're renowned as having the very best people and people do a fantastic job. And the overlay to that is the demand profile is famously difficult to predict in those works. It does depend on, candidly, the overall investment environment for our clients and the way in which they're engaging programs and projects.

Operator

And just maybe just a couple of builds on that, because I think firstly, there's question about the red teaming, the highly regulated piece. Regulation is doing nothing but increasing. And the model of being able to use very skilled, capable individuals to test an organisation's defences is not going to go away from a regulatory perspective. We have probably the world's largest dedicated red team penetration testing capability. And they are frankly, outstanding, and have a brilliant reputation in the marketplace.

Operator

And that is where we're seeing significant growth from the perspective of from that regulatory piece. The other really important piece about the technical assurance work, and I think it's worth emphasising is there is the client buying patterns, then there's the skill sets. And I think we need to be careful not to conflate the two. Whilst the way clients may buy and what they may buy may not be at the point we want to generate profits. Those skill sets are highly useful.

Operator

And we are seeing in terms of our repositioning and the story with and the engagement we're having with clients, those skills are still incredibly useful to support clients in some of their strategic challenges. So for example, we've recently won a project for a client who again, I have remain anonymous, where we are providing at scale assurance over their code base. And so the technical assurance skill sets that we've got have been redeployed to support them on that strategic challenge. So still very useful, incredibly highly utilised, and as a result, incredibly profitable work. So rather than doing small transactional pieces of work using those skill sets, we're now deploying them on truly impactful strategic projects.

Operator

So I think differentiating between what clients are buying and how versus what our skill sets are and our skill sets remain incredibly in demand.

Speaker 2

Thank you. Our next question on consulting. You talk more about the growth coming through into H2 and full year 2026? Looks very strong. What are you delivering?

Speaker 2

Are you able to sell in a number of capabilities increasing client depth? And how sustainable or scalable would you see the path forward?

Operator

So the source of engagements that we are seeing around the consulting space, and I mentioned digital identity, operational technology and those change programs associated with those. Those are particularly sticky types of projects which are driving the pipeline growth from zero, from a starting base. So that's very good. If I take digital identity as a great example, those tend to be long term projects that can start with an assessment, a strategy piece, but then go into the implementation of various tools, driving operational efficiencies within the client. The really great thing that we've already seen from the very start point is they have a pull through of our other services as well.

Operator

And that's again, really fundamentally important to us, because what we want to drive it be able to drive is those multi capability relationships, where we have skills all brought together to solve the client's problem. And digital identity is proving a great example of that already.

Speaker 2

Our next question from Tintin again. Fox crypto contributed £11,500,000 of revenue and adjusted EBITDA of £2,900,000 within the half year results you announced. What was the year ago comparator? Was a 25% EBITDA margin. There areas of the cyber market you can enter that hold that level of margin to?

Speaker 1

So I will confess that I don't know the EBIT number from the same period for crypto on its own for the prior period. I'm going to have to get back to you on that, Tintin. Apologies.

Speaker 2

Follow on question from Dimindu. Can you talk to your go to market engine? How can this be better? For example, what sales motions are in place to sell more capabilities to the 52% or clients who use less than 2%? Can consulting be the spearhead for doing this?

Operator

The short answer is yes, consulting can be part of that. So again, if take the historic sales motion that we would have had in place, very traditional, it was almost a product sales mentality. So we have a sales team who would approach a client and sell our service, the service. What we are now seeing, particularly in those larger scale projects is whilst the initial opportunity may be identified by a salesperson, it is very much often it becomes a team sport where we have consulting are actively engaged to shape, scope, scale those opportunities. We have pre sales involved, we have a commercial team involved in terms of the pricing model.

Operator

So it becomes a whole team approach, which is, again, really very, very different, not only operationally, but culturally, from where we were two years ago. And I think some of those examples of the utility I gave, of the confidential client I gave of TikTok, you've seen that really coming through. And actually the engagement level and the way we manage stakeholders as a result of that on an ongoing basis is really fundamentally different. But it's something that we've got to scale. And again, we go from where we were to where we are, to where we want to be, that is an evolution, which is it's not easy to do.

Operator

It involves people. It's sometimes very easy to say, but you know, people are at the heart of this. And we've got to make that change culturally and bring some of our people on the journey with us fill that.

Speaker 2

Our next question is from Andrew Ripper of Panmure Liberum. Why did deferred revenue in the balance sheet fall by £6,000,000 year on year? How would you characterize the mix of business in TAS? How much is lower than how much is lower end transactional revenue?

Speaker 1

So in terms of the deferred revenue, I won't give a kind of detailed breakdown on that. There were some balance sheet movements and there's some seasonality swings as we've changed kind of the year end. So the second part of the question was the margin on lower end TAS work. Was that I think we don't see that as being different from other margin. I wouldn't want there to be and we're not going to start reporting gross margin by different kind of TAS capabilities, different skill sets within TAS.

Speaker 1

But we certainly don't operate on a basis of kind of loss leading or operating more commodity work at much lower margin. That's not way we operate the business.

Speaker 2

Our next question is from Oliver Tipping, Peel Hunt. Back at your Escode Capital Markets Day, which was about a year ago, you mentioned that you were starting out operations in Australia with a few with a view to formulate a blueprint for taking S Code to new geographies. I just wanted to check how this has gone. Do you feel there are opportunities abroad and where the brand is less well known, noting Europe and The U. S.

Speaker 2

Are both down?

Operator

So we did deploy capability to Australia. That front and literally from a standing start, we started to see positive progress in terms of pipeline and revenues from that point of view. It is generating, I think, a good option for us for the future. We're seeing probably more significant opportunity developing in The Middle East. And I know we talked about at the Capital Markets Day, some of the client wins such as Doha Metro.

Operator

We've seen that trajectory continue, which gives us some really really positive feel for what the opportunity is in that as a market. And we continue to look at options and how best to invest in that as a geography. So definitely starting to see some of those things. And we definitely believe that there is upside in other geographies, particularly where there is increasing regulation for escrow type services.

Speaker 2

Our next question from Martin O'Sullivan at Shore Capital. Have you noticed any shifts in the competitive landscape, such as changes in day rate pricing or increased activity in cyber from value added resellers?

Operator

Well, from value added resellers. I can't say they're the competition that we have seen most of. The competition tends to be from a consulting services type perspective. We are definitely seeing price pressures. And I mentioned particularly around that renewal space where there are a number of boutiques who are trying to buy market share and trying to grow aggressively with all of the challenges that subsequently come from that.

Operator

But those tend to be our main sort of areas of competition. Again, it depends by service. Quite often, can range from the sort of the mega SIs to some particular niche boutiques, depending upon the service and the client requirement.

Speaker 2

We have another question from Andrew Ripper. How much visibility do you have in cyber? Can you quantify the pipeline and how that's changed in the last six to twelve months? How much confidence can you have in the return to growth in full year 2026? And do you expect that return to growth to happen in the first quarter of that financial year?

Speaker 1

So we now have single instance of sales force across the whole organization. That's part of the transformation change, and we're kind of we're seeing improved disciplines about how that's being used. We can see by month and the sales pipeline by stage is now set out. And we can see very clearly that the opportunity creation that Mike spoke about back in December actually has converted into sales orders and particularly in kind of particularly in consulting and to a lesser but positive extent in TAS, we can see how that's turning into confirmed sales now and is beginning to drop into the diary into the second half of the year. So yes, that does give very good confidence.

Speaker 1

I'm expecting strong growth in consulting in the second half of this year off the back of seeing what we can see in sales force and what's in the diaries. And yes, we're pretty confident we'll return to growth in FY twenty twenty five six, excuse me. We're in 2025.

Speaker 2

We have another question from Martin O'Sullivan. I'd be interested to hear your thoughts on AI agents that simulate ethical hackers and offer continuous penetration testing as a service. I believe you mentioned that your deployment of Horizons three AI is expected to deliver significant efficiency gains. Could you elaborate on how those benefits will be achieved and when your team will be fully up and running with these AI driven pen testing agents?

Operator

So yeah, absolutely. So if take our partnership with Horizon three AI, that is a great example where we've taken the view it is about partnering with the best in the marketplace, embedding it in our with our talent to drive an efficiency in the way we deliver particular elements of our work. So reducing the amount of frankly time that a consultant has to work on particular type of test by using the agents is a big part of that. We're also deploying agents increasingly within the context of our managed services. That's really important.

Operator

Within our own organisation, from an operational perspective, we're also using AI to help drive efficiencies in terms of, for example, proposal generation. That's another element of our AI strategy. But it continues to evolve. I think AI is about use cases, it's not about the technology, and really understanding how you deploy it. A great example is we've been very clear upon the strategy about node zero and how we deploy that in our network penetration testing.

Operator

We have a team which have deployed it, they've taken it to market, they're working very closely with our sales team in a geography, proving it working closely with clients, refining it, and then we're rolling it out on global basis. So like I say, this is evolving really quickly. AI is clearly the top of mind for many people. But having a very clear use case, and being very deliberate about how you execute on it is pretty key.

Speaker 2

We have two questions now from Bob from Zoos. Digital forensics and incident response revenues have fallen consistently for four quarters straight. What trends are you seeing in that business and market?

Operator

So by the nature of incident response, it's highly flexible. Increasingly, we're deploying people and teams from across the business as part of an instant response rather than it being all about a single dedicated team. It requires a multidisciplinary response, whether it's from so great example, if we are supporting a breach, actually, an increased part of it would be the crisis management component, which comes from our consulting domain. A big part of the sort of the response would come from our engineering domain. So in technical assurance, for example, and the incident response team are very much the blue light responders.

Operator

The flex, and this is a really important part in terms of having the multi capability and multidisciplinary team. It is about all of them coming together to deliver something to a client. So it's not always just about the individual team. But incidents, I think are do vary, you know, I think we saw a reduction in the number of incidents we certainly responded to in the first half. That is going to change significantly in the second half.

Operator

So there is a flexibility to it. But I would bake it all together in terms of how we're servicing clients rather than very much it's a small team doing one thing.

Speaker 2

His follow on question is, we did not see a reiteration of medium term guidance in your press release. Are you still confident of reaching mid teen growth in margins in cybersecurity?

Speaker 1

Yes. So what we'd expect to see next year is revenue growth of 4% to 5% in cyber in terms of what we can see in the books at the moment. We'd expect our gross margins to tick up a tickle from where they are today, back to the kind of 37%, which we normally talk about, 37%, 38%. Are inevitably most businesses are facing some cost headwinds, and we're also got the benefit of some cost saving activity that we've done. I do believe we're on track towards head towards mid teens EBITDA, and we can absolutely see a kind of a route to getting there.

Speaker 1

Whether we get there in FY 2026 will depend a little bit on some of the market tailwinds and how consistent the investments arena remains for our clients.

Speaker 2

We have one last question. The cybersecurity platformization vendor rationalization seems to be in full swing. And when you listen to results meetings from the likes of Palo Alto Networks, Zscaler, CyberArk, CrowdStrike, it sounds like managed partners and integrators are crucial enablers for them. Are you taking active steps to broaden your vendor relationships beyond the ones you mentioned?

Operator

Yes. We are, it is a very active element of our strategy. And I do come back to the point I made in the slide deck, which is in 2022, we had zero. Now we've got some of the largest in the world. And again, I think it's it's it's a testament to the hard work because these require legal support.

Operator

Legal have you know, our legal team have been very actively engaged on a number of topics We've gone through the process for the last few years, not least three disposals. So the answer is yes. And we have a very active plan. We are very close to a number. It is an element of our strategy.

Speaker 2

Thank you very much. There are no further questions. So Mike, I'll hand back to you for any closing remarks.

Operator

I will just close by saying thank you very much, again, reflecting my thanks to the whole of NCC Group for an incredible amount of work to get us into a far more resilient position. I'm very confident for the future and an exciting times ahead. Thank you very much.

Powered by Quartr