CROSSWORD
CYBERSECURITY
PLC
Crossword Cybersecurity plc
60 Gracechurch Street, London EC3V 0HR
e: info@crosswordcybersecurity.com
twitter: @crosswordcyber
t: +44 (0) 20 8973 2350
CROSSWORD
CYBERSECURITY
ANNUAL REPORT & ACCOUNTS
2019
173449 Crossword Cybersecurity Cover.indd 1-3
173449 Crossword Cybersecurity Cover.indd 1-3
24/04/2020 23:40
24/04/2020 23:40
�173449 Crossword Cybersecurity Financials Pt2 AGM.qxp_173449 Crossword Cybersecurity Financials Pt2 AGM 23/04/2020 11:08 Page 67
Company Information
DIRECTORS
Sir Richard Dearlove (Chairman)
T Ilube (CEO)
Dr D Secher
Professor D Stupples
A Gueritz
G Matthew
R Anderson
M Dowd
REGISTERED NUMBER
08927013
REGISTERED OFFICE
60 Gracechurch Street
London
EC3V 0HR
INDEPENDENT AUDITOR
MHA MacIntryre Hudson
Chartered Accountants & Statutory Auditors
NOMAD
CORPORATE BROKER
6th Floor
2 London Wall Place
London
EC2Y 5AU
Grant Thornton LLP
30 Finsbury Square
London
EC2P 2YU
Hybridan LLP
20 Ironmonger Lane
London
EC2V 8EP
Crossword Cybersecurity plc is the parent company of the
Crossword group of companies which focuses on the cyber
security sector. The Group’s strategy is the development
and commercialisation of university research based cyber
security related software and cyber security consulting.
Revenue is generated by selling the Software as a Service
products direct to end user companies or via partners.
This is supported by Crossword’s team of expert cyber
security consultants, who leverage years of experience
in national security, defence and commercial cyber
intelligence and operations to provide advice on cyber
security risk and mitigation, strategy, assessment and
transformation and other cyber security related matters.
CONTENTS
STRATEGIC REPORT
Chairman’s Statement
Chief Executive Officer’s Statement
Performance Review
Section 172 Statement
Principal Risks
CORPORATE GOVERNANCE
The Board
Corporate Governance Report
Directors’ Report & Statement of
Directors’ Responsibilities
Independent Auditor’s Report
FINANCIAL STATEMENTS
Consolidated Financial Statements
Notice of AGM
Company Information
2
4
6
7
8
14
19
31
34
42
62
IBC
For more information visit
www.crosswordcybersecurity.com
173449 Crossword Cybersecurity Cover.indd 4-6
173449 Crossword Cybersecurity Cover.indd 4-6
24/04/2020 23:40
24/04/2020 23:40
�2019 HIGHLIGHTS
Revenue increased by 22% to £1.3m
Product and Consulting revenue increased by 51%
Cash at 31 December 2019 was £1.5m
Received £1.4m in funding
2
0
1
9
A
N
N
U
A
L
R
E
P
O
R
T
&
A
C
C
O
U
N
T
S
1
.
S
T
R
A
T
E
G
I
C
R
E
P
O
R
T
1
28/04/2020 08:39
28/04/2020 08:39
CROSSWORD
CYBERSECURITY
Collaborating with Leonardo MW and NCC Group to use Rizikon
Nixer Cyber ML released
Rizikon V2 released
vCISO (virtual Chief Information Security Officer) solution launched
CREST Penetration Testing Provider Accreditation achieved
Supported 3 charities
173449 Crossword Cybersecurity Front-end.indd 1
173449 Crossword Cybersecurity Front-end.indd 1
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS
�Chairman’s Statement
The financial year ending 31 December
2019 saw Crossword Cybersecurity
plc complete its first successful year
on AIM, the London Stock Exchange’s
growth market. In this report, I am
delighted to provide an overview of the
year and on finance and governance.
Following this overview, the CEO’s
report provides a detailed review of the
business, together with commentary on
the company’s finances and operations.
A Strategy based on Cyber Security Intellectual
Property
Crossword’s strategy is to build a significant intellectual
property based, AIM quoted cyber security business. Crossword
is a technology commercialisation business focusing on cyber
security. The Group develops and commercialises university
research based cyber security related software and provides
cyber security consulting services.
Crossword ended the financial year with a growing set of
Rizikon Assurance clients, a very strong Rizikon sales pipeline
and a fast-growing specialist cyber security consulting team.
The Group was successfully admitted to AIM at the end of 2018
and we are very pleased with the progress that we have made
at the end of our first year as an AIM listed company.
The Board is excited by Management’s ambitious growth plans
and is fully supportive. We are confident that our plans will
create sustainable shareholder value.
Strong Financial Management
During the period under review, the Board and Management
have continued to adopt a robust set of financial controls.
Finance Director, Mary Dowd, has reviewed and strengthened
our procedures and the company has comfortably adapted to
life on AIM.
2
173449 Crossword Cybersecurity Front-end.indd 2
173449 Crossword Cybersecurity Front-end.indd 2
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�REVENUE
£1.3m
Increased 22%
from £1.07m in 2018
We strengthened the Group Balance Sheet at the end of 2019
by receiving £1.4m in convertible loans. I would like to thank
shareholders for their continued support for Crossword’s
strategy and we are pleased to have seen this reflected in our
share price over our first year on the market.
Continued Strong Governance
The Directors fully understand the importance of high
standards of corporate governance and I refer you to the
Chairman’s Corporate Governance Statement on page 19 of
this report. The Board has adopted the Quoted Companies
Alliance (“QCA”) Corporate Governance Code (the “QCA Code”)
in line with the London Stock Exchange’s requirement for all
AIM listed companies to adopt and comply with a recognised
corporate governance code appropriate to the nature,
complexity and scale of the Group. In addition, we ensure that
we maintain high standards throughout the Group by operating
a robust framework of controls, and more details can be found
in the Director’s Report. The Board believes that, to deliver
our corporate strategy, generate shareholder value on a
sustainable basis and safeguard all of our stakeholders’ long-
term interests, effective corporate governance is essential.
Growth is Accelerating
We have made great progress over the last twelve months.
The growth in our core businesses of product sales and
consulting has been accelerating, as we shift the focus from
software development activity to commercialisation. The cyber
security sector as a whole continues to flourish and with a
first-class team, a new dedicated Group Sales Director in place
and a solid and stable AIM listed business, Crossword sees
opportunities opening up rapidly in the year ahead.
Our diverse and talented employees are the reason why
Crossword continues to be successful and I would like to
thank all of them for their hard work and dedication, as well
as our university partners, business partners, suppliers and
shareholders for their continued support. We are very confident
that Crossword will achieve its goals over the coming years.
Sir Richard Dearlove KCMG OBE
24 April 2020
173449 Crossword Cybersecurity Front-end.indd 3
173449 Crossword Cybersecurity Front-end.indd 3
3
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Chief Executive Officer’s Statement
As Chief Executive Officer, it is my
pleasure to present the annual report
and audited accounts for Crossword
Cybersecurity plc (“Crossword” or the
“Company” or the “Group”) for the
financial year ended 31 December 2019.
2019 has been a year of solid commercial growth for Crossword,
the technology commercialisation company focused on cyber
security. This was Crossword’s first year as an AIM listed
company and we grew into this new status with confidence and
certainty. By the end of 2019 we had built a multi-million pound
sales pipeline, closed a range of new deals across a variety of
sectors, launched Rizikon v2.0, a significant upgrade to Rizikon,
Nixer CyberML and an exciting new Consulting service called
vCISO (virtual Chief Information Security Officer). We also
secured £1.4m convertible loans to strengthen our balance
sheet as we go into 2020.
Crossword’s ambition is to build a large scale listed cyber
security business. To assist in this journey, in early 2019 we
announced the creation of a world class Advisory Board, chaired
by Dr Robert Coles, former Chief Information Security Officer
of GlaxoSmithKline. Professor Nick Jennings, Vice-Provost of
Imperial College and former Chief Scientific Adviser on national
security to the UK Government, Dr Una-May O’Reilly a leading
AI expert from MIT and General the Lord Nick Houghton (Baron
Houghton of Richmond), former Chief of Defence Staff, UK
Armed Forces also joined the Advisory Board. Dr Robert Coles
also recently took over the role of Chairman of Crossword
Consulting Ltd, our consulting subsidiary, where we will be able
to draw directly on his experience as KPMG lead partner on
cyber security.
4
Crossword continues to work and build relationships with
a wide range of universities. We conducted further detailed
analysis of a variety of university-based cyber security research
projects. In addition, the Company was engaged to support
a programme run by KTN (the UK Government backed
Knowledge Transfer Network) to assist university spin outs.
This involved working with cyber security spin out teams from
the Universities of Southampton, Kent, Glasgow, Bournemouth,
Coventry, De Montfort, Wolverhampton, Gloucestershire, Royal
Holloway University of London and Oxford.
We achieved a major step forward with our core product,
Rizikon Assurance with the launch of RA v2 at a high profile
event hosted at the Magic Circle in London, attended by clients,
prospects, investors, partners and the media. RA v2 includes a
new dashboard and scorecard, giving clients a 360° view of all
supplier risks. RA v2 also incorporates CreditSafe integration,
for the first time bringing supplier credit referencing directly
into the product. We believe with the launch of RA v2 we now
have the most comprehensive supplier assurance platform
on the market. At the same time, we also announced
Crossword’s Rizikon Supplier Assurance Framework (RSAF),
providing a structured framework for clients to work through
their approach to managing and assuring large numbers
of suppliers.
In addition to the major advances of Rizikon, at the end of 2019
we also released our second product, Nixer CyberML, the family
of machine learning libraries tackling growing cyber security
problems faced by large online companies such as credential
stuffing. We intend to start promoting Nixer CyberML actively
in the first half of 2020. We are making very good progress
on our third product, drawing upon university research in the
areas of applying AI to complex and very large scale cyber
security challenges. We look forward to making some exciting
announcements about this activity in the coming months.
One area of focus for Crossword in 2019 was to develop major
commercial partnerships, and I am delighted to report that we
were very successful on this front. We have now established
173449 Crossword Cybersecurity Front-end.indd 4
173449 Crossword Cybersecurity Front-end.indd 4
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�go to market relationships for Rizikon with two major industry
partners, NCC Group plc and Leonardo MW Ltd and we expect
to reap the reward of these partnerships during 2020.
NCC Group plc is the global expert in cyber security and risk
mitigation. Trusted by over 15,000 clients worldwide, NCC
operates in 12 countries. Crossword is collaborating with NCC
on third party cyber security assurance. Crossword also signed
an MoU with Leonardo MW Ltd, the global high-tech Aerospace,
Defence and Security company. With revenues of over €12
billion, Leonardo is a top ten player in aerospace and defence
worldwide. It targets its cyber security offerings at Government,
Defence and Critical National Infrastructure both in the UK and
internationally.
In addition to the 2 partnerships formed in 2019, Crossword
was also pleased to announce in April 2020 that we will be
collaborating with leading security reseller and managed
security services provider Satisnet Limited on the provision of
third party assurance technology to its clients, as part of the
expansion of Crossword’s partner programme.
With continued focus on sales and marketing activity,
Crossword has seen a huge leap forward on the strength of
our sales pipeline and an increasing number of deals being
closed as the pipeline comes through to maturity. We recruited
a dedicated Group Sales Director, Sean Arrowsmith, at the
end of 2019 and he is set to drive sales forward in 2020. Sean
has around 20 years of IT sales experience, mostly in the
cyber security arena and joins with a wealth of relationships.
We entered 2019 with a Rizikon sales pipeline of qualified
opportunities worth £1.4m across over 30 companies and over
the course of the year we more than doubled this pipeline
to almost £4m across over 200 organisations. In addition to
this pipeline there are several large, long term bids that we
are currently working on in conjunction with our partners.
The Rizikon sales pipeline is converting nicely into contracts
proving that Rizikon clearly has traction in the market now.
Clients ranging a FTSE 250 chemicals company, to the Nursing
Midwifery Council, a large IT supplier and multiple Borough
Councils including Peterborough, East Hants and Stevenage
all signed up to Rizikon during the year. NCC Group, our
partner, has already announced its first Rizikon client, a major
government department, and has a healthy pipeline of their
own Rizikon prospects that they expect to start closing in
early 2020.
Meanwhile, Crossword’s consulting business, with its mix of
blue-chip cyber risk consultants and technical cyber security
experts, doubled in size once again. We worked with 35
consulting clients in 2019, building a reputation in areas such
as insurance consulting where we now have several clients
and winning our first FTSE250 client. In 2019 we launched a
new consulting service called vCISO (Virtual Chief Information
Security Officer). This service provides a flexible, monthly
packages of cyber security support and reporting services to a
client on an ongoing basis. We signed our first major vCISO deal
with a global financial services institution, our single biggest,
multi-year recurring revenue deal to date and we enter 2020
with a strong pipeline of potential vCISO deals ahead of us.
2020 is set to be a big year for Crossword. There is no let up in
the deluge of major cyber security incidents that organisations
are facing, ranging from the second biggest data loss in history,
900 million records stolen from First American, the real estate
title insurer, to Travelex £4.6m ransomware attack and Biostar2
data breach involving 1 million fingerprints used by the UK
Metropolitan Police and other agencies. The Company has
just completed a placing of 363,617 Ordinary Shares to raise
£836,319. In addition, I intend to subscribe on the same terms
for 73,914 Ordinary Shares to complete the total fundraise of
£1 million following the end of the current close period,
following the publication of these 2019 results. I am
delighted with the continued support we have received from
our shareholders in this latest fundraising. Our pipeline is
standing at approximately £6m split between both products and
consulting and these funds will enable us to continue to drive
business growth over the next 12 months. With the market
turbulence caused by COVID-19, our first priority is the welfare
of our staff and all stakeholders. Our flexible approach enabled
us to quickly and effectively implement remote working before
it was mandated, with minimal impact on clients and sales
activity.
Crossword’s clients and opportunities exist in multiple sectors,
some of which have clearly been affected by the pandemic, and
some of which are seeing increased activity as cyber security
becomes even more important. Our Rizikon Assurance product
pipeline continues to grow and represents nearly £4m out of
the £6m total pipeline, and we are engaged in several large-
scale bid situations. However, we have also seen some clients
delaying the start of new projects, and we remain in close
contact with them. We will also monitor any potential impact
on our own business and are in a position to take advantage of
Government support and take other actions if and when they
are required. With Sean Arrowsmith, our new Group Sales
Director, in place the Company will continue to focus on sales
and marketing activity across product and consulting, to drive
up revenue rapidly.
Crossword’s team has nearly doubled to 40 across our
Richmond, London and Krakow, Poland staff. We are also
delighted to be engaging as a whole team with charitable
activities. The Richmond team has adopted SPEAR, a local
homelessness charity to support with a variety of fundraising
activities. We take real pride in our culture as a responsible,
open, flexible and learning company. I would like to take this
opportunity to thank everyone who has enabled us to make
such outstanding progress in 2019 and look forward to the next
stage of our exciting journey.
Tom Ilube CBE
Chief Executive Officer
Crossword Cybersecurity PLC
24 April 2020
173449 Crossword Cybersecurity Front-end.indd 5
173449 Crossword Cybersecurity Front-end.indd 5
5
25/04/2020 02:47
25/04/2020 02:47
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Performance Review
Financial Review
FINANCIAL POSITION
Crossword Cybersecurity plc finished the year with a strong cash balance of £1.5m.
RESULTS
Year on year revenue increased by 22% to £1.3m, with SaaS (Software as a Service)
and Consulting revenue increasing by 51%. Total Comprehensive Loss for the year
was £2.1m.
Total cost of sales and administrative expenses increased by almost £0.3m, driven
by staff costs increases of almost £0.5m, and a reduction in professional fees of
£0.3m reflecting the costs of AIM admission in 2018. Additionally direct costs of
sales increased as third parties support the delivery of the vCISO (virtual Chief
Information Security Officer) service launched during the year.
Total staff costs increased by £455k, which included increases in staff numbers in
Consulting, Sales and Finance, as bookkeeping was taken in house during 2019.
REVENUE
£1.3m
Other administrative expenses, increased, primarily as a result of the increase in staff numbers. Additional insurance and
professional fees were experienced as a result of being listed on AIM. Marketing Spend more than doubled in the period.
FUNDS RAISED
Convertible loan notes of £1.275m were issued in Dec2019 followed by a further £0.125m in January 2020. The main terms of
the loans are 3 years, 12% interest rate payable quarterly, option to convert to ordinary 5p shares,.at £4.80warrants to convert
10% of the loan at the conversion price of £4.80. On 20th April the Company announced that it has undertaken a fundraising of
approximately £1million through a placing and proposed subscription of Crossword ordinary shares of 5p each (“Ordinary Shares”)
at a price of 230 pence per share. Please refer to Note 21 Subsequent events.
CASHFLOWS
Net cash outflows in 2019 were £0.7m. Excluding proceeds from issue of loan notes, net cash outflows were £1.7m
(£2.3m in 2018).
TAXATION
The Group continues to claim Research and Development tax credits, with £167k accounted for in 2019 (£192k in 2018).
KPIs
6
173449 Crossword Cybersecurity Front-end.indd 6
173449 Crossword Cybersecurity Front-end.indd 6
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
�Section 172 Statement
The requirements of section 172 (1) (a)-(f) of the Companies Act 2006 have been addressed in the Strategic Report and the
Corporate Governance Report. The directors act in the way he/she considers, in good faith, would be most likely to promote the
success of the company for the benefit of its members as a whole, and in doing so have regard (amongst other matters) to:
(a) the likely consequences of any decision in the long term
(b) the interests of the company’s employees
(c) the need to foster the company’s business relationships with suppliers, customers and others
(d) the impact of the company’s operations on the community and the environment
(e) the desirability of the company maintaining a reputation for high standards of business conduct, and
(f) the need to act fairly as between members of the company
173449 Crossword Cybersecurity Front-end.indd 7
173449 Crossword Cybersecurity Front-end.indd 7
7
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Principal Risks
The Board has overall responsibility
for ensuring that risk is appropriately
managed throughout the business.
The Board is aware of the need to conduct regular risk
assessments to identify any deficiencies in the controls
currently operating over all aspects of the Company.
Risks to the achievement of strategic objectives are identified
by the Executive. The degree of risk is evaluated with reference
to the impact and probability of the risk, considering inherent
and residual risk. The Executive considers the nature and
extent of the risks, the threat of such risks becoming reality,
the ability to reduce the incidence and impact on its business if
the risk materialises, and the costs and benefits resulting from
operating relevant controls.
A Risk Register is prepared and regularly reviewed by
the Executive, and shared with the Audit Committee for
independent review and robust challenge. The Risk Register
includes a plan for mitigation of risks above the risk appetite of
the business.
Risks relating to the Group and the industry in
which it operates
INTELLECTUAL PROPERTY ACQUISITION AND
DEVELOPMENT
Crossword acquires intellectual property (IP) rights from
universities via licensing and IP transfer arrangements and
then develops this IP into commercial products. Failure to
secure good quality IP deals and to quickly and appropriately
meet new cyber security challenges, will make it difficult for
the Group to generate new products.
The success of this strategy depends on the ability of
Crossword to source suitable IP and use its expertise in
business management, marketing and product development
to build solutions attractive to its potential customer base.
Ultimately, Crossword will only succeed if it is able is to design,
develop and sell new software solutions in a timely fashion that
deliver operational reliability and effectiveness.
TECHNOLOGICAL CHANGES
Generally, product markets are exposed to rapid technological
change, changes in use, changes to customer requirements
and preferences, services employing new technologies and
the emergence of new industry standards and practices. The
Group operates in a market with such changes which have
the potential to render the Group’s existing technology and
products obsolete or uncompetitive.
To successfully remain competitive, the Group must ensure
continued product improvement and the development of
new markets and capabilities to maintain a pace congruent
with changing technology. This added strain may stretch the
Company’s capital resources which may adversely impact the
revenues and profitability of the Company. The Company’s
success is dependent on the ability to effectively respond and
8
173449 Crossword Cybersecurity Front-end.indd 8
173449 Crossword Cybersecurity Front-end.indd 8
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�adapt to technological changes and changes to customer
preferences. There can be no assurance that the Company will
be able to effectively anticipate future technological changes or
changes in customer preferences. Furthermore, there is also
no assurance that the Company will have sufficient financial
resources to effectively respond in a timely manner if such a
change is anticipated.
REPUTATIONAL RISKS
As a cyber security company, Crossword is very conscious of
its external reputation. If the Group is compromised as a result
of a cyber incident, it would impact its clients’ confidence.
Crossword has an experienced cyber security expert acting
as its Chief Information Security Officer (CISO) and a strong
technical team who actively seek to mitigate threats.
Nonetheless, should an event take place which adversely
affects the reputation of the Group, its future prospects and
value could suffer.
COMPETITION
There is no guarantee against new entrants or current
competitors providing superior technologies, products or
services to the market. There is no certainty that new entrants
or current competitors will not provide equivalent products for
a lower price. The Company may be forced to make changes
to one or more of its products or to its pricing strategy to
effectively respond to changes in customer preferences in
order to remain competitive. This may impact negatively on the
Company’s financial performance.
The Group’s consulting division operates in an environment
that includes large international accounting firms and
consultancies and a number of smaller niche players. There
are very low start-up costs for any new entrant into the market
and the Group cannot prevent any person or organisation
from seeking to compete with it. There is a risk that an
existing competitor or a new entrant may, over time, be able
to win work from the Group’s existing and future customers.
In addition, larger competitors may, in the future, adopt
more aggressive expansion strategies, which could include
hiring additional experienced consultants and changing their
business model and service offering to one that is directly
comparable to that of the Group. This could, in theory, result
in a material loss of customers from the Group to larger
competitors and, therefore, have a material adverse impact on
the financial performance of the Group.
KEY SYSTEM FAILURE, DISRUPTION OR
INTERRUPTION
The Group’s reliance on technology exposes it (the Group)
to a significant risk in the event that such technology, or
the Company’s systems, experience damage, interruption
or failure in some form. A malfunctioning of the Company’s
technology and systems, or those of key parties, could result in
a diminished confidence in the Company’s services, resulting
in a consequential material adverse effect on the Company’s
operations and results.
DEPENDENCE ON THIRD PARTIES AND BUSINESS
CONTINUITY
Key components of Crossword’s technology platform may
be dependent upon the continuing availability of a particular
supplier.
The software development environment or data processing
platforms may become unavailable for an extended period of
time, thereby disrupting customers’ experience of Crossword’s
products and services.
Crossword’s business is at risk from disruption of key systems
and assets upon which it depends. The functioning of the IT
systems on which it relies could be disrupted for reasons
173449 Crossword Cybersecurity Front-end.indd 9
173449 Crossword Cybersecurity Front-end.indd 9
9
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Principal Risks continued
General business risks
TAXATION RISK
The Company is subject to taxation and the application of such
taxes may change over time due to changes to legislation,
regulations or interpretations by the relevant tax authorities.
Whilst no material changes are anticipated in such taxes,
any such changes may have a material adverse effect on the
Company’s financial condition and results of operations.
The continuing status of the ordinary shares as a qualifying
holding for VCT and EIS purposes will be conditional,
amongst other things, on the qualifying conditions being
satisfied throughout the period of ownership. There can be
no assurance that the Company will continue to conduct its
activities in a way that will secure or retain qualifying status for
VCT and/or EIS purposes.
COUNTERPARTY CREDIT RISK
There is a risk that parties with whom the Company trades
or has other business relationships (including partners,
customers, suppliers, subcontractors and other parties) may
become insolvent. This may be as a result of general economic
conditions, factors specific to that Company, or exceptional
circumstances such as COVID-19. In the event that a party
with whom the company trades becomes insolvent, this could
have an adverse impact on the revenues and profitability of the
Company.
either within or beyond its control, including, but not limited
to: accidental damage; disruption to the supply of utilities
or services; security breaches; extreme weather events;
systems failure or workforce actions. There is a risk that such
disruption may materially and adversely affect Crossword’s
ability to offer services to customers and, therefore, materially
and adversely affect its reputation, performance or financial
condition.
ABILITY TO RECRUIT AND RETAIN SKILLED
PERSONNEL
The Company believes that it has the appropriate incentive
structures to attract and retain the calibre of employees and
contractors necessary to ensure the efficient management
and development of the Company. However, any difficulties
encountered in hiring, and retaining, appropriate employees
and/or contractors and the failure to do so, or a change in
market conditions that renders current incentive structures
lacking, may have a detrimental effect upon the trading
performance of the Company. The ability to attract new
employees and contractors with the appropriate expertise and
skills cannot be guaranteed.
FINANCIAL CONTROLS AND INTERNAL REPORTING
PROCEDURES
The Company’s future growth and prospects will depend
on its ability to manage growth and to continue to maintain,
expand and improve operational, financial and management
information systems on a timely basis, whilst at the same time
maintaining effective cost controls. Any damage to, failure of or
inability to maintain, expand and upgrade effective operational,
financial and management information systems and internal
controls in line with the Company’s growth could have a
material adverse effect on the Company’s business, financial
condition and results of operations.
10
173449 Crossword Cybersecurity Front-end.indd 10
173449 Crossword Cybersecurity Front-end.indd 10
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�LEGAL RISK
Legal risks include the inability to enforce security
arrangements, an absence of adequate protection for
intellectual property rights, an inability to enforce foreign
judgements relating to contracts entered into by the Company
that are governed by law outside England and Wales, absence
of a choice of law, and an inability to refer disputes to
arbitration or to have a limited choice with regard to arbitration
rules, venue and language.
Mitigation measures for these risks may also be limited.
INSURANCE RISK
There can be no certainty that the Group’s insurance cover is
adequate to protect against every eventuality.
The occurrence of an event for which the Group did not have
adequate insurance cover could have a materially adverse
effect on the Group’s business, revenue, financial condition,
profitability, results, prospects and/or future operations.
ECONOMIC CONDITIONS
The Group could be affected by unforeseen events, such as
COVID-19, outside its control including economic and political
events and trends, inflation and deflation or currency exchange
fluctuations, potentially driven by Brexit. Any economic
downturn, either globally or locally, in any area in which the
Group operates may have an adverse effect on the demand for
the Group’s products and services. A more prolonged economic
downturn may lead to an overall decline in the volume of
the Group’s activities and sales, restricting the Group’s
ability to realise a profit. The markets in which the Group
offers its services are directly affected by many national and
international factors that are beyond the Group’s control.
Crossword’s clients and opportunities exist in multiple sectors,
some of which have clearly been affected by the COVID-19
pandemic, and some of which are seeing increased activity as
cyber security becomes even more important. However, we
have also seen some clients delaying the start of new projects,
and we remain in close contact with them. We will also monitor
any potential impact on our own business and are in a position
to take advantage of Government support and take other
actions if and when they are required.
CURRENCY EXCHANGE RISK
The Group’s functional currency is sterling. One subsidiary,
Crossword Cybersecurity Sp. Z.o.o is based in Poland.
Crossword Cybersecurity Sp. Z.o.o, where the functional
currency is zloty, accounts for approximately 16 per cent. of
the total costs of the business. Exposure to this and other
exchange rates may affect the Group’s results. The Group may
consider implementing policies to limit its currency exposure,
and will consider currency hedging instruments when they
prove to be available and cost effective.
GOING CONCERN RISK
The £1m placing subsequent to the Accounts, in April 2020,
ensures the Group has sufficient cash for 12 months. There
is a risk that the Group will not be able to raise cash when it is
required. This could be as a result of poor performance within
the Group or turmoil with the markets following COVID-19, or
other economic issues such as Brexit.
173449 Crossword Cybersecurity Front-end.indd 11
173449 Crossword Cybersecurity Front-end.indd 11
11
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�CROSSWORD
CYBERSECURITY
CREATING CYBER SECURITY PRODUCTS
173449 Crossword Cybersecurity Front-end.indd 12
173449 Crossword Cybersecurity Front-end.indd 12
25/04/2020 00:03
25/04/2020 00:03
�2
0
1
9
A
N
N
U
A
L
R
E
P
O
R
T
&
A
C
C
O
U
N
T
S
2
.
C
O
R
P
O
R
A
T
E
G
O
V
E
R
N
A
N
C
E
173449 Crossword Cybersecurity Front-end.indd 13
173449 Crossword Cybersecurity Front-end.indd 13
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS
�The Board
The Directors in office during the year and at the date of this report are as shown below:
Sir Richard Dearlove KCMG OBE,
Non-Executive Chairman
Appointment Date: 1st September 2016
Skills and Experience:
Sir Richard brings to the Board extensive
experience across government, education
and global business. Sir Richard joined MI6
in 1966, undertaking various overseas and
head office roles before being promoted to Chief of the
Secret Intelligence Service in 1999. He retired from the
Service in 2004.
Mary Dowd,
Finance Director
Appointment Date: 14th June 2018
Skills and Experience:
Mary was most recently Chief Operating
Officer for Europe, the Middle East and
Africa, and previously Chief Financial
Officer at Cordium Consulting Group
Limited, a leading provider of governance, risk and compliance
services, with operations in London, Hong Kong, Malta,
New York, Boston and San Francisco.
External appointments:
Sir Richard is presently Chair of Trustees of University of
London, Chairman of Ascot Underwriting Limited at Lloyd’s of
London and a Director of Kosmos Energy, the New York Stock
Exchange listed oil and gas exploration Company. He also
holds several advisory roles.
Mary brings over 20 years’ experience of working alongside
business leaders. She has demonstrated a track record of
managing finance teams to ensure timely delivery of relevant
financial information to all stakeholders, providing clear
leadership, continuous process improvement, and excellent
communication.
Thomas Ilube CBE,
Chief Executive Officer
Appointment Date: 6th March 2014
Skills and Experience:
Tom is founder and CEO of Crossword.
Tom served as Chief Information Officer of
Egg Banking plc, which at the time was a
pioneering main market listed UK internet
bank. Tom chaired the UK Government Technology Strategy
Board’s Network Security Innovation panel. He was a member
of the High Level Expert Group on Cyber security at the
International Telecommunication Union (ITU), a Geneva based
UN-agency. He was awarded a Doctor of Science (Honoris
Causa) by City, University of London, an Honorary Doctor
of Technology by the University of Wolverhampton and was
appointed a CBE in the 2018 Birthday Honours for services to
Technology and Philanthropy.
External appointments:
Non-Executive Director of the BBC, and Advisory Fellow of
St Anne’s College, Oxford.
She also brings to Crossword extensive experience of working
in acquisitive businesses and providing transactional support.
Mary graduated from University College Galway, Ireland and
has a post graduate Diploma in Business Studies from the
same university. She is an associate member of the Chartered
Institute of Management Accountants.
External appointments:
None.
Professor David Stupples,
Non-Executive Director
Appointment Date: 16th June 2014
Skills and Experience:
David is currently Director of the Centre
for Cyber and Security Sciences at City
University London. In his early career,
he was employed as an engineer in
signals intelligence in the Royal Air Force followed by a
period of intensive research into surveillance systems at the
Royal Signal and Radar Establishment, Malvern. He spent
three years developing highly secure communications for
surveillance satellites for Hughes Aircraft Corporation in the
United States of America. Later, he became a senior partner
with PA Consulting Group where he undertook surveillance
and intelligence systems research for Ministry of Defence and
was responsible for consultancy in secure communications
and surveillance systems for world-wide clients.
Since 2003, David has been researching internet security at
City University focused on cyber terrorism and organised
cyber crime for both the UK Government and commercial
companies. However, he still maintains an active interest in
radar surveillance research.
External appointments:
David is a member of the Defence Scientific Advisory Council
(DSAC) and the Defence Procurement Agency’s Independent
Advisory Board on Systems Integration.
14
173449 Crossword Cybersecurity Front-end.indd 14
173449 Crossword Cybersecurity Front-end.indd 14
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
�Dr David Secher, Independent
Non-Executive Director
Appointment Date: 16th June 2014
Gordon Matthew,
Non-Executive Director
Appointment Date: 24th June 2015
Skills and Experience:
Gordon in currently Non-Executive
Chairman of Amito, Reading’s largest
datacenter, and Non-Executive Chairman of
Flow Communications Limited, experts in
designing, building, implementing and supporting customers’
global IT infrastructure requirements.
Previously, Gordon served as Chief Executive Officer of Azzurri
Communications Limited and was responsible for ensuring
that it met its financial and growth targets. He has served
as the Chief Executive Officer of Ramesys (later RedSky IT)
Holdings Limited where he was responsible for the successful
turnaround, growth and exit of the business through two
significant transactions in December 2005 and January 2007.
Gordon has over 20 years’ IT experience with broad experience
of software applications, services, large bespoke developments
and telecommunications. He also spent five years at Software
AG (UK) where he oversaw all aspects of service delivery.
External appointments:
Gordon currently acts as Non-Executive Consultant to
Adventoris Limited. Gordon was the Non-Executive Chairman
of Intrinsic Technology Limited from October 2011 to August
2017, m-hance Limited from May 2014 to August 2016, and
Science Warehouse from June 2016 to February 2018.
Skills and Experience:
David is an international expert in
intellectual property technology transfer
and research management. His experience
includes Japan, Jordan, South Africa,
Brazil, Chile, Australia, Argentina, India, Saudi Arabia and
Lebanon as well as Europe and the USA. David is a Life
Fellow and until recently was Senior Bursar at Gonville &
Caius College, Cambridge where he was responsible for the
investment of a £210 million endowment.
David is Patron of PraxisAuril (formerly Praxis). Until
31 October 2013, he was co- founder and chairman of Praxis
Courses Limited, the leading UK technology transfer training
programme. He served as Director of Research Services,
University of Cambridge where he was responsible for creating
and directing a new division of 80 staff, for designing and
implementing an intellectual policy for the University and for
technology transfer throughout the University resulting in
£2 million licensing revenue, 40 new licences and six spin
outs per year.
David was Chief Executive of N8 Limited, a consortium of
eight research-intensive universities in the North of England,
securing initial funding of £6m from Regional Development
Agencies. His earlier career was in molecular biology research
with MRC Laboratory of Molecular Biology, Celltech Limited
and Cancer Research Campaign (now Cancer Research UK).
David held or was named on three patents and is the holder of
the Queen’s Award for Enterprise Promotion (2007) for creating
“environments that favour enterprise, specialising in the
practical aspects of commercialising the results of academic
research”.
External appointments:
David is a Director of Cambridge KT Ltd, Trustee of Cambridge
United Charities and Chairman of Fitzwilliam Museum
(Enterprises) Ltd. From 1 March to 30 September 2020 David is
Interim Bursar of Corpus Christi College, Cambridge.
173449 Crossword Cybersecurity Front-end.indd 15
173449 Crossword Cybersecurity Front-end.indd 15
15
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS
�The Board continued
Andy Gueritz, Independent
Non-Executive Director
Appointment Date: 21st September 2015
Skills and Experience:
Andy is an experienced Senior Advisor with
a successful track record in helping clients
improve and transform their business by
managing technology better and creating
new technology-based ventures. In recent years, Andy has
advised clients in a broad range of industries on topics such
as business/technology strategy and investment planning;
customer data analytics; transformation for innovation and
agility; performance improvement and cost optimisation, and
other ways using technology to get and deliver better value.
As a Vice President at marchFIRST (formerly Mitchell Madison
Group), Andy led the European B2B e21 Commerce Strategy
and IT Strategy Practices. Before becoming a consultant, he
attained Board level responsibility in a successful career in
software development and systems implementation.
At K2 Systems plc (subsidiary of 4Front Technology Inc.), he
was Customer Service and Development Director, responsible
for all client service and delivery operations, amongst other
roles. Notable systems implemented in his time at K2/4Front
include, bespoke procurement, telesales and billing systems;
a call centre based on workflow and CTI technologies; and a
client-server insurance claims handling system, incorporating
document image processing. Prior to 4Front, Andy was a
Development Executive at McDonnell Douglas Information
Systems and also worked for Marconi Defence Systems on a
number of electronic warfare and guided weapons projects.
Andy is a Chartered Fellow of the BCS (FBCS), Chartered IT
Practitioner (CITP), Chartered Engineer (C.Eng), Fellow of the
IET (FIET), and a European Engineer registered at FEANI. He
holds a First Class Honours degree in Electrical and Electronic
Engineering with Computer Science from Queen Mary
University of London.
External appointments:
None.
Ruth Anderson,
Independent Non-Executive
Director
Appointment Date: 1st February 2018
Skills and Experience:
Ruth has over 15 years’ experience in the
fields of security, intelligence, cybercrime
and risk management.
She brings to the Board extensive experience across defence
and law enforcement sectors and within financial services,
developing and implementing cyber risk governance
frameworks.
Ruth is currently Director of Transformation Risk at Lloyds
Banking Group. She was previously a Director of Cyber in the
Financial Services Department of KPMG. She served as the
Head of Specialist Operational Support and also as the Head
of Intelligence at the Child Exploitation and Online Protection
Centre, where she delivered the first ever strategic threat
assessment on child abuse in the online environment.
Prior to this, Ruth served in intelligence and security in the
British Army.
External appointments:
None.
16
173449 Crossword Cybersecurity Front-end.indd 16
173449 Crossword Cybersecurity Front-end.indd 16
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�The Executive
Thomas Ilube CBE,
Chief Executive Officer
Appointment Date: 6th March 2014
Mary Dowd,
Finance Director
Appointment Date: 14th June 2018
Skills and Experience:
Mary brings over 20 years’ experience
of working alongside business leaders.
She has demonstrated a track record of
managing finance teams to ensure timely
delivery of relevant financial information to all stakeholders,
providing clear leadership, continuous process improvement,
and excellent communication.
She also brings to Crossword extensive experience of working
in acquisitive businesses and providing transactional support.
Mary graduated from University College Galway, Ireland and
has a post graduate Diploma in Business Studies from the
same university. She is an associate member of the Chartered
Institute of Management Accountants.
External appointments:
None.
Jake Holloway,
Chief Product Officer
Jake Holloway has over 30 years of
experience in Tech across a wide range
of industries and roles - including as CTO
and Head of Product for two well-known
software houses, and as CEO/Founder of
an innovative Online Systems House. In
his two most recent roles before joining Crossword he was
advising Worldpay on their separation from RBS, and founded
Xendpay, a Fintech startup, where he was COO.
Jake authored books on Project Management in 2015 & 2016.
Skills and Experience:
Tom is founder and CEO of Crossword. Tom
chaired the UK Government Technology
Strategy Board’s Network Security
Innovation panel. He was a member of the
High Level Expert Group on Cyber security at the International
Telecommunication Union (ITU), a Geneva based UN-agency.
Tom was appointed a CBE in the 2018 Birthday Honours for
services to Technology and Philanthropy.
External appointments:
Non-Executive Director of the BBC, and Advisory Fellow of
St Anne’s College, Oxford.
Stuart Jubb, Managing Director,
Consulting
Stuart joined Crossword from KPMG
where he was Associate Director, Defence
& Security. Prior to that he was Chief
Operating Officer of a global consulting
team of over 200 in KPMG Advisory. Stuart
spent nine years as an officer in HM Forces,
after Sandhurst, serving in Afghanistan, NATO and elsewhere.
Sean Arrowsmith,
Group Sales Director
Sean has over 20 years sales experience in
cyber/information security and technology.
He was previously Group Sales Director
at IRM Ltd, the World Class Centre in
Cyber Security of Altran Technologies SA,
the global innovation and engineering
consulting firm. Here, Sean was accountable for revenue target
achievement across all of IRM’s business streams including
consulting, software and training.
Prior to that, Sean was responsible for leading consulting sales
at Siemens Insight Consulting.
173449 Crossword Cybersecurity Front-end.indd 17
173449 Crossword Cybersecurity Front-end.indd 17
17
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS
�The Advisory Board
Dr Robert Coles, Advisory Board
Chair and Consulting Chair
Dr Robert Coles is the former Chief
Information Security Officer of
GlaxoSmithKline (GSK) and of the NHS, with
over 30 years commercial experience.
Prior to his time at the NHS, Dr Robert
Coles worked for GlaxoSmithKline (GSK) from 2013 and was
the company’s Chief Information Security Officer (CISO).
Before GSK, Dr Coles served as CISO for the National Grid and
Merrill Lynch. Dr Coles is an Honorary Professor at UCL and
Visiting Professor at Royal Holloway, University of London and
has extensive links with major industry information security
networking groups and government security agencies.
Dr Una-May O’Reilly,
Advisory Board Member
Dr Una-May O’Reilly is a leading Artificial
Intelligence researcher at Massachusetts
Institute of Technology (MIT) Computer
Science and Artificial Intelligence Lab,
Boston, USA. Dr Una-May O’Reilly joined
the Computer Science and Artificial
Intelligence Lab at MIT, Boston, as a Post-Doctoral Associate
in 1996. Dr O’Reilly is the Founder and Principal Research
Scientist of the AnyScale Learning For All (ALFA) Group at
MIT. ALFA conducts research projects investigating applied
artificial intelligence and machine learning in cyber security,
healthcare, and online education. As well as her academic
prowess, O’Reilly brings to the Advisory Board her extensive
international connections.
Professor Nick Jennings
CB FREng, Advisory Board
Member
Professor Jennings served as the UK
Government’s inaugural Chief Scientific
Adviser for National Security from 2010
to 2015, providing independent scientific
advice on issues of national security. He is currently the
Vice-Provost for Research at Imperial College, where he also
holds a chair in Artificial Intelligence in the Departments of
Computing and Electrical and Electronic Engineering. Before
joining Imperial, Professor Jennings was the Regius Professor
of Computer Science at the University of Southampton – the
first holder of that title in the institution’s history. Professor
Jennings is an internationally recognised authority in the areas
of cyber-security, artificial intelligence, autonomous systems
and agent-based computing.
General The Lord Houghton GCB
CBE DL, Advisory Board Member
General the Lord Nick Houghton
(Baron Houghton of Richmond) brings
unparalleled experience across both
government and business. In July 2013,
General Houghton assumed the appointed
position of Chief of the Defence Staff of
the British armed Forces retiring in 2016. Previously General
Houghton was Vice Chief of the Defence Staff from May 2009.
Educated at Sandhurst and Oxford, General Houghton
commanded 1st Battalion The Green Howards and an Infantry
Brigade in Northern Ireland. Following his retirement from the
army, General Houghton became the 160th Constable of the
Tower of London and a Trustee of Historic Royal Palaces.
18
173449 Crossword Cybersecurity Front-end.indd 18
173449 Crossword Cybersecurity Front-end.indd 18
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�Corporate Governance Report
Chairman’s Introduction
The Directors acknowledge the importance of high standards of corporate governance and have adopted the principles set out in
the Quoted Companies Alliance Corporate Governance Code for Small and Mid-Size Quoted Companies (the “QCA Code”) 2018,
given the Group’s size and the constitution of the Board. The QCA Code sets out a standard of minimum best practice for small and
mid-size quoted companies, particularly AIM companies.
The Chairman and the Board accept the importance and responsibility of setting good corporate culture, values and behaviours.
The Board also acknowledges its responsibility in delivering the long-term success of the Company for the benefit of shareholders
and other stakeholders.
This Corporate Governance Report describes how the Company has applied the principles and standards set out in the Code during
the year and, to the extent it has not done so, any deviations from them. It is the Board’s view that the Company has complied with
all of the provisions of the Code during the year ended 31 December 2019.
Principle 1: Establish a strategy and business model which promote long-term value for
shareholders
The Company’s strategy report is on pages 1 to 11 of this report.
The Company’s objective is to be the European leader in commercialising cyber security research originating from universities.
Crossword Cybersecurity plc focuses on the development and commercialisation of university research-based cyber security and
risk management related software and cyber security consulting. The Group’s specialist cyber security product development and
software engineering teams work with its university partners to develop the research concept into a fully-fledged commercial
product that it will then take to market. The Group’s aim is to build up a portfolio of revenue generating, intellectual property
based, cyber security products. Rizikon Assurance, Crossword’s leading product, is a SaaS platform that enables medium to large
companies to assess and manage all risks from their suppliers. Nixer CyberML, Crossword’s most recently launched product,
is a new tool for businesses that want to solve advanced security and cybercrime problems, such as detecting and dealing with
compromised accounts, fraud, and in-application denial of service attacks. Crossword’s team of expert cyber security consultants
leverages years of experience in national security, defence and commercial cyber intelligence and operations to provide bespoke
advice tailored to its clients’ business needs.
Where appropriate, Crossword will transfer the IP to separate companies in which it will retain a commercial interest. So far,
Crossword has been instrumental in the development of two such companies, ByzGen Limited and CyberOwl Limited.
Principle 2: Seek to understand and meet shareholder needs and expectations
Crossword is committed to engaging with its shareholders to ensure that its strategy, business model and performance is clearly
understood. The Company communicates with shareholders and potential investors through a variety of channels, including
regular financial reporting, direct contact with its major shareholders and release of regulatory announcements, which are
available on its website.
Regulatory announcements include details of the Company’s website and the relevant contact at the Company, as well as its
professional advisors.
The Annual General Meeting (AGM) provides another opportunity for dialogue between shareholders and the Board. The Chair of
the Board and of the Committees, together with other Directors, routinely attend the AGM and are available to answer questions
raised by the shareholders. At the meeting, each vote, the number of proxy votes received for, against and withheld is announced.
The results of the AGM are subsequently published on the Company’s website and released via a regulatory information
service provider.
A range of corporate information, including all Company announcements, is also available to shareholders, investors and the
public on the Company’s corporate website, www.crosswordcybersecurity.com.
173449 Crossword Cybersecurity Front-end.indd 19
173449 Crossword Cybersecurity Front-end.indd 19
19
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS
�Corporate Governance Report continued
Principle 3: Take into account wider stakeholder and social responsibilities and their implications for
long-term success
Apart from our shareholders, our most important stakeholder groups are our employees, our partners, our clients and the
universities we work with. The Board receives regular updates from executives on stakeholder feedback and their potential impact
on our business to enable them to understand and consider this feedback in decision-making. The Board understands that
maintaining the support of all its stakeholders is paramount for the long-term success of the Company.
EMPLOYEES
Crossword aims to provide an environment which will attract, retain and motivate its team. The Company has a growing number of
permanent staff employed across the UK and Poland. Employee engagement with the senior management, who pride themselves
on their availability and flexibility, is frequent through daily discussions and meetings. Staff are encouraged to give regular
feedback in relation to their needs, interests and expectations on away days, general discussions or one-to-one meetings with their
line managers. These can then be addressed at the fortnightly management meeting with all senior members of the team, where
further actions will be discussed. Furthermore, the team engages in a weekly call where staff are able to communicate with all
levels of the team across both countries.
Crossword reviews its processes and policies, which are guided by the principles of fairness and integrity, to make continuous
improvements for its staff. The Company has developed it’s induction programme for new staff, is engaging with employees to
define its culture and values and expected behaviours, performs exit interviews in the event people decide to leave the business,
and follow up interviews with new employees. Crossword is supportive of the career development of its employees and provides
training programmes and Masters opportunities where appropriate.
CROSSWORD’S PARTNERS
Crossword develops mutually beneficial commercial relationships with companies to support sourcing and commercialising cyber
security intellectual property originating from university research projects, and evaluating and exploiting routes to distributing and
reselling its products. Crossword recognises that the establishment of a close working relationship with its partners is essential for
its long-term success.
Crossword maintains its relationship with its partners through regular meetings, mutual understanding and aligned objectives.
Feedback from partners is communicated to the relevant teams and the Board as appropriate.
UNIVERSITIES
Crossword has excellent connections with universities in the UK and elsewhere through members of the Board and Management,
who include some of the most highly regarded experts in IP commercialisation and the cyber security sector. Crossword maintains
regular interaction with the universities with which it engages. This is predominantly achieved by digital means (e.g. frequent email
exchanges and video calls), in which both parties can feedback to one another to ensure their needs are being met. The team also
has face-to-face meetings with academics and works alongside universities at various events, such as talks and conferences. This
continuous engagement with universities is paramount to the long-term success of the Company, due to its principal objective.
Principle 4: Embed effective risk management, considering both opportunities and threats,
throughout the organisation
AUDIT, RISK AND INTERNAL CONTROL
Financial controls
The Group has an established framework of internal financial controls, the effectiveness of which is regularly reviewed by the
Executive Management, the Audit Committee and the Board, in light of an ongoing assessment of significant risks facing the
Group.
The Board is ultimately responsible for the effectiveness of the Group’s system of internal controls. Its key strategy has been
to establish financial reporting procedures that provide the Board of Directors with a reasonable basis upon which to make
judgements as to the financial position and prospects of the Group. Executive Directors and Non-Executive Directors have
been appointed by the Board to assist with the implementation of this strategy and report progress to the Board.
The Audit Committee has the primary responsibility for monitoring the quality of internal controls to ensure that the
financial performance of the Group is properly measured and reported on. It receives and reviews reports from the Group’s
management and external auditors relating to the interim and annual accounts and the accounting and internal control
systems in use throughout the Group. The Audit Committee meets not less than three times in each financial year and has
unrestricted access to the Group’s external auditors.
•
•
20
173449 Crossword Cybersecurity Front-end.indd 20
173449 Crossword Cybersecurity Front-end.indd 20
25/04/2020 02:48
25/04/2020 02:48
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�• Regular budgeting and forecasting is conducted to monitor the Group’s ongoing cash requirements and cash flow forecasts
are circulated to the Board.
•
The Group has a Risk Register which identifies the potential possibility and impact of risks associated with the Group and
allocates an owner to mitigate each risk. The Risk Register is updated by the Finance Director and reviewed by the Executive,
the Audit Committee and the Board.
Non-financial controls
The Board has ultimate responsibility for the Group’s system of internal control and for reviewing its effectiveness. However, any
such system of internal control can provide only reasonable, but not absolute, assurance against material misstatement or loss.
The Board considers that the internal controls in place are appropriate for the size, complexity and risk profile of the Group. The
principal elements of the Group’s internal control system include:
• Close management of the day-to-day activities of the Group by the Executive Directors;
•
An organisational structure with defined levels of responsibility, which promotes entrepreneurial decision-making and rapid
implementation whilst minimising risks;
• Central control over key areas such as capital expenditure authorisation and banking facilities;
•
A comprehensive annual budgeting process producing a detailed integrated profit and loss, balance sheet and cash flow,
which is approved by the Board; and
• Detailed monthly reporting of performance against budget.
The Group continues to review its system of internal control to ensure compliance with best practice, whilst also having regard to
its size and the resources available.
STANDARDS AND POLICIES
The Board is committed to maintaining appropriate standards for all the Group’s business activities and ensuring that these
standards are set out in written policies. Key examples of such standards and policies include:
•
•
Anti-bribery and Corruption Policy
Information Security Policy
• Data Protection Policy
•
Share Dealing Code.
All policies are documented and senior managers and directors are responsible for monitoring the compliance of these policies.
APPROVAL PROCESS
All contracts are required to be reviewed and signed by a Director of the Company.
Principle 5: Maintaining the Board as a well-functioning,
balanced team, led by the Chair
DIVERSITY
COMPOSITION, QUALIFICATION AND INDEPENDENCE OF THE BOARD
The Board comprises six Non-Executive and two Executive directors. The names and
responsibilities of the current Directors, together with their biographical details, are
set out on pages 14 to 16.
The Board considers each of the Non-Executive Directors to be independent in
character and judgement. Two of the Non-Executive Directors do not meet the strict
criteria for independence set out in the QCA Code, due to their ownership of ordinary
shares and their participation in the Company’s share option arrangements, as part
of their remuneration arrangements.
material enough to compromise their independence, character and judgement. 25+
The Board considers that the ownership of shares and participation in the
Company’s share options to certain of the Non-Executive Directors encourages the
alignment of their interests with those of the Company’s shareholders and are not
Female 25% Male 75%
173449 Crossword Cybersecurity Front-end.indd 21
173449 Crossword Cybersecurity Front-end.indd 21
21
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS75
+
A
�Corporate Governance Report continued
Therefore, the Company considers all Non-Executive Directors to be independent for the purposes of the QCA Code.
The Non-Executive Directors provide independent, robust and constructive challenge to the Executive Management and monitor
the performance of the management team in delivering the agreed objectives.
All Directors have disclosed their other significant commitments and confirmed that they have sufficient time to discharge their
duties effectively.
APPOINTMENT AND TENURE
The Board makes decisions regarding the appointment and removal of Directors and there is a formal, rigorous and transparent
procedure for appointments, some of which has been delegated to the Nomination Committee. Appointments are made on merit,
taking account of the balance of skills, experience and knowledge required.
The Company’s Articles of Association require that all Directors retire by rotation at regular intervals and that any new Directors
appointed during the year must stand for election at the AGM immediately following their appointment.
Principle 6: Ensure that, between them, the Directors have the necessary up-to-date experience,
skills and capabilities
The names and responsibilities of the current Directors, together with their biographical details, are set out on pages 14 to 16.
The Board believes that its composition brings a desirable range of skills and experience in light of the Group’s challenges and
opportunities following Admission, while at the same time ensuring that no individuals or a small group of individuals can dominate
the Board’s decision making.
The current Board, although considered to have a sufficient level of skills in all areas of the business, is always looking to improve
and further its knowledge of the industry. All Directors receive regular and timely information on the Group’s operational and
financial performance and on technical issues.
INDUCTION
Upon appointment, all Directors are provided with training in respect of their legal, regulatory and governance responsibilities and
obligations, in accordance with the UK regulatory regime.
The induction includes face-to-face meetings with Executive Management and site visits to orientate and familiarise the new
Directors with Company’s industry, organisation, business, strategy, commercial objectives and key risks.
The Board is kept up to date on legal, regulatory and governance matters at Board meetings. Additional training is available on
request, where appropriate, so that Directors can update their skills and knowledge as applicable.
INDEPENDENT ADVICE
All Directors are able to take independent professional advice in the furtherance of their duties, if necessary, at the Company’s
expense. In addition, the Directors have direct access to the advice and services of the Company Secretary and Finance Director.
Principle 7: Evaluate Board performance based on clear and relevant objectives, seeking
continuous improvement
BOARD EFFECTIVENESS REVIEW
In compliance with the QCA Code, the Board undertook an evaluation of its performance before the financial year end. The
evaluation was conducted by way of a questionnaire designed to assess the effectiveness of the Board, the Directors and the
Chairman, as well as the Board’s Committees and identify any areas for improvement. The Board has a formal process for the
annual performance evaluation of the Board, its committees and individual Directors going forward. Such evaluation of the Board
and its committees will primarily be undertaken by the Nominations Committee.
The Committee will regularly review the structure, size and composition (including the skills, knowledge, independence, experience
and diversity) of the Board and make recommendations concerning plans for succession for both Executive and Non-Executive
Directors and in particular for the key roles of Chairman and Chief Executive Officer.
22
173449 Crossword Cybersecurity Front-end.indd 22
173449 Crossword Cybersecurity Front-end.indd 22
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�Principle 8: Promote a corporate culture that is based on ethical values and behaviours
The Board is committed to promoting a strong ethical and values driven culture throughout the Company and has a people-
oriented ethos where hard-work and commitment is recognised. During 2019, a project to formally define the Company’s
culture was started. At the end of this project, the Company will be in a position to articulate and develop its values and expected
behaviours.
Crossword also recognises that employees will have interests outside work and consequently supports flexibility around
these interests.
Principle 9: Maintain governance structures and processes that are fit for purpose and support good
decision-making by the Board
THE ROLE OF THE BOARD
The Board is responsible for the long-term success and strategic leadership of the Group It is responsible for reviewing,
formulating and approving the strategy of the Group and its subsidiaries, corporate actions and overseeing the Group’s progress
towards its goals. In addition, it also approves the annual and interim results and monitors the exposure to key business risks. The
Board’s full responsibilities are set out in a schedule of matters reserved for the Board.
The matters reserved for the attention of the Board include:
•
The approval of interim and annual financial statements, dividends and significant changes in accounting practices;
• Review of bi-monthly financial statements;
• Board membership, reviewed by NOMAD, and powers including the appointment and removal of Board members, determining
the terms of reference of the Board and establishing the overall control framework;
•
•
AIM related issues including the approval of communications to the London Stock Exchange and communications with
shareholders will be dealt with by the Market Disclosure Committee and reviewed by the NOMAD, or delegated by the Board to
the Executive Directors;
Senior management, remuneration, contracts, and the grant of share options will be addressed by the Remuneration
Committee;
• Key commercial matters where the financial commitment is in excess of £50,000 per annum;
•
•
•
Taking of loans or other credit;
Financial matters including the approval of the budget and financial plans and performance against such plans and budgets;
Approval of the appointment of the current period auditor, year-end audited statutory accounts and audit related queries
addressed by the Audit Committee;
• Risk management review;
• Changes to the Company’s capital structure, its business strategy, acquisitions and disposals of businesses, and capital
expenditures outside of budget approval; and
• Other matters including, but not limited to, health and safety policy, insurance and legal compliance.
ROLE OF THE CHAIRMAN AND CHIEF EXECUTIVE OFFICER
There is a clear division of responsibility at the head of the Company. The Chairman is responsible for running the business of the
Board and for ensuring appropriate strategic focus and direction, whilst the Chief Executive Officer is responsible for proposing
the strategic focus to the Board, implementing it once approved, and overseeing the management of the Company through the
Executive. The Chief Executive Officer is also responsible for communicating with shareholders, assisted by the Finance Director.
This separation of responsibilities is clearly defined and agreed by the Board.
BOARD AND COMMITTEE MEETINGS
The Board meets at least six times each year, in accordance with its scheduled meeting calendar (these may be supplemented
by additional meetings as and when required) to review, formulate and approve the Group’s strategy, budgets, corporate actions
and oversee the Group’s progress towards its goals. At each meeting, the Board considers a number of matters, which include
technical, operational, financial, risk and corporate governance reports, in addition to an update from its Committees, where
applicable.
173449 Crossword Cybersecurity Front-end.indd 23
173449 Crossword Cybersecurity Front-end.indd 23
23
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Corporate Governance Report continued
Any Director can challenge proposals and decisions are taken democratically after discussion. Any Director who feels that any
concern remains unresolved after discussion may ask for that concern to be noted in the minutes of the meeting, which are then
circulated to all Directors. Specific actions arising from such meetings are agreed by the Board or relevant committee and then
followed up by Management.
The table below sets out the attendance record of individual Directors at the scheduled and unscheduled Board meetings held
during the year:
Name
Richard Dearlove
Tom Ilube
A Gueritz
Ruth Anderson
D Secher
D Stupples
G Matthew
M Dowd
Quarterly
Board Meetings
Audit
Nomination
Remuneration
5
8
8
5
8
7
6
7
-
-
2
1
2
-
-
-
-
-
2
-
-
2
2
-
-
-
4
3
4
4
-
-
The Group has established an Audit Committee, a Remuneration Committee, a Nomination Committee and a Market Disclosure
Committee, each with formally delegated duties and responsibilities outlined within terms of reference reviewed and approved by
the Board on an annual basis.
From time to time, separate committees may be set up by the Board to consider specific issues when the need arises.
The Board and its Committees are supported by the Company Secretary, who ensures that the Board receives regular and timely
information ahead of each meeting. A formal agenda is produced for each meeting and the Company Secretary distributes papers
several days before meetings take place to provide the Board with sufficient time to consider the matters to be discussed. Each
Committee has access to such resources, information and advice as it deems necessary, at the cost of the Company, to enable it to
discharge its duties.
Principle 10: Communicate how the Company is governed and is performing by maintaining a
dialogue with shareholders and other relevant stakeholders
The Board attaches considerable importance to the maintenance of constructive relationships with shareholders and its other
stakeholders.
As mentioned above, the Company communicates with shareholders through the Annual Report and accounts, full-year and half-
year results announcements, the AGM and one-to-one meetings with large existing or potential new shareholders. The Company
regularly releases regulatory and other announcements covering operational and corporate matters.
A range of corporate information (including all Company announcements) is also available to shareholders, investors and the
public on the Company’s corporate website, www.crosswordcybersecurity.com including:
• Our Articles of Association and admission document;
•
•
•
A detailed account of how we have applied the principles of the QCA Code;
Latest Crossword Cybersecurity news and press releases;
Annual and Interim Reports.
The Board receives regular updates on the views of shareholders through briefings from the Chief Executive Officer, Finance
Director and the Company’s brokers.
The Company is currently exploring further methods of obtaining feedback from its staff, including exit interviews in the event
people decide to leave the business, and follow up interviews with new employees.
Sir Richard Dearlove KCMG OBE
Chairman
24 April 2020
24
173449 Crossword Cybersecurity Front-end.indd 24
173449 Crossword Cybersecurity Front-end.indd 24
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�Audit Committee Report
I am pleased to present the Committee’s report for the year ended 31 December 2019. The following pages provide an insight into
how the Committee discharged its responsibilities during the year and the key topics that it considered in doing so.
The role of the Audit Committee is to monitor the integrity of the Group’s Financial Statements, including its annual and half-yearly
reports and any other formal statements relating to its financial performance. It monitors and reviews the effectiveness of the
Group’s system of internal financial control systems that identify, assess, manage and monitor financial risks, and other internal
control and risk management systems.
COMMITTEE MEMBERSHIP AND GOVERNANCE
The Audit Committee is comprised of three independent non-executive directors, currently David Secher, Ruth Anderson and
Andrew Gueritz. David Secher, Chair of the committee, is considered by the Board to have recent and relevant financial experience
and the Committee as a whole has competence relevant to the sector in which the Company operates. Ruth Anderson joined the
Committee on 4 April 2019 to further strengthen the risk management experience on the Committee and to ensure that any two
members of the Committee are available for the Committee to be quorate. At the request of the Chair of the Committee, the Chief
Executive Officer, Finance Director and other members of the senior management team may also be invited to attend meetings as
guests.
The Audit Committee aims to meet three times in each financial year and has unrestricted access to the Group’s external auditors.
The Committee works to a planned programme of activities focused on key events in the annual financial reporting cycle and
standing items that it considers regularly under its Terms of Reference.
PRINCIPAL ACTIVITIES DURING THE YEAR
The Committee held two meetings during the year under review and considered the following:
•
The external auditor’s 2019 year-end audit report and opinion;
•
•
•
•
•
The Company’s Report for the financial year ended 31 December 2019 and the related results announcements and the
Half-Yearly Report to 30 June 2019;
Evaluation of the performance of the external auditor including their independence, objectivity and the effectiveness of the
audit process;
The re-appointment of MHA MacIntyre Hudson as the external auditor for the Company;
The Committee’s Terms of Reference;
The Company’s risk registers as well as the internal controls and risk management systems in place.
The Committee is planning the following activities during 2020;
• Review the Company’s procedures for detecting fraud;
• Review the Company’s systems and controls for the prevention of bribery and receive reports on non-compliance;
• Review the adequacy and security of the Company’s arrangements for its employees to raise concerns, in confidence, about
possible wrongdoing in financial reporting or other matters. The Committee shall ensure that these arrangements allow
proportionate and independent investigation of such matters and appropriate follow up action;
• Review and approve the FY20 external audit plan, including the proposed materiality threshold, the scope of the audit, the
significant audit risks and fees;
• Risk – review and challenge the Risk Register, and consider the risk appetite of the business.
The Committee members’ attendance at meetings during the year is set out on page 24 above.
173449 Crossword Cybersecurity Front-end.indd 25
173449 Crossword Cybersecurity Front-end.indd 25
25
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Corporate Governance Report continued
EXTERNAL AUDITOR
MHA MacIntyre Hudson has been the external auditor of the Group since 2014. The continued appointment of MHA MacIntyre
Hudson is reviewed by the Committee each year, taking into account the relevant legislation, guidance and best practice
appropriate for a Company of its size, nature and stage of development.
The Committee considers a number of areas when reviewing the external auditor appointment, namely its performance in
discharging the audit, the scope of the audit and terms of engagement, its independence and objectivity, and its reappointment and
remuneration.
The breakdown of fees between audit and non-audit services paid to MHA MacIntyre Hudson during the financial year is set out in
Note 6 to the Group’s Consolidated Financial Statements. The non-audit fees relate to tax advice. The Audit Committee is satisfied
that it was appropriate for the external auditor to carry out this work, and that it did not impair its independence or objectivity.
INTERNAL AUDIT
The Audit Committee presently considers it appropriate that the Group does not have an internal audit function. This is due to the
effectiveness of the group’s internal financial control systems that identify, assess, manage and monitor financial risks, and other
internal control and risk management systems, and the close involvement of the Executive Directors and senior management on a
day-to-day operational basis. However, the need for an internal audit function will be kept under review by the Audit Committee on
behalf of the Board.
David Secher
Chair, Audit Committee
24 April 2020
26
173449 Crossword Cybersecurity Front-end.indd 26
173449 Crossword Cybersecurity Front-end.indd 26
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�Nomination Committee Report
The Nomination Committee is responsible for reviewing the composition of the Board taking into account the skills, experience
and diversity of the Directors in light of the challenges and opportunities facing the Company and makes recommendations for the
appointment and reappointment of Board members.
COMMITTEE MEMBERSHIP AND GOVERNANCE
The Nomination Committee is chaired by Andrew Gueritz and its other members are Ruth Anderson, Gordon Matthew and David
Stupples. Under the Committee’s Terms of Reference, the Committee is required to meet at least twice in each financial year and
must comprise of at least three members, two of whom must be independent Non-Executive Directors. The Committee held two
meetings during the year. The Committee members’ attendance at meetings during 2019 is set out on page 24.
BOARD EFFECTIVENESS REVIEW
In compliance with the QCA Code, the Board undertook an evaluation of its performance before the financial year end. The
evaluation was conducted by way of a questionnaire designed to assess the effectiveness of the Board, the Directors and the
Chairman, as well as the Board’s Committees and identify any areas for improvement.
The results of the evaluation were presented to the Board for review in February 2020 and revealed no significant concerns
amongst Directors about the effectiveness of the Board. Actions arising from recommendations to further improve the
effectiveness of the Board are being implemented and include the review of succession plans for key members of management and
Board members.
DIVERSITY
The Company has not adopted a formal policy on diversity and, therefore, has no measurable objectives to disclose. Appointments,
including appointments to the Board and senior management positions are made on merit, taking account of the balance of skills
and experience required.
KEY AREAS OF FOCUS FOR 2020:
• Review the structure, size and composition (including the skills, knowledge, experience and diversity) of the Board and make
recommendations to the Board as appropriate;
• Review the time commitment and independence of the Non-Executive Directors;
• Put in place succession plans for both Executive and Non-Executive Directors and, in particular, for the key roles of Chair and
Chief Executive Officer; and
• Conduct an internal evaluation of the Board, its Committees and individual Directors, using questionnaires.
Andrew Gueritz
Chair, Nomination Committee
24 April 2020
173449 Crossword Cybersecurity Front-end.indd 27
173449 Crossword Cybersecurity Front-end.indd 27
27
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Corporate Governance Report continued
Remuneration Committee Report
The Remuneration Committee is responsible for determining and agreeing with the Board the framework or broad policy
for the remuneration of all Executive Directors, the Chairman of the Board, including pension rights and any compensation
payments, and such other members of the senior management as it is designated to consider. In addition, the Committee makes
recommendations to the Board on proposals for the granting of share options and other equity incentives, pursuant to any
employee share option scheme or equity incentive plans in operation from time to time.
COMMITTEE MEMBERSHIP AND GOVERNANCE
The Remuneration Committee is a formal committee of the Board and has powers delegated to it under the Articles of Association.
Its remit is set out in Terms of Reference formally adopted by the Board which are reviewed annually.
The Remuneration Committee is currently comprised of Andrew Gueritz (as Chair), David Secher, David Stupples and Ruth
Anderson. The Committee meets at least once in each financial year and held four meetings during the year.
The Committee members’ attendance at meetings during the year is set out on page 24 above.
LETTERS OF APPOINTMENT, SERVICE CONTRACTS AND TERMINATION
Thomas IIube (Chief Executive Officer)
Tom Ilube is appointed as Chief Executive Officer under an executive service contract dated 1 April 2014 (as amended). The
employment commenced on 1 April 2014 and will continue unless terminated by either party giving twelve months’ written notice.
The Company may terminate the contract without notice (or with payment in lieu of notice) if, inter alia, Tom is guilty of gross
misconduct, commits a serious breach of the employment contract, commits a criminal offence, is declared bankrupt or becomes
of unsound mind. The Company may, after giving or receiving notice of termination, immediately end the employee’s employment
and make payment in lieu of salary with no other benefit for the remaining period of notice.
Mary Dowd (Finance Director)
Mary Dowd is employed as Finance Director under an employee service contract dated 10 May 2018. The employment commenced
on 16 May 2018 and will continue unless terminated by either party giving six months’ written notice. The Company may terminate
the contract on shorter notice if the employee is absent from work for an extended period through sickness or injury and may
terminate without notice (or with payment in lieu of notice) if, inter alia, Mary is guilty of gross misconduct, commits a serious
breach of the employment contract, commits a criminal offence, is declared bankrupt or becomes of unsound mind. The Company
may, after giving or receiving notice of termination, immediately end the employee’s employment and make payment in lieu of
salary with no other benefit for the remaining period of notice. Following termination of employment, Mary is subject to certain
restrictions for a period of six months, including a restriction on dealing with the Company’s customers and suppliers and from
working for a competing business.
Non-Executive Directors
All Non-Executive Directors, including the Chairman serve on the basis of letters of appointment which are terminable by three
months’ written notice and are available for inspection at the Company’s registered office. Subject to continued satisfactory
performance, the Board does not think it appropriate at this time to limit the term of appointment of the Non-Executive Directors.
The Executive Directors’ service contracts are also available for inspection at the Company’s registered office.
At the Company’s Annual General Meeting held on 9 May 2019, shareholders authorised an increase to the aggregate amount
of fees paid to Non-executive Directors, in any one financial year, (as set out in article 101 of the Articles of Association of the
Company) be increased from £100,000 to £125,000. This increase ensures that the Company has sufficient headroom to pay the
fees of non-executive directors given the increase in the number of non-executive directors in recent years.
28
173449 Crossword Cybersecurity Front-end.indd 28
173449 Crossword Cybersecurity Front-end.indd 28
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�The remuneration of the Directors who served during the year was as follows:
Directors’ remuneration
Basic Salary and
fees
Bonus
£’000
Taxable benefits
£’000
Executive Directors
Thomas IIube CBE
Mary Dowd
Non Executive Directors
Sir Richard Dearlove
Ruth Anderson
Andrew Gueritz
Gordon Matthew
David Secher
David Stupples
Total
£4,801
–
£50,000
£130,000
£128,750
10,000
8,477
£25,000
£9,500
£11,833
£12,000
£11,833
£12,000
Employer’s
Pension
contributions
£’000
Total
£’000
£1,188
£1,188
£145,989
£138,415
£75,000
£9,500
£11,833
£12,000
£11,833
£12,000
£340,966
£0
£54,801
£2,376
£416,570
DIRECTORS’ SHAREHOLDINGS AND SHARE INTERESTS
The table below sets out the Directors’ interests in the ordinary shares of the Company as at 31 December 2019. There have been
no changes in the current Directors’ interests in shares or options granted by the Company between the end of the financial year
and 24 April 2020.
Name
Thomas Ilube*
Dr David Secher
David Stupples
Number of Issued Ordinary Shares
% of Issued Shares
1,382,112
26,365
5,263
29.52%
0.56%
0.11%
*
Thomas Ilube’s shareholding is made up of 1,251,668 shares held by him personally and 130,444 held by Share Nominees Limited on his
behalf. Thomas Ilube, and connect investors (together the “Concert Party”) are deemed to be acting in concert for the purposes of the
Takeover Code. The Concert Party owns in aggregate 1,408,739 Ordinary Shares representing 30.00 per cent. of the Company’s Share Capital.
SHARE OPTION AND INCENTIVISATION ARRANGEMENTS
The Board considers employee share ownership to be an important part of its strategy for employee incentivisation and retention.
The Group has established share option programmes that entitle certain employees to purchase shares in the Company. These
were issued in July 2014, November 2014, July 2015, December 2015, January 2016, June 2016, September 2016, June 2017,
January 2018, May 2018, July 2018, October 2018, June 2019 and November 2019. There are no performance conditions attaching
to these options.
During the year, the Company cancelled the share option programme in Crossword Consulting Limited and issued 3,000 Crossword
Cybersecurity plc share options at the prevailing price in the Company to replace the Crossword Consulting Limited 24,500
outstanding share options. In March 2020, the Company put in place an incentive arrangement for Stuart Jubb, the Managing
Director of Crossword Consulting Limited, which is designed to incentivise him with entrepreneurial-style rewards commensurate
with the achievement of a growth in enterprise value of that Company.
173449 Crossword Cybersecurity Front-end.indd 29
173449 Crossword Cybersecurity Front-end.indd 29
29
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Corporate Governance Report continued
The Directors hold the following shares under option:
Name
Sir Richard Dearlove
Sir Richard Dearlove
Sir Richard Dearlove
Sir Richard Dearlove
Dr David Secher
Professor David Stupples
Gordon Matthew
Mary Dowd
Mary Dowd
Total
Date of grant
Number of Ordinary
Shares under option
Exercise Price
Vesting Conditions
Expiry Date
03/10/2016
25/05/2018
03/06/2019
28/11/2019
18/07/2014
18/07/2014
20/07/2015
24/10/2018
03/06/2019
13,158
6,757
4,587
5,208
15,000
35,000
5,000
7,936
10,000
102,646
£1.90
£3.70
£5.45
£4.80
£0.54
£0.54
£1.90
£3.15
£5.45
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
(1)
03/10/2026
25/05/2028
02/06/2029
28/11/2029
17/07/2024
17/07/2024
19/07/2025
24/10/2028
02/06/2029
(1) Option Shares to vest in three equal tranches on the first, second and third anniversary of the date of grant.
In addition, the Company has issued 86,243 options to members of staff and a former Director, John Bottomley.
EMI SHARE OPTION PLAN
The Company has established an enterprise management incentive share option plan under scheme rules dated 21 May 2014
(“EMI Option Plan”) for the purposes of recruiting and retaining its staff. The Company may grant an Option intended to be a
qualifying option under the Income Tax (Earnings and Pensions) Act 2003 (“ITEPA 2003”) (“EMI Option”) to any eligible employee it
chooses, subject to the limitations and conditions of the EMI Option Plan. EMI Options may not be granted where prohibited by law
or any corporate governance code which applies to the Company or after the tenth anniversary of the date of the EMI Option Plan.
Andrew Gueritz
Chair, Remuneration Committee
24 April 2020
30
173449 Crossword Cybersecurity Front-end.indd 30
173449 Crossword Cybersecurity Front-end.indd 30
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
�STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
Directors’ Report & Statement of
Directors’ Responsibilities
Directors’ Report
This Directors’ Report includes the information required to be included under the Companies Act 2006 or, where provided
elsewhere, an appropriate cross-reference is given. The Corporate Governance Report approved by the Board is provided on pages
14 to 39 and incorporated by reference into this Directors’ Report.
Principal activity, review of the business and future developments
Crossword Cybersecurity plc (08927013) is a public company, limited by shares, incorporated in the United Kingdom under the
Companies Act, with operations in the UK and Poland. Its shares are traded on AIM, a sub market of the London Stock Exchange
(‘AIM’).
The Company has two principal areas of activity, being (i) the development and commercialisation of university research based
cyber security related software and (ii) cyber security consulting. More details on the strategy, nature of the Group’s operations and
future developments are set out in the Strategic report on pages 1 to 11.
Share capital and rights attaching to the shares
The number of shares in issue as at the date of publication of this report was 4,694,560 (31 December 2019: 4,681,227) ordinary
shares of £0.05, each with one vote.
In accordance with applicable laws and the Company’s Articles of Association, holders of ordinary shares are entitled to:
• Receive shareholder documentation including the notice of any general meeting;
•
•
Attend, speak and exercise voting rights at general meetings, either in person or by proxy; and
A dividend, where declared and paid out of profits available for such purposes. On a return of capital on a winding up, holders
of ordinary shares are entitled to participate in such a return.
Articles of Association
The Company’s Articles of Association can only be amended by special resolution and are available at
https://www.crosswordcybersecurity.com/wp-content/uploads/2019/12/Update-Articles.pdf
Engagement with Employees
With the continuing growth in staff numbers, the Directors recognise the need to ensure excellence in engagement with employees.
Two Staff Away Days took place during 2019 with feedback from staff forming a prioritised Action Plan.
Included was an action to ensure that the Company’s culture is maintained during its growth. To this effect, a project to define
the Company’s culture was started. At the end of this project, the Company will be in a position to state its values and expected
behaviours.
Engagement with charities was another action from the Away Days. In 2019, the Company supported three charities. In Richmond,
Surrey, the Company is working with SPEAR, a charity for people experiencing homelessness in South West London. In Krakow,
Poland, the Company supported Noble Gift, a charity which provides aid in the form of Christmas gifts in response to the actual
needs of the recipients, providing an impulse for change and motivation for them to become independent and take responsibility for
their lives. Additionally the Company support Macmillan Cancer Support.
Powers of Directors
The Directors may exercise powers subject to applicable legislation and regulations and the Company’s Articles of Association.
The Directors in office at the date of this Annual Report are shown on pages 14 to 16.
Directors’ conflict of interest
The Board may authorise, to the fullest extent permitted by law any matter which, if not so authorised, would or may result in a
Director infringing his or her duty to avoid a situation in which he/she can have a direct or indirect interest that conflicts, or possibly
may conflict, with the interests of the Company and which may reasonably be regarded as likely to give rise to a conflict of interest.
The Company has effective procedures in place to monitor and deal with conflicts of interest. The Board is aware of the other
commitments and interests of its Directors, and changes to these commitments and interests are reported to and, where
appropriate, agreed with the rest of the Board.
173449 Crossword Cybersecurity Front-end.indd 31
173449 Crossword Cybersecurity Front-end.indd 31
31
25/04/2020 00:03
25/04/2020 00:03
�Directors’ Report & Statement of
Directors’ Responsibilities continued
Directors’ Insurance and Indemnity
The Group maintains Directors’ and Officers’ liability insurance which gives appropriate cover for any legal action brought against
its Directors. In accordance with Section 234 of the Companies Act 2006, qualifying third party indemnity provisions are in place for
the Directors in respect of liabilities incurred as a result of their office to the extent permitted by law.
Purchase of own shares
The Company has not acquired any of its own shares in the period to 31 December 2019, nor in the period up to the date of approval
of this Annual Report.
Subsequent events
On 20th April the Company announced that it has undertaken a fundraising of approximately £1million through a placing and
proposed subscription of Crossword ordinary shares of 5p each (“Ordinary Shares”) at a price of 230 pence per share.
Dividend
The Directors do not intend that the Company will declare a dividend in the near term, but instead channel the available cash
resources into funding the expansion of the Group. The Board intends to commence the payment of dividends only when it becomes
commercially prudent to do so, having regard to the Group’s earnings, financial position, cash requirements and availability of
distributable profits, as well as the provisions of relevant laws and/or generally accepted accounting principles from time to time.
Political donations
No political donations have been made during this financial year.
Principal shareholder
Tom Ilube is the Company’s principal shareholder, holding a total of 1,382,112 ordinary shares, representing 29.44 per cent. of the
voting rights attached to the current issued share capital of the Company. Of the 1,382,112 shares held, 1,251,668 shares are held
by Tom Ilube directly and 130,444 shares are held on his behalf by Share Nominees Limited.
Annual General Meeting
The Annual General Meeting of the Company will be held on the 14th of May, 2020 at 3pm at 60 Gracechurch Street,
London EC3V 0HR. The Notice of Meeting will be available to view on the Company’s website in advance of that meeting.
Approval of Directors’ Report
This Directors’ Report, including the Corporate Governance Statement, was approved for and on behalf of the Board on
24 April 2020.
Statement of Directors’ Responsibilities in respect of the Annual Report and the
Financial Statements
The Directors are responsible for preparing the Annual Report and the financial statements in accordance with applicable law and
regulations.
Company law requires the Directors to prepare financial statements for each financial year. Under that law the Directors have
elected to prepare the financial statements in accordance with International Financial Reporting Standards (IFRSs), as adopted by
the European Union, and parent company financial statements, in accordance with International Financial Reporting Standards,
(IFRSs), as adopted by the European Union. Under Company law, the Directors must not approve the financial statements unless
they are satisfied that they give a true and fair view of the state of affairs and profit or loss of the Group and parent company for that
period. In preparing the financial statements, the Directors are required to:
Select suitable accounting policies and then apply them consistently;
•
• Make judgements and accounting estimates that are reasonable and prudent;
•
State whether applicable IFRSs, as adopted by the European Union, have been followed for the Group financial statements and
IFRSs, as adopted by the European Union, have been followed for the Company financial statements, subject to any material
departures disclosed and explained in the financial statements; and
• Prepare the financial statements on the going concern basis, unless it is inappropriate to presume that the Group and parent
company will continue in business.
32
173449 Crossword Cybersecurity Front-end.indd 32
173449 Crossword Cybersecurity Front-end.indd 32
25/04/2020 00:03
25/04/2020 00:03
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
�The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Group and
parent company’s transactions and disclose with reasonable accuracy at any time the financial position of the Group and parent
company and enable them to ensure that the financial statements and the Directors’ Remuneration Report comply with the
Companies Act 2006 and, as regards the Group financial statements, Article 4 of the IAS Regulation. They are also responsible for
safeguarding the assets of the Group and parent company and, hence, for taking reasonable steps for the prevention and detection
of fraud and other irregularities.
The Directors are responsible for the maintenance and integrity of the parent company’s website. Legislation in the United
Kingdom governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions.
Responsibility Statement of the Directors in respect of the Annual Report and Accounts
The Directors consider that the annual report and accounts, taken as a whole, is fair, balanced and understandable and provides
the information necessary for shareholders to assess the Group and parent company’s position, performance, business model and
strategy.
Each of the Directors, whose names and functions are listed in the Corporate Governance Section confirm to the best of our
knowledge, that:
•
•
•
•
The parent company and Group financial statements, prepared in accordance with International Financial Reporting Standards
as adopted by the European Union and Article 4 of the IAS Regulation, give a true and fair view of the assets, liabilities,
financial position and profit or loss of the Company and the undertakings included in the consolidation as a whole; and
The Annual Report, includes a fair review of the development and performance of the business and the position of the
Company and the undertakings included in the consolidation taken as a whole, together with a description of the principal
risks and uncertainties that they face; and
The annual report and accounts, taken as a whole, is fair, balanced and understandable and provides the information
necessary for the shareholders to assess the Group and parent company’s position, performance, business model and
strategy; and
The strategic report includes a fair review of the development and performance of the business and the position of the Group
and parent company, together with a description of the principal risks and uncertainties that it faces.
Disclosure of information to the auditors
• We, the directors of the company who held office at the date of approval of these Financial Statements as set out above each
confirm, so far as we are aware, that:
– there is no relevant audit information of which the company’s auditors are unaware; and
– we have taken all the steps that we ought to have taken as directors in order to make ourselves aware of any relevant audit
information and to establish that the company’s auditors are aware of that information.
This Statement of Responsibilities and the Directors Report were approved by the Board on 24 April 2020.
Tom IIube
Chief Executive Officer
24 April 2020
173449 Crossword Cybersecurity Front-end.indd 33
173449 Crossword Cybersecurity Front-end.indd 33
33
25/04/2020 00:03
25/04/2020 00:03
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS
�Independent Auditor’s Report
To the Members of Crossword Cybersecurity plc
1. Our Opinion
We have audited the financial statements of Crossword Cybersecurity Plc for the year ended 31 December 2019.
Statement of Financial Positions
The financial statements that we have audited comprise:
• Consolidated Statement of Comprehensive Income
•
•
Statement of Changes in Equity
• Consolidated Statement of Cashflows
• Notes 1 to 22 of the financial statements, including the accounting policies.
The financial reporting framework that has been applied in their preparation is applicable law and International Financial
Reporting Standards (IFRSs) as adopted by the European Union.
IN OUR OPINION:
•
the financial statements give a true and fair view of the state of the Group’s and of the Company’s affairs as at 31 December
2019 and the Group’s loss for the year then ended;
•
•
the financial statements have been properly prepared in accordance with International Financial Reporting Standards (IFRS)
as adopted by the European Union; and
the financial statements have been prepared in accordance with the requirements of the Companies Act 2006.
2. Basis for opinion
We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our
responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial
Statements section of our report. We are independent of the Company in accordance with the ethical requirements that are
relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and
we have fulfilled our ethical responsibilities in accordance with those requirements. We believe that the audit evidence we have
obtained is sufficient and appropriate to provide a basis for our opinion.
3. Material uncertainty regarding going concern
We draw your attention to note 1.3 in the financial statements which states that the group incurred substantial losses during
the year and the continued requirements for successful future equity or debt fund raising. The impact of this together with other
matters set out in the note, indicate that a material uncertainty exists that may cast significant doubt on the group’s ability to
continue as a going concern. Our opinion is not modified in respect of this matter.
OVERVIEW
Materiality
Group
Company
Key audit matters
Group
£72K
2% of aggregate of cost of sales and administrative expenses
£54
2% of aggregate of costs of sales and administrative expenses
•
Accuracy of measurement of amounts arising from lease contracts and the presentation
and disclosures of those amounts.
• Completeness of revenue.
•
Accuracy of classification and measurement of the convertible loan notes issued during the
year.
Company
•
Assessment of the recoverability of debt finance provided to subsidiary
34
173449 Crossword Cybersecurity Front-end.indd 34
173449 Crossword Cybersecurity Front-end.indd 34
25/04/2020 00:04
25/04/2020 00:04
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�4. Key audit matters
Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial
statements of the current period and include the most significant assessed risks of material misstatement (whether or not due
to fraud) that we identified. These matters included those matters which had the greatest effect on: the overall audit strategy,
the allocation of resources in the audit; and directing the efforts of the engagement team and, as required for listed entities, our
results from those procedures. These matters were addressed in the context of our audit of the financial statements as a whole,
and in forming our opinion thereon, and we do not provide a separate opinion on these matters.
Accuracy of measurement of the group’s right to use assets held under operating leases
The Risk
Our response
As described in the notes 1.2 and 12 of the
financial statements the group has implemented
IFRS 16 ‘Leases’ with effect from 1 January 2019.
The new standard requires lessees to make
substantial changes to the measurement and
presentation of lease contracts. The recognition of
new lease liabilities and rights to use assets will
require the exercise of judgement and the use of
significant estimation techniques by management.
There are also complex rules applicable to
transition and the use of exemptions and practical
expedients. These factors all increase the risk of a
material misstatement.
We reviewed the accounting policy to be adopted by management and
assessed its consistency with the requirements of IFRS 16. We reviewed
and discussed the approach to transition with management to confirm that
material contracts had been correctly identified. We tested managements
calculations of the lease liability and assessed the reasonableness of
judgements made regarding the incremental rate of borrowing and
the expected term of the lease. We considered the presentation and
measurement of the right to use asset and the reasonableness of the
estimated useful life of this asset. We also considered management’s
assessment of whether there were any indications of impairment of the
right to use asset. We assessed whether the appropriate disclosures
regarding the nature of the lease contracts and the associated capital
commitments has been adequately disclosed in the financial statements.
We also considered the reasonableness of managements basis for applying
relevant exemptions or practical expedients and confirmed that these had
been appropriately disclosed in the financial statements.
Result of our procedures
We concluded that amounts in respect of lease contracts have been appropriately measured and presented in the financial
statements and that the disclosures in respect of these amounts meet the requirements of IFRS 16.
Completeness of revenue
The Risk
Our response
Our procedures included assessing the design and implementation of key
controls around the recognition of revenue recognition and detailed testing
of the revenue cycles in the group’s business. In addition, we performed
substantive analytical review procedures to determine that the revenue
recorded in the financial statements was complete.
There is a risk that revenue is incomplete due
to inaccurate recording of revenue based on
assessing when the group has satisfied the
performance obligations where revenue may
be recognised in accordance with IFRS 15 -
Revenue from Contracts with Customers and its
5 step model for revenue recognition. The risk
arises from the group having differing streams
of revenue where the point of revenue may be
recognised at a point in time or over a period of
time under the percentage of completion method.
Result of our procedures
We concluded that revenue was complete and had been accurately recorded in the financial statements.
173449 Crossword Cybersecurity Front-end.indd 35
173449 Crossword Cybersecurity Front-end.indd 35
35
25/04/2020 00:04
25/04/2020 00:04
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Independent Auditor’s Report continued
To the Members of Crossword Cybersecurity plc
Accuracy of classification and measurement of the convertible loan notes issued during the year
The Risk
Our response
There is a risk that the convertible loan notes
of £1.4M issued in December 2019 are not
presented in accordance with IAS 32 – Financial
Instruments: Presentation and if the convertible
loan notes are not presented correctly they may
be measured in error in accordance with IFRS 9 –
Financial Instruments.
Result of our procedures
Our procedures included an assessment of the presentation of the financial
instrument based on the underlying terms and conditions of the convertible
loan notes and that they are accurately measured and recorded in the
financial statements.
We concluded that the classification and measurement of the convertible loan notes were accurately recorded in the financial
statements.
Assessment of the recoverability of debt finance provided to subsidiary
The Risk
Our response
There is a risk that the debt due from the group’s
subsidiary may not be recoverable.
Our procedures included an assessment of the business plan of the group
and the subsidiary and management’s plans and intentions regarding the
payment of the loan and an assessment of the subsidiary’s ability to be able
to repay the loan.
Result of our procedures
We concluded that based on management’s plans and intentions that the loan to the subsidiary was recoverable.
5. Our application of materiality
Our definition of materiality considers the value of error or omission on the financial statements that would change or influence
the economic decision of a reasonably knowledgeable person. Materiality is used in planning the scope of our work, executing that
work and evaluating the results.
Materiality in respect of the group was set at £72K and for the parent company was £54K which was determined based on 2% of
sales and administrative expenses.
6. An overview of the scope of our audit
The group consists of three reporting components of which two were considered to be significant components of the group,
Crossword Cybersecurity Plc and Crossword Consulting Limited. The significant components were subjected to full scope audits
for the purposes of our audit report on the group financial statements. The component not considered to be significant was
subject to specific risk focused audit procedures designed to address identified risks which could potentially result in material
misstatement of the group financial statements.
Our audit of the group financial statements also involved the use of a component auditor. The group audit team provided
comprehensive instructions to the component auditor of Crossword Cybersecurity z.o.o. These instructions included specific
procedures to be performed. Those instructions also included an assessment of component materiality which was set at £4.2K.
The group audit team discussed and agreed the proposed approach to the audit procedures to be performed and the nature and
form of their reporting on the results of their work. The group team conducted reviews of the working papers prepared by the
component auditors via remote enquiries of the component auditor.
36
173449 Crossword Cybersecurity Front-end.indd 36
173449 Crossword Cybersecurity Front-end.indd 36
25/04/2020 00:04
25/04/2020 00:04
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
�Revenue
Total assets
Loss for the year before tax
Identified misstatements reported to the audit committee
Group reported
Company reported
Identified misstatements
£1.3M
£2.4M
£2.1M
£0.6M
£2.8M
£1.9M
£Nil
£Nil
£Nil
7. Capability of the audit in detecting irregularities, including fraud
As part of our audit we identify and assess the risks of material misstatement of the financial statements, whether due to fraud or
error, and then design and perform audit procedures responsive to those risks, including obtaining audit evidence that is sufficient
and appropriate to provide a basis for our opinion.
We evaluated management’s incentives and opportunities for fraudulent manipulation of the financial statements (including the
risk of override of controls), and determined that the principal risks were related to posting inappropriate journal entries to both
reduce costs and inflate operating profit, and management bias in accounting estimates.
Audit procedures performed by the engagement team included, but were not limited to:
• Obtaining an understanding of the legal and regulatory frameworks that the group and company operates in, focusing on
those laws and regulations that had a direct effect on the financial statements. The key laws and regulations we considered in
this context included UK Companies Act, AIM regulations and applicable tax legislation. In addition, we considered compliance
with the UK Bribery Act and employee legislation, as fundamental to the group and company’s operations;
• Discussing among the engagement team regarding how and where fraud might occur in the financial statements and any
potential indicators of fraud;
• Discussions with group and company management and the audit committee, including consideration of known or suspected
•
•
•
instances of non-compliance with laws and regulations and fraud;
Enquiring of the audit committee concerning actual and potential litigation and claims;
Evaluation of the operating effectiveness of management’s controls designed to prevent and detect irregularities;
Assessment of matters reported on the group and company’s whistleblowing helpline and the results of management’s
investigation of such matters;
• Reading key correspondence with regulatory authorities such as the Financial Reporting Council; and
• Challenging assumptions and judgements made by management in their significant accounting estimates, in particular with
respect to the classification and measurement of the convertible loan notes.
There are inherent limitations in the audit procedures described above and the further removed non-compliance with laws and
regulations is from the events and transactions reflected in the financial statements, the less likely we would become aware of
it. Also, the risk of not detecting a material misstatement due to fraud is higher than the risk of not detecting one resulting from
error, as fraud may involve deliberate concealment by, for example, forgery or intentional misrepresentations, or through collusion.
We also communicated relevant identified laws and regulations and potential fraud risks to all engagement team members
including internal specialists and remained alert to any indications of fraud or non-compliance with laws and regulations
throughout the audit.
We did not identify any key audit matters relating to irregularities, including fraud.
173449 Crossword Cybersecurity Front-end.indd 37
173449 Crossword Cybersecurity Front-end.indd 37
37
25/04/2020 00:04
25/04/2020 00:04
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�Independent Auditor’s Report continued
To the Members of Crossword Cybersecurity plc
8. We have nothing to report on the other information in the Annual Report
The directors are responsible for the other information. The other information comprises the information included in the Annual
Report and Accounts, other than the financial statements and our auditor’s report thereon. Our opinion of the financial statements
does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form
of assurance conclusion thereon.
In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so,
consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in
the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material
misstatements, we are required to determine whether there is a material misstatement in the financial statements or a
material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material
misstatement of this other information, we are required to report that fact.
STRATEGIC REPORT AND DIRECTORS REPORT
In our opinion, based on the work undertaken in the course of the audit:
•
•
the information given in the strategic report and the directors’ report for the financial year for which the financial statements
are prepared is consistent with the financial statements; and
the strategic report and the directors’ report have been prepared in accordance with applicable legal requirements.
9. Matters on which we are required to report by exception
We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires is to report to
you if, in our opinion:
•
adequate accounting records have not been kept, or returns adequate for our audit have not been received by branches not
visited by us; or
the financial statements are not in agreement with the accounting records and returns; or
•
•
certain disclosures of directors’ remuneration specified by law are not made; or
• we have not received all the information and explanations we require for our audit.
10. Responsibilities of directors
As explained more fully in the directors’ responsibilities statement, the directors are responsible for the preparation of the financial
statements and for being satisfied that they give a true and fair view, and for such internal control as the directors determine is
necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or
error.
In preparing the financial statements, the directors are responsible for assessing the company’s ability to continue as a going
concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the
directors either intend to liquidate the company or to cease operations, or have no realistic alternative but to do so.
11. Auditor’s responsibilities for the audit of the financial statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material
misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance
is a high level of assurance but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a
material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or
in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial
statements.
38
173449 Crossword Cybersecurity Front-end.indd 38
173449 Crossword Cybersecurity Front-end.indd 38
25/04/2020 00:04
25/04/2020 00:04
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019�As part of an audit in accordance with ISAs (UK), we exercise professional judgement and maintain professional scepticism
throughout the audit. We also:
•
Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and
perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a
basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting
from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal
control.
• Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in
the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the group and company’s internal
control.
•
•
Evaluate the appropriateness of accounting policies used and reasonableness of accounting estimates and related disclosures
made by the directors.
As noted in Section 3 it is our responsibility to conclude on whether a material uncertainty exists and on the appropriateness
of the directors’ use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material
uncertainty exists related to events or conditions that may cast significant doubt on the group and the company’s ability
to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our
auditor’s report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our
opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor’s report. However, future
events or conditions may cause the group and company to cease as a going concern.
•
Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether
the financial statements represent the underlying transactions and events in a manner that achieves fair presentation.
We communicate with the audit committee regarding, among other matters, the planned scope and timing of the audit and
significant audit findings, including any significant deficiencies in internal control that we identify during our audit.
12. Use of our report
This report is made solely to the Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act
2006. Our audit work has been undertaken so that we might state to the Company’s members those matters we are required to
state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume
responsibility to anyone other than the Company and the Company’s members as a body, for our audit work, for this report, or for
the opinions we have formed.
Rajeev Shaunak FCA
(Senior Statutory Auditor)
for and on behalf of MHA MacIntyre Hudson
Chartered Accountants and Statutory Auditor
6th Floor
2 London Wall Place
London
EC2Y 5AU
24 April 2020
173449 Crossword Cybersecurity Front-end.indd 39
173449 Crossword Cybersecurity Front-end.indd 39
39
25/04/2020 00:04
25/04/2020 00:04
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS�RIZIKON
CYBER RISK SUPPLIER ASSURANCE
NIXER
A MACHINE LEARNING CREDENTIAL STUFFING
& APPLICATION DDOS PLATFORM
173449 Crossword Cybersecurity Front-end.indd 40
173449 Crossword Cybersecurity Front-end.indd 40
25/04/2020 00:04
25/04/2020 00:04
�RIZIKON
CYBER RISK SUPPLIER ASSURANCE
NIXER
A MACHINE LEARNING CREDENTIAL STUFFING
& APPLICATION DDOS PLATFORM
2
0
1
9
A
N
N
U
A
L
R
E
P
O
R
T
&
A
C
C
O
U
N
T
S
3
.
F
I
N
A
N
C
I
A
L
S
T
A
T
E
M
E
N
T
S
173449 Crossword Cybersecurity Front-end.indd 41
173449 Crossword Cybersecurity Front-end.indd 41
25/04/2020 00:04
25/04/2020 00:04
STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTS
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 25/04/2020 02:43 Page 42
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements
for Crossword Cybersecurity Plc company number 08927013
Consolidated Statement of Comprehensive Income
12 Months
ended
31st December
2019
£
12 Months
ended
31st December
2018
£
Notes
2
3
3
4
17
7
14
14
1,305,055
1,067,609
(1,431,648)
(1,013,521)
(126,593)
54,088
171,623
192,149
(2,185,170)
(2,335,228)
(32,200)
8,357
(24,351)
92,764
(45,751)
3,727
(1,237)
(2,095,570)
(2,132,252)
(5,878)
(8,052)
(2,101,448)
(2,140,304)
(5,354)
(13,542)
(2,106,802)
(2,153,846)
(0.47)
(0.42)
(0.55)
(0.44)
Revenue
Cost of Sales
Gross (loss)/profit
Other operating income – research & development tax credits
Administrative expenses
Share based payments
Finance income-bank interest receivable and foreign exchange
Finance costs-other interest payable
Gain on remeasurement of financial liabilities
Loss for the year before taxation
Tax expense
Loss for the Year
Other Comprehensive Income
Items that may be reclassified to profit or loss:
Foreign Exchange Translation Loss
Total comprehensive (loss)/profit
Earnings Per Share
Diluted Earnings Per Share
All results are derived from continuing operations
42
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 43
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
Statement of Financial Position as at 31 December
Non-Current Assets
Tangible assets
Right of Use assets
Investments in other unlisted investment & subsidiary
Total non-current assets
Current Assets
Trade and other receivables
Tax receivable
Cash and cash equivalents
Total current assets
TOTAL ASSETS
EQUITY
Attributable to the owners of the Company
Share Capital
Share premium account
Other reserves
Retained earnings
Translation of foreign operations
Total equity
LIABILITIES
Current Liabilities
Trade and other payables
Tax payable
Total current liabilities
Long Term Liabilities
Loan
Total long term liabilities
Total Liabilities
Total Equity & Liabilities
Notes
8
12
9
Group
2019
£
Company
2019
£
15,438
203,062
31
218,531
10,918
133,726
11,048
155,692
Group
2018
£
12,066
–
31
12,097
Company
2018
£
4,583
–
11,048
15,631
10
606,953
1,170,458
19,345
9,222
483,055
76,332
783,211
64,993
1,514,166
1,452,085
2,222,706
2,213,071
2,140,463
2,631,764
2,782,093
3,061,276
2,358,994
2,787,456
2,794,190
3,076,907
13
13
16
234,061
234,061
234,020
234,020
7,515,744
7,515,744
7,513,908
7,513,908
128,826
128,826
96,626
77,101
(7,428,818)
(6,914,714)
(5,327,370)
(4,999,370)
(11,367)
–
(6,013)
–
438,447
963,918
2,511,172
2,825,659
11
522,286
516,302
235,802
251,248
91,024
–
47,216
–
613,311
516,302
283,018
251,248
20
1,307,236
1,307,236
1,307,236
1,307,236
0
0
1,920,547
1,823,538
283,018
251,248
2,358,994
2,787,456
2,794,190
3,076,907
The financial statements were approved by the Board and authorised for issue on 24 April 2020. They were signed on its behalf by Tom Ilube Chief
Executive Officer.
43
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 44
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
Group
2019
£
Company
2019
£
Group
2018
£
Company
2018
£
234,022
234,022
39
39
159,173
74,849
159,173
74,849
234,061
234,061
234,022
234,022
7,513,906
7,513,906
3,555,522
3,555,522
1,838
1,838
3,958,384
3,958,384
7,515,744
7,515,744
7,513,906
7,513,906
96,626
32,200
77,101
51,725
128,826
128,826
50,875
45,751
96,626
50,875
26,226
77,101
(5,327,370)
(4,999,370)
(3,187,066)
(2,947,789)
(2,101,448)
(1,915,344)
(2,140,304)
(2,051,581)
(7,428,818)
(6,914,714)
(5,327,370)
(4,999,370)
(6,013)
(5,354)
(11,367)
–
–
–
7,529
(13,542)
(6,013)
–
–
–
2,511,172
2,825,659
586,033
817,781
(2,106,802)
(1,915,344)
(2,153,846)
(2,051,581)
1,877
32,200
1,877
51,725
4,033,233
4,033,233
45,751
26,226
438,447
963,917
2,511,172
2,825,659
Statement of Changes in Equity
As At
Share Capital
At 1st January
Issue of shares
At 31st December
Share Premium
At 1st January
Issue of shares
At 31st December
Equity Reserve
At 1st January
Employee share schemes – value of employee services
At 31st December
Retained Earnings
At 1st January
Loss for the period
At 31st December
Translation of Foreign Operations
At 1st January
Translation of Foreign Operations
At 31st December
Total
At 1st January
Loss for the period
Issue of shares
Share based Payments
At 31st December
44
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 45
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
Consolidated Statement of Cashflows
Years
Cashflows From Operating Activities
Loss for the year/period
Movement in trade and other receivables
Movement in trade and other payables
Depreciation and amortisation
Non cash Financial Instrument stated at amoritised cost
Non cash employee benefits
Net Cashflow from Operating Activities
Cashflow From Investing Activities
Purchase of tangible assets
Purchase of right to use assets
Purchase of shares in other unlisted investment
Net Cashflow from Investing Activities
Cashflows From Financing Activities
Proceeds from issue of ordinary shares
Proceeds from issue of debt
Net Cash Inflow from Financing Activities
Net Increase in Cash & Cash Equivalents
Foreign Currency Translation Difference
Cash and Cash Equivalent at the beginning of the period
Cash and Cash Equivalent at the end of the period
12 Months
ended
31st December
2019
£
12 Months
ended
31st December
2018
£
Notes
(2,101,448)
(2,140,304)
(66,911)
330,292
147,281
(92,764)
32,200
(383,807)
190,942
5,592
45,751
(1,751,350)
(2,281,826)
8
9
(9,657)
(344,058)
(5,250)
–
–
(353,715)
(5,250)
1,877
4,033,233
1,400,000
1,401,877
4,033,233
(703,186)
1,746,158
(5,354)
2,222,706
(13,542)
490,090
1,514,165
2,222,706
45
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 46
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
Notes to the Financial Information
1 Accounting Policies
1.1 The Group and its operations
Crossword Cybersecurity plc (the “Company”) is a Company incorporated on 6 March 2014 in the United Kingdom under the Companies Act
2006. The Company is the parent company of the Crossword Group of Companies focusing on the cybersecurity sector. The principal activities
are the development and commercialisation of university research-based cyber security related software and cybersecurity consulting.
The financial information includes the results of the Company and its subsidiaries (together referred to as the “Group” and individually as
“Group entities”).
The principal accounting policies applied in the preparation of the financial information are set out below. These policies have been
consistently applied to all the periods presented, unless otherwise stated.
1.2 Basis of preparation of financial information
The financial information has been prepared in accordance with the requirements of the London Stock Exchange plc AIM Rules for
Companies and in accordance with International Financial Reporting Standards (“IFRS”) and IFRS Interpretations Committee (“IFRS IC”)
interpretations as adopted by the European Union and the Companies Act 2006 applicable to companies reporting under IFRS.
The financial information has been prepared on the historical cost basis. The preparation of financial information in conformity with IFRS
requires the use of certain critical accounting estimates. It also requires management to exercise its judgement in the process of applying the
Group’s accounting policies. Changes in assumptions may have a significant impact on the financial information in the year the assumptions
changed. Management believes that the underlying assumptions are appropriate. The areas involving a higher degree of judgement or
complexity, or areas where assumptions and estimates are significant to the financial information are disclosed in note 1.16.
Changes in accounting policy and disclosures
The Group has adopted the following new and amended IFRS from 1 January 2019 prospectively in the consolidated financial information.
There has not been a material impact to the Group when adopting these new and amended IFRSs:
IFRS16 – Leases, applicable for financial years beginning on/after 1 January 2019
IFRS 16 replaces IAS 17 Leases and will primarily change lease accounting, with lessor accounting under IFRS 16 expected to be similar to
lessor accounting under IAS 17. Lessee accounting under IFRS 16 will be similar in many respects to IAS 17 accounting for finance leases,
but is expected to be substantively different to existing accounting for operating leases.
Where a contract meets IFRS 16’s definition of a lease and the Group acts as a lessee, lease agreements will give rise to the recognition of a
non-current asset representing the right to use the leased item, and a loan obligation for future lease payables on the Group’s balance sheet.
The change in accounting policy is made in accordance with the transitional provisions.
Lease costs will be recognised in the form of depreciation of the right-of-use asset and interest on the lease liability, which may impact the
phasing of operating profit and profit before tax, compared to existing cost profiles and presentation in the income statement, and will also
impact the classification of associated cash flows.
The impact of IFRS 16 – Leases will require the Group to record its current property leases and qualifying technology contracts on the
balance sheet giving rise to a right to use asset and a corresponding lease obligation. The leases impacted are currently treated as operating
expenses. The change in recognition is expected to increase depreciation charges and lead to a reduction in lease costs in the income
statement.
Other standards and interpretations yet to be adopted include:
IFRS 17 ‘Insurance Contracts’
Amendments to IFRS 2 ‘Share Based Payments’
Amendments to IFRS 11 ‘Accounting for Acquisition of Interests in Joint Operation’
Amendments to IFRS 9 ‘Prepayment Features with Negative Compensation’ Amendment
Amendment to IAS 40 ‘Transfer of Investment Property’
And are not expected to have a material impact of the future results of the Group.
46
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 47
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
1.3 Going Concern
The financial information are prepared on a going concern basis. The Group’s business model is being developed and its operations have
incurred a net loss in each period reported within this Financial Information whilst the Group’s products and services are bought to market. It
is forecast to continue to be loss making with net cash outflow as the business continues to develop its products and converts its pipeline into
sales. Operations have been supported by cash flow from customers and issue of equity and debt and business forecasts highlight the need
for the Group to continue to have further successful fundraising placements.
The directors have considered the Group’s future and forecast business and cash requirements. Following the completion of a successful
fundraise in April 2020, the directors have determined that the group has sufficient cash resources for the period through to early 2021, when
a further fundraising placement is forecast to be required. As part of their forecasting, the directors have considered various scenarios driven
by the uncertain impact of the COVID-19 pandemic, particularly on revenue, and have identified actions, including costs controls and taking
advantage of the Government schemes, which the company is in a position to action quickly if necessary. The full impact of COVID-19, the
continued level of government support and the underlying trading assumptions used in forecasting are judgemental and difficult to predict
and could be subject to significant variation and affect the timing of future fundraising.
The Directors have concluded that these circumstances and specifically the ongoing need for successful future fundraising give rise to a
material uncertainty. However, in light of the recent successful fund raise the directors are of the position that they can continue to adopt the
going concern basis in preparing the financial statements.
The financial statements do not include any adjustment that may arise in the event that the entity is unable to realise its assets and discharge
its liabilities in the normal course of business.
1.4 Basis of consolidation
Subsidiaries are fully consolidated from the date on which control is transferred to the Group. Control exists when then the Group has the
power, directly or indirectly, to govern the financial and operating policies of an entity so as to obtain benefits from its activities.
The purchase method of accounting is used to account for the acquisition of subsidiaries by the Group.
All intra-Group transactions balances income and expenses are eliminated on consolidation. Uniform accounting policies are applied by the
Group entities to ensure consistency.
1.5 Revenue
Revenue comprises the fair value of consideration received or receivable for licence income and the rendering of services in the ordinary
course of the Group’s activities. Revenue is shown net of value added tax and trade discounts. Income is reported as follows:
(a) Licence income
Technology and product licensing revenue represents amounts earned for licenses granted under licensing agreements, including up-
front payments. Revenues relating to up-front payments are recognised when the obligations related to the revenues have been
completed.
Revenues for maintenance and support services are recognised in the accounting periods in which the services are rendered.
(b) Rendering of Services
Services relate to implementation and deployment fees for the technology and products licensed to customers. Revenue is recognised in
the accounting periods in which the services are rendered.
1.6 Functional and presentation currency
The presentation currency of the Group is pounds sterling (GBP). The functional currency of the Company is pounds sterling. The functional
currency of the Company’s polish subsidiary is Polish Zloty (PLN).
1.7 Foreign currency transactions
Transactions in foreign currencies are translated to GBP at the exchange rates at the dates of the transactions. Monetary assets and
liabilities denominated in foreign currencies at the reporting date are translated to GBP at the exchange rate at that date.
Non-monetary assets and liabilities denominated in foreign currencies that are measured at fair value are translated to GBP at the exchange
rate at the date that the fair value was determined.
Foreign exchange differences arising on translation are recognised in the statement of comprehensive income.
On consolidation, the assets and liabilities of foreign operations are translated into GBP at the rate of exchange at the reporting date. Their
statements of profit or loss are transacted at exchange rates at the dates of transaction.
47
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 48
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
The exchange differences arising upon consolidation on retranslation from a functional currency other than GBP are recognised as a
separate component of equity.
1.8 Property, plant and equipment
Property, plant and equipment is stated at purchase price less accumulated depreciation and impairment losses. The cost includes all
expenses directly related to the purchase of a relevant asset.
All other repair and maintenance costs are charged to the income statement for the period during the reporting period in which they are
incurred.
1.9 Depreciation
Each item of property, plant and equipment is depreciated using the straight line method over the estimated useful life and depreciation
charge is included in the income statement for the period.
The depreciation is charged to the income statement for the period and determined using the straight line method over the estimated useful
life of the item of property, plant and equipment.
The expected useful lives of property, plant and equipment in the reporting and comparative periods are as follows:
Computers
Furniture & fittings
Useful lives in years
3.33
3.33
1.10 Impairment of non-financial assets
The residual value of an asset is the estimated amount that the Group would currently obtain from disposal of the asset less the estimated
costs of disposal, if the asset was already of the age and in the condition expected at the end of its physical life.
The assets’ residual values and useful lives are reviewed, and adjusted if appropriate, at each reporting date. Items costing less than £2,000
per individual asset are written off in the period of acquisition.
At the end of each reporting period management assesses whether the indicators of impairment of property, plant and equipment exists.
The carrying amounts of property, plant and equipment and all other non-financial assets are reviewed for impairment if there is any
indication that the carrying amount may not be recoverable.
For the purpose of impairment testing the recoverable amount is measured by reference to the higher of value in use (being the net present
value of expected future cashflows of a relevant cash generating unit) and fair value less costs to sell (the amount obtainable from the sale of
an asset or cash generating unit in an arm’s length transaction between knowledgeable, willing parties who are independent from each other
less the costs of disposal).
Where there is no binding sale agreement or active market, fair value less costs to sell is based on the best information available to reflect
the amount the Group would receive for the cash generating unit.
A cash generating unit is the smallest identifiable group of assets that generates cash inflows that are largely independent of the cash
inflows from other assets or groups of assets.
If the carrying amount of the asset exceeds its recoverable amount, the asset is impaired and an impairment loss is charged to the income
statement so as to reduce the carrying amount in the statement of financial position to its recoverable amount.
A previously recognised impairment loss is reversed if the recoverable amount increases as a result of a reversal of the conditions that
originally resulted in the impairment.
This reversal is recognised in profit or loss for the period and is limited to the carrying amount that would have been determined, net of
depreciation, had no impairment loss been recognised in prior years.
1.11 Financial Instruments
Financial assets and financial liabilities are recognised when the Company becomes a party to the contractual provisions of the instrument.
Financial assets and financial liabilities are initially measured at fair value. Transaction costs that are directly attributable to the acquisition or
issue of financial assets and financial liabilities (other than financial assets and financial liabilities at fair value through profit or loss) are
added to or deducted from the fair value of the financial assets or financial liabilities, as appropriate, on initial recognition. Transaction costs
directly attributable to the acquisition of financial assets or financial liabilities at fair value through profit or loss are recognised immediately
in the statement of comprehensive income.
48
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 49
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
All financial instruments are classified in accordance with the principles of IFRS 9 Financial Instruments.
1.11a Financial assets
Classification of financial assets
Debt instruments that meet the following conditions are subsequently measured at amortised cost:
• the financial asset is held within a business model whose objective is to hold financial assets in order to collect contractual
cash flows; and
• the contractual terms of the financial asset give rise on specified dates to cash flows that are solely payments of principal
and interest on the principal amount outstanding.
Debt instruments that meet the following conditions are subsequently measured at FVTOCI:
• the financial asset is held within a business model whose objective is achieved by both collecting contractual cash flows and
selling the financial assets; and
• the contractual terms of the financial asset give rise on specified dates to cash flows that are solely payments of principal
and interest on the principal amount outstanding.
By default, all other financial assets are subsequently measured at FVTPL.
Amortised cost and effective interest method
The effective interest method is a method of calculating the amortised cost of a debt instrument and of allocating interest income
over the relevant period.
For financial instruments other than purchased or originated credit-impaired financial assets, the effective interest rate is the rate
that exactly discounts estimated future cash receipts (including all fees and points paid or received that form an integral part of the
effective interest rate, transaction costs and other premiums or discounts) excluding expected credit losses, through the expected life
of the debt instrument, or, where appropriate, a shorter period to the gross carrying amount of the debt instrument on initial
recognition. For purchased or originated credit-impaired financial assets, a credit-adjusted effective interest rate is calculated by
discounting the estimated future cash flows, including expected credit losses, to the amortised cost of the debt instrument on initial
recognition.
The amortised cost of a financial asset is the amount at which the financial asset is measured at initial recognition minus the
principal repayments, plus the cumulative amortisation using the effective interest method of any difference between that initial
amount and the maturity amount, adjusted for any loss allowance. On the other hand, the gross carrying amount of a financial asset
is the amortised cost of a financial asset before adjusting for any loss allowance.
Impairment of financial assets
The Company recognises a loss allowance for expected credit losses on financial assets that are measured at amortised cost. The
amount of expected credit losses is updated at each reporting date to reflect changes in credit risk since initial recognition of the
respective financial instrument.
Expected credit loss measurement
IFRS 9 outlines a ‘three-stage’ model for impairment based on changes in credit quality since initial recognition as summarised
below:
• A financial instrument that is not credit-impaired on initial recognition is classified in “Stage 1” and has its credit risk
continuously monitored by the Company.
• If a significant increase in credit risk (“SICR”) since initial recognition is identified, the financial instrument is moved to
“Stage 2” but is not yet deemed to be credit-impaired.
• If the financial instrument is credit-impaired, the financial instrument is then moved to “Stage 3”.
• Financial instruments in Stage 1 have their ECL measured at an amount equal to the portion of lifetime expected credit
losses that result from default events possible within the next 12 months. Instruments in Stages 2 or 3 have their ECL
measured based on expected credit losses on a lifetime basis.
• A pervasive concept in measuring ECL in accordance with IFRS 9 is that it should consider forward-looking information.
• Purchased or originated credit-impaired financial assets are those financial assets that are credit-impaired on initial
recognition. Their ECL is always measured on a lifetime basis (Stage 3).
49
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 50
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
1.11b Financial liabilities and equity
Debt and equity instruments are classified as either financial liabilities or as equity in accordance with the substance of the
contractual arrangement.
Equity instruments
An equity instrument is any contract that evidences a residual interest in the assets of an entity after deducting all of its liabilities.
Equity instruments issued by the Company entity are recognised at the proceeds received, net of direct issue costs.
Financial liabilities
All financial liabilities are subsequently measured at amortised cost using the effective interest method or at “Fair Value Through
Profit or Loss” (“FVTPL”).
Financial liabilities at FVPL
Financial liabilities are classified as at FVTPL when the financial liability is 1) contingent consideration of an acquirer in a business
combination to which IFRS 3 applies, 2) held for trading, or 3) it is designated as at FVTPL.
Financial liabilities subsequently measured at amortised cost
Financial liabilities that are not 1) contingent consideration of an acquirer in a business combination, 2) held-for-trading, or 3)
designated as at FVTPL, are subsequently measured at amortised cost using the effective interest method.
The effective interest method is a method of calculating the amortised cost of a financial liability and of allocating interest expense
over the relevant period. The effective interest rate is the rate that exactly discounts estimated future cash payments (including all
fees and points paid or received that form an integral part of the effective interest rate, transaction costs and other premiums or
discounts) through the expected life of the financial liability, or (where appropriate) a shorter period, to the amortised cost of a
financial liability.
Derecognition of financial liabilities
The Company derecognises financial liabilities when, and only when, the Company’s obligations are discharged, cancelled or they
expire. The difference between the carrying amount of the financial liability derecognised and the consideration paid and payable,
including any non-cash assets transferred or liabilities assumed, is recognised in the statement of comprehensive income.
1.12 Financial Instruments – Risk
The Group could be exposed to risks that arise from its use of financial instruments.
Risks in relation to financial assets include:
1.12.1 Market risk
Market risk covers foreign exchange risk, price risk and interest rate risk.
As the majority of the Group’s transactions are either in Sterling or in Polish Zloty the Group considers its exposure to foreign
exchange risk to be minimal.
There are no derivatives and hedging instruments.
The Group is not exposed to price risk given that no securities are held under financial assets.
The Group is not exposed to interest rate or cash flow risk due to the fact that the Group has no borrowing or complex financial
instruments.
1.12.2 Credit risk
Credit risk is considered to be the risk of financial loss incurred by the Group in the event that a customer or counterparty to an
asset fails to meet contractual obligations.
The Group does not consider credit risk to be significant given the type of services it provides.
1.12.3 Liquidity risk
Management monitor rolling forecasts of the Group’s liquidity reserves, cash and cash equivalents on the basis of expected cash
flows and therefore monitors liquidity risk sufficiently.
50
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 51
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
1.13 Research and development
Research and development expenditure is written off as incurred.
1.14 Taxes
Income Taxes include all taxes based upon the taxable profits of all Group companies. Other taxes not based on income such as property and
capital taxes are included within operating expenses or financial expenses according to their nature.
Deferred income tax is provided using the liability method on temporary differences between the tax bases of assets and liabilities and their
carrying amounts in the financial information.
Deferred income tax assets relating to the carry-forward of unused tax losses are recognised to the extent that it is probable that future
taxable profit will be available against which the unused tax losses can be utilised.
Current and deferred income tax assets are offset when the income taxes are levied by the same taxation authority and when there is a
legally enforceable right to offset them.
1.15 Share Based Payments
On occasion, the Company has made share-based payments to certain Directors and employees by way of issue of share options. The fair
value of these payments is calculated by the Company using the binomial option valuation model.
The expense, where material, is recognised on a straight-line basis over the period from the date of award to the date of vesting, based on
the Company’s best estimate of the number of shares that will eventually vest.
1.16 Capital management
The Group considers its capital to comprise of its equity share capital, share premium, foreign exchange reserve, share options reserve and
capital redemption reserve, less its accumulated losses. Quantitative detail is shown in the consolidated statement of changes in equity.
The directors’ objective when managing capital is to safeguard the Group’s ability to continue as a going concern in order to provide returns
for the shareholder and benefits for other stakeholders and to maintain an optimal capital structure to reduce the cost of capital.
The directors monitor a number of KPIs at both the Group and individual subsidiary level on a monthly basis. As part of the budgetary
process, targets are set with respect to operating expenses in order to effectively manage the activities of the Group. Performance is reviewed
on a regular basis and appropriate actions are taken as required. These internal measures indicate the performance of the business against
budget/forecast and to confirm that the Group has adequate resources to meet its working capital requirements.
1.17 Critical accounting estimates and judgements and key sources of estimation uncertainty
Estimates and judgements are continually evaluated and are based on experience and other factors, including expectations of future events
that are believed to be reasonable under the circumstances.
The following are the key estimates that the directors have made in the process of applying the Group’s accounting policies and have the
most significant effect on the amounts recognised in the financial information. There are no further critical accounting judgements.
Fair value of options granted to employees
The Group uses a combination of the Black-Scholes model and Binomial model in determining the fair value of options granted to employees
under the Group’s various share schemes. The determination of the fair value of options requires a number of assumptions. The alteration of
these assumptions may impact charges to the income statement over the vesting period of the award. Details of the assumptions used are
shown in note 4.
Convertible Loans
The Group has given consideration to the measurement and presentation of the convertible loans.
On legal execution of the loans the financial liability is initially measured at its fair value which is the face value of the loans. Immediately
after recognition,at fair value, the financial liability is measured at amortised cost, using a reasonable estimate of the Group’s cost of capital.
The difference between the fair value and the amortised cost is taken to the P&L account.
1.18 Investments
Shares in subsidiary undertakings are stated at cost less provision for impairment. Provision is made against investments where diminution
in value is considered to be permanent.
Investments which are not subsidiaries are stated at fair value unless this cannot be reliably measured in which case, they can be measured
at cost less impairment.
51
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 52
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
2 Revenue and segmental information
An analysis of the Group’s revenue for each period for its continuing operations, is as follows:
Revenue from the sale of goods/licences
Revenue from the rendering of services
Revenue from Cyberowl Limited for software development
Revenue from Byzgen Limited for software development
Revenue from Consulting
Total Revenue
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
69,884
16,000
91,574
208,555
919,042
69,884
16,000
91,574
208,555
66,373
30,336
165,806
236,421
568,673
66,373
30,336
165,806
236,421
1,305,055
386,013
1,067,609
498,936
The IFRS 8 Operating segments requires the Group to determine its operating segments based on information which is provided internally. Based on
the internal reporting information and management structures within the Group, it has been determined that there are two geographic operating
segments (UK and Poland) supported by one centralised cost segment (UK and Poland) and one revenue segment (UK). Reporting on this basis is
reviewed by the Board of directors which is the chief operating decision-maker and is responsible for the strategic decision-making of the Group.
No analysis of net assets by geographic segment is provided as the net assets are principally all within the UK.
3 Expenses By Nature
Staff and related costs
Consultancy and related costs
Professional fees
Property related costs
Depreciation
Other expenses
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
2,311,737
1,171,736
1,860,259
1,030,932
225,172
354,369
82,593
147,281
495,666
732,941
319,549
71,905
101,528
289,114
171,468
694,179
178,945
5,592
438,306
794,185
669,240
154,529
917
217,499
Total cost of sales and administrative expenses
3,616,818
2,686,772
3,348,749
2,867,302
52
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 53
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
Expenses by geographic segment
UK
Poland
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
3,085,727
2,095,814
2,858,419
2,316,104
531,091
590,958
490,331
551,198
Total cost of sales and administrative expenses
3,616,818
2,686,772
3,348,749
2,867,302
4 Staff Costs
Staff costs, including directors’ remuneration, were as follows:
Wages and salaries
Social security costs
Share based payments
Other pension costs
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
2,073,682
1,027,652
1,644,363
207,878
119,260
32,200
33,208
51,725
24,824
196,073
45,751
19,823
915,601
98,968
26,226
16,364
2,346,968
1,223,461
1,906,010
1,057,159
The average monthly number of employees, including the directors, during the period was as follows:
Staff
Directors
Share based payments
Group 2019
Company 2019
Group 2018
Company 2018
31
9
13
7
26
9
13
7
The amount recognised in respect of share based payments was £32,200 for December 2019, £45,751 for December 2018, £15,784 for 2017, £18,636
for 2016 and £16,455 for 2015.
The Group has established share option programmes that entitle certain employees to purchase shares in the Group.
These were issued in July 2014, November 2014, July 2015, December 2015, January 2016, June 2016, September 2016, June 2017, Jan 2018,
May 2018, July 2018, October 2018, June 2019 and November 2019.
There are no performance conditions attaching to these options. 6,666 options were exercised in April 2018, 666 options in December 2018, 332
options in April 2019, and 499 options in December 2019. Since 31 December 2019, 13,333 options have been exercised.
Total options issued amount to 183,181 as at 31 December 2019, 149,010 as at 31 December 2018, 115,658 as at 31 December 2017 by Crossword
Cybersecurity plc. See details in Note 14 Earnings & Diluted Earnings per share.
27,500 share options were issued by Crossword Consulting Ltd in January 2018. In July 2019, the Crossword Consulting Share Scheme was cancelled
and share option in Crossword Cybersecurity plc were awarded to recipients of options in the cancelled scheme.
The share options have been valued using a binomial model applying the following inputs:
• Exercise price – equal to the share price at grant date;
• Vesting date – all options vest in three tranches, on the first, second and third anniversary from the grant date;
• Expiry/Exercise date – 10 years from the grant date;
• Volatility (sigma) – 35%. Given the thinly traded shares of the Company on AIM, we have estimated Crossword’s share price volatility by reference
to the calculated volatility of quoted comparator companies Sophos Group Plc and Osirium Technologies Plc.;
• Risk free rate – yield on a zero coupon government security at each grant date with a life congruent with the expected option life;
• Dividend yield – 0%;
53
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 54
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
• Staff turnover – 0%. We have however adjusted the P+L charge for the current year (and future years) to account for lapsed options due to
Leavers; and
• Performance conditions – none.
Reconciliation of share options – Company
1st January
Granted during the period
Lapsed/exercised during the period
End of the period
Reconciliation of share options-Crossword Consulting Limited
1st January
Granted during the period
Lapsed/exercised during the period
End of the period
5 Directors’ Remuneration
Remuneration
Sir Richard Dearlove
Tom Ilube
Dr David Secher
Prof David Stupples
Andy Gueritz
Ruth Anderson
Gordon Matthew
Mary Dowd
John Bottomley
Total
54
Weighted average
exercise price
2019
£
149,010
50,312
(10,433)
188,889
Weighted average
exercise price
2019
£
24,500
(24,500)
0
2019
£
1.80
5.07
2.86
2.61
2019
£
0.01
0.01
0.00
Weighted average
exercise price
2018
£
115,658
50,186
(16,834)
149,010
2018
£
1.29
3.02
1.95
1.80
Weighted average
exercise price
2018
£
2018
£
27,500
(3,000)
24,500
0
0
0
2019
£
75,000
145,989
11,833
12,000
11,833
9,500
12,000
138,415
2018
£
25,000
115,000
6,000
12,000
6,000
6,000
12,000
62,949
3,000
416,570
247,949
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 55
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
Share Options issued (2017 nil)
Sir Richard Dearlove
Mary Dowd
Sir Richard Dearlove
Sir Richard Dearlove
Mary Dowd
Year
Share Options
Exercise Price
Total Value
2018
2018
2019
2019
2019
6,757
7,936
4,587
5,208
10,000
£3.70
£3.15
£5.45
£4.80
£5.45
£9,902
£9,993
£10,587
£10,576
£23,080
6 Auditor’s Remuneration
The expenses for services rendered by the Group auditor present themselves as follows
Fees for legal audit of consolidated financial information
Fees for tax advisory services
7 Tax
Income tax
Current income tax expense
Deferred income tax
Total tax expense
Group 2019
£
Group 2018
£
31,250
5,577
36,827
31,000
5,004
36,004
Group 2019
£
Group 2018
£
5,878
–
5,878
8,052
–
8,052
There is no tax charge in respect of other comprehensive income.
The deferred income taxes for all years/periods and deferred tax assets as at the end of each year/period were considered nil as the Directors
consider there is no sufficient certainty over the recoverability of the corporation tax losses available.
Corporation tax losses carried forward for offset against future year’s trading profits amount to approximately £4,500,000 (2018: £3,500,000, 2017:
£2,500,000, 2016 : £1,600,000, 2015 : £700,000).
Loss before taxation
Average rate of corporation tax
Tax on loss
Effects of:
Expenses not deductible for tax purposes
Depreciation for the period in excess of capital allowances
Deferred tax not recognised
Total tax charge
Factors that may affect future tax changes
Group 2019
£
Group 2018
£
2,095,570
2,132,252
19.00%
19.00%
(398,158)
(405,128)
18,895
147,281
226,105
5,878
11,608
5,592
379,876
8,052
A reduction in the UK corporation tax rate from 20% to 19% was enacted in October 2015 and took effect from 1 April 2017. A further reduction from
19% to 17% was substantively enacted on the same date and is now to be reversed.
55
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 56
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
Polish Corporation Tax has been 19% until 1 January 2017, when Crossword started to benefit from the new small companies reduced rate of 15%
adopted by the Parliament Act amendment to Polish CIT Law.
8 Tangible Assets
Computers
Cost b/f
Additions/(Disposals)
Accumulated Depreciation
B/F
Charge for the period
C/d
Net Book Value
Furniture and Fittings
Cost b/f
Additions
Accumulated Depreciation
B/F
Charge for the period
C/d
Net Book Value
9 Other Unlisted Investment
Cost b/f
Additions
C/D
Carrying Amount
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
22,674
22,674
15,191
2,966
18,157
4,517
22,924
(250)
22,674
10,516
4,675
15,191
7,483
–
–
–
–
–
–
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
5,500
9,657
5,500
9,657
15,157
15,157
917
3,318
4,235
917
3,318
4,235
–
5,500
5,500
–
917
917
–
5,500
5,500
–
917
917
10,921
10,921
4,583
4,583
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
31
–
31
31
11,048
–
11,048
11,048
31
–
31
31
1,048
10,000
11,048
11,048
The above investment represents Crossword Cybersecurity Plc’s 2019 – 7.1% (2018 – 9.88%, 2017 – 11.069%, 2016 – 14.58%) holding in CyberOwl
Limited which was purchased on 18 April 2016.
56
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 57
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
10 Trade and Other Receivables
Trade receivables
Tax receivable
Other receivables
Prepayments & accrued income
Intercompany receivables within one year
Intercompany receivable greater than one year
Overdue
All overdue amounts were paid following the period.
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
263,679
19,345
252,263
92,349
260,947
9,222
237,114
73,148
1,249
598,000
606,953
1,170,459
67,874
210,930
76,332
142,664
129,461
483,055
19,620
227,962
64,993
127,468
127,78
300,000
783,211
All of the above amounts are considered to be due within one year. The maximum exposure to credit risk at the reporting date is the carrying value as
above and none are either past or impaired.
Of the above amounts held within the Group, 2019: £29,180; 2018: £15,195; 2017: £32,566; is denominated in Polish Zloty with the remainder in GBP.
Foreign exchange risk is currently minimal as balances in Polish Zloty are between the parent and its wholly owned subsidiary.
11 Trade and Other Payables
Trade payables
Tax payables
Accruals and deferred income
Other payables
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
82,165
91,024
150,750
289,371
276,814
117,579
121,909
613,310
516,302
86,641
47,216
101,946
47,216
283,018
160,352
90,882
14
251,248
All of the above amounts are considered to be due within one year.
Of the above amounts held within the Group, £24,420 (2018: £19,569; 2017: £31,149) is denominated in Polish Zloty with the remainder in GBP.
Suppliers denominated in Euros had a zero balance outstanding at 31st December 2019 (2018: £7,452; zero in previous periods).
12 Operating Leases
All Right of Use assets are operating leases.
Included within trade and other payables are lease liabilities of the group of £185,267 (2018: £nil) and of the company £113,334 (2018: £nil). Interest
expense on lease liabilities in 2019 was £23,621. Total cash outflow in 2019 for leases was £149,384.
As at the end of the comparative year ended 31 December 2018 future minimum rentals payable under non-cancellable operating leases were in the
amount of £501,855 of which £173,865 was due within one year and £327,986 between one and five years.
Minimum lease payments recognised as an operating lease expense for the comparative period 31 December 2018 were £132,932.
The amount of operating lease commitments as at 31 December 2019 is nil, following the first-time adoption of the new standard IFRS 16 Leases and
the recognition of a right-of-use asset and corresponding lease liability. For further information see Note 1.2 Basis of preparation of financial
information.
57
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 58
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
13 Share Capital
Allotted called up and fully paid
2015: 2,383,460, 2016: 3,120,250, 2017:3,183,408, 2018: 4,680,440, 2019: 4,681,227 ordinary shares of £0.05 each
Share Capital
Cost b/f
Shares Issued in period
Share Premium
B/F
Shares Issued in period
C/d
2019
£
2018
£
234,020
42
159,171
74,849
234,061
234,020
7,513,908
3,555,524
1,836
3,958,384
7,515,744
7,513,908
The shares issued during the period represent share options exercised, and were ordinary shares of £0.05 issued at a premium of £1,835.
14 Earnings & Diluted Earnings per share
Earnings per share is calculated by dividing the loss for the period attributable to ordinary equity shareholders of the parent by the weighted average
number of ordinary shares outstanding during the year.
During the year the calculation was based on the loss for the year of £2,191,280 (2018: £2,132,252; 2017: £1,200,424) divided by the weighted average
number of ordinary shares of 4,679,965 (2018: 3,853,254; 2017: 3,158,318)
Diluted earnings per share is calculated by dividing the loss of the year by the weighted average number of ordinary shares outstanding during the
year plus unexercised share based payments, Convertible Loan Notes and associated warrants shares. The weighted average number of ordinary
shares used in the calculation of diluted earnings per share was 5,190,283 (2018: 4,725,481; 2017: 3,277,481).
15 Reconciliation of Cash Flows from Financing Activities (IAS 7)
2019
£
2018
£
74
72
1,514,092
2,267,750
1,514,166
2,267,822
–
(45,116)
(1,400,000)
114,166
2,222,706
Net Debt Reconciliation
Cash in hand
Cash at bank
Cash and liquid investments
Borrowing repayable within one year (including overdrafts)
Borrowing repayable within three years
Net debt £
58
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 59
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
Net debt as at 1 January 2018
Cash flows
Net debt as at 31 December 2018
Cash flows
Net debt as at 31 December 2019
16 Reserves
Gross
borrowings
with a fixed
interest rate
£
Cash
and cash
equivalents
£
490,090
1,732,616
2,222,706
(708,540)
1,514,166
Total cash
and cash
equivalents
£
490,090
1,732,616
2,222,706
(708,540)
1,514,166
The following describes the nature and purpose of each reserve within owners’ equity
Reserve
Share capital
Share premium
Equity reserve
Description and purpose
This represents the nominal value of shares issued
Amount subscribed for share capital in excess of nominal value
Represents amounts charged on share options that have been granted to employees
Retained earnings
Cumulative net gains and losses recognised in the consolidated statement of comprehensive income
Translation of foreign operations
is the difference that arises due to consolidation of foreign subsidiaries using an average rate during the
period and a closing rate for the period end statement of financial position
17 Financial Instruments Note
Current Financial Assets
Financial assets measured at amortised cost
Trade and other receivables
Cash and cash equivalents
Current Financial Liabilities
Financial liabilities measured at amortised cost
Trade and other payables
Non-Current Financial Liabilities
Financial liabilities measured at amortised cost
Loan
Group 2019
£
Company 2019
£
Group 2018
£
Company 2018
£
349,186
931,893
312,262
617,955
1,514,166
1,452,085
2,222,706
2,213,071
1,863,352
2,383,978
2,534,968
2,831,026
474,802
468,817
227,548
242,993
1,307,236
1,307,236
–
–
1,782,038
1,776,053
227,548
242,993
Included within trade and other payables are lease liabilities of the group of £185,267 (2018: £nil) and of the company £113,334 (2018: £nil).
In relation to the loan there was a fair value gain of £92,764 (2018: £nil) arising from the loans notes being initially measured at fair value and
subsequently measured at amortised cost.
59
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 60
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Consolidated Financial Statements continued
18 Pension obligations
The Group operates a defined contribution pension scheme for employees in the United Kingdom. A defined contribution scheme is a pension plan
under which the Group pays fixed contributions into a separate entity. The Group has no legal or constructive obligations to pay further contributions if
the fund does not hold sufficient assets to pay all employees the benefits relating to employee service in the current and prior years.
Contributions payable to the Group’s pension scheme are charged to the income statement in the year to which they relate. The Group has no further
payment obligations once the contributions have been paid.
In Poland, the Group pays the statutory employer’s contribution into the public pension scheme for each employee, but does not operate any pension
schemes.
19 Related Party Transactions
CyberOwl Limited – Crossword Cybersecurity plc has an investment in CyberOwl Limited
Percentage Holding
Revenue from development services £
Balance Outstanding £
Byzgen Limited – Crossword Cybersecurity has a licencing agreement with Byzgen Limited
Revenue from development services and licence agreement £
Balance Outstanding £
Subsidiary Transactions
Crossword Cybersecurity Limited
Services received from £
Balance Payable to £
Services supplied to £
Balance Due from £
Crossword Cybersecurity SP Z.o.o
Services received from £
Balance Payable to £
Services supplied to £
Balance Due from £
2019
2018
7.07%
91,574
5,070
9.88%
165,806
15,960
208,555
36,330
236,421
18,656
2019
2018
47,802
4,780
182,871
213,199
47,802
5,380
147,153
68,351
588,696
143,030
551,198
45,149
–
–
–
–
Tom Ilube, CEO, has agreed to make a loan of £250,000 to the Company on the same terms as the other Lenders as described in Note 20.
20 Convertible Loan Notes
In 2019, the company received funds for £1.4m of Convertible Loan Notes. The term of the loans is 3 years and the interest is 12% payable quarterly in
arrears. Early repayment is at the Company’s sole option, subject to a minimum repayment amount of £10,000. Repayment is at the end of the term,
in cash, save that each lender may opt to convert part or all of their loan into Ordinary Shares at £4.80. On repayment of the Loans in cash, each
lender will be issued warrants valid for three months to subscribe for Ordinary Shares representing 10 per cent. of the value of the Loan at £4.80.
Included among the commitments is one from Tom Ilube, CEO, for an amount of £250,000. Tom Ilube has agreed to make a loan to the Company on
the same terms as the other Lenders as described above.
60
�173449 Crossword Cybersecurity Financials Pt1.qxp_173449 Crossword Cybersecurity Financials Pt1 24/04/2020 23:32 Page 61
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
21 Subsequent events
On 20th April the Company announced that it has undertaken a fundraising of approximately £1 million through a placing and proposed subscription
of Crossword ordinary shares of 5p each (“Ordinary Shares”) at a price of 230 pence per share and the following announcement was made to the
market on 20 April 2020.
20 April 2020 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the technology commercialisation
company focused solely on cyber security and risk, is pleased to announce that it has undertaken a fundraising of approximately £1 million through a
placing and proposed subscription of Crossword ordinary shares of 5p each (“Ordinary Shares”) at a price of 230 pence per share.
The Company has completed a placing of 363,617 Ordinary Shares (“Placing Shares”) to raise £836,319. In addition Tom Ilube, CEO and founder of
Crossword, intends to subscribe on the same terms for 73,914 Ordinary Shares (“Subscription Shares”) to complete the total fundraise of £1 million
following the end of the current close period, when 2019 Annual Report and Accounts are issued later this month. The Placing Shares and the
Subscription Shares will be issued under the Company's existing share allotment authorities.
Settlement and dealings
Application will be made for the admission of the 363,617 Placing Shares, which rank pari passu with the Company's existing issued Ordinary Shares,
to be admitted to trading on AIM. Dealings on AIM are expected to commence at 8:00am on or around 4 May 2020 ("Admission").
Total Voting Rights
For the purposes of the Financial Conduct Authority's Disclosure Guidance and Transparency Rules ("DTRs"), following Admission, Crossword will
have 5,058,177 Ordinary Shares in issue with voting rights attached. Crossword holds no shares in treasury. This figure of 5,058,177 may be used by
shareholders in the Company as the denominator for the calculations by which they will determine if they are required to notify their interest in, or a
change to their interest in the Company, under the DTRs.
22 Controlling Party
The company does not have a controlling party.
61
�173449 Crossword Cybersecurity Financials Pt2 AGM.qxp_173449 Crossword Cybersecurity Financials Pt2 AGM 24/04/2020 23:37 Page 62
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Notice of AGM
Notice is hereby given that the Annual General Meeting of Crossword Cybersecurity plc (the “Company”) will be held at the Company’s offices,
Midmoor House, 1st Floor, 1-2 Kew Road, Richmond, TW9 2NQ, United Kingdom on Thursday 28th May 2020 11.00 am to consider, and if thought fit,
to pass the following resolutions, of which 1 – 5 will be proposed as Ordinary Resolutions and resolutions 6 and 7 will be proposed as Special
Resolutions:
Ordinary Business
1. To receive and adopt the report of the directors and the financial statements for the year ended 31 December 2019 and the report of the
auditors thereon.
2. To re-elect, as a director of the Company, Sir Richard Dearlove who retires in accordance with Article 90.2 of the Company’s Articles of
Association and offers himself for re-election.
3. To re-elect, as a director of the Company, Dr David Secher who retires in accordance with Article 90.2 of the Company’s Articles of
Association and offers himself for re-election.
4. To re-appoint MHA MacIntyre Hudson as auditors of the Company and to authorise the directors to determine the auditor’s remuneration.
Special Business
5. THAT the Directors be and they are hereby generally and unconditionally authorised pursuant to Section 551 of the Companies Act 2006 (“the
Act”), in substitution for all previous powers granted to them, to exercise all the powers of the Company to allot and make offers to allot
relevant securities (within the meaning of the Act) up to an aggregate nominal amount of £45,000.00 such authority shall, unless previously
revoked or varied by the Company in general meeting, expire on the conclusion of the Annual General Meeting of the Company to be held in
2021 provided that the Company may, at any time before such expiry, make an offer or enter into an agreement which would or might require
relevant securities to be allotted after such expiry and the Directors may allot relevant securities pursuant to any such offer or agreement as
if the authority conferred hereby had not expired.
6. THAT the Directors be and they are hereby authorised pursuant to Section 570 of the Act to allot equity securities (as defined in Section 560 of
the Act) for cash pursuant to the authority conferred by resolution 5 above as if Section 561(1) of the Act did not apply to any such allotment,
provided that this power shall be limited to:
(a) the allotment of equity securities in connection with an issue in favour of shareholders where the equity securities respectively
attributable to the interests of all such shareholders are proportionate (or as nearly as may be practicable) to the respective number
of Ordinary Shares in the capital of the Company held by them on the record date for such allotment, but subject to such exclusions
or other arrangements as the Directors may deem necessary or expedient in relation to fractional entitlements or legal or practical
problems under the laws of, or the requirements of, any recognised regulatory body or any stock exchange, in any territory;
(b) the allotment of equity securities arising from the exercise of options or the conversion of any other convertible securities
outstanding at the date of this resolution; and
(c) the allotment (otherwise than pursuant to sub-paragraph (a) and (b) above) of further equity securities up to an aggregate nominal
amount of £40,000.00;
provided that this power shall, unless previously revoked or varied by special resolution of the Company in general meeting, expire at the
conclusion of the Annual General Meeting of the Company to be held in 2021. The Company may, before such expiry, make offers or
agreements which would or might require equity securities to be allotted after such expiry and the Directors are hereby empowered to allot
equity securities in pursuance of such offers or agreements as if the power conferred hereby had not expired.
7. THAT the Articles be amended by deleting the current Article 113.2 in its entirety and replacing it with the following Article 113.2:
“The Board shall restrict the borrowings of the Company and exercise all voting and other rights and powers of control exercisable by the
Company in respect of its subsidiary undertakings so as to procure (as regards its subsidiary undertakings in so far as it can procure by such
exercise) that the aggregate principal amount at any one time outstanding in respect of monies borrowed by the Group (exclusive of monies
borrowed by one Group company from another and after deducting cash deposited) shall not at any time, without the previous sanction of an
ordinary resolution of the Company, exceed the greater of £2,000,000 and an amount equal to 20% of the Adjusted Capital and Reserves.”
BY ORDER OF THE BOARD
B Harber 6th Floor
Company Secretary 60 Gracechurch Street
24 April 2020 London EC3V 0HR
62
�173449 Crossword Cybersecurity Financials Pt2 AGM.qxp_173449 Crossword Cybersecurity Financials Pt2 AGM 24/04/2020 23:37 Page 63
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
Covid-19
We note the current issues surrounding COVID-19 (coronavirus) and the rapidly developing public health guidance at the time of writing.
This includes the stringent requirements requiring UK nationals to stay at home except in certain circumstances (which do not include
attending an AGM), the social distancing and shielding guidance for those over the age of 70 or with underlying medical conditions, and the
ban on all non-essential travel. The health and safety of our shareholders and colleagues is always our utmost priority. Please note that if
the public health guidance remains unchanged shareholders will not be able to attend the AGM in person and those that attend the venue
will be denied entry. Therefore, we strongly encourage you to consider ensuring your vote is counted by submission of a proxy form in
accordance with notes 1 and 4 below. Although this outcome is undesirable, the directors of the Company believe that, in the current
circumstances, there is no alternative to ensure the health, safety and security of attendees and to allow the business of the AGM to be
transacted.
We will continue to monitor the situation and the latest available public health guidance, and will provide updates in relation to our AGM on
our website as and when necessary.
Should you wish to raise any questions ahead of the AGM please do so via email to the Company Secretary at ben.harber@shma.co.uk.
Notes
1. Members entitled to appoint a proxy to exercise all or any of their rights to attend and to speak and vote on their behalf at the meeting. A
proxy need not be a shareholder of the Company. A shareholder may appoint more than one proxy in relation to the Annual General Meeting
provided that each proxy is appointed to exercise the rights attached to a different share or shares held by that shareholder. To appoint more
than one proxy you may photocopy this form. Please indicate the proxy holder’s name and the number of shares in relation to which they are
authorised to act as your proxy (which, in aggregate, should not exceed the number of shares held by you). Please also indicate if the proxy
instruction is one of multiple instructions being given. All forms must be signed and should be returned together in the same envelope. To be
valid, the form of proxy and the power of attorney or other authority (if any) under which it is signed or a certified copy of such power or
authority must be lodged at the offices of the Company’s registrars, Share Registrars Limited, The Courtyard, 17 West Street, Farnham,
Surrey GU9 7DR by hand, or sent by post, so as to be received not less than 48 hours before the time fixed for the holding of the meeting
(excluding any part of a day which is not a working day) or any adjournment thereof (as the case may be). Please note the Share Registrars
Limited will accept scans of the proxy forms via email sent to the following address: voting@shareregistrars.uk.com with ‘Crossword
Cybersecurity plc AGM vote' in the subject line provided that such email is received not less than 48 hours before the time fixed for the
holding of the meeting (excluding any part of a day which is not a working day) or any adjournment thereof (as the case may be).
2. Any member entitled to attend and vote at the meeting may appoint one or more proxies to attend and, on a poll, vote instead of him. A proxy
need not also be a member.
3. The completion and return of a form of proxy will not preclude a member from attending in person at the meeting and voting should he wish
to do so.
4. CREST members may appoint a proxy through CREST by using the procedures described in the CREST Manual (available via
www.euroclear.com/CREST). CREST personal members or other CREST sponsored members and those CREST members who have
appointed a voting service provider should refer to their CREST sponsor or voting service provider, who will be able to take the appropriate
action on their behalf. In order for a proxy appointment or instruction made using the CREST service to be valid, the appropriate CREST
message (“a CREST proxy instruction”) must be properly authenticated in accordance with Euroclear UK & Ireland Limited’s specifications
and must contain the information required for such instructions, as described in the CREST Manual. All messages relating to the
appointment of a proxy or an instruction to a previously appointed proxy must be transmitted so that they are received by Share Registrars
Limited (ID 7RA36) by 11.00 a.m. (UK time) on 26th May 2020 (or, if the meeting is adjourned, the time that is 48 hours (excluding non-
working days) before the time fixed for the adjourned meeting). For this purpose, the time of receipt will be taken to be the time (as
determined by the time stamp applied to the message by the CREST Applications Host) from which the issuer’s agent is able to retrieve the
message by enquiry to CREST in the manner prescribed by CREST. Any change of instructions to proxies appointed through CREST should be
communicated to the appointee through other means. CREST members and, where applicable, their CREST sponsors or voting service
providers should note that Euroclear UK & Ireland Limited does not make available special procedures in CREST for any particular message.
Normal system timings and limitations will, therefore, apply in relation to the input of CREST proxy instructions. It is therefore the
responsibility of the CREST member concerned to take (or procure the taking of) such action as shall be necessary to ensure that a message
is transmitted by means of the CREST system by any particular time. In this connection, CREST members and, where applicable, their
CREST sponsors or voting service providers are referred, in particular, to those sections of the CREST Manual concerning practical
limitations of the CREST system and timings. The Company may treat a CREST Proxy Instruction as invalid in the circumstances set out in
Regulation 35(5)(a) of the Uncertificated Securities Regulations 2001.
63
�173449 Crossword Cybersecurity Financials Pt2 AGM.qxp_173449 Crossword Cybersecurity Financials Pt2 AGM 24/04/2020 23:37 Page 64
CROSSWORD CYBERSECURITY PLC ANNUAL REPORT AND ACCOUNTS 2019
Notice of AGM continued
5. The Company has specified that only those members entered on the register of members at 11.00 a.m. on 26th May 2020 shall be entitled to
attend and vote at the meeting in respect of the number of ordinary shares of £0.05 each in the capital of the Company held in their name at
that time. Changes to the register after 11.00 a.m. on 26th May 2020 shall be disregarded in determining the rights of any person to attend
and vote at the meeting.
6. Resolution 2 & 3 – Article 90.2 of the Company’s Articles of Association require that a director of the Company who held office at the time of
the two preceding annual general meetings and who did not retire at either of them must offer themselves for re-appointment at the next
Annual General Meeting.
7. Resolution 5 – As required by the Act, this resolution, to be proposed as an Ordinary Resolution, relates to the grant to the Directors of
authority to allot unissued Ordinary Shares until the conclusion of the Annual General Meeting to be held in 2021, unless the authority is
renewed or revoked prior to such time. If approved, this authority is limited to a maximum of 900,000 Ordinary Shares.
8. Resolution 6 – The Act requires that if the Directors decide to allot unissued Ordinary Shares in the Company the shares proposed to be
issued be first offered to existing shareholders in proportion to their existing holdings. This is known as shareholders’ pre-emption rights.
However, to act in the best interests of the Company the Directors may require flexibility to allot shares for cash without regard to the
provisions of Section 561(1) of the Act. Therefore this resolution, to be proposed as a Special Resolution, seeks authority to enable the
Directors to allot equity securities up to a maximum of 800,000 Ordinary Shares. This authority expires at the conclusion of the Annual
General Meeting to be held in 2021.
9. Resolution 7 – Article 113.2 restricts the Company’s borrowing to £1.5m and an amount equal to 20% of the Adjusted Capital and Reserves.
As 20% of the Adjusted Capital and Reserves is less than £1.5m, the Company’s current borrowing limit is effectively £1.5m. Following the
approval of loans of £1.4m, the Company now would like to extend its borrowing limit to £2m, to ensure it has the option to avail of available
funding, for example; the Government’s CBILS, and VCT debt, if the appropriate opportunity arises.
64
�173449 Crossword Cybersecurity Financials Pt2 AGM.qxp_173449 Crossword Cybersecurity Financials Pt2 AGM 23/04/2020 11:08 Page 67
Company Information
DIRECTORS
Sir Richard Dearlove (Chairman)
T Ilube (CEO)
Dr D Secher
Professor D Stupples
A Gueritz
G Matthew
R Anderson
M Dowd
REGISTERED NUMBER
08927013
REGISTERED OFFICE
60 Gracechurch Street
London
EC3V 0HR
INDEPENDENT AUDITOR
MHA MacIntryre Hudson
Chartered Accountants & Statutory Auditors
NOMAD
CORPORATE BROKER
6th Floor
2 London Wall Place
London
EC2Y 5AU
Grant Thornton LLP
30 Finsbury Square
London
EC2P 2YU
Hybridan LLP
20 Ironmonger Lane
London
EC2V 8EP
Crossword Cybersecurity plc is the parent company of the
Crossword group of companies which focuses on the cyber
security sector. The Group’s strategy is the development
and commercialisation of university research based cyber
security related software and cyber security consulting.
Revenue is generated by selling the Software as a Service
products direct to end user companies or via partners.
This is supported by Crossword’s team of expert cyber
security consultants, who leverage years of experience
in national security, defence and commercial cyber
intelligence and operations to provide advice on cyber
security risk and mitigation, strategy, assessment and
transformation and other cyber security related matters.
CONTENTS
STRATEGIC REPORT
Chairman’s Statement
Chief Executive Officer’s Statement
Performance Review
Section 172 Statement
Principal Risks
CORPORATE GOVERNANCE
The Board
Corporate Governance Report
Directors’ Report & Statement of
Directors’ Responsibilities
Independent Auditor’s Report
FINANCIAL STATEMENTS
Consolidated Financial Statements
Notice of AGM
Company Information
2
4
6
7
8
14
19
31
34
42
62
IBC
For more information visit
www.crosswordcybersecurity.com
173449 Crossword Cybersecurity Cover.indd 4-6
173449 Crossword Cybersecurity Cover.indd 4-6
24/04/2020 23:40
24/04/2020 23:40
�CROSSWORD
CYBERSECURITY
PLC
Crossword Cybersecurity plc
60 Gracechurch Street, London EC3V 0HR
e: info@crosswordcybersecurity.com
twitter: @crosswordcyber
t: +44 (0) 20 8973 2350
CROSSWORD
CYBERSECURITY
ANNUAL REPORT & ACCOUNTS
2019
173449 Crossword Cybersecurity Cover.indd 1-3
173449 Crossword Cybersecurity Cover.indd 1-3
24/04/2020 23:40
24/04/2020 23:40
�