More annual reports from Century Communities:
2023 Report30534 26 April 2021 12:46 pm V11ANNUAL REPORT AND ACCOUNTS CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2020 for the year ended 31 December 202030534-Crossword-Cybersecurity-AR2020.indd 330534-Crossword-Cybersecurity-AR2020.indd 326-Apr-21 12:47:14 PM26-Apr-21 12:47:14 PM 30534 26 April 2021 12:46 pm V11CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2020Crossword Cybersecurity PLC is the parent company of the Crossword group of companies which focuses on the cyber security sector. The Group’s strategy is the development and commercialisation of university research-based cyber security related software and cyber security consulting. Revenue is generated by selling the Software as a Service products direct to end user companies or via partners. This is supported by Crossword’s team of expert cyber security consultants, who leverage years of experience in national security, defence and commercial cyber intelligence and operations to provide advice on cyber security risk and mitigation, strategy, assessment and transformation and other cyber security related matters.RizikonRizikon is an easy-to-use online cyber security risk assessment service that enables non-technical and technical managers to understand and reduce the cyber security related risk to their organisations. It also assesses an organisation’s readiness for the new Data Privacy regulations, GDPR, which have substantial implications for most organisations. Optionally it allows an organisation to easily apply for a Cyber Essentials accreditation.NixerNixer is a machine-learning based product aimed at protecting against Application-layer DDoS attacks, which are notoriously difficult to detect using conventional threshold and signature based methods. It is available to commercial partners and service providers with exposure to Application-layer DDoS attacks.Cyber Security Consulting teamCrossword has a full-service cyber security consulting team that provides strategy, assessment and risk management services.30534-Crossword-Cybersecurity-AR2020.indd 330534-Crossword-Cybersecurity-AR2020.indd 326-Apr-21 12:47:32 PM26-Apr-21 12:47:32 PM 30534 26 April 2021 12:46 pm V11For more information visitwww.crosswordcybersecurity.comStrategic report2020 Financial Highlights01Chairman’s Statement02Chief Executive Officer’s Statement04Performance Review06Corporate Social Responsibility08Principal Risks & Uncertainties12GovernanceThe Board20The Executive23Corporate Governance Report24Directors’ Report & Statement of Directors’ Responsibilities36Independent Auditor’s Report39Financial statementsConsolidated Statement of Comprehensive Income46Statement of Financial Position47Statement of Changes in Equity48Consolidated Statement of Cash Flows49Notes to the Financial Information50Notice of AGM69Company Information73Contents2020 Financial Highlights2020 Operational Highlights• Rizikon Pro for SMEs launched, transforming the sales model with a much shorter sales cycle and impressively high conversion from trials to commitments• MOU agreed with Chartered Institute of Information Security (CIISec) to offer CIISec 10,000 members free access to Rizikon Pro, with an easy upgrade to full functionality• Agreement signed with Satisnet, leading IT Security reseller, expanding partner programme alongside Leonardo, the global defence contractor and NCC, the leading cyber security provider• Awarded InnovateUK grant of £157,612 to investigate the issues around effective Manufacturing Supply Chain risk management and possible solutions (award Dec 20, income receivable in 2021)• Worked with Verifiable Credentials Ltd on its Innovate UK funded project to allow NHS laboratories to issue COVID-19 immunity certificates• The IASME Consortium Limited, the UK Government’s National Cyber Security Centre’s Cyber Essentials Partner, selected Rizikon Assurance as the core platform to support a new Internet of Things (IoT) device security certification programme• Accepted onto the UK Government G-Cloud framework version 12. This enables public sector organisations to procure Rizikon and Consulting via the Digital Marketplace run by Crown Commercial Services• Supported one of the most famous names in British industry, Cammell Laird, assess and help manage risks within its extensive supply chain using secure Third-party Assurance platform, Rizikon Assurance• First consulting client in the Sultanate of Oman, worked with Sultan Qaboos University and the UK Oman Digital Hub• £1m placing demonstrated continued support from shareholders• Increased PR activity, including a successful series of webinars and a digital marketing campaign, has significantly raised Crossword’s market profile• Dr Robert Coles, ex-KPMG Partner, took on the role as Non-Executive Chair of Crossword Consulting Limited, the Group’s consulting subsidiary• Sean Arrowsmith joined as Crossword’s first Group Sales Director, having an immediate impact on our product sales model£1.6m2020 Revenue25%Total Revenue Growth£1.0mEquity Fund Raise April 202039%SaaS & Consulting Revenue Growth01Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 130534-Crossword-Cybersecurity-AR2020.indd 126-Apr-21 12:47:33 PM26-Apr-21 12:47:33 PM 30534 26 April 2021 12:46 pm V11Chairman’s Statement“Our strategy stands up to a turbulent yearWe develop and commercialise university research-based cyber security related software and provide cyber security consulting services.Crossword ended 2020 having achieved our best quarter to date as a company. We entered 2021 with momentum across all fronts. Rizikon has achieved the sales breakthrough that we have been working towards and our rapidly growing specialist cyber security consulting team continues to build relationships with major clients.The Board congratulates management on successfully navigating an incredibly challenging year whilst achieving 25% revenue growth. We look forward to continuing to build value for shareholders in the year ahead.Robust Financial Management response to COVID-19The first half of 2020 tested the financial controls and procedures that CFO, Mary Dowd, had put in place and proved that they were up to the challenge. Management had accurate information at their fingertips and were able to respond immediately to the sharp downturn caused by COVID-19.As well as cutting costs quickly, we also took steps to strengthen the Group Balance Sheet by completing a £1m equity fundraise. We appreciate the ongoing support of our existing and new shareholders through this period.Mature Governance The Board is committed to maintaining an effective corporate governance regime. We maintain a robust framework of controls and high standards which has proved its worth through 2020, enabling the Company to adapt quickly but also securely and in a way that safeguards our stakeholders longer-term interests. We believe this is essential to enable Crossword to deliver its strategy and generate sustainable value for shareholders. As such, the Board continues to adhere to the Quoted Companies Alliance (‘QCA’) Corporate Governance Code (the ‘QCA Code’) in line with the London Stock Exchange’s requirement for all AIM listed companies to adopt a recognised corporate governance code. I refer you to the Chairman’s Corporate Governance Statement on page 24 of this report for further details.Through a turbulent year, Crossword held fast to its strategy of building a significant intellectual property based, AIM quoted cyber security business. Crossword is a technology commercialisation business focusing on cyber security.” Sir Richard Dearlove KCMG OBE26 April 202102CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 230534-Crossword-Cybersecurity-AR2020.indd 226-Apr-21 12:47:34 PM26-Apr-21 12:47:34 PM 30534 26 April 2021 12:46 pm V11Remarkable growth in the context of COVID-19The last year has been challenging on many levels. Staff, clients and all stakeholders, along with the population at large have been impacted and our thoughts are with all who have lost loved ones through this unprecedented period. As a business, Crossword has weathered the worst of the storm and we are emerging in good shape. The cyber security sector continues to grow and the need to ensure that organisations of all shape and size are secure remains a top priority. This bodes well for Crossword in the years ahead.I would like to pay tribute to our talented, diverse team of employees. This has been a very tough year on all but they have risen to the challenge magnificently. Crossword takes its core values of responsibility, openness, flexibility and learning very seriously and we are confident that our Company will continue to flourish in the coming years.Sir Richard Dearlove KCMG OBE26 April 2021£1.6M2020 Revenue25%2020 Revenue Growth03Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 330534-Crossword-Cybersecurity-AR2020.indd 326-Apr-21 12:47:36 PM26-Apr-21 12:47:36 PM 30534 26 April 2021 12:46 pm V11As Chief Executive Officer, it is my pleasure to present the annual report and audited accounts for Crossword Cybersecurity PLC (‘Crossword’ or the ‘Company’ or the ‘Group’) for the financial year ended 31 December 2020.2020 was a year like no other. Who could have predicted the pandemic or its devastating impact on all our lives and the economy? However, despite the challenges, Crossword emerged from the turbulence of 2020 in surprisingly good shape. The Company took cost action early, adjusted quickly to working remotely and successfully grew the business overall by 25%.Crossword continued to build out its recurring product and consulting revenue. In the period under review, Group revenue grew by 25% compared with 2019, with product and consulting revenue growing by 39% over the comparative period with planned reduction in revenues from software development.2020 once again illustrated the resilience of the cyber security sector. Organisations continued to experience a wide range of cyber security incidents, driving demand for Crossword’s products and services. In the face of the economic downturn, many organisations were forced to cut expenditure very rapidly across the board. However, after a pause in the middle of the year, they returned to investing in non-discretionary areas of cyber security. The UK is the largest cyber security market in Europe with spend of £8.3bn (2019), over £2bn in exports and is number one in Europe for Cyber R&D, Cyber Incubators and Accelerators. UK public sector cyber procurement quadrupled in five years. As a Group we had to move quickly to respond to the pandemic. Mary Dowd, Chief Financial Officer, took the lead on this. We put the health and safety of our team at the forefront and enabled remote working immediately. Crossword has operated remotely for a year now and I am pleased to say that it has not impacted productivity in any noticeable way. We took advantage of the Government’s furlough scheme to try to avoid redundancies. At one point, nearly a quarter of our team was furloughed. We were able to bring a number back as business picked up, although unfortunately some positions were made redundant. Towards the end of the year, business picked up quite sharply and we ended the year with real momentum. The final quarter of 2020 was Crossword’s biggest revenue quarter to date and December 2020, normally a slow month, turned out to be our biggest single month to date.On the product side, we achieved an important breakthrough with the launch of Rizikon Pro in July 2020. Rizikon Pro is an out-of-the-box, online SaaS solution, offered on a pay-as-you-go basis, giving smaller and medium sized organisations access to a set of core easy-to-use supplier assurance platform features, at a lower cost. Modules can be chosen according to need, meaning customers only pay for the features they use, and can be expanded as required. With a significant reduction in the sales cycle Crossword saw an immediate uplift in the number of engagements with clients and prospects. By the end of 2020 we had doubled the number of Rizikon clients compared to the end of 2019. Sean Arrowsmith, Crossword’s new Group Sales Director, devised a new approach to rolling out Rizikon Pro by working with large scale membership bodies. We secured a relationship with the Chartered Institute of Information Security (CIISec), the UK’s leading cyber security membership body with over 10,000 members. In January 2021, CIISec offered a version of Rizikon Pro to its members and as a result we grew Rizikon’s user base significantly. It now stands at over 160 organisations and, at current activity levels, we are confident of significantly increasing Rizikon’s user base by the end of 2021.Chief Executive Officer’s StatementCrossword emerged from a challenging 2020 in great shape, meeting market expectations of 25% revenue growth. We are looking forward to an exciting year ahead, accelerating roll out of Rizikon Pro, securing major consulting clients, adding to our cyber security product portfolio, and expanding internationally. We expect the revenue growth rate to more than double in 2021.”Tom Ilube CBE26 April 2021“04CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 430534-Crossword-Cybersecurity-AR2020.indd 426-Apr-21 12:47:36 PM26-Apr-21 12:47:36 PM 30534 26 April 2021 12:46 pm V11£1.0MEquity Fund Raise April 202039%Saas & Consulting Revenue GrowthJake Holloway, Chief Product Officer, continued to enhance our second product, Nixer, with Imperial College London, with a focus on identifying attack tools such as credential stuffing using machine-learning techniques. We introduced the new, machine-learning version of Nixer, hosting a series of webinars on credential stuffing attacks to prospective clients which are being very well received.Under Stuart Jubb’s strong leadership, Crossword’s Consulting division continues to build a strong franchise across multiple sectors and in insurance, legal and financial services sectors in particular. As well as securing major projects with several FTSE and S&P 500 companies, it has secured contracts which will deliver recurring revenue through to 2022 and beyond. vCISO is a virtual/remote CISO (Chief Information Security Officer) service, provided by Crossword Consulting cyber security experts at a fraction of the cost of an in-house CISO. In March 2020, a plan was put in place for Stuart, designed to incentivise him commensurate with the achievement of growth in the enterprise value of Crossword Consulting Ltd. The company issued 10% of the equity in Consulting for £15,400 at deemed market value, which may not be sold or transferred without the consent of the Company save that they will be compulsorily transferred back to the Company if his employment ends, following which he may as a good leaver retain an entitlement to 10% of the sales proceeds if Consulting is sold, or 10% of the valuation of Consulting on a change of control of the Company.Dr Robert Coles took on the role of Chair of Crossword’s Consulting division in addition to chairing Crossword’s Advisory Board. Robert was lead partner for KPMG’s Information Security consulting business prior to becoming CISO of GlaxoSmithKline and we look forward to seeing him become more actively involved in Crossword over time.In 2020 Crossword started exploring opportunities outside of the UK. In particular we started a number of conversations in the Gulf region, specifically Oman and Dubai. Crossword completed its first consulting project in Oman, for Sultan Qaboos University and the UK-Oman Digital Hub and we have a number of very interesting and potentially large-scale opportunities in the country. We are exploring the possibility of establishing an Oman subsidiary, in partnership with a significant Omani Group with extensive interests across the Gulf region.On the corporate front, the Company completed a £1m equity fundraise in May 2020 through a placing and subscription of Crossword ordinary shares at a price of 230 pence per share. In February 2021, we also completed a successful and heavily oversubscribed £1.6m placing at 260 pence per share. I am very pleased to have had the support of our shareholders through this period and am delighted to welcome new shareholders, including the Helium Rising Stars Fund, led by David Newton and several other major institutional investors.I am incredibly proud of Crossword’s team through this unprecedented period. They have shown remarkable resilience and we have sought to support them as much as possible. We take well-being very seriously at Crossword and have hosted all-staff sessions in this area. Crossword’s culture is quite distinct and rests on the four pillars of Responsibility, Openness, Flexibility and Learning. The last few months have shown us the value of embedding these values into our culture and I believe we have emerged stronger as a team as a result. I wish to thank everyone for helping Crossword navigate an incredible year and we are excited about the growth that we will achieve in 2021 and beyond.Tom IlubeChief Executive Officer26 April 202105Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 530534-Crossword-Cybersecurity-AR2020.indd 526-Apr-21 12:47:38 PM26-Apr-21 12:47:38 PM 30534 26 April 2021 12:46 pm V11Performance Review201820192020£25,000£20,000£15,000£10,000£5,000£02017201820192020504030208070601002017£1.6m RevenueFinancial reviewFinancial positionCrossword Cybersecurity PLC finished the year with a cash balance of almost £1m.ResultsYear-on-year revenue increased by 25% to £1.6m, (£1.3m 2019) with SaaS (Software as a Service) and Consulting revenue increasing by 39% (51% 2019). Total Comprehensive Loss for the year was £2.3m (£2.1m 2019).Total cost of sales and administrative expenses increased by £0.2m, driven by staff costs increases netted off against some COVID-19 related reduced costs of working such as travel and entertainment. We took advantage of the Government’s furlough scheme to try to avoid redundancies. At one point, nearly a quarter of our team was furloughed. We were able to bring a number back as business picked up, although unfortunately some positions were made redundant. Additionally legal and professional fees were lower in 2020 than 2019 due to bookkeeping being taken in house and loan notes issued during 2019. Additionally direct costs of sales increased as third parties support the delivery of the vCISO (virtual Chief Information Security Officer) service which was launched during 2019 and continued to grow in 2020.Interest payable in 2020 increased due to the convertible loan notes of £1.275m issued in December 2019 followed by a further £0.125m in January 2020. The main terms of the loans are 3 years, 12% interest rate payable quarterly, option to convert to ordinary 5 pence shares at £4.80, warrants to convert 10% of the loan at the conversion price of £4.80.Funds raisedOn 20 April 2020, the Company completed an equity fundraise of £1m through a placing and subscription of Crossword ordinary shares of 5 pence each (‘Ordinary Shares’) at a price of 230 pence per share. On 10 February 2021, the Company announced that it had undertaken a fundraising of approximately £1.6m through a placing and subscription of Crossword ordinary shares of 5 pence each (‘Ordinary Shares’) at a price of 260 pence per share. Please refer to Note 25 Subsequent events.Cash flowsNet cash outflows in 2020 were £0.6m. Excluding proceeds from issue of loan notes, net cash outflows were £1.6m (£1.7m in 2019).TaxationThe Group continues to claim Research and Development tax credits, with £210k accounted for in 2020 (£167k in 2019).KPIsNumber of product and consulting clientsAverage product and consulting revenue per client06CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 630534-Crossword-Cybersecurity-AR2020.indd 626-Apr-21 12:47:38 PM26-Apr-21 12:47:38 PM 30534 26 April 2021 12:46 pm V11Section 172(1) StatementThe Company has complied with the requirements of s414CZA of the Companies Act 2006 by including certain information within the Strategic and Governance Reports, that informs members of the Company how the Directors have considered the matters set out in section 172(1)(a) to (f) of the Companies Act 2006 when performing their duty under section 172 to promote the success of the Company. The following table outlines where the key content as required by the regulations can be found in this report.Matters considered by the BoardWhere to read more in this Annual ReportThe likely consequences of any decision in the long termStrategic report on page 1Corporate Governance Report on page 24Directors Report on page 36The interests of the company’s EmployeesCorporate Social Responsibility on page 8Corporate Governance Report on page 24The need to foster the Company’s business relationships with suppliers, customers and othersCorporate Governance Report on page 24The impact of the Company’s operations on the community and the environmentCorporate Social Responsibility on page 8Corporate Governance Report on page 24The desirability of the Company maintaining a reputation for high standards of business conduct;Performance review on page 6Strategic report on page 1Corporate Governance Report on page 24The need to act fairly as between members of the CompanyCorporate Governance Report on page 24Directors Report on page 3607Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 730534-Crossword-Cybersecurity-AR2020.indd 726-Apr-21 12:47:40 PM26-Apr-21 12:47:40 PM 30534 26 April 2021 12:46 pm V11Culture eats strategy for breakfast.”Peter Drucker“Corporate Social ResponsibilityWith the market turbulence caused by COVID-19, our first priority is the welfare of our staff and all stakeholders. Our flexible approach enabled us to quickly and effectively implement remote working before it was mandated, with minimal impact on clients and sales activity.” Tom Ilube CBE, Chief Executive Officer“Supporting our clientsIn March 2020 Crossword Consulting issued guidance to all businesses on how to address some of the most common security concerns for employees when working from home.Guidance on working from homeAll companies should start by reviewing the home working guidance available at the UK Government’s National Cyber Security Centre (NCSC). This resource helps companies prepare their employees and think about the best way to protect their systems. Crossword has been advising a number of its FTSE clients in a range of sectors, and below is a summary of the guidance given, in addition to that from the NCSC.Run audio and video calls securelyWhat is visible in the background of your screen during video calls and is someone monitoring who is on the call? The same is true for audio only calls. A team member should be responsible for ensuring only invited guests are present, and calls should be locked once started, so other participants cannot join.Educate employees on phishing attacksThe NCSC mentions COVID-19 related phishing attacks which use the current crisis to trick employees into clicking on fake links, downloading malware, and revealing passwords – so educate them. These could be fake HR notifications or corporate communications; fake tax credits; fake emails from mortgage providers; free meals and mechanisms for registering for them. The list is endless and cyber criminals are very news savvy and quick to adapt. Employees are likely to be more vulnerable to phishing attacks due to people rushing, fear, panic, and urgency; all the behavioural traits that result in successful phishing attacks.Automate Virtual Personal Network configurations (VPNs) IT and Security teams may have a backlog of users to set up on VPNs, to provide secure connections to corporate networks. Do not allow employees to send data insecurely, use automation to make accelerated deployments and guarantee correct configuration. Even IT staff are fallible, and the combination of pressure of work volume and working fast, may leave a gaping hole in your infrastructure.Control the use of personal devices for corporate workDue to the rapid increase in home workers, many employees may be using their own devices to access emails and data, which may not be covered by Bring Your Own Device (BYOD) policies. What this means in practice, is that employee’s personal devices may not be securely configured, nor managed properly and be more vulnerable. IT and Security teams again, may need to retrospectively ensure that employees are complying with BYOD policies, have appropriate endpoint security software installed etc.08CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 830534-Crossword-Cybersecurity-AR2020.indd 826-Apr-21 12:47:41 PM26-Apr-21 12:47:41 PM 30534 26 April 2021 12:46 pm V11Stop personal email and unauthorised cloud storage useWhen companies are experiencing IT difficulties in setting up employees working from home, people may be tempted to use personal emails or their personal cloud to send and store data, as a work-around. These are a risk and can be easy for cyber criminals to target to gain company information or distribute malware, as they are not protected by the corporate security infrastructure.Keep collaboration tools up to dateTools such as Microsoft Teams, Zoom and Google Hangouts are great, but it is important to ensure all call participants are using the latest versions of the software, and that includes partners and customers that may be on calls. Employees should also only use the corporate approved tools and versions as they will have been tested by security teams for vulnerabilities, that could be exploited by cyber criminals.Supporting our employeesOur culture Our culture is that distinct differentiator which drives our decisions and actions. We are energetic, agile and passionate about the quality of work we deliver. We encourage responsibility early in the lifecycle of an employee’s career, along with which comes valuable learning. We make sure we have fun while doing our work and look out for each other by being open, transparent and flexible to adapt to each other’s needs and the needs of our customers and stakeholders. The Board is committed to promoting a strong ethical and values driven culture throughout the Company and has a people-oriented ethos where hard work and commitment are recognised.Our team The make-up of our team gives us something unique to offer. It’s rare to find such richness of leadership experience in a small organisation and the advantage of our size is that our leadership team are present, accessible and engaged with the whole team. You will get to know them well and our staff tell us time and time again that they find this level of exposure invaluable in developing their own knowledge and business acumen.Company valuesFlexibilityWe adapt to changing needs and empower our employees with the trust and autonomy they need to deliver high quality work.LearningWe promote a continuous learning culture and believe that knowledge and competence drive performance and growth of the individual and organisation.ResponsibilityWe take the ownership to demonstrate a high standard of work as we are personally responsible for the work we deliver.OpennessWe encourage openness between all employees and with clients; we are inclusive adaptive collaborative, and committed to accepting people from diverse backgrounds.Some of the initiatives which highlight the elements of our culture are as follows:• Employee Engagement through our Corporate Social Responsibility initiative drives a common goal and brings employees together for a higher purpose. We have partnered with SPEAR, a local charity in Richmond to raise funds and help the homeless. Our Krakow office employees carry out philanthropic initiatives every year to help the disadvantaged and needy• We also have other interesting employee engagement events like our company away days, social events like playing table tennis, watching Rugby matches in the office, pizza evenings, international lunch days, etc.• Excellent communication channels like Slack, Google Meet, virtual fortnightly coffee mornings allow for an easy flow of communication• Flexible and family friendly policies which enable an enviable work environment.• Open recognition initiatives as well as a 5 year Long Service Award to acknowledge hard work and commitment to the business.09Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 930534-Crossword-Cybersecurity-AR2020.indd 926-Apr-21 12:47:41 PM26-Apr-21 12:47:41 PM 30534 26 April 2021 12:46 pm V11£712.50Raised by auction and raffle£5,160Raised for SPEAR in 2020Corporate Social Responsibility CONTINUEDOther aspects of working at CrosswordLeadership supportAsking for help and support is celebrated and highly encouraged at Crossword. The support can be available in the form of mentoring, knowledge sharing, and we also have a ‘buddy system’ for new starters. The Executive team is committed to their team’s professional development.Great working environmentWe strive to better the employee experience by providing proper work equipment and also through workplace engagement surveys which encourage open communication and feedback. Our offices are modern and equipped with kitchen and shower facilities, coffee machines and break-out spaces.Inclusivity and diversityOur collective strength is in our individual uniqueness and the range of experiences we can bring to the table. When we recruit, we don’t look for a ‘culture fit’ to fit any specific but rather what the person brings, but our culture is extremely collaborative and adapts to cater to the needs of our biggest asset – our people!Work-life balanceWe are focused on what you achieve at work, not how long you spend in the office. We believe in being agile and adapt to work around employees’ commitments and working styles. We prioritise our employees’ mental well-being above everything else. All employees are encouraged to take timely breaks to spend time doing what they love and pursue their recreations.Supporting our communitiesCrossword supported three charities in 2020. SPEAR, located near Crossword’s Richmond office, operates in South and West London and helps the homeless to find secure accommodation and work towards a positive future. There were many initiatives, including online auctions, 2.6 challenge, Christmas hamper raffle.In May 2020 Kraków staff supported ‘Komputer dla ucznia’ to enable Children to work remotely in this most stressful of times. The Kraków team raised £700 and two computers were purchased. One went to Kosma who was sharing one computer with 8 siblings. Sisters Ola and Marysia, both with medical difficulties received the second one to share. In Dec 2020 Crossword Krakow supported Noble Box, for the 2nd year, with much needed goods to help a person or family through the hard winter and beyond. As Kinga Krok who organised this effort says: “Another year of Noble Box program is almost completed and I still don’t know who gains more - Mr. X or we. When you see the tragedy of others, you can notice how lucky you are, because it is warm in your house, you have access to running water and electricity. I just wanted to say a big THANK YOU to everyone involved. Knowledge that I am surrounded by a group of good people in Crossword means a lot”.Crossword asked staff to donate gifts to auction off for the start of the online auction which was a collaboration between the London and Kraków offices, with all proceeds going towards SPEAR.The items donated were original and thoughtful. A paddle board lesson was among the first items to be auctioned, just in time for the end of summer. Two Chinese prints painted by a staff member’s father-in-law, proved to be very popular. Crossword’s graphic designer in Kraków donated some of her designs and the artwork shown all went to the highest bidder.In December we held a raffle for a huge Christmas food hamper complete with Christmas crackers and enough cake and biscuits to survive on in tier four. In total the online auction and raffle raised £712.50 which went towards the overall amount raised for SPEAR in 2020 of £5,160.0010CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 1030534-Crossword-Cybersecurity-AR2020.indd 1026-Apr-21 12:47:44 PM26-Apr-21 12:47:44 PM 30534 26 April 2021 12:46 pm V11Charity Reg. No. 1122206 www.spearlondon.org E: fundraising@spearlondon.org 11Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 1130534-Crossword-Cybersecurity-AR2020.indd 1126-Apr-21 12:47:45 PM26-Apr-21 12:47:45 PM 30534 26 April 2021 12:46 pm V11Principal Risks and UncertaintiesRisks relating to the Group and the industry in which it operatesIntellectual property acquisition and developmentCrossword acquires intellectual property (IP) rights from universities via licensing and IP transfer arrangements and then develops this IP into commercial products. Failure to secure good quality IP deals and to quickly and appropriately meet new cyber security challenges, will make it difficult for the Group to generate new products.The success of this strategy depends on the ability of Crossword to source suitable IP and use its expertise in business management, marketing and product development to build solutions attractive to its potential customer base. Ultimately, Crossword will only succeed if it is able to design, develop and sell new software solutions in a timely fashion that deliver operational reliability and effectiveness.Technological changesGenerally, product markets are exposed to rapid technological change, changes in use, changes to customer requirements and preferences, services employing new technologies and the emergence of new industry standards and practices. The Group operates in a market with such changes which have the potential to render the Group’s existing technology and products obsolete or uncompetitive.To successfully remain competitive, the Group must ensure continued product improvement and the development of new markets and capabilities to maintain a pace congruent with changing technology. This added strain may stretch the Company’s capital resources which may adversely impact the revenues and profitability of the Company. The Company’s success is dependent on the ability to effectively respond and adapt to technological changes and changes to customer preferences. There can be no assurance that the Company will be able to effectively anticipate future technological changes or changes in customer preferences. Furthermore, there is also no assurance that the Company will have sufficient financial resources to effectively respond in a timely manner if such a change is anticipated.12The Board has overall responsibility for ensuring that risk is appropriately managed throughout the business.The Board is aware of the need to conduct regular risk assessments to identify any deficiencies in the controls currently operating over all aspects of the Company.Risks to the achievement of strategic objectives are identified by the Executive. The degree of risk is evaluated with reference to the impact and probability of the risk, considering inherent and residual risk. The Executive considers the nature and extent of the risks, the threat of such risks becoming reality, the ability to reduce the incidence and impact on its business if the risk materialises, and the costs and benefits resulting from operating relevant controls.A Risk Register is prepared and regularly reviewed by the Executive, and shared with the Audit Committee for independent review and robust challenge. The Risk Register includes a plan for mitigation of risks above the risk appetite of the business.12CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 1230534-Crossword-Cybersecurity-AR2020.indd 1226-Apr-21 12:47:46 PM26-Apr-21 12:47:46 PM 30534 26 April 2021 12:46 pm V11CompetitionThere is no guarantee against new entrants or current competitors providing superior technologies, products or services to the market. There is no certainty that new entrants or current competitors will not provide equivalent products for a lower price. The Company may be forced to make changes to one or more of its products or to its pricing strategy to effectively respond to changes in customer preferences in order to remain competitive. This may impact negatively on the Company’s financial performance.The Group’s consulting division operates in an environment that includes large international accounting firms and consultancies and a number of smaller niche players. There are very low start-up costs for any new entrant into the market and the Group cannot prevent any person or organisation from seeking to compete with it. There is a risk that an existing competitor or a new entrant may, over time, be able to win work from the Group’s existing and future customers. In addition, larger competitors may, in the future, adopt more aggressive expansion strategies, which could include hiring additional experienced consultants and changing their business model and service offering to one that is directly comparable to that of the Group. This could, in theory, result in a material loss of customers from the Group to larger competitors and, therefore, have a material adverse impact on the financial performance of the Group.Reputational risksAs a cyber security company, Crossword is very conscious of its external reputation. If the Group is compromised as a result of a cyber incident, it would impact its clients’ confidence.Crossword has an experienced cyber security expert acting as its Chief Information Security Officer (CISO) and a strong technical team who actively seek to mitigate threats.Nonetheless, should an event take place which adversely affects the reputation of the Group, its future prospects and value could suffer.4313Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 1330534-Crossword-Cybersecurity-AR2020.indd 1326-Apr-21 12:47:46 PM26-Apr-21 12:47:46 PM 30534 26 April 2021 12:46 pm V11Risks relating to the Group and the industry in which it operates (continued)Ability to recruit and retain skilled personnelThe Company believes that it has the appropriate incentive structures to attract and retain the calibre of employees and contractors necessary to ensure the efficient management and development of the Company. However, any difficulties encountered in hiring, and retaining, appropriate employees and/or contractors and the failure to do so, or a change in market conditions that renders current incentive structures lacking, may have a detrimental effect upon the trading performance of the Company. The ability to attract new employees and contractors with the appropriate expertise and skills cannot be guaranteed.7Principal Risks and Uncertainties CONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2020Key system failure, disruption or interruptionThe Group’s reliance on technology exposes it (the Group) to a significant risk in the event that such technology, or the Company’s systems, experience damage, interruption or failure in some form. A malfunctioning of the Company’s technology and systems, or those of key parties, could result in a diminished confidence in the Company’s services, resulting in a consequential material adverse effect on the Company’s operations and results.Dependence on third parties and business continuityKey components of Crossword’s technology platform may be dependent upon the continuing availability of a particular supplier.The software development environment or data processing platforms may become unavailable for an extended period of time, thereby disrupting customers’ experience of Crossword’s products and services.Crossword’s business is at risk from disruption of key systems and assets upon which it depends. The functioning of the IT systems on which it relies could be disrupted for reasons either within or beyond its control, including, but not limited to: accidental damage; disruption to the supply of utilities or services; security breaches; extreme weather events; systems failure or workforce actions. There is a risk that such disruption may materially and adversely affect Crossword’s ability to offer services to customers and, therefore, materially and adversely affect its reputation, performance or financial condition.561430534-Crossword-Cybersecurity-AR2020.indd 1430534-Crossword-Cybersecurity-AR2020.indd 1426-Apr-21 12:47:49 PM26-Apr-21 12:47:49 PM 30534 26 April 2021 12:46 pm V11Counterparty credit riskThere is a risk that parties with whom the Company trades or has other business relationships (including partners, customers, suppliers, subcontractors and other parties) may become insolvent. This may be as a result of general economic conditions, factors specific to that company, or exceptional circumstances such as COVID-19. In the event that a party with whom the Company trades becomes insolvent, this could have an adverse impact on the revenues and profitability of the Company.Financial controls and internal reporting proceduresThe Company’s future growth and prospects will depend on its ability to manage growth and to continue to maintain, expand and improve operational, financial and management information systems on a timely basis, whilst at the same time maintaining effective cost controls. Any damage to, failure of, or inability to maintain, expand and upgrade effective operational, financial and management information systems and internal controls in line with the Company’s growth could have a material adverse effect on the Company’s business, financial condition and results of operations.Taxation risksThe Company is subject to taxation and the application of such taxes may change over time due to changes to legislation, regulations or interpretations by the relevant tax authorities. Whilst no material changes are anticipated in such taxes, any such changes may have a material adverse effect on the Company’s financial condition and results of operations.The continuing status of the ordinary shares as a qualifying holding for VCT and EIS purposes will be conditional, amongst other things, on the qualifying conditions being satisfied throughout the period of ownership. There can be no assurance that the Company will continue to conduct its activities in a way that will secure or retain qualifying status for VCT and/or EIS purposes.1089General business risks15Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 1530534-Crossword-Cybersecurity-AR2020.indd 1526-Apr-21 12:47:52 PM26-Apr-21 12:47:52 PM 30534 26 April 2021 12:46 pm V11General business risks (continued)Economic conditionsThe Group could be affected by unforeseen events, such as COVID-19, outside its control including economic and political events and trends, inflation and deflation or currency exchange fluctuations, potentially driven by Brexit. Any economic downturn, either globally or locally, in any area in which the Group operates may have an adverse effect on the demand for the Group’s products and services. A more prolonged economic downturn may lead to an overall decline in the volume of the Group’s activities and sales, restricting the Group’s ability to realise a profit. The markets in which the Group offers its services are directly affected by many national and international factors that are beyond the Group’s control.Crossword’s clients and opportunities exist in multiple sectors, some of which have clearly been affected by the COVID-19 pandemic, and some of which are seeing increased activity as cyber security becomes even more important. However, we have also seen some clients delaying the start of new projects, and we remain in close contact with them. We will also monitor any potential impact on our own business and are in a position to take advantage of Government support and take other actions if and when they are required.Principal Risks and Uncertainties CONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 202012Legal riskLegal risks include the inability to enforce security arrangements, an absence of adequate protection for intellectual property rights, an inability to enforce foreign judgements relating to contracts entered into by the Company that are governed by law outside England and Wales, absence of a choice of law, and an inability to refer disputes to arbitration or to have a limited choice with regard to arbitration rules, venue and language.Mitigation measures for these risks may also be limited.111630534-Crossword-Cybersecurity-AR2020.indd 1630534-Crossword-Cybersecurity-AR2020.indd 1626-Apr-21 12:47:55 PM26-Apr-21 12:47:55 PM 30534 26 April 2021 12:46 pm V11Currency exchange riskThe Group’s functional currency is sterling. One subsidiary, Crossword Cybersecurity Sp. Z.o.o is based in Poland.Crossword Cybersecurity Sp. Z.o.o, where the functional currency is zloty, accounts for approximately 16%. of the total costs of the business. Exposure to this and other exchange rates may affect the Group’s results. The Group may consider implementing policies to limit its currency exposure, and will consider currency hedging instruments when they prove to be available and cost effective.Going concern riskThe £1.6m placing subsequent to the Accounts, in February 2021, ensures the Group has sufficient cash for 12 months. There is an expectation by the Directors, based on current growth plans, that the Company will undertake a fundraise within the next 12 months. There is a risk that the Group will not be able to raise cash when it is required. This could be as a result of poor performance within the Group or turmoil with the markets following COVID-19, or other economic issues such as Brexit. Insurance riskThere can be no certainty that the Group’s insurance cover is adequate to protect against every eventuality.The occurrence of an event for which the Group did not have adequate insurance cover could have a materially adverse effect on the Group’s business, revenue, financial condition, profitability, results, prospects and/or future operations.13141517Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 1730534-Crossword-Cybersecurity-AR2020.indd 1726-Apr-21 12:47:58 PM26-Apr-21 12:47:58 PM Job number 26 April 2021 12:46 pm V6Creating cyber security productsRizikon AssuranceCompanies(Unique companies listed with national registrars)Can be linked toData transferred via APIRizikon Assurance puts you in control of third-party risk with:• Online Assessments on any topic • 360° Risk Scorecards• Assurance Framework Dashboard• Optional financial risk platform integration and more.Creditsafe lists Company Data of over 320m companies around the World together with credit ratings, financial data and shareholdersOrganisations (third parties or suppliers)View (Company shareholders and financial details, credit risk ratings negative news, full Company Reports within Rizikon Assurance)Combine this data with other Assurance & Risk data in Scorecards, Create overall Risk score for each third party. “18CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 1830534-Crossword-Cybersecurity-AR2020.indd 1826-Apr-21 12:48:03 PM26-Apr-21 12:48:03 PM 30534 26 April 2021 12:46 pm V11Recent global events including COVID-19, Brexit, trade wars and ESG matters are drawing attention to the importance of supply chain management, and shining a torch on poor resilience, and the unknown risks organisations are carrying in their supply chains. The release of Rizikon Pro addresses the demand from smaller organisations to assess supply chain risk in a cost effective way, helping them identify where to invest resources to reduce risk and build resilient supply chains, with the same success as our enterprise customers.” Sean Arrowsmith, Group Sales Director“The Strategic Report was approved by the Board and authorised for issue on 26 April 202119Strategic ReportGovernanceFinancial Statementswww.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 1930534-Crossword-Cybersecurity-AR2020.indd 1926-Apr-21 12:48:07 PM26-Apr-21 12:48:07 PM Job number 26 April 2021 12:46 pm V6The BoardThe Directors in office during the year and at the date of this report are as shown below:Sir Richard Dearlove KCMG OBENon-Executive ChairmanAppointment Date: 1 September 2016Skills and Experience: Sir Richard brings to the Board extensive experience across government, education and global business. Sir Richard joined MI6 in 1966, undertaking various overseas and head office roles before being promoted to Chief of the Secret Intelligence Service in 1999. He retired from the Service in 2004.External Appointments: Sir Richard is presently Chair of Trustees of University of London, Chairman of Ascot Underwriting Limited at Lloyd’s of London and a Director of Kosmos Energy, the New York Stock Exchange listed oil and gas exploration company. Sir Richard is the Director of The Cambridge Security Initiative 2017 and the Cambridge Arts Theatre Trust Limited. He also holds several advisory roles.Mary DowdChief Financial OfficerAppointment Date: 14 June 2018Skills and Experience: Mary was most recently Chief Operating Officer for Europe, the Middle East and Africa, and previously Chief Financial Officer at Cordium Consulting Group Limited, a leading provider of governance, risk and compliance services, with operations in London, Hong Kong, Malta, New York, Boston and San Francisco.Mary brings over 20 years’ experience of working alongside business leaders. She has demonstrated a track record of managing finance teams to ensure timely delivery of relevant financial information to all stakeholders, providing clear leadership, continuous process improvement, and excellent communication.She also brings to Crossword extensive experience of working in acquisitive businesses and providing transactional support.Mary graduated from University College Galway, Ireland and has a post graduate Diploma in Business Studies from the same university. She is an associate member of the Chartered Institute of Management Accountants.External Appointments: The Groundwork South Trust Limited.Thomas Ilube CBEChief Executive OfficerAppointment Date: 6 March 2014Skills and Experience: Tom is founder and CEO of Crossword. Tom served as Chief Information Officer of Egg Banking PLC, which at the time was a pioneering main market listed UK internet bank. Tom chaired the UK Government Technology Strategy Board’s Network Security Innovation panel. He was a member of the High Level Expert Group on cyber security at the International Telecommunication Union (ITU), a Geneva-based UN agency. He was awarded a Doctor of Science (Honoris Causa) by City, University of London, an Honorary Doctor of Technology by the University of Wolverhampton and was appointed a CBE in the 2018 Birthday Honours for services to Technology and Philanthropy.External Appointments: Non-Executive Director of the BBC and WPP PLC. Director of Deathio Limited, Advisory Fellow of St Anne’s College, Oxford and member of African Gifted Foundation.20CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 2030534-Crossword-Cybersecurity-AR2020.indd 2026-Apr-21 12:48:07 PM26-Apr-21 12:48:07 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsProfessor David StupplesNon-Executive DirectorAppointment Date: 16 June 2014Skills and Experience: David is currently Director of the Centre for Cyber and Security Sciences at City University London. In his early career, he was employed as an engineer in signals intelligence in the Royal Air Force followed by a period of intensive research into surveillance systems at the Royal Signal and Radar Establishment, Malvern. He spent three years developing highly secure communications for surveillance satellites for Hughes Aircraft Corporation in the United States of America. Later, he became a senior partner with PA Consulting Group where he undertook surveillance and intelligence systems research for Ministry of Defence and was responsible for consultancy in secure communications and surveillance systems for world-wide clients.Since 2003, David has been researching internet security at City University focused on cyber terrorism and organised cyber crime for both the UK Government and commercial companies. However, he still maintains an active interest in radar surveillance research.External Appointments: David is a member of the Defence Scientific Advisory Council (DSAC) and the Defence Procurement Agency’s Independent Advisory Board on Systems Integration.Appointment Date: 16 June 2014Skills and Experience: David is an international expert in intellectual property, technology transfer and research management. His experience includes Japan, Jordan, South Africa, Brazil, Chile, Australia, Argentina, India, Saudi Arabia and Lebanon as well as Europe and the USA. David is a Life Fellow and until 2018 was Senior Bursar at Gonville & Caius College, Cambridge where he was responsible for the investment of a £210m endowment. David was co-founder and chairman of Praxis (now PraxisAuril), the leading UK technology transfer training programme, of which he is now Patron. He served as Director of Research Services, University of Cambridge, where he was responsible for creating and directing a new division of 80 staff, for designing and implementing an intellectual policy for the university and for technology transfer throughout the university resulting in £2m licensing revenue, 40 new licences and six spin outs per year. David was Chief Executive of N8 Limited, a consortium of eight research-intensive universities in the North of England, securing initial funding of £6m from Regional Development Agencies. His earlier career was in molecular biology research with MRC Laboratory of Molecular Biology, Celltech Limited and Cancer Research Campaign (now Cancer Research UK). David held or was named on three patents and is the holder of a Lifetime Queen’s Award for Enterprise Promotion for creating ‘environments that favour enterprise, specialising in the practical aspects of commercialising the results of academic research’. External Appointments: David is a Director of Cambridge KT Limited, Trustee of Cambridge United Charities, Chairman of Fitzwilliam Museum (Enterprises) Limited and Hon. Treasurer of the César and Celia Milstein Foundation. During 2020 David was Interim Bursar of Corpus Christi College, Cambridge.Dr David SecherIndependent Non-Executive Director21www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 2130534-Crossword-Cybersecurity-AR2020.indd 2126-Apr-21 12:48:08 PM26-Apr-21 12:48:08 PM Job number 26 April 2021 12:46 pm V6The Board CONTINUEDAndy GueritzIndependent Non-Executive DirectorAppointment Date: 21 September 2015Skills and Experience: Andy is an experienced Senior Advisor with a successful track record in helping clients improve and transform their business by managing technology better and creating new technology-based ventures. In recent years, Andy has advised clients in a broad range of industries on topics such as business/technology strategy and investment planning; customer data analytics; transformation for innovation and agility; performance improvement and cost optimisation, and other ways using technology to get and deliver better value. As a Vice President at marchFIRST (formerly Mitchell Madison Group), Andy led the European B2B eCommerce Strategy and IT Strategy Practices. Before becoming a consultant, he attained Board level responsibility in a successful career in software development and systems implementation.At K2 Systems PLC (subsidiary of 4Front Technology Inc.), he was Customer Service and Development Director, responsible for all client service and delivery operations, amongst other roles. Notable systems implemented in his time at K2/4Front include, bespoke procurement, telesales and billing systems; a call centre based on workflow and CTI technologies; and a client-server insurance claims handling system, incorporating document image processing. Prior to 4Front, Andy was a Development Executive at McDonnell Douglas Information Systems and also worked for Marconi Defence Systems on a number of electronic warfare and guided weapons projects.Andy is a Chartered Fellow of the BCS (FBCS), Chartered IT Practitioner (CITP), Chartered Engineer (C.Eng), Fellow of the IET (FIET), and a European Engineer registered at FEANI. He holds a First Class Honours degree in Electrical and Electronic Engineering with Computer Science from Queen Mary University of London.External Appointments: None.Ruth AndersonIndependent Non-Executive DirectorAppointment Date: 1 February 2018Skills and Experience: Ruth has over 15 years’ experience in the fields of security, intelligence, cyber crime and risk management.She brings to the Board extensive experience across defence and law enforcement sectors and within financial services, developing and implementing cyber risk governance frameworks.Ruth is currently Director of Transformation Risk at Lloyds Banking Group. She was previously a Director of Cyber in the Financial Services Department of KPMG. She served as the Head of Specialist Operational Support and also as the Head of Intelligence at the Child Exploitation and Online Protection Centre, where she delivered the first ever strategic threat assessment on child abuse in the online environment.Prior to this, Ruth served in intelligence and security in the British Army.External Appointments: None.Gordon MatthewNon-Executive DirectorAppointment Date: 24 June 2015Skills and Experience: Gordon is currently Non-Executive Chairman of Amito, Reading’s largest data centre, and Non-Executive Chairman of Flow Communications Limited, experts in designing, building, implementing and supporting customers’ global IT infrastructure requirements.Previously, Gordon served as Chief Executive Officer of Azzurri Communications Limited and was responsible for ensuring that it met its financial and growth targets. He has served as the Chief Executive Officer of Ramesys (later RedSky IT) Holdings Limited where he was responsible for the successful turnaround, growth and exit of the business through two significant transactions in December 2005 and January 2007.Gordon has over 20 years’ IT experience with broad experience of software applications, services, large bespoke developments and telecommunications. He also spent five years at Software AG (UK) where he oversaw all aspects of service delivery.External Appointments: Gordon currently acts as Non-Executive Consultant to Adventoris Limited and Director of Flow UK Holdings Limited. Gordon was the Non-Executive Chairman of Intrinsic Technology Limited from October 2011 to August 2017, m-hance Limited from May 2014 to August 2016, and Science Warehouse from June 2016 to February 2018. 22CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 2230534-Crossword-Cybersecurity-AR2020.indd 2226-Apr-21 12:48:08 PM26-Apr-21 12:48:08 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsThe ExecutiveThomas Ilube CBEChief Executive OfficerAppointment Date: 6 March 2014Skills and Experience: Tom is founder and CEO of Crossword. Tom chaired the UK Government Technology Strategy Board’s Network Security Innovation panel. He was a member of the High Level Expert Group on cyber security at the International Telecommunication Union (ITU), a Geneva-based UN agency. Tom was appointed a CBE in the 2018 Birthday Honours for services to Technology and Philanthropy.External Appointments: Non-Executive Director of the BBC and WPP PLC. Director of Deathio Limited, Advisory Fellow of St Anne’s College, Oxford and member of African Gifted Foundation.Stuart JubbManaging Director, ConsultingStuart joined Crossword from KPMG where he was Associate Director, Defence & Security. Prior to that he was Chief Operating Officer of a global consulting team of over 200 in KPMG Advisory. Stuart spent nine years as an officer in HM Forces, after Sandhurst, serving in Afghanistan, NATO and elsewhere. Jake HollowayChief Product OfficerJake has over 30 years of experience in technology across a wide range of industries and roles - including as CTO and Head of Product for two well-known software houses, and as CEO/Founder of an innovative Online Systems House. In his two most recent roles before joining Crossword he was advising Worldpay on their separation from RBS, and founded Xendpay, a Fintech startup, where he was COO.Jake authored books on project management in 2015 and 2016.Sean ArrowsmithGroup Sales DirectorSean has over 20 years’ sales experience in cyber/information security and technology.He was previously Group Sales Director at IRM Limited, the World Class Centre in Cyber Security of Altran Technologies SA, the global innovation and engineering consulting firm. Here, Sean was accountable for revenue target achievement across all of IRM’s business streams including consulting, software and training.Prior to that, Sean was responsible for leading consulting sales at Siemens Insight Consulting.Mary DowdChief Financial OfficerAppointment Date: 14 June 2018Skills and Experience: Mary brings over 20 years’ experience of working alongside business leaders.She has demonstrated a track record of managing finance teams to ensure timely delivery of relevant financial information to all stakeholders, providing clear leadership, continuous process improvement, and excellent communication.She also brings to Crossword extensive experience of working in acquisitive businesses and providing transactional support.Mary graduated from University College Galway, Ireland and has a post graduate Diploma in Business Studies from the same university. She is an associate member of the Chartered Institute of Management AccountantsExternal Appointments: The Groundwork South Trust Limited.23www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 2330534-Crossword-Cybersecurity-AR2020.indd 2326-Apr-21 12:48:09 PM26-Apr-21 12:48:09 PM Job number 26 April 2021 12:46 pm V6Corporate Governance ReportChairman’s IntroductionThe Directors acknowledge the importance of high standards of corporate governance and have adopted the principles set out in the Quoted Companies Alliance Corporate Governance Code for Small and Mid-Size Quoted Companies (the ‘QCA Code’) 2018, given the Group’s size and the constitution of the Board. The QCA Code sets out a standard of minimum best practice for small and mid-size quoted companies, particularly AIM companies.The Chairman and the Board accept the importance and responsibility of setting good corporate culture, values and behaviours. The Board also acknowledges its responsibility in delivering the long-term success of the Company for the benefit of shareholders and other stakeholders.This Corporate Governance Report describes how the Company has applied the principles and standards set out in the Code during the year and, to the extent it has not done so, any deviations from them. It is the Board’s view that the Company has complied with all of the provisions of the Code during the year ended 31 December 2020.Principle 1: Establish a strategy and business model which promote long-term value for shareholdersThe Company’s Strategy Report is on pages 1 to 23 of this report.The Company’s objective is to be the European leader in commercialising cyber security research originating from universities.Crossword Cybersecurity PLC focuses on the development and commercialisation of university research-based cyber security and risk management related software and cyber security consulting. The Group’s specialist cyber security product development and software engineering teams work with its university partners to develop the research concept into a fully-fledged commercial product that it will then take to market. The Group’s aim is to build up a portfolio of revenue-generating, intellectual property-based, cyber security products. Rizikon Assurance, Crossword’s leading product, is a SaaS platform that enables medium to large companies to assess and manage all risks from their suppliers. Rizikon Pro, an out-of-the-box, online SaaS solution, offered on a pay-as-you-go basis, is giving smaller and medium-sized organisations access to a set of core easy-to-use supplier assurance platform features, at a lower cost. Modules can be chosen according to need, meaning customers only pay for the features they use, and can be expanded as required. Nixer CyberML, Crossword’s most recently launched product, is a new tool for businesses that want to solve advanced security and cyber crime problems, such as detecting and dealing with compromised accounts, fraud, and in-application denial of service attacks. Crossword’s team of expert cyber security consultants leverages years of experience in national security, defence and commercial cyber intelligence and operations to provide bespoke advice tailored to its clients’ business needs.Where appropriate, Crossword will transfer the IP to separate companies in which it will retain a commercial interest. So far, Crossword has been instrumental in the development of two such companies, ByzGen Limited and CyberOwl Limited.Principle 2: Seek to understand and meet shareholder needs and expectationsCrossword is committed to engaging with its shareholders to ensure that its strategy, business model and performance is clearly understood. The Company communicates with shareholders and potential investors through a variety of channels, including regular financial reporting, direct contact with its major shareholders and release of regulatory announcements, which are available on its website.Regulatory announcements include details of the Company’s website and the relevant contact at the Company, as well as its professional advisors.The Annual General Meeting (AGM) provides another opportunity for dialogue between shareholders and the Board. The Chair of the Board and of the Committees, together with other Directors, routinely attend the AGM and are available to answer questions raised by the shareholders. At the meeting, each vote, the number of proxy votes received for, against and withheld is announced.The results of the AGM are subsequently published on the Company’s website and released via a regulatory information service provider.A range of corporate information, including all Company announcements, is also available to shareholders, investors and the public on the Company’s corporate website, www.crosswordcybersecurity.com.24CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 2430534-Crossword-Cybersecurity-AR2020.indd 2426-Apr-21 12:48:09 PM26-Apr-21 12:48:09 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsPrinciple 3: Take into account wider stakeholder and social responsibilities and their implications for long-term successApart from our shareholders, our most important stakeholder groups are our employees, our partners, our clients and the universities we work with. The Board receives regular updates from Executives on stakeholder feedback and their potential impact on our business to enable them to understand and consider this feedback in decision-making. The Board understands that maintaining the support of all its stakeholders is paramount for the long-term success of the Company.EMPLOYEESCrossword aims to provide an environment which will attract, retain and motivate its team. The Company has a growing number of permanent staff employed across the UK and Poland. Employee engagement with the senior management, who pride themselves on their availability and flexibility, is frequent through daily discussions and meetings. Staff are encouraged to give regular feedback in relation to their needs, interests and expectations on away days, general discussions or one-to-one meetings with their line managers. These can then be addressed at the fortnightly management meeting with all senior members of the team, where further actions will be discussed. Furthermore, the team engages in a weekly call where staff are able to communicate with all levels of the team across both countries.Crossword reviews its processes and policies, which are guided by the principles of fairness and integrity, to make continual improvements for its staff. The Company has developed its induction programme for new staff, is engaging with employees to define its culture and values and expected behaviours, performs exit interviews in the event people decide to leave the business, and follow up interviews with new employees. Crossword is supportive of the career development of its employees and provides training programmes and Masters opportunities where appropriate.CROSSWORD’S PARTNERSCrossword develops mutually beneficial commercial relationships with companies to support sourcing and commercialising cyber security intellectual property originating from university research projects, and evaluating and exploiting routes to distributing and reselling its products. Crossword recognises that the establishment of a close working relationship with its partners is essential for its long-term success.Crossword maintains its relationship with its partners through regular meetings, mutual understanding and aligned objectives. Feedback from partners is communicated to the relevant teams and the Board as appropriate.UNIVERSITIESCrossword has excellent connections with universities in the UK and elsewhere through members of the Board and management, who include some of the most highly regarded experts in IP commercialisation and the cyber security sector. Crossword maintains regular interaction with the universities with which it engages. This is predominantly achieved by digital means (e.g. frequent email exchanges and video calls), in which both parties can feed back to one another to ensure their needs are being met. The team also has face-to-face meetings with academics and works alongside universities at various events, such as talks and conferences. This continual engagement with universities is paramount to the long-term success of the Company, due to its principal objective.SOCIAL RESPONSIBILITYCrossword partners with a charity based in the same location as its UK office, helping the charity in their efforts to support the homeless and lead them to independence. In Poland, Crossword is supporting one of the largest, most recognisable and effective social schemes which implements and develops a system of smart, personalised aid that is unique in the world.25www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 2530534-Crossword-Cybersecurity-AR2020.indd 2526-Apr-21 12:48:09 PM26-Apr-21 12:48:09 PM Job number 26 April 2021 12:46 pm V6Corporate Governance Report CONTINUEDPrinciple 4: Embed effective risk management, considering both opportunities and threats, throughout the organisationAUDIT, RISK AND INTERNAL CONTROLFinancial controlsThe Group has an established framework of internal financial controls, the effectiveness of which is regularly reviewed by the Executive Management, the Audit Committee and the Board, in light of an ongoing assessment of significant risks facing the Group.• The Board is ultimately responsible for the effectiveness of the Group’s system of internal controls. Its key strategy has been to establish financial reporting procedures that provide the Board of Directors with a reasonable basis upon which to make judgements as to the financial position and prospects of the Group. Executive Directors and Non-Executive Directors have been appointed by the Board to assist with the implementation of this strategy and report progress to the Board.• The Audit Committee has the primary responsibility for monitoring the quality of internal controls to ensure that the financial performance of the Group is properly measured and reported on. It receives and reviews reports from the Group’s management and external Auditor relating to the interim and annual accounts and the accounting and internal control systems in use throughout the Group. The Audit Committee meets not less than three times in each financial year and has unrestricted access to the Group’s external Auditor. Regular budgeting and forecasting is conducted to monitor the Group’s ongoing cash requirements and cash flow forecasts are circulated to the Board.• The Group has a Risk Register which identifies the potential possibility and impact of risks associated with the Group and allocates an owner to mitigate each risk. The Risk Register is updated by the Finance Director and reviewed by the Executive, the Audit Committee and the Board.Non-financial controlsThe Board has ultimate responsibility for the Group’s system of internal control and for reviewing its effectiveness. However, any such system of internal control can provide only reasonable, but not absolute, assurance against material misstatement or loss. The Board considers that the internal controls in place are appropriate for the size, complexity and risk profile of the Group. The principal elements of the Group’s internal control system include:• Close management of the day-to-day activities of the Group by the Executive Directors;• An organisational structure with defined levels of responsibility, which promotes entrepreneurial decision-making and rapid implementation whilst minimising risks;• Central control over key areas such as capital expenditure authorisation and banking facilities;• A comprehensive annual budgeting process producing a detailed integrated profit and loss, balance sheet and cash flow, which is approved by the Board; and• Detailed monthly reporting of performance against budget.The Group continues to review its system of internal control to ensure compliance with best practice, whilst also having regard to its size and the resources available.STANDARDS AND POLICIESThe Board is committed to maintaining appropriate standards for all the Group’s business activities and ensuring that these standards are set out in written policies. Key examples of such standards and policies include:• Anti-bribery and Corruption Policy• Information Security Policy• Data Protection Policy• Share Dealing Code.All policies are documented and senior managers and Directors are responsible for monitoring the compliance of these policies.APPROVAL PROCESSAll contracts are required to be reviewed and signed by a Director of the Company.26CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 2630534-Crossword-Cybersecurity-AR2020.indd 2626-Apr-21 12:48:09 PM26-Apr-21 12:48:09 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsPrinciple 5: Maintaining the Board as a well-functioning, balanced team, led by the ChairCOMPOSITION, QUALIFICATION AND INDEPENDENCE OF THE BOARDThe Board comprises six Non-Executive and two Executive Directors. The names and responsibilities of the current Directors, together with their biographical details, are set out on pages 20 to 22.25%75%n Female n MaleThe Board considers each of the Non-Executive Directors to be independent in character and judgement. Two of the Non-Executive Directors do not meet the strict criteria for independence set out in the QCA Code, due to their ownership of ordinary shares and their participation in the Company’s share option arrangements, as part of their remuneration arrangements.The Board considers that the ownership of shares and participation in the Company’s share options to certain of the Non-Executive Directors encourages the alignment of their interests with those of the Company’s shareholders and are not material enough to compromise their independence, character and judgement.Therefore, the Company considers all Non-Executive Directors to be independent for the purposes of the QCA Code.The Non-Executive Directors provide independent, robust and constructive challenge to the Executive Management and monitor the performance of the management team in delivering the agreed objectives.All Directors have disclosed their other significant commitments and confirmed that they have sufficient time to discharge their duties effectively.APPOINTMENT AND TENUREThe Board makes decisions regarding the appointment and removal of Directors and there is a formal, rigorous and transparent procedure for appointments, some of which has been delegated to the Nomination Committee. Appointments are made on merit, taking account of the balance of skills, experience and knowledge required.The Company’s Articles of Association require that all Directors retire by rotation at regular intervals and that any new Directors appointed during the year must stand for election at the AGM immediately following their appointment.Principle 6: Ensure that, between them, the Directors have the necessary up-to-date experience, skills and capabilitiesThe names and responsibilities of the current Directors, together with their biographical details, are set out on pages 20 to 22.The Board believes that its composition brings a desirable range of skills and experience in light of the Group’s challenges and opportunities following Admission, while at the same time ensuring that no individuals or a small group of individuals can dominate the Board’s decision-making.The current Board, although considered to have a sufficient level of skills in all areas of the business, is always looking to improve and further its knowledge of the industry. All Directors receive regular and timely information on the Group’s operational and financial performance and on technical issues.INDUCTIONUpon appointment, all Directors are provided with training in respect of their legal, regulatory and governance responsibilities and obligations, in accordance with the UK regulatory regime.The induction includes face-to-face meetings with Executive Management and site visits to orientate and familiarise the new Directors with the Company’s industry, organisation, business, strategy, commercial objectives and key risks.The Board is kept up to date on legal, regulatory and governance matters at Board meetings. Additional training is available on request, where appropriate, so that Directors can update their skills and knowledge as applicable.INDEPENDENT ADVICEAll Directors are able to take independent professional advice in the furtherance of their duties, if necessary, at the Company’s expense. In addition, the Directors have direct access to the advice and services of the Company Secretary and Finance Director.27www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 2730534-Crossword-Cybersecurity-AR2020.indd 2726-Apr-21 12:48:09 PM26-Apr-21 12:48:09 PM Job number 26 April 2021 12:46 pm V6Corporate Governance Report CONTINUEDPrinciple 7: Evaluate Board performance based on clear and relevant objectives, seeking continuous improvementBOARD EFFECTIVENESS REVIEWLast year the Board undertook its first evaluation of its performance for the 2019 financial year end. Some of the main themes and recommendations resulting from the 2019 evaluation include:• Focus on strategy and Company culture• Managing and communicating risk and implementing internal controls• Shareholder engagement• Stakeholder engagement• DiversityThe Board has continued throughout the year to measure progress against the recommendations resulting from the 2019 Board evaluation and will continue to assess its effectiveness in implementing new processes to achieve the recommendations. Furthermore the Board conducted an evaluation in March 2021 to assess current performance and the Board was satisfied that previous recommendations had been implemented and were being continually assessed.The Nominations Committee will regularly review the structure, size and composition (including the skills, knowledge, independence, experience and diversity) of the Board and make recommendations concerning plans for succession for both Executive and Non-Executive Directors and in particular for the key roles of Chair and Chief Executive Officer.Principle 8: Promote a corporate culture that is based on ethical values and behavioursThe Board is committed to promoting a strong ethical and values driven culture throughout the Company and has a people-oriented ethos where hard work and commitment are recognised. During 2019, a project to formally define the Company’s culture was started. In February 2020, the values representing the Company cultures were shared at the whole Company away day. See page 9 for details. Crossword also recognises that employees will have interests outside work and consequently supports flexibility around these interests.Principle 9: Maintain governance structures and processes that are fit for purpose and support good decision-making by the BoardTHE ROLE OF THE BOARDThe Board is responsible for the long-term success and strategic leadership of the Group It is responsible for reviewing, formulating and approving the strategy of the Group and its subsidiaries, corporate actions and overseeing the Group’s progress towards its goals. In addition, it also approves the annual and interim results and monitors the exposure to key business risks. The Board’s full responsibilities are set out in a schedule of matters reserved for the Board.The matters reserved for the attention of the Board include:• The approval of interim and annual financial statements, dividends and significant changes in accounting practices;• Review of bi-monthly financial statements;• Board membership, reviewed by NOMAD, and powers including the appointment and removal of Board members, determining the terms of reference of the Board and establishing the overall control framework;• AIM related issues including the approval of communications to the London Stock Exchange and communications with shareholders will be dealt with by the Market Disclosure Committee and reviewed by the NOMAD, or delegated by the Board to the Executive Directors;28CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 2830534-Crossword-Cybersecurity-AR2020.indd 2826-Apr-21 12:48:11 PM26-Apr-21 12:48:11 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial Statements• Senior management, remuneration, contracts, and the grant of share options will be addressed by the Remuneration Committee;• Key commercial matters where the financial commitment is in excess of £50,000 per annum;• Taking of loans or other credit;• Financial matters including the approval of the budget and financial plans and performance against such plans and budgets;• Approval of the appointment of the current period Auditor, year-end audited statutory accounts and audit related queries addressed by the Audit Committee;• Risk management review;• Changes to the Company’s capital structure, its business strategy, acquisitions and disposals of businesses, and capital expenditures outside of budget approval; and• Other matters including, but not limited to, health and safety policy, insurance and legal compliance.ROLE OF THE CHAIRMAN AND CHIEF EXECUTIVE OFFICERThere is a clear division of responsibility at the head of the Company. The Chairman is responsible for running the business of the Board and for ensuring appropriate strategic focus and direction, whilst the Chief Executive Officer is responsible for proposing the strategic focus to the Board, implementing it once approved, and overseeing the management of the Company through the Executive. The Chief Executive Officer is also responsible for communicating with shareholders, assisted by the Finance Director. This separation of responsibilities is clearly defined and agreed by the Board.BOARD AND COMMITTEE MEETINGSThe Board meets at least six times each year, in accordance with its scheduled meeting calendar (these may be supplemented by additional meetings as and when required) to review, formulate and approve the Group’s strategy, budgets, corporate actions and oversee the Group’s progress towards its goals. At each meeting, the Board considers a number of matters, which include technical, operational, financial, risk and corporate governance reports, in addition to an update from its Committees, where applicable.Any Director can challenge proposals, and decisions are taken democratically after discussion. Any Director who feels that any concern remains unresolved after discussion may ask for that concern to be noted in the minutes of the meeting, which are then circulated to all Directors. Specific actions arising from such meetings are agreed by the Board or relevant committee and then followed up by management.The table below sets out the attendance record of individual Directors at the scheduled and unscheduled Board meetings held during the year:NameBoard MeetingsAuditNominationRemunerationRichard Dearlove5---Tom Ilube6---Andy Gueritz6222Ruth Anderson4122David Secher62-2David Stupples6-22Gordon Matthew5-2-Mary Dowd6---29www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 2930534-Crossword-Cybersecurity-AR2020.indd 2926-Apr-21 12:48:11 PM26-Apr-21 12:48:11 PM Job number 26 April 2021 12:46 pm V6Corporate Governance Report CONTINUEDThe Group has established an Audit Committee, a Remuneration Committee, a Nomination Committee and a Market Disclosure Committee, each with formally delegated duties and responsibilities outlined within terms of reference reviewed and approved by the Board on an annual basis.From time to time, separate committees may be set up by the Board to consider specific issues when the need arises.The Board and its Committees are supported by the Company Secretary, who ensures that the Board receives regular and timely information ahead of each meeting. A formal agenda is produced for each meeting and the Company Secretary distributes papers several days before meetings take place to provide the Board with sufficient time to consider the matters to be discussed. Each Committee has access to such resources, information and advice as it deems necessary, at the cost of the Company, to enable it to discharge its duties.Principle 10: Communicate how the Company is governed and is performing by maintaining a dialogue with shareholders and other relevant stakeholdersThe Board attaches considerable importance to the maintenance of constructive relationships with shareholders and its other stakeholders.As mentioned above, the Company communicates with shareholders through the Annual Report and accounts, full-year and half-year results announcement, the AGM and one-to-one meetings with large existing or potential new shareholders. The Company regularly releases regulatory and other announcements covering operational and corporate matters.A range of corporate information (including all Company announcements) is also available to shareholders, investors and the public on the Company’s corporate website, www.crosswordcybersecurity.com including:• Our Articles of Association and admission document;• A detailed account of how we have applied the principles of the QCA Code;• Latest Crossword Cybersecurity news and press releases;• Annual and Interim Reports.The Board receives regular updates on the views of shareholders through briefings from the Chief Executive Officer, Finance Director and the Company’s brokers.The Company is currently exploring further methods of obtaining feedback from its staff, including exit interviews in the event people decide to leave the business, and follow up interviews with new employees.Sir Richard Dearlove KCMG OBEChairman26 April 202130CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 3030534-Crossword-Cybersecurity-AR2020.indd 3026-Apr-21 12:48:15 PM26-Apr-21 12:48:15 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsAudit Committee ReportI am pleased to present the Committee’s report for the year ended 31 December 2020. The following pages provide an insight into how the Committee discharged its responsibilities during the year and the key topics that it considered in doing so.The role of the Audit Committee is to monitor the integrity of the Group’s Financial Statements, including its annual and half-yearly reports and any other formal statements relating to its financial performance. It monitors and reviews the effectiveness of the Group’s system of internal financial control systems that identify, assess, manage and monitor financial risks, and other internal control and risk management systems.COMMITTEE MEMBERSHIP AND GOVERNANCEThe Audit Committee is comprised of three independent Non-Executive Directors, currently David Secher, Ruth Anderson and Andrew Gueritz. David Secher, Chair of the committee, is considered by the Board to have recent and relevant financial experience and the Committee as a whole has competence relevant to the sector in which the Company operates. At the request of the Chair of the Committee, the Chief Executive Officer, Chief Financial Officer and other members of the senior management team may also be invited to attend meetings as guests.The Audit Committee meets at least three times in each financial year and has unrestricted access to the Group’s external Auditor. The Committee works to a planned programme of activities focused on key events in the annual financial reporting cycle and standing items that it considers regularly under its Terms of Reference.PRINCIPAL ACTIVITIES DURING THE YEARThe Committee held two meetings during the year under review and considered the following:• The external Auditor’s 2019 year-end audit report and opinion;• The Company’s Report for the financial year ended 31 December 2019 and the related results announcements and the Half-Yearly Report to 30 June 2020;• Evaluation of the performance of the external Auditor including their independence, objectivity and the effectiveness of the audit process;• The re-appointment of MHA MacIntyre Hudson as the external Auditor for the Company;• The Committee’s Terms of Reference;• The Company’s Risk Register as well as the internal controls and risk management systems in place.The Committee is planning the following activities during 2021:• Review the Company’s procedures, systems and controls for the prevention of bribery or fraud;• Review the adequacy and security of the Company’s arrangements for its employees to raise concerns, in confidence, about possible wrongdoing in financial reporting or other matters. The Committee shall ensure that these arrangements allow proportionate and independent investigation of such matters and appropriate follow up action;• Review and approve the FY21 external Auditor’s plan, including the proposed materiality threshold, the scope of the audit, the significant audit risks and fees;• Review the Committee’s internal audit role, in the absence of an external provider of an internal audit service; • Risk – review and challenge the Risk Register, and consider the risk appetite of the business. • The Committee members’ attendance at meetings during the year is set out on page 29 above.EXTERNAL AUDITORMHA MacIntyre Hudson has been the external Auditor of the Group since 2014. The continued appointment of MHA MacIntyre Hudson is reviewed by the Committee each year, taking into account the relevant legislation, guidance and best practice appropriate for a Company of Crossword’s size, nature and stage of development.The Committee considers a number of areas when reviewing the external Auditor appointment, namely its performance in discharging the audit, the scope of the audit and terms of engagement, its independence and objectivity, and its reappointment and remuneration.The breakdown of fees between audit and non-audit services paid to MHA MacIntyre Hudson during the financial year is set out in Note 7 to the Group’s Consolidated Financial Statements. The non-audit fees relate to tax advice. Following Implementation of the Revised Ethical Standard by MHA MacIntyre Hudson, non-audit services have ceased. INTERNAL AUDITThe Audit Committee presently considers it appropriate that the Group does not have an internal audit function. This is due to the effectiveness of the Group’s internal financial control systems that identify, assess, manage and monitor financial risks, and other internal control and risk management systems, and the close involvement of the Executive Directors and senior management on a day-to-day operational basis. However, the need for an internal audit function will be kept under review by the Audit Committee on behalf of the Board.David SecherChair, Audit Committee26 April 202131www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 3130534-Crossword-Cybersecurity-AR2020.indd 3126-Apr-21 12:48:15 PM26-Apr-21 12:48:15 PM Job number 26 April 2021 12:46 pm V6Corporate Governance Report CONTINUEDNomination Committee ReportThe Nomination Committee is responsible for reviewing the composition of the Board taking into account the skills, experience and diversity of the Directors in light of the challenges and opportunities facing the Company and makes recommendations for the appointment and reappointment of Board members.COMMITTEE MEMBERSHIP AND GOVERNANCEThe Nomination Committee is chaired by Andrew Gueritz and its other members are Ruth Anderson, Gordon Matthew and David Stupples. Under the Committee’s Terms of Reference, the Committee is required to meet at least twice in each financial year and must comprise of at least three members, two of whom must be independent Non-Executive Directors. The Committee held two meetings during the year. The Committee members’ attendance at meetings during 2020 is set out on page 29.BOARD EFFECTIVENESS REVIEWIn compliance with the QCA Code, the Board undertook an evaluation of its performance in January 2021. The evaluation was conducted by way of a questionnaire designed to assess the effectiveness of the Board, the Directors and the Chairman, as well as the Board’s Committees and identify any areas for improvement.The results of the evaluation were presented to the Board for review in early April 2020 and revealed no significant concerns amongst Directors about the effectiveness of the Board. Actions arising from recommendations to further improve the effectiveness of the Board are being implemented and include the review of succession plans for key members of management and Board members.DIVERSITYThe Company has not adopted a formal policy on diversity and, therefore, has no measurable objectives to disclose. Appointments, including appointments to the Board and senior management positions are made on merit, taking account of the balance of skills and experience required.KEY AREAS OF FOCUS FOR 2021:• Review the time committed to the development of individual directors and the Board as a whole;• Put in place succession plans for both Executive and Non-Executive Directors and, in particular, for the key roles of Chair and Chief Executive Officer; and• Conduct a further internal evaluation of the Board, its Committees and individual Directors, to assess improvements in the key focus areas, using questionnaires.Andrew GueritzChair, Nomination Committee26 April 202132CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 3230534-Crossword-Cybersecurity-AR2020.indd 3226-Apr-21 12:48:18 PM26-Apr-21 12:48:18 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsRemuneration Committee ReportThe Remuneration Committee is responsible for determining and agreeing with the Board the framework or broad policy for the remuneration of all Executive Directors, the Chair of the Board, including pension rights and any compensation payments, and such other members of the senior management as it is designated to consider. In addition, the Committee makes recommendations to the Board on proposals for the granting of share options and other equity incentives, pursuant to any employee share option scheme or equity incentive plans in operation from time to time.COMMITTEE MEMBERSHIP AND GOVERNANCEThe Remuneration Committee is a formal committee of the Board and has powers delegated to it under the Articles of Association. Its remit is set out in Terms of Reference formally adopted by the Board which are reviewed annually.The Remuneration Committee is currently comprised of Andrew Gueritz (as Chair), David Secher, David Stupples and Ruth Anderson. The Committee meets at least once in each financial year and held four meetings during the year.The Committee members’ attendance at meetings during the year is set out on page 29 above.LETTERS OF APPOINTMENT, SERVICE CONTRACTS AND TERMINATIONThomas IIube (Chief Executive Officer)Tom Ilube is appointed as Chief Executive Officer under an executive service contract dated 1 April 2014 (as amended). The employment commenced on 1 April 2014 and will continue unless terminated by either party giving 12 months’ written notice. The Company may terminate the contract without notice (or with payment in lieu of notice) if, inter alia, Tom is guilty of gross misconduct, commits a serious breach of the employment contract, commits a criminal offence, is declared bankrupt or becomes of unsound mind. The Company may, after giving or receiving notice of termination, immediately end the employee’s employment and make payment in lieu of salary with no other benefit for the remaining period of notice.Mary Dowd (Chief Financial Officer)Mary Dowd is employed as Chief Financial Officer under an employee service contract dated 10 May 2018. The employment commenced on 16 May 2018 and will continue unless terminated by either party giving six months’ written notice. The Company may terminate the contract on shorter notice if the employee is absent from work for an extended period through sickness or injury and may terminate without notice (or with payment in lieu of notice) if, inter alia, Mary is guilty of gross misconduct, commits a serious breach of the employment contract, commits a criminal offence, is declared bankrupt or becomes of unsound mind. The Company may, after giving or receiving notice of termination, immediately end the employee’s employment and make payment in lieu of salary with no other benefit for the remaining period of notice. Following termination of employment, Mary is subject to certain restrictions for a period of six months, including a restriction on dealing with the Company’s customers and suppliers and from working for a competing business.Non-Executive DirectorsAll Non-Executive Directors, including the Chairman serve on the basis of letters of appointment which are terminable by three months’ written notice and are available for inspection at the Company’s registered office. Subject to continued satisfactory performance, the Board does not think it appropriate at this time to limit the term of appointment of the Non-Executive Directors.The Executive Directors’ service contracts are also available for inspection at the Company’s registered office.33www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 3330534-Crossword-Cybersecurity-AR2020.indd 3326-Apr-21 12:48:21 PM26-Apr-21 12:48:21 PM Job number 26 April 2021 12:46 pm V6Corporate Governance Report CONTINUEDThe remuneration of the Directors who served during the year was as follows:Directors’ remunerationBasic Salary and Fees£Bonus£Taxable Benefits£Employer’s Pension Contributions£Total£Executive Directors Thomas IIube CBE126,622 3,689£1,314131,625 Mary Dowd130,000 –£10,000140,000 Non-Executive Directors Sir Richard Dearlove25,000 25,00050,000 Ruth Anderson12,000 12,000 Andrew Gueritz16,000 16,000 Gordon Matthew12,000 12,000 David Secher16,000 16,000 David Stupples12,000 12,000 Total349,622028,69011,314389,625 DIRECTORS’ SHAREHOLDINGS AND SHARE INTERESTSThe table below sets out the Directors’ interests in the ordinary shares of the Company as at 31 December 2020. There have been no changes in the current Directors’ interests in shares or options granted by the Company between the end of the financial year and 26 April 2021.NameNumber of Issued Ordinary Shares% of Issued SharesThomas Ilube*1,456,02525.27%David Secher26,3650.46%David Stupples5,2630.09%* Thomas Ilube’s shareholding is made up of 1,325,581 shares held by him personally and 130,444 held by Share Nominees Limited on his behalf. Thomas Ilube, and connected investors (together the ‘Concert Party’) are deemed to be acting in concert for the purposes of the Takeover Code. The Concert Party owns in aggregate 1,480,547 ordinary shares representing 25.70% of the Company’s Share Capital.34CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 3430534-Crossword-Cybersecurity-AR2020.indd 3426-Apr-21 12:48:21 PM26-Apr-21 12:48:21 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsSHARE OPTION AND INCENTIVISATION ARRANGEMENTSThe Board considers employee share ownership to be an important part of its strategy for employee incentivisation and retention. The Group has established share option programmes that entitle certain employees to purchase shares in the Company. These were issued in July 2014, November 2014, July 2015, December 2015, January 2016, June 2016, September 2016, June 2017, January 2018, May 2018, July 2018, October 2018, June 2019, November 2019, June 2020 and October 2020. There are no performance conditions attaching to these options.The Directors hold the following shares under option:NameDate of GrantNumber of Ordinary Shares Under OptionExercise PriceVesting ConditionsExpiry DateSir Richard Dearlove03/10/201613,158£1.90(1)03/10/2026Sir Richard Dearlove25/05/20186,757£3.70(1)25/05/2028Sir Richard Dearlove03/06/20194,587£5.45(1)02/06/2029Sir Richard Dearlove28/11/20195,208£4.80(1)28/11/2029Sir Richard Dearlove22/10/20209,434£2.65(1)22/10/2030Dr David Secher18/07/201415,000£0.54(1)17/07/2024Professor David Stupples18/07/201435,000£0.54(1)17/07/2024Gordon Matthew20/07/20155,000£1.90(1)19/07/2025Mary Dowd24/10/20187,936£3.15(1)24/10/2028Mary Dowd03/06/201910,000£5.45(1)02/06/2029Mary Dowd18/06/20202,500£3.05(1)18/06/2030Total114,580(1) Option Shares to vest in three equal tranches on the first, second and third anniversary of the date of grant.In addition, the Company has issued 91,993 options to members of staff.EMI SHARE OPTION PLANThe Company has established an enterprise management incentive share option plan under scheme rules dated 21 May 2014 (‘EMI Option Plan’) for the purposes of recruiting and retaining its staff. The Company may grant an Option intended to be a qualifying option under the Income Tax (Earnings and Pensions) Act 2003 (‘ITEPA 2003’) (‘EMI Option’) to any eligible employee it chooses, subject to the limitations and conditions of the EMI Option Plan. EMI Options may not be granted where prohibited by law or any corporate governance code which applies to the Company or after the tenth anniversary of the date of the EMI Option Plan.Andrew GueritzChair, Remuneration Committee26 April 202135www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 3530534-Crossword-Cybersecurity-AR2020.indd 3526-Apr-21 12:48:21 PM26-Apr-21 12:48:21 PM Job number 26 April 2021 12:46 pm V6Directors’ Report & Statement ofDirectors’ ResponsibilitiesDirectors’ ReportThis Directors’ Report includes the information required to be included under the Companies Act 2006 or, where provided elsewhere, an appropriate cross-reference is given. The Corporate Governance Report approved by the Board is provided on pages 24 to 35 and incorporated by reference into this Directors’ Report.Principal activity, review of the business and future developmentsCrossword Cybersecurity PLC (08927013) is a public company, limited by shares, incorporated in the United Kingdom under the Companies Act, with operations in the UK and Poland. Its shares are traded on AIM, a sub market of the London Stock Exchange (‘AIM’).The Company has two principal areas of activity, being (i) the development and commercialisation of university research-based cyber security related software and (ii) cyber security consulting. More details on the strategy, nature of the Group’s operations and future developments are set out in the Strategic Report on pages 1 to 17.Share capital and rights attaching to the sharesThe number of shares in issue as at the date of publication of this report was 5,761,890 (31 December 2019: 4,694,560) ordinary shares of 5 pence, each with one vote.In accordance with applicable laws and the Company’s Articles of Association, holders of ordinary shares are entitled to:• Receive shareholder documentation including the notice of any general meeting;• Attend, speak and exercise voting rights at general meetings, either in person or by proxy; and• A dividend, where declared and paid out of profits available for such purposes. On a return of capital on a winding up, holders of ordinary shares are entitled to participate in such a return.Articles of AssociationThe Company’s Articles of Association can only be amended by special resolution and are available at https://www.crosswordcybersecurity.comEngagement with employeesWith the continuing growth in staff numbers, the Directors recognise the need to ensure excellence in engagement with employees. Two staff away days took place during 2019 with feedback from staff forming a prioritised action plan.Included was an action to ensure that the Company’s culture is maintained during its growth. To this effect, a project to define the Company’s culture was started. At the end of this project, the Company was in a position to state its values and expected behaviours. The values were shared with all staff at an away day in February 2020, as referred to on page 9.Engagement with charities was another action from the away days. In 2020, the Company supported two charities. In Richmond, Surrey, the Company is working with SPEAR, a charity for people experiencing homelessness in South West London. In Kraków, Poland, the Company supported Noble Gift, a charity which provides aid in the form of Christmas gifts in response to the actual needs of the recipients, providing an impulse for change and motivation for them to become independent and take responsibility for their lives. More details are available on page 10.Sustainability and climate changeThe Directors take their responsibilities relating to the environment seriously and aim to minimise the impact of the Company’s activities on the environment.The key points of their strategy to achieve this are:• Minimise waste by evaluating operations and ensuring they are as efficient as possible;• Minimise toxic emissions through the selection and use of its power requirement;• Actively promote recycling;• Source and promote a product range to minimise the environmental impact of both production and distribution; and• Meet or exceed all the environmental legislation that relates to the Company.Powers of DirectorsThe Directors may exercise powers subject to applicable legislation and regulations and the Company’s Articles of Association. The Directors in office at the date of this Annual Report are shown on pages 20 to 22.Directors’ conflict of interestThe Board may authorise, to the fullest extent permitted by law any matter which, if not so authorised, would or may result in a Director infringing his or her duty to avoid a situation in which he/she can have a direct or indirect interest that conflicts, or possibly may conflict, with the interests of the Company and which may reasonably be regarded as likely to give rise to a conflict of interest.The Company has effective procedures in place to monitor and deal with conflicts of interest. The Board is aware of the other commitments and interests of its Directors, and changes to these commitments and interests are reported to and, where appropriate, agreed with the rest of the Board.Directors’ insurance and indemnityThe Group maintains Directors’ and Officers’ liability insurance which gives appropriate cover for any legal action brought against its Directors. In accordance with Section 234 of the Companies Act 2006, qualifying third party indemnity provisions are in place for the Directors in respect of liabilities incurred as a result of their office to the extent permitted by law.36CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 3630534-Crossword-Cybersecurity-AR2020.indd 3626-Apr-21 12:48:22 PM26-Apr-21 12:48:22 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsPurchase of own sharesThe Company has not acquired any of its own shares in the period to 31 December 2020, nor in the period up to the date of approval of this Annual Report.Subsequent eventsOn 10 February 2021, the Company announced that it had undertaken a fundraising of approximately £1.6m through a placing and proposed subscription of Crossword ordinary shares of 5 pence each (‘Ordinary Shares’) at a price of 230 pence per share.DividendThe Directors do not intend that the Company will declare a dividend in the near term, but instead channel the available cash resources into funding the expansion of the Group. The Board intends to commence the payment of dividends only when it becomes commercially prudent to do so, having regard to the Group’s earnings, financial position, cash requirements and availability of distributable profits, as well as the provisions of relevant laws and/or generally accepted accounting principles from time to time.Political donationsNo political donations have been made during this financial year.Principal shareholderTom Ilube is the Company’s principal shareholder, holding a total of 1,456,025 ordinary shares, representing 25.27% of the voting rights attached to the current issued share capital of the Company. Of the 1,456,025 shares held, 1,325,581 shares are held by Tom Ilube directly and 130,444 shares are held on his behalf by Share Nominees Limited.Annual General MeetingThe Annual General Meeting of the Company will be held on the 25 May 2021 at 3.00 pm at Capital Tower, 91 Waterloo Road, SE1 8RT. The Notice of Meeting will be available to view on the Company’s website in advance of that meeting.Approval of Directors’ ReportThis Directors’ Report, including the Corporate Governance Statement, was approved for and on behalf of the Board on 26 April 2021.Statement of Directors’ responsibilities in respect of the Annual Report and the financial statementsThe Directors are responsible for preparing the Annual Report and the financial statements in accordance with applicable law and regulations.Company law requires the Directors to prepare financial statements for each financial year. Under that law the Directors have elected to prepare the financial statements in accordance with International Financial Reporting Standards (IFRSs), and parent company financial statements, in accordance with International Financial Reporting Standards, (IFRSs). Under Company law, the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs and profit or loss of the Group and parent company for that period. In preparing the financial statements, the Directors are required to:• Select suitable accounting policies and then apply them consistently;• Make judgements and accounting estimates that are reasonable and prudent;• State whether applicable IFRSs, in conformity with the requirements of the Companies Act 2006, have been followed for the Group financial statements and IFRSs, in conformity with the requirements of the Companies Act 2006, have been followed for the Company financial statements, subject to any material departures disclosed and explained in the financial statements; and• Prepare the financial statements on the going concern basis, unless it is inappropriate to presume that the Group and parent company will continue in business.37www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 3730534-Crossword-Cybersecurity-AR2020.indd 3726-Apr-21 12:48:22 PM26-Apr-21 12:48:22 PM Job number 26 April 2021 12:46 pm V6Directors’ Report & Statement ofDirectors’ Responsibilities CONTINUEDThe Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Group and parent company’s transactions and disclose with reasonable accuracy at any time the financial position of the Group and parent company and enable them to ensure that the financial statements and the Directors’ Remuneration Report comply with the Companies Act 2006. They are also responsible for safeguarding the assets of the Group and parent company and, hence, for taking reasonable steps for the prevention and detection of fraud and other irregularities.The Directors are responsible for the maintenance and integrity of the parent company’s website. Legislation in the United Kingdom governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions.Responsibility Statement of the Directors in respect of the Annual Report and AccountsThe Directors consider that the Annual Report and accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group and parent company’s position, performance, business model and strategy.Each of the Directors, whose names and functions are listed in the Corporate Governance Section confirm to the best of our knowledge, that:• The parent company and Group financial statements, prepared in accordance with International Financial Reporting Standards in conformity with the requirements of the Companies Act 2006, give a true and fair view of the assets, liabilities, financial position and profit or loss of the Company and the undertakings included in the consolidation as a whole; • The Annual Report includes a fair review of the development and performance of the business and the position of the Company and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face; • The Annual Report and accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for the shareholders to assess the Group and parent company’s position, performance, business model and strategy; and• The Strategic Report includes a fair review of the development and performance of the business and the position of the Group and parent company, together with a description of the principal risks and uncertainties that it faces.Disclosure of information to the AuditorWe, the Directors of the Company who held office at the date of approval of these financial statements as set out above each confirm, so far as we are aware, that:• There is no relevant audit information of which the Company’s Auditor is unaware; and• We have taken all the steps that we ought to have taken as Directors in order to make ourselves aware of any relevant audit information and to establish that the Company’s Auditor is aware of that information.This Statement of Responsibilities and the Directors’ Report were approved by the Board on 26 April 2021.Tom IIubeChief Executive Officer26 April 2021Crossword Cybersecurity PLC60 Gracechurch Street, London EC3V 0HRe: info@crosswordcybersecurity.comtwitter: @crosswordcybert: +44 (0) 20 8973 235038CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 3830534-Crossword-Cybersecurity-AR2020.indd 3826-Apr-21 12:48:22 PM26-Apr-21 12:48:22 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsIndependent Auditor’s ReportTo the Members of Crossword Cybersecurity PLCFor the purpose of this report, the terms “we” and “our” denote MHA MacIntyre Hudson in relation to UK legal, professional and regulatory responsibilities and reporting obligations to the members of Crossword Cybersecurity plc. For the purposes of the table on pages 40 to 41 that sets out the key audit matters and how our audit addressed the key audit matters, the terms “we” and “our” refer to MHA MacIntyre Hudson and/or our component teams. The Group financial statements, as defined below, consolidate the accounts of Crossword Cybersecurity plc and its subsidiaries (the “Group”). The “Parent Company” is defined as Crossword Cybersecurity plc. The relevant legislation governing the Parent Company is the United Kingdom Companies Act 2006 (“Companies Act 2006”).Opinion We have audited the financial statements of Crossword Cybersecurity plc.The financial statements that we have audited comprise:• Consolidated Statement of Comprehensive Income. • Statement of Financial Position at 31 December.• Statement of Changes In Equity. • Group and Parent Company Statement of Cash Flows for the year then ended.• Notes 1 to 26 of the financial statements, including the accounting policies.The financial reporting framework that has been applied in their preparation is applicable law and International Financial Reporting Standards (IFRSs) in conformity with the requirements of the Companies Act 2006. In our opinion the financial statements:• give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 31 December 2020 and the Group’s loss for the year then ended;• have been properly prepared in accordance with International Financial Reporting Standards (IFRS) in conformity with the requirements of the Companies Act 2006; and• The financial statements have been prepared in accordance with the requirements of the Companies Act 2006.Our opinion is consistent with our reporting to the Audit Committee.Basis for opinionWe conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Group in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we have fulfilled our ethical responsibilities in accordance with those requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Material uncertainty related to going concernWe draw attention to note 1.3 in the financial statements, which indicates that for the Group and Parent Company to continue as a going concern will likely need to perform additional fundraising in the next 12 months. As stated in note 1.3, these events or conditions indicate that a material uncertainty exists that may cast significant doubt on the Group and Parent Company’s ability to continue as a going concern. Our opinion is not modified in respect of this matter. In auditing the financial statements, we have concluded that the Directors’ use of the going concern basis of accounting in the preparation of the financial statements is appropriate. Our evaluation of the Directors’ assessment of the entity’s ability to continue to adopt the going concern basis of accounting included:• The consideration of inherent risks to the Group’s operations and specifically its business model and its ongoing cash requirements.• The evaluation of how those risks might impact on the Group’s available financial resources and the need for additional fund raising.• Where additional resources may be required the reasonableness and practicality of the assumptions made by the Directors when assessing the probability and likelihood of those resources becoming available.• Liquidity considerations including examination of cash flow projections.• Solvency considerations including examination of budgets and forecasts and their basis of preparation.39www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 3930534-Crossword-Cybersecurity-AR2020.indd 3926-Apr-21 12:48:22 PM26-Apr-21 12:48:22 PM Job number 26 April 2021 12:46 pm V6Independent Auditor’s Report CONTINUEDTo the Members of Crossword Cybersecurity PLCOur responsibilities and the responsibilities of the directors with respect to going concern are described in the relevant sections of this report.Overview of our audit approachMateriality20202019Group£77K£72K2% of aggregate of cost of sales and administrative expensesParent£76K£54K2% of aggregate of cost of sales and administrative expenses£3,850£3,600Threshold for reporting to those charged with governanceKey audit matters Event driven• Accounting for the 10% issue of shares to a Director of the Group’s UK subsidiary.Recurring Parent• Valuation of investment and non-current loans to its subsidiaries.ScopeThe group consists of three reporting components of which two were considered to be significant components of the group, Crossword Cybersecurity plc and Crossword Consulting Limited. The significant components were subjected to full scope audits for the purposes of our audit report on the group financial statements. The component not considered to be significant was subject to specific risk focused audit procedures designed to address identified risks which could potentially result in material misstatement of the group financial statements.Our audit of the group financial statements also involved the use of a component auditor. The group audit team provided comprehensive instructions to the component auditor of Crossword Cybersecurity z.o.o. These instructions included specific procedures to be performed.The group audit team discussed and agreed the proposed approach to the audit procedures to be performed and the nature and form of their reporting on the results of their work.Key Audit MattersKey Audit Matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified. These matters included those matters which had the greatest effect on: the overall audit strategy, the allocation of resources in the audit; and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. 40CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 4030534-Crossword-Cybersecurity-AR2020.indd 4026-Apr-21 12:48:22 PM26-Apr-21 12:48:22 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsIndependent Auditor’s Report CONTINUEDTo the Members of Crossword Cybersecurity PLCAccounting for the 10% issue of shares to a Director of the Group’s UK subsidiaryKey audit matter descriptionThe Group issued a 10% non-controlling interest in the subsidiary, Crossword Consulting Limited, by the issue of a new class of share in the subsidiary during the year. This transaction was with a Director of the subsidiary and needs to be assessed to confirm whether the shares were issued at fair value in determining whether there were share-based payment arrangements relating to the subscription. Due to the conditions prevailing in the subsidiary constitution a call option may exist for the Group to force the sale of shares by the non-controlling interest on a change of control of the subsidiary.How the scope of our audit responded to the key audit matterOur procedures included:• Review of the benchmarking for the subscription price paid on the issue of shares in Crossword Consulting Limited to determine whether the subscription price was commensurate to fair value for an underlying 10% equity interest in the UK subsidiary.• Checked the calculations of the valuation.• Checked the documents filed at Companies House.• Challenged management to consider the fair value modelling of the call option.• Ensured that the disclosures in the financial statements are adequate.Key observationsWe concluded that the non-controlling interest paid fair value on the share subscription on the issue of shares in the subsidiary and that any fair value attributed to the call option was negligible. Valuation of investment and non-current loans to its subsidiariesKey audit matter descriptionThe Parent Company made a non-interest-bearing loan available to its subsidiary Crossword Consulting Limited through a mix of debt finance and other sources of finance classified as a financing arrangement. The investment and loans owed to the Parent Company have been subject to an impairment review to determine whether the carrying value of the investment and loans exceeded the recoverable amount.How the scope of our audit responded to the key audit matterOur procedures included:• Challenged management to consider the financing arrangement with its subsidiary and the allocation of the financing arrangement between a capital contribution in the subsidiary and loans due from the subsidiary• Benchmarked the discount rate used in their assessment.• Reviewed and checked the amortised cost calculations.• Performed a detailed review of management’s impairment assessment of the carrying value of the investment and loan and that these amounts were in excess of the recoverable amount. • Ensured that the disclosures in the financial statements are adequate.Key observationsWe concluded that the financing arrangement at Parent Company level was correctly classified between capital contribution and loans due from its subsidiary and that the carrying amounts exceeded the recoverable amount and no impairment was required of these non-current assets at the Parent Company level.41www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 4130534-Crossword-Cybersecurity-AR2020.indd 4126-Apr-21 12:48:22 PM26-Apr-21 12:48:22 PM Job number 26 April 2021 12:46 pm V6Independent Auditor’s Report CONTINUEDTo the Members of Crossword Cybersecurity PLCOur application of materiality Our definition of materiality considers the value of error or omission on the financial statements that, individually or in aggregate, would change or influence the economic decision of a reasonably knowledgeable user of those financial statements. Misstatements below these levels will not necessarily be evaluated as immaterial as we also take account of the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements as a whole. Materiality is used in planning the scope of our work, executing that work and evaluating the results.Materiality in respect of the Group was set at £77K which was determined on the basis of 2% of aggregate of the cost of sales and administrative expenses. Cost of sales and administrative expenses are selected as the benchmark for materiality due to the impact that expenditure has on the Group performance and the requirement for the Group to continue to fund its expenditure. Performance materiality is the application of materiality at the individual account or balance level, set at an amount to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. Performance materiality for the Group was set at £66K (2019: £50K) which represents 85% (2019 – 70%) of the above materiality levels.The determination of performance materiality reflects our assessment of the risk of undetected errors existing, the nature of the systems and controls, the impact of there being a number of components and locations and the level of misstatements arising in previous audits.Materiality in respect of the parent was set at £76K which was determined on the basis of 2% of the Parent Company aggregate cost of sales and administrative expenses which was capped at £76K in order that the Parent Company level of materiality does not exceed group materiality. Performance materiality for the Parent Company was set at £65K (2019: £38K) which represents 85% (2019 – 70%) of the above materiality levels.In addition, we applied the following materiality to the audit of specific financial statement areas:Revenue Related Party transactions£54K£5kOur audit work on the significant components of the Group, and for determining and evaluating the specific targeted procedures on other components, was executed at levels of materiality applicable to the individual entity which were lower than Group materiality. Financial statement materiality applied to these components of the Group was in the range of £17K to £76K.We agreed to report any corrected or uncorrected adjustments exceeding £3,850 to the audit committee as well as differences below this threshold that in our view warranted reporting on qualitative grounds.The scope of our auditOur Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of internal control, and assessing the risks of material misstatement in the financial statements. We also addressed the risk of management override of internal controls, including assessing whether there was evidence of bias by the directors that may have represented a risk of material misstatement.The Group manages its operations from the UK and has common financial systems, processes and controls covering all significant components.The group consists of three reporting components of which two were considered to be significant components of the group, Crossword Cybersecurity plc and Crossword Consulting Limited. The significant components were subjected to full scope audits for the purposes of our audit report on the group financial statements. The component not considered to be significant was subject to specific risk focused audit procedures designed to address identified risks which could potentially result in material misstatement of the group financial statements.Use of Component AuditorsOur audit of the group financial statements also involved the use of component auditors. The group audit team discussed and agreed the proposed approach to the audit procedures to be performed and the nature and form of their reporting on the results of their work. The group audit team provided comprehensive instructions to the component auditors which included specific procedures to be performed. Those instructions also included an assessment of component materiality which was £17K.42CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 4230534-Crossword-Cybersecurity-AR2020.indd 4226-Apr-21 12:48:22 PM26-Apr-21 12:48:22 PM Job number 26 April 2021 12:46 pm V6Strategic ReportGovernanceFinancial StatementsIndependent Auditor’s Report CONTINUEDTo the Members of Crossword Cybersecurity PLCThe work over the significant components gave us coverage of 100% (2019: 100%) of revenue and we performed analytical review procedures over the remaining trading entities to ensure we had the evidence needed to form our opinion on the financial statements as a whole.Profit before taxRevenueNet assets78%22%100%99%1% Full Scope Limited Scope Analytical Review Not MaterialNotes:• Full scope refers to the conduct of an audit of the components underlying financial information in accordance with ISAs UK.• Limited scope incorporates those circumstances where component auditors have been instructed to perform certain procedures on financial statements areas or specific financial statement line items for individual components.• Component auditors of lower risk components will usually be instructed to conduct a review of the financial position and performance of the component comparing the actual performance of that component with their valid expectations based on their knowledge of the entity and any known changes in its operational environment and investigating any unusual or unexpected results. Reporting on other informationThe directors are responsible for the other information. The other information comprises the information included in the Annual Report and Accounts, other than the financial statements and our auditor’s report thereon. Our opinion of the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon.In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the financial statements or a material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.43www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 4330534-Crossword-Cybersecurity-AR2020.indd 4326-Apr-21 12:48:23 PM26-Apr-21 12:48:23 PM Job number 26 April 2021 12:46 pm V6Independent Auditor’s Report CONTINUEDTo the Members of Crossword Cybersecurity PLCOpinions on other matters prescribed by the Companies Act 2006In our opinion, based on the work undertaken in the course of the audit:• the information given in the strategic report and the directors’ report for the financial year for which the financial statements are prepared is consistent with the financial statements; and• the strategic report and the directors’ report have been prepared in accordance with applicable legal requirements.Matters on which we are required to report by exceptionIn the light of the knowledge and understanding of the Group and Parent Company and its environment obtained in the course of the audit, we have not identified material misstatements in the strategic report or the directors’ report.We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion:• adequate accounting records have not been kept, or returns adequate for our audit have not been received by branches not visited by us; or• the financial statements are not in agreement with the accounting records and returns; or• certain disclosures of directors’ remuneration specified by law are not made; or• we have not received all the information and explanations we require for our audit.Responsibilities of directors As explained more fully in the directors’ responsibilities statement, the directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the directors are responsible for assessing the Group’s and the Parent Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the directors either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so. Auditor’s responsibilities for the audit of the financial statementsOur objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. Because of the inherent limitations of an audit, there is a risk that we will not detect all irregularities, including those leading to a material misstatement in the financial statements or non-compliance with regulation. This risk increases the more that compliance with a law or regulation is removed from the events and transactions reflected in the financial statements, as we will be less likely to become aware of instances of non-compliance. The risk is also greater regarding irregularities occurring due to fraud rather than error, as fraud involves intentional concealment, forgery, collusion, omission or misrepresentation.The specific procedures carried out for this engagement and the extent to which these are capable of detecting irregularities, 44CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 4430534-Crossword-Cybersecurity-AR2020.indd 4426-Apr-21 12:48:23 PM26-Apr-21 12:48:23 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsIndependent Auditor’s Report CONTINUEDTo the Members of Crossword Cybersecurity PLCincluding fraud is detailed below: • Obtaining an understanding of the legal and regulatory frameworks that the group operates in, focusing on those laws and regulations that had a direct effect on the financial statements. The key laws and regulations we considered in this context included Companies Act 2006 and applicable tax legislation;• Enquiry of management to identify any instances of non-compliance with laws and regulations; • Reviewing financial statement disclosures and testing to supporting documentation to assess compliance with applicable laws and regulations;• Enquiry of management and the Audit Committee around actual and potential litigation and claims;• Enquiry of management to identify any instances of known or suspected instances of fraud;• Discussing among the engagement team regarding how and where fraud might occur in the financial statements and any potential indicators of fraud;• Reviewing minutes of meetings of those charged with governance; • Performing audit work over the risk of management override of controls, including testing of journal entries and other adjustments for appropriateness, evaluating the business rationale of significant transactions outside the normal course of business, and reviewing accounting estimates for bias; and• Challenging assumptions and judgements made by management in their significant accounting estimates, in particular with respect to provisions for share based payments and potential impairment of non-current assets. A further description of our responsibilities for the financial statements is located on the FRC’s website at: www.frc.org.uk/auditorsresponsibilities . This description forms part of our auditor’s report. Other requirements We were appointed by the Directors on 23 July 2014. The period of total uninterrupted engagement including previous renewals and reappointments of the firm is 7 years.We did not provide any non-audit services which are prohibited by the FRC’s Ethical Standard to the company and we remain independent of the company in conducting our audit. Use of our reportThis report is made solely to the Parent Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the Parent Company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Parent Company and the Parent Company’s members as a body, for our audit work, for this report, or for the opinions we have formed.Andrew Moyser FCA FCCA(Senior Statutory Auditor)for and on behalf of MHA MacIntyre HudsonChartered Accountants and Statutory AuditorLondon, United Kingdom 26 April 202145www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 4530534-Crossword-Cybersecurity-AR2020.indd 4526-Apr-21 12:48:23 PM26-Apr-21 12:48:23 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statementsfor Crossword Cybersecurity PLC company number 08927013Consolidated Statement of Comprehensive IncomeNotes12 months ended 31st December 2020£12 months ended 31st December 2019£Revenue2 1,627,611 1,305,055 Cost of Sales3 (1,582,194) (1,431,648)Gross Profit (Loss) 45,416 (126,593)Other operating income-research & development tax credits209,647 171,623 Administrative expenses3,4 (2,320,675) (2,217,370)Finance income-bank interest receivable and foreign exchange (3,205) 8,357 Finance costs-other interest payable6 (204,679) (24,351)Gain on remeasurement of financial liabilities19 – 92,764 Loss for the year before taxation (2,273,497) (2,095,570)Tax expense8 (4,840) (5,878)Loss for the Year (2,278,336) (2,101,448)Other Comprehensive IncomeItems that may be reclassified to profit or loss:Foreign exchange translation Gain / (Loss) 9,595 (5,354)Total Comprehensive Loss (2,268,741) (2,106,802)Loss for the period attributable to:Owners of the parent (2,249,707) (2,101,448)Non-controlling interests (28,629) – Total Loss for the Year / Period (2,278,336) (2,101,448)Total comprehensive loss for the period attributable to:Owners of the parent (2,240,112) (2,106,802)Non-controlling interests (28,629) – Total Comprehensive Loss (2,268,741) (2,106,802)Loss Per Share16 (0.46) (0.45)All results are derived from continuing operations.46CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 4630534-Crossword-Cybersecurity-AR2020.indd 4626-Apr-21 12:48:23 PM26-Apr-21 12:48:23 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statementsfor Crossword Cybersecurity PLC company number 08927013Statement of Financial Position as at 31 DecemberNotesGroup2020£Company2020£Group2019£Company2019£Non-Current AssetsTangible assets9 6,699 3,144 15,438 10,918 Right of Use assets10 63,365 35,248 203,062 133,726 Investment in subidiaries12 – 458,164 – 11,017 Unlisted investments 11 31 31 31 31 Intercompany receivable greater than one year – 653,316 – 598,000 Total non-current assets70,095 1,149,902 218,531 753,692 Current AssetsTrade and other receivables13 497,912 275,680 626,298 581,680 Cash and cash equivalents 958,341 824,667 1,514,166 1,452,085 Total current assets 1,456,254 1,100,347 2,140,463 2,033,764 TOTAL ASSETS1,526,348 2,250,249 2,358,994 2,787,456 EQUITYAttributable to the owners of the CompanyShare Capital15256,605 256,605 234,061 234,061 Share premium account158,518,391 8,518,391 7,515,744 7,515,744 Other reserves18181,618 181,618 128,826 128,826 Retained earnings (9,598,055) (8,835,874) (7,428,818) (6,914,714)Translation of foreign operations (1,772) – (11,367) – Attributable to owners of the parent (643,213) 120,740 438,447 963,918 Non-controlling interests (94,799) – – – Total equity (738,012)120,740 438,447 963,918 LIABILITIESCurrent LiabilitiesTrade and other payables14929,038 794,187 613,311 516,302 Total current liabilities929,038 794,187 613,311 516,302 Long Term LiabilitiesLoan241,335,322 1,335,322 1,307,236 1,307,236 Total long term liabilities1,335,322 1,335,322 1,307,236 1,307,236 Total Liabilities2,264,360 2,129,509 1,920,547 1,823,538 Total Equity & Liabilities1,526,348 2,250,249 2,358,994 2,787,456 The Company’s loss for the year was £1,921,160 (2019: £1,915,344). The financial statements were approved by the Board and authorised for issue on 26 April 2021. They were signed on its behalf byTom Ilube Chief Executive Officer47www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 4730534-Crossword-Cybersecurity-AR2020.indd 4726-Apr-21 12:48:24 PM26-Apr-21 12:48:24 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUEDStatement of Changes in EquityAs atGroup2020£Company2020£Group2019£Company2019£Share CapitalAt 1st January234,061 234,061 234,022 234,022 Issue of shares22,543 22,543 39 39 At 31st December256,605 256,605 234,061 234,061 Share PremiumAt 1st January7,515,744 7,515,744 7,513,906 7,513,906 Issue of shares1,002,647 1,002,647 1,838 1,838 At 31st December8,518,391 8,518,391 7,515,744 7,515,744 Equity ReserveAt 1st January128,826 128,826 96,626 77,101 Employee share schemes - value of employee services52,792 52,792 32,200 51,725 At 31st December181,618 181,618 128,826 128,826 Retained EarningsAt 1st January (7,428,818) (6,914,714) (5,327,370) (4,999,370)Loss for the period (2,249,707) (1,921,160) (2,101,448) (1,915,344)Transfer on issue of shares to non-controlling interest 66,169 – – – Gain from issue of shares to non-controlling interest 14,300 – – –At 31st December (9,598,055) (8,835,874) (7,428,818) (6,914,714)Translation of Foreign OperationsAt 1st January (11,367) – (6,013) – Translation of Foreign Operations 9,595 – (5,354) – At 31st December (1,772) – (11,367) – Total At 1st January 438,447 963,917 2,511,172 2,825,659 Total Comprehensive loss for the Period (2,268,741) (1,921,160) (2,106,802) (1,915,344)Issue of shares 1,025,190 1,025,190 1,877 1,877 Share based Payments52,792 52,792 32,200 51,725 Gain from issue of shares to non-controlling interest14,300 – – – At 31st December (738,012) 120,739 438,447 963,917 48CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 4830534-Crossword-Cybersecurity-AR2020.indd 4826-Apr-21 12:48:24 PM26-Apr-21 12:48:24 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUEDConsolidated Statement of CashflowsYearsNotes12 Months ended 31st DecemberGroup2020£12 Months ended 31st DecemberCompany2020£12 Months ended 31st DecemberGroup2019£12 Months ended 31st DecemberCompany2019£Cashflows From Operating ActivitiesLoss for the year (2,278,336) (1,921,160) (2,101,448) (1,915,344)Movement in trade and other receivables 128,386 450,691 (42,984) (355,413)Movement in current liabilities 457,260 (265,054) (82,926) (13,820)Depreciation 10,740 7,774 6,285 3,322 Amortisation 139,697 98,478 140,996 98,209 Finance costs 204,681 200,844 24,267 18,551 Gain on remeasurement of financial liabilities - - 92,764 92,764 Employee share schemes 52,792 52,792 32,200 32,200 Tax expense 4,840 - 5,878 - Tax paid (4,840) - (5,878) - Net Cashflow from Operating Activities (1,284,780) (1,375,635) (1,930,846) (2,039,531)Cashflow From Investing ActivitiesPurchase of tangible fixed assets9 (2,001) - (9,657) (9,657) Net Cashflow from Investing Activities (2,001) - (9,657) (9,657) Cashflow From Financing ActivitiesProceeds from issue of ordinary shares 1,025,190 1,025,190 1,877 1,877 Proceeds from issue of convertible loan notes - - 1,400,000 1,400,000 Interest paid on convertible loan notes (168,000) (168,000) - - Proceeds from issue of shares in subsidiary to non-controlling interests 14,300 - - - Interest paid (1,592) (460) (646) - Payments for right of use assets (148,536) (108,513) (163,914) (113,675)Net Cashflow from Financing Activities721,362 748,217 1,237,317 1,288,202 Net decrease in cash and cash equivalents (565,419) (627,418) (703,186) (760,986)Foreign currency translation differences 9,595 - (5,354) - Cash and cash equivalents at the beginning of the year 1,514,166 1,452,085 2,222,706 2,213,071 Cash and cash equivalents at the end of the year 958,342 824,667 1,514,166 1,452,085 Restatement of group statement of cash flows for the year ended 31 December 2019.The Group statement of cash flow for the year ended 31 December 2019 has been restated.There is no changes to the level of cash and cash equivalents at the beginning and end of the 2019 year but there has been restatement of items within the operating, investing and financing activities.The financial statements were approved by the Board and authorised for issue on 26 April 2021. 49www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 4930534-Crossword-Cybersecurity-AR2020.indd 4926-Apr-21 12:48:24 PM26-Apr-21 12:48:24 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUEDNotes to the Financial Information1 Accounting Policies1.1 The Group and its operationsCrossword Cybersecurity plc (the “Company”) is a Company incorporated on 6 March 2014 in England and Wales under the Companies Act 2006. The Company is the parent company of the Crossword Group of Companies focusing on the cybersecurity sector. The principal activities are the development and commercialisation of university research-based cyber security related software and cybersecurity consulting.The financial information includes the results of the Company and its subsidiaries (together referred to as the “Group” and individually as “Group entities”).The principal accounting policies applied in the preparation of the financial information are set out below. These policies have been consistently applied to all the periods presented, unless otherwise stated.1.2 Basis of preparation of financial informationThe financial information has been prepared in accordance with the requirements of the London Stock Exchange plc AIM Rules for Companies and in accordance with International Financial Reporting Standards (“IFRS”) and IFRS Interpretations Committee (“IFRS IC”) interpretations in conformity with the requirements of the Companies Act 2006 and those parts of the Companies Act 2006 applicable to companies reporting under IFRS.The financial information has been prepared on the historical cost basis. The preparation of financial information in conformity with IFRS requires the use of certain critical accounting estimates. It also requires management to exercise its judgement in the process of applying the Group’s accounting policies. Changes in assumptions may have a significant impact on the financial information in the year the assumptions changed. Management believes that the underlying assumptions are appropriate. The areas involving a higher degree of judgement or complexity, or areas where assumptions and estimates are significant to the financial information are disclosed in note 1.16.Changes in accounting policy and disclosuresThere were no changes in the accounting policy and disclosures in the current financial year.At the year end, the following standards and interpretations which have not been applied in these financial statements were in issue but not yet effective. The group is considering their impact but do not expect a material on the future results of the Group.New standards, interpretations and amendments adopted in current periodThe following new standards or amendments to existing standards were applicable for the first time and have not had an impact on the financial statements.Amendments to References to the Conceptual Framework in IFRS standards The Conceptual Framework for Financial Reporting (the framework) assists the IASB in developing and revising IFRSs that are based on consistent concepts, and helps preparers develop consistent accounting policies for areas that are not covered by a standard, or where there is choice of accounting policy.It was necessary to update references to the framework in IFRS standards when the framework was updated in 2018.Amendments to IAS 1 and IAS 8: Definition of Material The amendments to IAS 1 and IAS 8 clarify that information is material if omitting, misstating, or obscuring it could reasonably be expected to influence decisions that the primary users of general-purpose financial statements make on the basis of those financial statements, which provide financial information about a specific reporting entity.The amendments also clarify that information is deemed to be obscured if communicated in a manner that has a similar effect on the primary users of financial statements had the information been omitted or misstated instead.Amendments to IFRS 3: Definition of a Business CombinationA business consists of inputs and processes applied to inputs that have the ability to contribute towards the creation of outputs. The amendments provide greater clarity on the definition of a business in terms of what constitutes inputs, processes, and outputs.The amendments also clarify when a transaction is an asset acquisition and not a business combination including an optional test to identify whether a transaction includes a concentration of fair value, such that the acquisition is not of a business.50CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 5030534-Crossword-Cybersecurity-AR2020.indd 5026-Apr-21 12:48:24 PM26-Apr-21 12:48:24 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUEDAmendments to IFRS 9, IAS 39, IFRS 7, IFRS 4 and IFRS 16 Interest Rate Benchmark Reform – Phase 1This first phase of amendments to IFRS as a result of interest rate benchmark reform modifies hedge accounting requirements in contained in IFRSs such that companies shall continue to apply those hedge accounting requirements on the assumption that the interest rate benchmark (on which the hedged cash flows and cash flows from the hedging instrument are based) will not be altered as a result of interest rate benchmark reform.In addition, disclosures are required as to the extent of uncertainties associated with benchmark reform and its impact on hedging arrangements.New standards, interpretations and amendments not yet adoptedThe Group adopt early the following amendments to standards which are not yet mandatory.Amendments to IAS 1 Presentation of Financial Statements: Classification of Liabilities as Current or Non-current (issued January 2020) The amendments clarify that the classification of a liability as current or non-current is based only on rights existing at the end of the reporting period and the classification is not affected by expectations about whether rights to settle or defer a liability will be exercised. Further, the amendments clarify that the settlement of a liability refers to the transfer of cash, equity instruments, other assets, or services to the counterparty. This amendment only affects presentation. The amendment is effective for financial years beginning on or after 1 January 2023 and is not yet endorsed for use under the Companies Act 2006. The Group does not expect a material impact on its consolidated financial statements from these amendments.Amendments to IAS 16 Property, Plant and Equipment (issued in May 2020) The amendments require any proceeds from selling items produced (and related production costs) in the course of bringing an item property, plant and equipment into operation to be recognised in profit or loss clarifying that such items are not reflected in the cost of the asset. The amendment is effective for financial years beginning on or after 1 January 2022 and is not yet endorsed for use under the Companies Act 2006. The Group does not expect a material impact on its consolidated financial statements from these amendments.Amendments to IAS 37 Provisions, Contingent Liabilities and Contingent Assets (issued in May 2020)The amendments clarify that the cost of fulfilling a contract are costs that relate directly to that contract. Such costs can be the incremental costs of fulfilling that contract or an allocation of other costs directly related to fulfilling that contract. The amendment is effective for financial years beginning on or after 1 January 2022 and is not yet endorsed for use under the Companies Act 2006. The Group does not expect a material impact on its consolidated financial statements from these amendments.Amendments to IFRS 9, IAS 39, IFRS 7, IFRS 4 and IFRS 16 Interest Rate Benchmark Reform – Phase 2 (issued in August 2020)The amendments are aimed at helping companies to provide investors with useful information about the effects of the reform of interest rate benchmarks on those companies’ financial statements.The amendments complement those issued in 2019 and focus on the effects on financial statements when a company replaces the old interest rate benchmark with an alternative benchmark rate as a result of the reform. The Phase 2 amendments relate to:• changes to contractual cash flows — a company will not have to derecognise or adjust the carrying amount of financial instruments for changes required by the reform, but will instead update the effective interest rate to reflect the change to the alternative benchmark rate;• hedge accounting — a company will not have to discontinue its hedge accounting solely because it makes changes required by the reform, if the hedge meets other hedge accounting criteria; and• disclosures — a company is required to disclose information about new risks arising from the reform and how it manages the transition to alternative benchmark rates.The amendment is effective for financial years beginning on or after 1 January 2022 and is not yet endorsed for use under the Companies Act 2006. The Group does not expect a material impact on its consolidated financial statements from these amendments.51www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 5130534-Crossword-Cybersecurity-AR2020.indd 5126-Apr-21 12:48:24 PM26-Apr-21 12:48:24 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUED1.3 Going ConcernThe financial information are prepared on a going concern basis. The Group’s business model is being developed and its operations have incurred a net loss in each period reported within this Financial Information whilst the Group’s products and services are bought to market. It is forecast to continue to be loss making with net cash outflow as the business continues to develop its products and converts its pipeline into sales. Operations have been supported by cash flow from customers and issue of equity and debt and business forecasts highlight the need for the Group to continue to have further successful fundraising placements.The directors have considered the Group’s future and forecast business and cash requirements. Following the completion of a successful fundraise in February 2021, the directors have determined that the group has sufficient cash resources for the period through to early 2022, when a further fundraising placement is forecast to be required.The Directors have concluded that these circumstances and specifically the ongoing need for successful future fundraising give rise to a material uncertainty. However, in light of the recent successful fund raise the directors are of the position that they can continue to adopt the going concern basis in preparing the financial statements.The financial statements do not include any adjustment that may arise in the event that the entity is unable to realise its assets and discharge its liabilities in the normal course of business.1.4 Basis of consolidationSubsidiaries are fully consolidated from the date on which control is transferred to the Group. Control exists when then the Group has the power, directly or indirectly, to govern the financial and operating policies of an entity so as to obtain benefits from its activities.The purchase method of accounting is used to account for the acquisition of subsidiaries by the Group.All intra-Group transactions balances income and expenses are eliminated on consolidation. Uniform accounting policies are applied by the Group entities to ensure consistency.1.5 RevenueRevenue comprises the fair value of consideration received or receivable for licence income and the rendering of services in the ordinary course of the Group’s activities. Revenue is shown net of value added tax and trade discounts. Income is reported as follows:(a) Licence incomeTechnology and product licensing revenue represents amounts earned for licenses granted under licensing agreements, including up-front payments. Revenues relating to up-front payments are recognised when the obligations related to the revenues have been completed.Revenues for maintenance and support services are recognised in the accounting periods in which the services are rendered. (b) Rendering of ServicesServices relate to implementation and deployment fees for the technology and products licensed to customers. Revenue is recognised in the accounting periods in which the services are rendered.(c) ConsultingConsulting revenue is recognised when the performance obligation is met. Contracts are structured to support the revenue recognition process by stating what the objectives and deliverables are for each part of the project, and the revenue attributable to each deliverable. 1.6 Functional and presentation currencyThe presentation currency of the Group is pounds sterling (GBP). The functional currency of the Company is pounds sterling. The functional currency of the Company’s polish subsidiary is Polish Zloty (PLN).1.7 Foreign OperationsThe assets and liabilities of foreign operations are translated into Pound sterling using the exchange rates at the reporting date. The revenues and expenses of foreign operations are translated into Pound sterling using the average exchange rates, which approximate the rates at the dates of the transactions, for the period. All resulting foreign exchange differences are recognised in other comprehensive income through the foreign currency reserve in equity.On disposal of a foreign operation, the cumulative exchange differences recognised in the foreign exchange reserve relating to that operation up to the date of disposal are transferred to the consolidated statement of comprehensive income as part of the profit or loss on disposal. 52CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 5230534-Crossword-Cybersecurity-AR2020.indd 5226-Apr-21 12:48:24 PM26-Apr-21 12:48:24 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUED1.8 Property, plant and equipmentProperty, plant and equipment is stated at purchase price less accumulated depreciation and impairment losses. The cost includes all expenses directly related to the purchase of a relevant asset.All other repair and maintenance costs are charged to the income statement for the period during the reporting period in which they are incurred.1.9 DepreciationEach item of property, plant and equipment is depreciated using the straight line method over the estimated useful life and depreciation charge is included in the income statement for the period.The depreciation is charged to the income statement for the period and determined using the straight line method over the estimated useful life of the item of property, plant and equipment.The expected useful lives of property, plant and equipment in the reporting and comparative periods are as follows: Useful lives in years Computers 3.33Furniture & fittings 3.331.10 Impairment of non-financial assetsThe residual value of an asset is the estimated amount that the Group would currently obtain from disposal of the asset less the estimated costs of disposal, if the asset was already of the age and in the condition expected at the end of its physical life.The assets’ residual values and useful lives are reviewed, and adjusted if appropriate, at each reporting date.At the end of each reporting period management assesses whether the indicators of impairment of property, plant and equipment exists.The carrying amounts of property, plant and equipment and all other non-financial assets are reviewed for impairment if there is any indication that the carrying amount may not be recoverable.For the purpose of impairment testing the recoverable amount is measured by reference to the higher of value in use (being the net present value of expected future cashflows of a relevant cash generating unit) and fair value less costs to sell (the amount obtainable from the sale of an asset or cash generating unit in an arm’s length transaction between knowledgeable, willing parties who are independent from each other less the costs of disposal).Where there is no binding sale agreement or active market, fair value less costs to sell is based on the best information available to reflect the amount the Group would receive for the cash generating unit.A cash generating unit is the smallest identifiable group of assets that generates cash inflows that are largely independent of the cash inflows from other assets or groups of assets.If the carrying amount of the asset exceeds its recoverable amount, the asset is impaired and an impairment loss is charged to the income statement so as to reduce the carrying amount in the statement of financial position to its recoverable amount.A previously recognised impairment loss is reversed if the recoverable amount increases as a result of a reversal of the conditions that originally resulted in the impairment.This reversal is recognised in profit or loss for the period and is limited to the carrying amount that would have been determined, net of depreciation, had no impairment loss been recognised in prior years.1.11 Financial InstrumentsFinancial assets and financial liabilities are recognised when the Company becomes a party to the contractual provisions of the instrument.Financial assets and financial liabilities are initially measured at fair value. Transaction costs that are directly attributable to the acquisition or issue of financial assets and financial liabilities (other than financial assets and financial liabilities at fair value through profit or loss) are added to or deducted from the fair value of the financial assets or financial liabilities, as appropriate, on initial recognition. Transaction costs directly attributable to the acquisition of financial assets or financial liabilities at fair value through profit or loss are recognised immediately in profit or loss.All financial instruments are classified in accordance with the principles of IFRS 9 Financial Instruments.53www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 5330534-Crossword-Cybersecurity-AR2020.indd 5326-Apr-21 12:48:24 PM26-Apr-21 12:48:24 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUED1.11(a) Financial assetsClassification of financial assetsDebt instruments that meet the following conditions are subsequently measured at amortised cost:• the financial asset is held within a business model whose objective is to hold financial assets in order to collect contractual cash flows; and• the contractual terms of the financial asset give rise on specified dates to cash flows that are solely payments of principal and interest on the principal amount outstanding.Debt instruments that meet the following conditions are subsequently measured at FVTOCI:• the financial asset is held within a business model whose objective is achieved by both collecting contractual cash flows and selling the financial assets; and• the contractual terms of the financial asset give rise on specified dates to cash flows that are solely payments of principal and interest on the principal amount outstanding.By default, all other financial assets are subsequently measured at FVTPL.Amortised cost and effective interest methodThe effective interest method is a method of calculating the amortised cost of a debt instrument and of allocating interest income over the relevant period.For financial instruments other than purchased or originated credit-impaired financial assets, the effective interest rate is the rate that exactly discounts estimated future cash receipts (including all fees and points paid or received that form an integral part of the effective interest rate, transaction costs and other premiums or discounts) excluding expected credit losses, through the expected life of the debt instrument, or, where appropriate, a shorter period to the gross carrying amount of the debt instrument on initial recognition. For purchased or originated credit-impaired financial assets, a credit-adjusted effective interest rate is calculated by discounting the estimated future cash flows, including expected credit losses, to the amortised cost of the debt instrument on initial recognition.The amortised cost of a financial asset is the amount at which the financial asset is measured at initial recognition minus the principal repayments, plus the cumulative amortisation using the effective interest method of any difference between that initial amount and the maturity amount, adjusted for any loss allowance. On the other hand, the gross carrying amount of a financial asset is the amortised cost of a financial asset before adjusting for any loss allowance.Impairment of financial assetsThe Company recognises a loss allowance for expected credit losses on financial assets that are measured at amortised cost. The amount of expected credit losses is updated at each reporting date to reflect changes in credit risk since initial recognition of the respective financial instrument.Expected credit loss measurementThe consolidated entity has applied the simplified approach to measuring expected credit losses, which uses a lifetime expected loss allowance. To measure the expected credit losses, trade receivables have been grouped based on days overdue.1.11(b) Financial liabilities and equityDebt and equity instruments are classified as either financial liabilities or as equity in accordance with the substance of the contractual arrangement.Equity instrumentsAn equity instrument is any contract that evidences a residual interest in the assets of an entity after deducting all of its liabilities. Equity instruments issued by the Company entity are recognised at the proceeds received, net of direct issue costs.Financial liabilitiesAll financial liabilities are subsequently measured at amortised cost using the effective interest method or at “Fair Value Through Profit or Loss” (“FVTPL”).Financial liabilities at FVTPLFinancial liabilities are classified as at FVTPL when the financial liability is contingent consideration of an acquirer in a business combination to which IFRS 3 applies, or it is designated as at FVTPL.54CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 5430534-Crossword-Cybersecurity-AR2020.indd 5426-Apr-21 12:48:25 PM26-Apr-21 12:48:25 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUEDFinancial liabilities subsequently measured at amortised costFinancial liabilities that are not 1) contingent consideration of an acquirer in a business combination, 2) held-for-trading, or 3) designated as at FVTPL, are subsequently measured at amortised cost using the effective interest method.The effective interest method is a method of calculating the amortised cost of a financial liability and of allocating interest expense over the relevant period. The effective interest rate is the rate that exactly discounts estimated future cash payments (including all fees and points paid or received that form an integral part of the effective interest rate, transaction costs and other premiums or discounts) through the expected life of the financial liability, or (where appropriate) a shorter period, to the amortised cost of a financial liability.Derecognition of financial liabilitiesThe Company derecognises financial liabilities when, and only when, the Company’s obligations are discharged, cancelled or they expire. The difference between the carrying amount of the financial liability derecognised and the consideration paid and payable, including any non-cash assets transferred or liabilities assumed, is recognised in the statement of comprehensive income.1.12 Research and developmentResearch and development expenditure has been written off as incurred, following consideration of IAS 38 criteria for capitalisation of development costs.1.13 TaxesCurrent tax is calculated using rates and laws enacted or substantively enacted at the reporting date. Current tax is recognised in profit or loss unless it relates to an item of other comprehensive income or equity whereby it is recognised in other comprehensive income or equity respectively.Deferred income tax is calculated using rates and laws enacted or substantively enacted at the reporting date that are expected to apply on reversal of the related temporary difference, and is determined in accordance with the expected manner of recovery of the related asset.Deferred income tax is recognised in profit or loss unless it relates to an item of other comprehensive income or equity whereby it is recognised in other comprehensive income or equity respectively.1.14 Share Based PaymentsOn occasion, the Company has made share-based payments to certain Directors and employees by way of issue of share options. The fair value of these payments is calculated by the Company using the binomial option valuation model.The expense, where material, is recognised on a straight-line basis over the period from the date of award to the date of vesting, based on the Company’s best estimate of the number of shares that will eventually vest.1.15 InvestmentsShares in subsidiary undertakings are stated at cost less provision for impairment. Unlisted investments are measured at fair value. 1.16 Intercompany Financing ArrangementThe amortised cost methodology is applied to the financing arrangement between the Company and subsidiary Crossword Consulting Limited. An assessment in undertaken to determine weighted average cost of capital to apply discounting with the principal debt conceptually including a financing element. 1.17 Pension ObligationsThe Group operates a defined contribution pension scheme for employees in the United Kingdom. A defined contribution scheme is a pension plan under which the Group pays fixed contributions into a separate entity. The Group has no legal or constructive obligations to pay further contributions if the fund does not hold sufficient assets to pay all employees the benefits relating to employee service in the current and prior years.Contributions payable to the Group’s pension scheme are charged to the income statement in the year to which they relate. The Group has no further payment obligations once the contributions have been paid.In Poland, the Group pays the statutory employer’s contribution into the public pension scheme for each employee, but does not operate any pension schemes. In 2021, the Group will implement the Employee Capital Plans (PPK) program which will involved employee consultation and selection of a financial institution.1.18 Cash and Cash EquivalentsCash comprises cash-in-hand and demand deposits. Cash equivalents are short-term, highly liquid investments that are readily convertible to know amounts of cash, and which are subject to an insignificant risk of change in value.55www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 5530534-Crossword-Cybersecurity-AR2020.indd 5526-Apr-21 12:48:25 PM26-Apr-21 12:48:25 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUED1.19 Critical accounting estimates and judgements and key sources of estimation uncertaintyEstimates and judgements are continually evaluated and are based on experience and other factors, including expectations of future events that are believed to be reasonable under the circumstances.The following are the key estimates that the directors have made in the process of applying the Group’s accounting policies and have the most significant effect on the amounts recognised in the financial information. There are no further critical accounting judgements.Fair value of options granted to employeesThe Group uses the Binomial model in determining the fair value of options granted to employees under the Group’s various share schemes. The determination of the fair value of options requires a number of assumptions. The alteration of these assumptions may impact charges to the income statement over the vesting period of the award. Details of the assumptions used are shown in note 4.Convertible LoansThe Group has given consideration to the measurement and presentation of the convertible loans.On legal execution of the loans the financial liability is initially measured at its fair value which is the face value of the loans. Immediately after recognition, at fair value, the financial liability is measured at amortised cost, using a reasonable estimate of the Group’s cost of capital. The difference between the fair value and the amortised cost is taken to the P&L account.Fair value of equity transaction with non-controlling interestsDuring the year the subsidiary, Crossword Consulting Limited, issued 110,000 A shares to a director of the subsidiary (detailed in note 23) which equated to 10% of the subsidiary equity. The director of the subsidiary and a member of the executive team paid open market value for the shares issued. The issue price was deemed to be market price on the open market which was arrived at by benchmarking the transaction against other third party entity transactions of a similar nature.ImpairmentAn impairment assessment of the carrying value in the Company of the investment in Crossword Consulting Limited is undertaken using an NPV model over the projected cash flows, with a discount rate based on the assessment of weighted average cost of capital.1.20 Accounting for Government GrantsUK Government Furlough Funding is netted of against Gross Staff Costs in the period in which it is incurred. No other Government Grants were received in the period. 2 Revenue and segmental informationAn analysis of the Group’s revenue for each period for its continuing operations, is as follows:£Group 2020Group 2019Revenue from the sale of goods/licences136,206 69,884 Revenue from the rendering of services34,675 16,000 Revenue from Cyberowl Limited for software development24,700 91,574 Revenue from Byzgen Limited for software development203,030 208,555 Revenue from Consulting 1,229,000 919,042 Total Revenue 1,627,611 1,305,055 The IFRS 8 Operating segments requires the Group to determine its operating segments based on information which is provided internally. Based on the internal reporting information and management structures within the Group, it has been determined that there are two geographic operating segments (UK and Poland) supported by one centralised cost segment (UK and Poland) and one revenue segment (UK). Reporting on this basis is reviewed by the Board of directors which is the chief operating decision-maker and is responsible for the strategic decision-making of the Group.The consolidated entity is organised into three operating segments based on differences in products and services provided, software products and services, cybersecurity consulting and software development services. These operating segments are based on the internal reports that are reviewed and used by the Board of Directors (who are identified as the Chief Operating Decision Makers (‘CODM’)) in assessing performance and in determining the allocation of resources. There is no aggregation of operating segments.The CODM reviews EBITDA (earnings before interest, tax, depreciation and amortisation). The accounting policies adopted for internal reporting to the CODM are consistent with those adopted in the financial statements. The information reported to the CODM is on a monthly basis.56CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 5630534-Crossword-Cybersecurity-AR2020.indd 5626-Apr-21 12:48:25 PM26-Apr-21 12:48:25 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUEDDuring the year ended 31 December 2020 approximately 32% (2019: 13%) of the consolidated entity’s external revenue was derived from sales to a major United Kingdom client. No other clients accounted for more than 10% of the consolidated entity’s external revenue.No analysis of net assets by geographic segment is provided as the net assets are principally all within the UK.3 Expenses By Nature£Group 2020Group 2019Staff and related costs2,643,670 2,343,937 Consultancy and related costs280,917 225,172 Professional fees268,567 354,369 Property related costs82,776 82,593 Depreciation150,437 147,281 Other expenses476,502 495,666 Total cost of sales and administrative expenses3,902,870 3,649,018 Expenses by geographic segment£Group 2020Group 2019UK3,410,235 3,117,927 Poland492,635 531,091 Total cost of sales and administrative expenses3,902,870 3,649,018 4 Staff CostsStaff costs, including directors’ remuneration, were as follows:£Group 2020Company 2020Group 2019Company 2019Wages and salaries2,454,980 1,150,153 2,102,651 1,079,377 Furlough receipts for wages and salary(93,510)(36,218)Social security costs243,642 119,755 207,878 119,260 Furlough receipts for social security costs(6,363)(2,430)Other pension costs46,509 31,470 33,208 24,824 Furlough receipts for pension costs(1,588)(625)2,643,670 1,262,106 2,343,737 1,223,461 Wages and salaries and Social security costs are reported net of UK government furlough funding of £101,461 (Company £39,273). At the end of the period, there were no staff furloughed and all claims had been made and settled. The average monthly number of employees and directors, during the period was as follows:Group 2020Company 2020Group 2019Company 2019Staff34133113Directors10897Total4421402057www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 5730534-Crossword-Cybersecurity-AR2020.indd 5726-Apr-21 12:48:25 PM26-Apr-21 12:48:25 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUEDShare based paymentsThe amount recognised in respect of share based payments was £52,792 for December 2020, £32,200 for December 2019, £45,751 for December 2018, £15,784 for 2017, £18,636 for 2016 and £16,455 for 2015.The Group has established share option programmes that entitle certain employees to purchase shares in the Group.These were issued in July 2014, November 2014, July 2015, December 2015, January 2016, June 2016, September 2016, June 2017, Jan 2018, May 2018, July 2018, October 2018, June 2019, November 2019, June 2020 and October 2020.There are no performance conditions attaching to these options. 6,666 options were exercised in April 2018, 666 options in December 2018, 332 options in April 2019, 499 options in December 2019 and 13,333 in January 2020.Total options issued amount to 206,573 as at 31 December 2020, 183,181 as at 31 December 2019, 149,010 as at 31 December 2018, 115,658 as at 31 December 2017 by Crossword Cybersecurity plc. See details in Note 14 Earnings & Diluted Earnings per share.The share options have been valued using a binomial model applying the following inputs:• Exercise price – equal to the share price at grant date;• Vesting date – all options vest in three tranches, on the first, second and third anniversary from the grant date;• Expiry/Exercise date – 10 years from the grant date;• Volatility (sigma) – 35%. Given the thinly traded shares of the Company on NEX, we have estimated Crossword’s share price volatility by reference to the calculated volatility of quoted comparator companies Sophos Group Plc and Osirium Technologies Plc.• Risk free rate – yield on a zero coupon government security at each grant date with a life congruent with the expected option life;• Dividend yield – 0%,• Future staff turnover – 0%. We have however adjusted the P+L charge for the current year (and future years) to account for lapsed options due to Leavers; and• Performance conditions – none.Reconciliation of share options –CompanyWeighted average exercise priceWeighted average exercise price20202020£20192019£1st January188,889 2.61 149,010 1.80 Granted during the period49,684 7.04 50,312 5.07 Lapsed during the period (18,667)3.10 (8,936)2.98Exercised during the period(13,333)2.80(1,497)2.10End of the period206,573 3.62 188,889 2.61 The weighted average share Price at the exercise date was £3.62.The range of exercise prices is from £0.54 to £5.45.58CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 5830534-Crossword-Cybersecurity-AR2020.indd 5826-Apr-21 12:48:25 PM26-Apr-21 12:48:25 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUED5 Directors’ RemunerationThe remuneration of the Directors who served in the current year was as follows:Basic Salary and Fees£Bonus£Taxable Benefits£Employer's Pension Contribution£Total£Executive DirectorsTom Ilube* 126,622 3,689 1,314 131,625 Mary Dowd** 130,000 10,000 140,000 –Non-Executive Directors– Sir Richard Dearlove 25,000 25,000 50,000 Ruth Anderson 12,000 12,000 Andy Gueritz 16,000 16,000 Gordon Matthew 12,000 12,000 Dr David Secher 16,000 16,000 Prof David Stupples 12,000 12,000 Total 349,622 – 28,690 11,314 389,625 The remuneration of the Directors who served in the previous year was as follows:Basic Salary and Fees£Bonus£Taxable Benefits£Employer's Pension Contribution£Total£Executive DirectorsTom Ilube* 130,000 10,000 4,801 1,188 145,989 Mary Dowd** 128,750 8,477 1,188 138,415 Non-Executive DirectorsSir Richard Dearlove 25,000 – 50,000 75,000 Ruth Anderson 9,500 – 9,500 Andy Gueritz 11,833 – 11,833 Gordon Matthew 12,000 – 12,000 Dr David Secher 11,833 – 11,833 Prof David Stupples 12,000 – 12,000 Total 340,916 18,477 54,801 2,376 416,570 * Denotes highest paid director in 2019 ** Denotes highest paid director in 2020 Share Options issued (2017 nil)YearShare OptionsExercise PriceTotal ValueSir Richard Dearlove2018 6,757 £3.70 £9,902 Mary Dowd2018 7,936 £3.15 £9,993 Sir Richard Dearlove2019 4,587 £5.45 £10,587 Sir Richard Dearlove2019 5,208 £4.80 £10,576 Mary Dowd2019 10,000 £5.45 £23,080 Mary Dowd2020 2,500 £3.05 £2,903 Sir Richard Dearlove2020 9,434 £2.65 £9,496 59www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 5930534-Crossword-Cybersecurity-AR2020.indd 5926-Apr-21 12:48:25 PM26-Apr-21 12:48:25 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUED6 Finance CostsGroup 2020£Group 2019£Finance Cost of Financial Liabilities (Loan Notes)196,546 9,090 Company right to use assets Interest4,298 9,460 Crossword Cybersecurity sp z.o.o. right to use assets interest2,705 5,070 Crossword Consulting Ltd Overdraft Annual Fees & Interest876 578 Crossword Cybersecurity Spolka z.o.o Interest256 153 204,679 24,351 7 Auditor’s RemunerationThe expenses for services rendered by the Group auditor present themselves as follows£Group 2020Group 2019Fees for legal audit of consolidated financial information40,250 31,250 Fees for legal audit of subsidiary financial information6,204 6,200 Fees for tax advisory services6,000 5,577 52,454 43,027 8 TaxIncome tax£Group 2020Group 2019Current income tax expense4,840 5,878 Deferred income tax – – Total tax expense4,840 5,878 There is no tax charge in respect of other comprehensive income.The deferred income taxes for all years/periods and deferred tax assets as at the end of each year/period were considered nil as the Directors consider there is no sufficient certainty over the recoverability of the corporation tax losses available.Corporation tax losses carried forward for offset against future year’s trading profits amount to approximately £4,500,000 (2019: £4,500,000 2018: £3,500,000, 2017: £2,500,000, 2016 : £1,600,000, 2015 : £700,000).£Group 2020Group 2019Loss before taxation2,273,497 2,095,570 Average rate of corporation tax19.00%19.00%Tax on profit (431,964) (398,158)Effects of:Expenses not deductible for tax purposes17,640 18,895 Depreciation for the period in excess of capital allowances150,437 147,281 Deferred tax not recognised259,047 226,105 Total tax charge (4,840) (5,878)60CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 6030534-Crossword-Cybersecurity-AR2020.indd 6026-Apr-21 12:48:26 PM26-Apr-21 12:48:26 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUEDFactors that may affect future tax changesThe rate of corporation tax in the United Kingdom had been expected to reduce from 19% to 17% per cent from 1 April 2020. However in March 2020 it was announced that the rate would continue at 19%. In March 2021 it was announced that UK corporation tax rates would rise to 25% from 2023. Polish Corporation Tax has been 19% until 1 January 2017, when Crossword started to benefit from the new small companies reduced rate of 15% adopted by the Parliament Act amendment to Polish CIT Law.9 Tangible AssetsComputers£Group 2020Company 2020Group 2019Company 2019Cost b/f22,674 22,674 Additions / (Disposals) 2,001 24,675 – 22,674 – Accumulated DepreciationB/F18,157 15,191 Charge for the period2,966 2,966 C/d21,124 – 18,157 – Net Book Value3,551 – 4,517 – Furniture and Fittings£Group 2020Company 2020Group 2019Company 2019Cost b/f 15,157 15,157 5,500 5,500 Additions 9,657 9,657 15,157 15,157 15,157 15,157 Accumulated DepreciationB/F 4,235 4,235 917 917 Charge for the period 7,773 7,773 3,318 3,318 C/d12,009 12,009 4,235 4,235 Net Book Value3,148 3,148 10,921 10,921 10 Right of Use Assets£Group 2020Company 2020Group 2019Company 2019Cost b/f344,058231,935––Additions––344,058231,935344,058231,935344,058231,935Accumulated DepreciationB/F140,99698,209––Charge for the period139,69798,478140,99698,209C/d280,694196,687140,99698,209Net Book Value63,36535,248203,062133,72661www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 6130534-Crossword-Cybersecurity-AR2020.indd 6126-Apr-21 12:48:26 PM26-Apr-21 12:48:26 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUED11 Unlisted Investments£Group 2020Company 2020Group 2019Company 2019Fair value at 1 January and 31 December31313131The above Group investment represents Crossword Cybersecurity Plc’s 2020 - 4.4% (2019 - 7.1%, 2018 - 9.88%, 2017 - 11.069%, 2016 - 14.58%) holding in CyberOwl Limited which was purchased on 18 April 2016. In respect of the unlisted investments no material difference exists between the carrying value and the fair value at the year-end.12 Investment in subsidiaries£CompanyCost b/f 1 January 2019 and c/f 31 December 2019 11,017 Capital contribution 447,147 Cost c/f 31 December 2020 458,164 The group’s subsidiary undertakings are listed below, including name, country of incorporation, and proportion of ownership interest:NameRegistered office Principal activity 2020%2019%Crossword Consulting Limited6th Floor, 60 Gracechurch Street, London EC3N 0HR. United Kingdom Cybersecurity services 90 100 Crossword Cybersecurity SP Z.o.o.ul. Wiejska 12a, 00-490 Warszawa, Poland Cybersecurity services 100 100 13 Trade and Other Receivables£Group 2020Company 2020Group 2019Company 2019Trade receivables289,811 125,115 283,024 270,169 Other receivables66,714 63,067 231,580 227,893 Prepayments 102,112 83,749 92,349 73,148 Accrued income27,394 3,750 – – VAT Refund11,881 - 19,345 9,222 Intercompany receivables within one year – – – 1,249 497,913 275,680 626,298 581,680 Overdue 6,600 67,874 All overdue amounts were paid following the period.All of the above amounts are considered to be due within one year. The maximum exposure to credit risk at the reporting date is the carrying value as above and the cash and cash equivalents and none are either past or impaired. Of the above amounts held within the Group, 2020: £15,529; 2019: £29,180; 2018: £15,195; 2017: £32,566; is denominated in Polish Zloty with the remainder in GBP.Foreign exchange risk is currently minimal as balances in Polish Zloty are between the parent and its wholly owned subsidiary.62CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 6230534-Crossword-Cybersecurity-AR2020.indd 6226-Apr-21 12:48:26 PM26-Apr-21 12:48:26 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUED14 Trade and Other Payables£Group 2020Company 2020Group 2019Company 2019Trade payables204,243 372,359 82,165 276,814 Tax payables163,002 38,746 91,024 –Accruals403,997 289,488 103,264 70,094 Deferred income101,43871,78947,48547,485Other payables56,360 21,805 289,371 121,909 929,038 794,187 613,310 516,302 All of the above amounts are considered to be due within one year.£37,883 of 2019 deferred income balance was recognised in the 2020 as revenue while £158 was written off. The remaining 2019 deferred income of £9,444 is included in the 2020 deferred income for the Company and Group. The entire deferred income balance in 2018 of £8,255 was recognised in 2019 as revenue.Of the Trade and Other Payables amounts held within the Group, £29,630 (2019: £24,420; 2018: £19,569; 2017: £31,149) is denominated in Polish Zloty with the remainder in GBP.Suppliers denominated in Euros had a zero balance outstanding at 31st December 2020 (2019: £0; 2018: £7,452; zero in previous periods).15 Share CapitalAllotted called up and fully paid2019: 4,681,227, 2020: 5,132,090 ordinary shares of £0.05 each.£Share Capital20202019Cost b/f234,061 234,020 Shares Issued in period22,544 42 256,605 234,061 Share PremiumB/F7,515,744 7,513,908 Shares Issued in period1,002,647 1,836 C/d8,518,391 7,515,744 The shares issued during the period were ordinary shares of £0.05 issued at a premium of £1,002,647 (2019: share options exercised). 16 Loss per shareEarnings per share is calculated by dividing the loss for the period attributable to ordinary equity shareholders of the parent by the weighted average number of ordinary shares outstanding during the year.During the year the calculation was based on the loss for the year of £2,273,497 (2019: £2,191,280; 2018: £2,132,252; 2017: £1,200,424) divided by the weighted average number of ordinary shares of 4,981,980 (2019: 4,679,965; 2018: 3,853,254; 2017: 3,158,318).63www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 6330534-Crossword-Cybersecurity-AR2020.indd 6326-Apr-21 12:48:26 PM26-Apr-21 12:48:26 PM 30534 26 April 2021 12:46 pm V11Consolidated Financial Statements CONTINUED17 Reconciliation of movements in net debtGroup £Lease liabilitiesConvertible loan notesCash and cash equivalentsNet debtNet debt at 1 January 2019Due within twelve months (229,519) - - (229,519)Due after more than twelve months (90,602) - - (90,602)Cash and cash equivalents - - 2,222,706 2,222,706 (320,121) - 2,222,706 1,902,585 Cash flows 134,854 (1,400,000) (703,186) (1,968,332)Non-cash flows - 92,764 (5,354) 87,410 Net debt at 31 December 2019 (185,267) (1,307,236) 1,514,166 21,663 Due within twelve months (171,934) - - (171,934)Due after more than twelve months (13,333) (1,307,236) - (1,320,569)Cash and cash equivalents - - 1,514,166 1,514,166 (185,267) (1,307,236) 1,514,166 21,663 Cash flows 141,533 - (565,419) (423,886)Non-cash flows - (28,086) 9,595 (18,491)Net debt at 31 December 2020 (43,734) (1,335,322) 958,342 (420,714)Due within twelve (43,734) - - (43,734)Due after more than twelve months - (1,335,322) - (1,335,322)Cash and cash equivalents - - 958,342 958,342 Net debt at 31 December 2020 (43,734) (1,335,322) 958,342 (420,714)Company£Lease liabilitiesConvertible loan notesCash and cash equivalentsNet debtNet debt at 1 January 2019Due within twelve months (99,917) - - (99,917)Due after more than twelve months (127,091) - - (127,091)Cash and cash equivalents - - 2,213,701 2,213,701 (227,008) - 2,213,701 1,986,693 Cash flows 113,675 (1,400,000) (760,986) (2,047,311)Non-cash flows - 92,764 - 92,764 Net debt at 31 December 2019 (113,333) (1,307,236) 1,452,715 32,146 Due within twelve months (99,917) - - (99,917)Due after more than twelve months (13,416) (1,307,236) - (1,320,652)Cash and cash equivalents - - 1,452,085 1,452,085 (113,333) (1,307,236) 1,452,085 31,516 Cash flows 99,917 - (627,418) (527,501)Non-cash flows - (28,086) - (28,086)Net debt at 31 December 2020 (13,416) (1,335,322) 824,667 (524,071)Due within twelve months (13,416) - - (13,416)Due after more than twelve months - (1,335,322) - (1,335,322)Cash and cash equivalents - - 824,667 824,667 Net debt at 31 December 2020 (13,416) (1,335,322) 824,667 (524,071)64CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 6430534-Crossword-Cybersecurity-AR2020.indd 6426-Apr-21 12:48:26 PM26-Apr-21 12:48:26 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsConsolidated Financial Statements CONTINUED18 ReservesThe following describes the nature and purpose of each reserve within owners’ equityReserveDescription and purposeShare capitalThis represents the nominal value of shares issuedShare premiumAmount subscribed for share capital in excess of nominal valueEquity reserveRepresents amounts charged on share options that have been granted to employeesRetained earningsCumulative net gains and losses recognised in the consolidated statement of comprehensive incomeTranslation of foreign operationsIs the difference that arises due to consolidation of foreign subsidiaries using an average rate during the period and a closing rate for the period end statement of financial position19 Financial Instruments Note£Group 2020Company 2020Group 2019Company 2019Current Financial AssetsFinancial assets measured at amortised costTrade and other receivables383,848845,175349,186931,893Cash and cash equivalents958,341 824,667 1,514,166 1,452,085 1,342,189 1,669,8421,863,352 2,383,978 Current Financial LiabilitiesFinancial liabilities measured at amortised costTrade and other payables664,599 683,653 474,802 468,817 Non-Current Financial LiabilitiesFinancial liabilities measured at amortised costLoan1,335,322 1,335,322 1,307,236 1,307,236 1,999,921 2,018,974 1,782,038 1,776,053 In relation to the loan there was a fair value gain of £0 (2019: £92,764 arising from the loans notes being initially measured at fair value and subsequently measured at amortised cost).Included within trade and other payables are lease liabilities of the group of £43,734.37 (2019: £185,267; 2018: £nil) and of the company £13,507 (2019: £113,334; 2018: £nil).65www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 6530534-Crossword-Cybersecurity-AR2020.indd 6526-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V1120 Financial Instruments – RiskThe Group could be exposed to risks that arise from its use of financial instruments. Risks in relation to financial assets include:Market riskMarket risk covers foreign exchange risk, price risk and interest rate risk.As the majority of the Group’s transactions are either in Sterling or in Polish Zloty the Group considers its exposure to foreign exchange risk to be minimal.There are no derivatives and hedging instruments.The Group is not exposed to price risk given that no securities are held under financial assets.The Group is not exposed to interest rate or cash flow risk due to the fact that the Group has no borrowing or complex financial instruments.Credit riskCredit risk is considered to be the risk of financial loss incurred by the Group in the event that a customer or counterparty to an asset fails to meet contractual obligations. There is no provision for bad debt, as the Group has not experienced any bad debt, with customers paying to terms. The Group does not consider credit risk to be significant given the type of services it provides.Liquidity riskManagement monitor rolling forecasts of the Group’s liquidity reserves, cash and cash equivalents on the basis of expected cash flows and therefore monitors liquidity risk sufficiently.Financial liabilitiesDue <1 yearDue 1-2 yearsTrade payables204,243Tax payables163,002Accurals403,997Deferred income101,438Other payables56,360Loan1,335,322Total 929,040 1,335,32221 Capital managementThe Group considers its capital to comprise of its equity share capital, share premium, foreign exchange reserve, share options reserve and capital redemption reserve, less its accumulated losses. Quantitative detail is shown in the consolidated statement of changes in equity.The directors’ objective when managing capital is to safeguard the Group’s ability to continue as a going concern in order to provide returns for the shareholder and benefits for other stakeholders and to maintain an optimal capital structure to reduce the cost of capital.The directors monitor a number of KPIs at both the Group and individual subsidiary level on a monthly basis. As part of the budgetary process, targets are set with respect to operating expenses in order to effectively manage the activities of the Group. Performance is reviewed on a regular basis and appropriate actions are taken as required. These internal measures indicate the performance of the business against budget/forecast and to confirm that the Group has adequate resources to meet its working capital requirements.Consolidated Financial Statements CONTINUED66CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 6630534-Crossword-Cybersecurity-AR2020.indd 6626-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial Statements22 PensionsEmployer contributions to the Group defined contribution pension scheme for employees in the United Kingdom were £46,509 (2019: £33,208). A defined contribution scheme is a pension plan under which the Group pays fixed contributions into a separate entity. The Group has no legal or constructive obligations to pay further contributions if the fund does not hold sufficient assets to pay all employees the benefits relating to employee service in the current and prior years.Contributions payable to the Group’s pension scheme were charged to the income statement in the year to which they relate. The Group has no further payment obligations once the contributions have been paid.In Poland, the Group pays the statutory employer’s contribution into the public pension scheme for each employee, but does not operate any pension schemes. In 2021, the Group will implement the Employee Capital Plans (PPK) program which will involved employee consultation and selection of a financial institution.23 Related Party Transactions20202019CyberOwl Limited - Crossword Cybersecurity plc has an investment in CyberOwl LimitedPercentage Holding4.40%7.07%Revenue from development services £ 24,700 91,574 Balance Outstanding £ – 5,070 Byzgen Limited - Crossword Cybersecurity has a licencing agreement with Byzgen LimitedRevenue from development services and licence agreement £ 203,030 208,555 Balance Outstanding £ 44,295 36,330 Subsidiary Transactions20202019Crossword Consulting LimitedServices received from £ 56,294 47,802 Balance Payable to £ 5,629 4,780 Services supplied to £ 145,466 182,871 Balance Due from £ 368,271 213,199 Crossword Cybersecurity SP Z.o.oServices received from £ 502,374 588,696 Balance Payable to £ 189,541 143,030 Services supplied to £ – – Balance Due from £ – – Tom Ilube, CEO, has made a loan of £250,000 to the Company on the same terms as the other Lenders as described in Note 20.The Company has a related party relationship with its key management who are the Executives: Tom Ilube, Mary Dowd, Jake Holloway, Sean Arrowsmith and Stuart Jubb, whose total compensation amounted to £697,924 (2019: £484,961).In March 2020 the subsidiary Crossword Consulting Limited issued 110,000 A shares to Stuart Jubb, Managing Director of the subsidiary and member of the executive team which equated to 10% of the subsidiary entity, for a subscription price of £15,400 which was estimated to equate to fair value.Consolidated Financial Statements CONTINUED67www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 6730534-Crossword-Cybersecurity-AR2020.indd 6726-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V1124 Convertible Loan NotesIn 2019, the company received funds for £1.4m of Convertible Loan Notes. The term of the loans is 3 years and the interest is 12% payable quarterly in arrears. Early repayment is at the Company’s sole option, subject to a minimum repayment amount of £10,000. Repayment is at the end of the term, in cash, save that each lender may opt to convert part or all of their loan into Ordinary Shares at £4.80. On repayment of the Loans in cash, each lender will be issued warrants valid for three months to subscribe for Ordinary Shares representing 10% of the value of the Loan at £4.80.Included among the commitments is one from Tom Ilube, CEO, for an amount of £250,000. Tom Ilube made a loan to the Company on the same terms as the other Lenders as described above25 Subsequent EventsOn 10 February 2021 the Company announced that it has undertaken a fundraising of approximately £1.6 million through a placing and proposed subscription of Crossword ordinary shares of 5p each (“Ordinary Shares”) at a price of 260 pence per share and the following announcement was made to the market on 10 February 2021.10 February 2021 – London, UK –Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the technology commercialisation company focused on cyber security and risk management, is pleased to announce that it has undertaken an oversubscribed fundraising of approximately £1.6 million through a placing and subscription of Crossword ordinary shares of 5p each (“Ordinary Shares”) at a price of 260 pence per share.The placing of 591,340 Ordinary Shares and subscription of 38,460 Ordinary Shares to raise £1,637,480 from new and existing institutional shareholders is to drive growth in the Company’s Rizikon Pro platform. Additionally, the Company intends to apply proceeds to increase sales and marketing resource, for product development and support and for general working capital purposes. The Placing Price represents a 6.8% discount to the closing price on 9 February 2021.A copy of the Company’s current investor presentation is available on its website, www.crosswordcybersecurity.com. Settlement and dealingsApplication has been made for the admission of the 629,800 Ordinary Shares, which rank pari passu with the Company’s existing issued Ordinary Shares, to be admitted to trading on AIM. Dealings on AIM are expected to commence at 8:00am on or around 12 February 2021 (“Admission”).Total Voting RightsFor the purposes of the Financial Conduct Authority’s Disclosure Guidance and Transparency Rules (“DTRs”), following Admission, Crossword will have 5,761,890 Ordinary Shares in issue with voting rights attached. Crossword holds no shares in treasury. This figure of 5,761,890 may be used by shareholders in the Company as the denominator for the calculations by which they will determine if they are required to notify their interest in, or a change to their interest in the Company, under the DTRs.26 Controlling PartyThe Company does not have a controlling party.Consolidated Financial Statements CONTINUED68CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 6830534-Crossword-Cybersecurity-AR2020.indd 6826-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsNotice of AGMNotice is hereby given that the Annual General Meeting of Crossword Cybersecurity PLC (the ‘Company’) will be held at Capital Tower, 91 Waterloo Road, London, SE1 8RT, United Kingdom on Tuesday 25 May 2021 3.00 pm to consider, and if thought fit, to pass the following resolutions, of which 1 to 6 will be proposed as Ordinary Resolutions and resolutions 7 and 8 will be proposed as Special Resolutions:Our preference had been to welcome shareholders in person to our 2021 Annual General Meeting, particularly given the constraints we faced in 2020 due to the COVID-19 pandemic. However, at present, due to associated UK Government’s restrictions on public gatherings we are asking shareholders not to attend the venue in person and instead to participate in the meeting by submitting their proxy electronically. Shareholders that do attempt to attend the venue for the Annual General Meeting will not be permitted entry. Should you wish to raise any questions ahead of the AGM please do so via email to the Company Secretary at ben.harber@shma.co.uk. We will endeavour to respond to all questions received by 3.00pm on Tuesday 21 May 2021 with the Q&A being published on the Company website soon after the AGM.Please note that there will be a Shareholder Presentation held on 26 May 2021 at 10am. To register for the Shareholder Presentation please visit www.investormeetcompany.com. The title of the presentation is “2020 Final Results and Shareholder update”. If you require any assistance please do not hesitate to contact the Company Secretary at ben.harber@shma.co.uk Ordinary Business1. To receive and adopt the report of the Directors and the financial statements for the year ended 31 December 2020 and the report of the Auditor thereon.2. To re-elect, as a Director of the Company, Ruth Anderson who retires in accordance with Article 90.2 of the Company’s Articles of Association and offers herself for re-election.3. To re-elect, as a Director of the Company, Andy Gueritz who retires in accordance with Article 90.2 of the Company’s Articles of Association and offers himself for re-election.4. To re-appoint MHA MacIntyre Hudson as Auditor of the Company and to authorise the Directors to determine the Auditor’s remuneration.Special Business5. THAT, the issued share capital of the Company be subdivided such that each existing ordinary share of 5 pence in the capital of the Company (‘Existing Ordinary Share’) be subdivided into ten ordinary shares of 0.5 pence (‘New Ordinary Share’) The New Ordinary Shares having the same rights and ranking pari passu in all respects with the Existing Ordinary Shares.6. THAT, subject to and conditional upon the passing of Resolution 5, the Directors be and they are hereby generally and unconditionally authorised pursuant to Section 551 of the Companies Act 2006 (‘the Act’), in substitution for all previous powers granted to them, to exercise all the powers of the Company to allot and make offers to allot relevant securities (within the meaning of the Act) up to an aggregate nominal amount of £96,031.50 such authority shall, unless previously revoked or varied by the Company in general meeting, expire on the conclusion of the Annual General Meeting of the Company to be held in 2022 provided that the Company may, at any time before such expiry, make an offer or enter into an agreement which would or might require relevant securities to be allotted after such expiry and the Directors may allot relevant securities pursuant to any such offer or agreement as if the authority conferred hereby had not expired.7. THAT, subject to and conditional upon the passing of Resolution 5, the Directors be and they are hereby authorised pursuant to Section 570 of the Act to allot equity securities (as defined in Section 560 of the Act) for cash pursuant to the authority conferred by resolution 6 above as if Section 561(1) of the Act did not apply to any such allotment, provided that this power shall be limited to:(a) the allotment of equity securities in connection with an issue in favour of shareholders where the equity securities respectively attributable to the interests of all such shareholders are proportionate (or as nearly as may be practicable) to the respective number of ordinary shares in the capital of the Company held by them on the record date for such allotment, but subject to such exclusions or other arrangements as the Directors may deem necessary or expedient in relation to fractional entitlements or legal or practical problems under the laws of, or the requirements of, any recognised regulatory body or any stock exchange, in any territory;(b) the allotment of equity securities arising from the exercise of options or the conversion of any other convertible securities outstanding at the date of this resolution; and(c) the allotment (otherwise than pursuant to sub-paragraph (a) and (b) above) of further equity securities up to an aggregate nominal amount of £96,031.50;Consolidated Financial Statements CONTINUED69www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 6930534-Crossword-Cybersecurity-AR2020.indd 6926-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V11provided that this power shall, unless previously revoked or varied by special resolution of the Company in general meeting, expire at the conclusion of the Annual General Meeting of the Company to be held in 2022. The Company may, before such expiry, make offers or agreements which would or might require equity securities to be allotted after such expiry and the Directors are hereby empowered to allot equity securities in pursuance of such offers or agreements as if the power conferred hereby had not expired.8. To adopt the amended articles of association as tabled at the Meeting as the New Articles in substitution for, and to the exclusion of, all existing articles of association of Crossword Cybersecurity PLC.BY ORDER OF THE BOARDB. Harber 6th Floor Company Secretary 60 Gracechurch Street 23 April 2021 London EC3V 0HRNotes1. We encourage shareholders to appoint the Chair of the meeting as proxy. This will ensure that your vote will be counted even with attendance at the meeting being restricted.2. Members entitled to appoint a proxy to exercise all or any of their rights to attend and to speak and vote on their behalf at the meeting. A proxy need not be a shareholder of the Company. A shareholder may appoint more than one proxy in relation to the Annual General Meeting provided that each proxy is appointed to exercise the rights attached to a different share or shares held by that shareholder. To appoint more than one proxy you may photocopy this form. Please indicate the proxy holder’s name and the number of shares in relation to which they are authorised to act as your proxy (which, in aggregate, should not exceed the number of shares held by you). Please also indicate if the proxy instruction is one of multiple instructions being given. All forms must be signed and should be returned together in the same envelope. To be valid, the form of proxy and the power of attorney or other authority (if any) under which it is signed or a certified copy of such power or authority must be lodged at the offices of the Company’s registrars, Share Registrars Limited, The Courtyard, 17 West Street, Farnham, Surrey GU9 7DR by hand, or sent by post, so as to be received not less than 48 hours before the time fixed for the holding of the meeting (excluding any part of a day which is not a working day) or any adjournment thereof (as the case may be). Please note the Share Registrars Limited will accept scans of the proxy forms via email sent to the following address: voting@shareregistrars.uk.com with ‘Crossword Cybersecurity plc AGM vote’ in the subject line provided that such email is received not less than 48 hours before the time fixed for the holding of the meeting (excluding any part of a day which is not a working day) or any adjournment thereof (as the case may be).3. Any member entitled to attend and vote at the meeting may appoint one or more proxies to attend and, on a poll, vote instead of him. A proxy need not also be a member.4. The completion and return of a form of proxy will not preclude a member from attending in person at the meeting and voting should he wish to do so.5. CREST members may appoint a proxy through CREST by using the procedures described in the CREST Manual (available via www.euroclear.com/CREST). CREST personal members or other CREST sponsored members and those CREST members who have appointed a voting service provider should refer to their CREST sponsor or voting service provider, who will be able to take the appropriate action on their behalf. In order for a proxy appointment or instruction made using the CREST service to be valid, the appropriate CREST message (‘a CREST proxy instruction’) must be properly authenticated in accordance with Euroclear UK & Ireland Limited’s specifications and must contain the information required for such instructions, as described in the CREST Manual. All messages relating to the appointment of a proxy or an instruction to a previously appointed proxy must be transmitted so that they are received by Share Registrars Limited (ID 7RA36) by 3.00 p.m. (UK time) on 21 May 2021 (or, if the meeting is adjourned, the time that is 48 hours (excluding non- working days) before the time fixed for the adjourned meeting). For this purpose, the time of receipt will be taken to be the time (as determined by the time stamp applied to the message by the CREST Applications Host) from which the issuer’s agent is able to retrieve the message by enquiry to CREST in the manner prescribed by CREST. Any change of instructions to proxies appointed through CREST should be communicated to the appointee through other means. CREST members and, where applicable, their CREST sponsors or voting service providers should note that Euroclear UK & Ireland Limited does not make available special procedures in CREST for any particular message. Normal system timings and limitations will, therefore, apply in relation to the input of CREST proxy instructions. It is therefore the responsibility of the CREST member concerned to take (or procure the taking of) such action as shall be necessary to ensure that a message is transmitted by means of the CREST system by any particular time. In this connection, CREST members and, where applicable, their CREST sponsors or voting service providers are referred, in particular, to those sections of the CREST Manual concerning practical limitations of the CREST system and timings. The Company may treat a CREST Proxy Instruction as invalid in the circumstances set out in Regulation 35(5)(a) of the Uncertificated Securities Regulations 2001.Notice of AGM CONTINUED70CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 7030534-Crossword-Cybersecurity-AR2020.indd 7026-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial Statements6. The Company has specified that only those members entered on the register of members at 3.00 p.m. on 21 May 2021 shall be entitled to vote at the meeting in respect of the number of ordinary shares of 5 pence each in the capital of the Company held in their name at that time. Changes to the register after 3.00 p.m. on 21 May 2021 shall be disregarded in determining the rights of any person to attend and vote at the meeting.7. Resolution 2 and 3 – Article 90.2 of the Company’s Articles of Association require that a director of the Company who held office at the time of the two preceding annual general meetings and who did not retire at either of them must offer themselves for re-appointment at the next Annual General Meeting. In addition both Gordon Matthew and David Stupples both retire in accordance with Article 90.2 and have chosen not offer themselves for re-election. Therefore both Gordon Matthew and David Stupples will retire from the Board at the conclusion of the Annual General Meeting.8. Resolution 5 - The Company presently has 5,761,890 ordinary shares of 5 pence each in issue. Approval is sought from the Shareholders for the reorganisation of the Existing Ordinary Shares of the company, by way of a sub-division of shares. The Board considers it desirable to effect the capital reorganisation as it believes that the existing share capital structure is not appropriate, as the high value of shares in issue combined with the market value of the Company is thought to result in reduced liquidity in the Company’s shares. The Board considers the capital reorganisation to be in the best interests of the Company and its shareholders as a whole (“Shareholders”), as it believes that the capital reorganisation should improve the market liquidity of and trading activity in the Company’s shares and attract new investors. The timetable for the sub-division is as follows:- Record Date of Sub-division 25 May 2021 Results of AGM announced through RNS 25 May 2021 Commencement of Dealing 26 May 2021 CREST Accounts Credited 26 May 2021 Anticipated date of dispatch of definitive share certificates in respect of New Shares On or around 10 June 2021 Upon completion of the sub-division timetable the resulting share capital will be 57,618,900 ordinary shares of 0.5 pence each.9. Resolution 6 – As required by the Act and subject to the passing of Resolution 5, this resolution, to be proposed as an Ordinary Resolution, relates to the grant to the Directors of authority to allot unissued Ordinary Shares until the conclusion of the Annual General Meeting to be held in 2022, unless the authority is renewed or revoked prior to such time. If approved, this authority is limited to a maximum of 19,206,300 Ordinary Shares. This represents one-third of the newly sub-divided issued share capital of the Company.10. Resolution 7 – Subject to the passing of Resolution 5, the Act requires that if the Directors decide to allot unissued Ordinary Shares in the Company the shares proposed to be issued be first offered to existing shareholders in proportion to their existing holdings. This is known as shareholders’ pre-emption rights. However, to act in the best interests of the Company the Directors may require flexibility to allot shares for cash without regard to the provisions of Section 561(1) of the Act. Therefore this resolution, to be proposed as a Special Resolution, seeks authority to enable the Directors to allot equity securities up to a maximum of 19,206,300 Ordinary Shares. This authority expires at the conclusion of the Annual General Meeting to be held in 2022 and represents one third of the newly sub-divided issued share capital. Although the Company currently has no plans to raise capital in the near term, the Board has resolved to seek a higher authority than in previous years (20%) in order to give it greater flexibility to take advantage of favourable market conditions should the opportunity arise. 11. Resolution 8 – This resolution is being proposed in order to adopt amended articles of association, a copy of which can be found on the Company’s website at https://www.crosswordcybersecurity.com. The amendments relate to shareholder meetings and are intended to provide sufficient flexibility to ensure that general meetings can continue to be held effectively in circumstances where attendance at physical meetings is limited or prohibited for reasons outside the Company’s control. The changes would allow for general meetings to be held partly through electronic facilities (hybrid general meetings) but do not allow the Company to hold wholly virtual general meetings without a physical location for shareholders to attend. The remaining changes are to bring the articles up to date with current legal requirements and best practice.71www.crosswordcybersecurity.com30534-Crossword-Cybersecurity-AR2020.indd 7130534-Crossword-Cybersecurity-AR2020.indd 7126-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V11Shareholder Notes72CROSSWORD CYBERSECURITY PLC Annual Report and accounts 202030534-Crossword-Cybersecurity-AR2020.indd 7230534-Crossword-Cybersecurity-AR2020.indd 7226-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V11Strategic ReportGovernanceFinancial StatementsCompany InformationDIRECTORSSir Richard Dearlove (Chairman) T Ilube (CEO)Dr D Secher Professor D Stupples A GueritzG Matthew R Anderson M DowdREGISTERED NUMBER08927013REGISTERED OFFICE60 Gracechurch Street London EC3V 0HRINDEPENDENT AUDITORMHA MacIntryre Hudson Chartered Accountants & Statutory Auditors 6th Floor 2 London Wall Place London EC2Y 5AUNOMADGrant Thornton LLP 30 Finsbury Square LondonEC2P 2YUCORPORATE BROKERHybridan LLP 20 Ironmonger Lane London EC2V 8EPwww.crosswordcybersecurity.com7330534-Crossword-Cybersecurity-AR2020.indd 330534-Crossword-Cybersecurity-AR2020.indd 326-Apr-21 12:48:27 PM26-Apr-21 12:48:27 PM 30534 26 April 2021 12:46 pm V11CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2020 Crossword Cybersecurity PLC60 Gracechurch Street, London EC3V 0HRe: info@crosswordcybersecurity.com twitter: @crosswordcyber t: +44 (0) 20 8973 235030534-Crossword-Cybersecurity-AR2020.indd 330534-Crossword-Cybersecurity-AR2020.indd 326-Apr-21 12:47:13 PM26-Apr-21 12:47:13 PM
Continue reading text version or see original annual report in PDF format above