C
C
R
R
O
O
S
S
S
S
W
W
O
O
R
R
D
D
C
C
Y
Y
B
B
E
E
R
R
S
S
E
E
C
C
U
U
R
R
I
I
T
T
Y
Y
P
P
L
L
C
C
A
A
n
n
n
n
u
u
a
a
l
l
R
R
e
e
p
p
o
o
r
r
t
t
a
a
n
n
d
d
a
a
c
c
c
c
o
o
u
u
n
n
t
t
s
s
2
2
0
0
2
2
1
1
ANNUAL REPORT AND ACCOUNTS
for the year ended 31 December 2021
30826
19 April 2022 2:21 pm
V8
�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
Crossword Cybersecurity PLC is the
parent company of the Crossword group
of companies which focuses on the
cyber security sector.
Crossword’s vision is to partner
with organisations to keep them
secure in the digital world. The
Group reduces cyber risks for their
clients by providing a portfolio of
innovative products and services,
powered by university and other
research-driven insights.
Crossword Cybersecurity plc
focuses on the development
and commercialisation of cyber
security and risk management-
related software and cyber security
consulting. The Group’s specialist
cyber security product development
and software engineering teams
develop the concept into a fully-
fledged commercial product that
it will then take to market. The
Group has built up a portfolio of
revenue-generating, intellectual
property-based, cyber security
products. Rizikon Assurance,
Crossword’s leading product,
is a SaaS platform that enables
companies of all sizes to assess
and manage all risks from their
suppliers. Nixer CyberML is a
new tool for businesses that
want to solve advanced security
and cybercrime problems, such
as detecting and dealing with
compromised accounts, fraud, and
in-application denial of service
attacks. Identiproof, Crossword’s
third product, is the World Wide
Web Consortium (W3C) verifiable
credentials compatible middleware
and wallet technology. Trillion™
and Arc are the latest additions
to Crossword’s product suite,
offering some of the strongest
and most advanced credential
leak monitoring services in the
market. Crossword’s team of
expert cyber security consultants
leverages years of experience in
national security, defence and
commercial cyber intelligence
and operations to provide bespoke
cyber security consulting advice
tailored to its clients’ business
needs, including threat monitoring
using Nightingale, the world class
platform.
SERVICES
CYBERSECURITY
CONSULTING
Crossword has a full-service
cyber security consulting
team that provides strategy,
assessment and risk
management services.
NIGHTINGALE
SECURITY
MONITORING
A comprehensive security
monitoring service which
brings together multiple
facets and services to identify
organisational assets,
users, traffic, networks and
endpoints, to mitigate the
threats and vulnerabilities an
organisation faces.
�CONTENTS
Strategic report
Financial Highlights
Chairman’s Statement
Chief Executive Officer’s
Statement
Performance Review
Section 172(1) Statement
Corporate Social
Responsibility
Principal Risks &
Uncertainties
Governance
The Board
Corporate Governance
Report
Directors’ Report &
Statement of Directors’
Responsibilities
Financial statements
02
03
04
06
07
08
10
18
23
35
Independent Auditor’s Report
38
Consolidated Statement of
Comprehensive Income
Statements of Financial
Position
Statements of Changes in
Equity
Statements of Cash Flows
Notes to the Financial
Information
Notice of AGM
Company Information
44
45
46
47
48
72
76
Identiproof enhances the security
and privacy of your digital
credentials
Using the W3C standard for Verifiable
Credentials and advanced cryptography,
Identiproof makes it easier than ever
to create, manage and authenticate
identities online, reducing the risk of
fraud and identity theft, while ensuring
that the individual’s privacy is protected.
TRILLION™
Managed Service Providers keep
their customers’ infrastructure
protected with Trillion™
Trillion™ is the Breached Account
Mining platform that continuously
tracks, correlates and analyses billions
of stolen usernames and passwords,
hunting for Digital Identities that could
belong to your customers.
ARC
Account protection for
eCommerce platform owners
Arc is a service which enables your
customer facing authentication
services to query, in real time, for
access attempts, using username
and password pairs already known to
criminals – so you can instantly step in
and avoid losses.
PRODUCTS
Rizikon Assurance helps
organisations take control
of Supplier Assurance and
Supply-chain Risk Management
• Secure online Questionnaires in
your own branded portal
• Audit trails on all answers
• 360-degree Supplier Scorecards
• Dashboard of the risk across
all suppliers and a host of other
features
• Use our standard Cyber Security,
GDPR, Modern Slavery, General
On-boarding, Anti-bribery &
corruption, COVID-19, National
Minimum Wage, and Equality &
Diversity questionnaires or create
your own using our Question-set
Editor
• Creditsafe integration
• Darkbeam instant digital risk
audit integration
Detect and Mitigate Credential
Attacks with Nixer CyberML
Nixer can stop your users from using
breached passwords and intelligently
protect your applications from
Credential Stuffing attacks without
killing usability.
Find out more about how integrating
Nixer’s open source Java plug-in
can protect your applications from
Credential Attacks.
www.crosswordcybersecurity.com
01
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
Highlights
2021 FINANCIAL
2021 OPERATIONAL HIGHLIGHTS
HIGHLIGHTS
£2.3m
2021 REVENUE*
* INCLUDES GRANT INCOME
56%
PRODUCT AND SERVICES
REVENUE GROWTH
ARR
DOUBLED
43%
REVENUE
GROWTH
£1.6m
EQUITY FUND RAISE
FEB 2021
£5.0m
EQUITY FUND RAISE
JULY 2021
• Rizikon users grew to over 500 by the
end of 2021.
•
Integrated DarkBeam’s real-time
cyber risk audits into Rizikon,
significantly enhancing its functionality.
• New distribution partners for Rizikon.
• Completed grant-funded feasibility
study with Liverpool John Moores
University to investigate the
underlying problems and causes
of failures in supply chain risk and
assurance.
• Conceived of, designed, architected
and market-tested a completely new
product in the privacy governance
space, called PRC, for the University
of Glasgow.
• The IASME Consortium Limited
commenced using Rizikon to deliver
its Counter Fraud Fundamentals
Certification. This is as well as
delivering its Internet of Things
security certification, and was followed
early in 2022, by IASME choosing
Rizikon to deliver its Counter Fraud
Fundamental certifications.
• Consulting secured two more FTSE250
clients.
• Busiest penetration testing year.
• Crossword Cybersecurity LLC was
formed in the Sultanate of Oman, 90%
owned by Crossword Cybersecurity
Plc with the remaining 10% owned by
Al Rawahy Holdings LLC. Crossword
Cybersecurity LLC will be the
exclusive third-party distributor of
Crossword’s existing and future cyber
security products, including Rizikon.
Crossword’s full range of cyber
security services will also be made
available – helping companies in the
region improve their cyber security
posture to achieve best practices with
the latest solutions.
• Crossword acquired two companies,
Stega UK Limited and Verifiable
Credentials Limited, and in March
2022 have acquired Threat Status
Limited, a threat intelligence company,
resulting in the acquisition of three
companies within 12 months.
• With Stega UK Limited, Crossword
acquired a brilliant team and
managed security services platform,
Nightingale, with a new set of
customers and are already selling
these new services into the Consulting
client base.
• With the acquisition of Verifiable
Credentials Limited, IdentiProof was
added to the product portfolio.
• Refreshed the Board with the
appointment of Dr Robert Coles
and Tara Cemlyn-Jones, and we
strengthened our Advisory Board with
two leading industry CISOs, Alison
Dyer of Urenco, taking over as Chair,
and Naina Bhattacharya of Danone.
• Share split where each Ordinary Share
of 5p was sub-divided into 10 new
ordinary shares of 0.5p. The capital
reorganisation aimed to improve the
market liquidity of and trading activity
in the Company’s shares and attract
new investors.
• Crossword’s team grew from 37 to 60
during 2021, a 62% increase in team
size.
• Great progress on gender diversity
with the Board being 37.5% women
and Advisory Board at 50:50 parity.
The Women at Crossword Group was
established and has met 3 times
covering an interesting range of topics
and speakers.
• Office move in London from Richmond
to a new Waterloo office which since
then has been expanded to provide
capacity to cope with the evergrowing
team.
• Looked after our health and well-
being in many ways, including online
yoga classes, a Wellness Week and
post-COVID-19, the re-establishment
of the social committee who organised
several enjoyable events.
• Thought about people other than
ourselves. In Krakow, the team
supported the incredible Noble Box
charity again this year delivering
amazing gifts to a chosen family
and since we started working with
SPEAR, the homelessness charity, the
London team have raised over £6,500
and donated clothes and furniture
to SPEAR. We also joined a salary
sacrifice for vaccinations scheme to
support roll-out of vaccines to areas in
need worldwide.
02
�Chairman’s Statement
Management and staff are to be
congratulated on achieving 43% revenue
growth in 2021, as the economy emerged
gradually from a very tough period. We
look forward to continuing to build value
for shareholders in the year ahead.”
SIR RICHARD DEARLOVE
KCMG OBE
13 April 2022
STRONG GROWTH
AS THE ECONOMY
EMERGES FROM THE
PANDEMIC
As the world emerged slowly from
the challenging pandemic period,
Crossword continued to progress
rapidly with our strategy of building a
significant intellectual property-based,
AIM quoted cyber security business.
By the end of 2021, Crossword had
grown revenue including Grant Income
by a very healthy 43%. 2022 has started
positively, and the company is confident
of achieving growth of circa 75% in the
coming year. Rizikon now has over 500
organisations using the platform, we
have integrated two acquisitions and
our first-class specialist cyber security
consulting team is building on its major
client relationships.
Management and staff are to be
congratulated on achieving 43%
revenue growth in 2021, as the economy
emerged gradually from a very tough
period. We look forward to continuing to
build value for shareholders in the year
ahead.
A series of smart acquisitions
During 2021, Crossword continued
to expand its product portfolio and
www.crosswordcybersecurity.com
accelerate growth through a series
of targeted acquisitions. Crossword
acquired Verifiable Credentials Limited
in the first half of the year and Stega
UK Limited in the second half. The
company also signed a head of terms to
acquire a cyber threat company, Threat
Status Limited, in December and the
transaction completed in March 2022.
Robust Governance
We strengthened the Group Balance
Sheet in 2021 by completing two equity
fund raises, with significant shareholder
support and new investors coming on
board. We completed a £1.6m fundraise
early in the year followed by a £5m
raise in July. We would like to thank our
shareholders for their support as we
build for the future.
We were delighted to welcome aboard
two new Board members, Dr Robert
Coles and Tara Cemlyn-Jones, at the
AGM. Once again, I would like to take
this opportunity to thank Dr David
Stupples and Gordon Matthew for their
invaluable contributions as they retired
from the Board.
The Board maintains a robust
framework of controls and high
standards, enabling the company to
adapt quickly and securely in a way that
safeguards our stakeholders longer-
term interests. The Board continues
to adhere to the Quoted Companies
Alliance Corporate Governance Code
(the ‘QCA Code’) in line with the London
Stock Exchange’s requirement for
all AIM listed companies to adopt a
recognised corporate governance code.
The Chairman’s Corporate Governance
Statement on page 23 of this report
provides further details.
Significant growth in 2021, set to
accelerate in 2022
The last year has been one of rapid
growth once again as we emerge from
the worst of the pandemic. Crossword
is well set for faster growth in 2022. We
have experienced leadership, an expert
cyber security team and a strong set of
best-in-class cyber security products
and services to offer in the fast-growing
cyber security market.
Our diverse and committed team of
employees has performed remarkably
during this period and I would like to
acknowledge them all. Crossword’s
core values of responsibility, openness,
flexibility and learning underpin
everything we do and will enable our
company to accelerate in 2022 and
beyond.
SIR RICHARD DEARLOVE
KCMG OBE
13 April 2022
03
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�Chief Executive Officer’s Review
I am incredibly pleased with the progress Crossword made in
2021, achieving 43% total revenue growth, and 56% growth in
our product and services revenue. We expanded our product
portfolio with the addition of Identiproof, our services offering with
the addition of Nightingale, and our geographical reach with the
opening of our Oman office. We were delighted to welcome new
institutional investors in our February and July 2021 fund raises
and are appreciative of the ongoing support of our shareholders.
We have welcomed the teams from Stega UK Ltd and Verifiable
Credentials into the Crossword fold during 2021, and the team
from Threat Status Ltd in March 2022. Crossword employees
continue to embody our culture and values of responsibility,
openness, flexibility and learning.”
TOM ILUBE
CBE
13 April 2022
It is my pleasure, as Chief Executive
Officer, to present the Annual Report
and audited accounts for Crossword
Cybersecurity Plc (‘Crossword’ or
the ‘Company’ or the ‘Group’) for the
financial year ended 31 December 2021.
Crossword grew strongly in 2021, as the
economy and wider society started to
emerge from the pandemic albeit with
stops and starts along the way. Overall,
the business grew by an impressive
43% through the year.
In the period under review, product
and services revenue (including
Grant Income) grew by 56% over the
comparative period. The Group revenue
growth of 43% includes software
development services to related party
which has now discontinued. We were
particularly pleased to see consulting
services recurring revenue increase by
almost 100% over the prior year.
Despite the pandemic reaching new
heights and negatively impacting the
economy worldwide, the field of cyber
security experienced high demand and
demonstrated its resilience with another
consecutive record year of investment
in cyber security firms. Crossword’s
products and services have seen a
growing demand throughout 2021
leading to another successful year of
operations. According to the UK Cyber
Security Sectoral Analysis 2022, the
UK remains the largest cyber security
market in Europe with a total revenue of
£10.15bn, which represents growth of
14% from last year’s figure (£8.9bn). The
UK maintained its spot as the biggest
exporter of cyber services in Europe,
increasing its exports from £3.9bn
to £4.24bn.
Going into 2021, after a tough period the
previous year due to the pandemic, the
Executive team was determined to make
solid progress in building the business.
We decided to accelerate our growth and
enhance our product portfolio through
a series of tactical acquisitions, and we
successfully completed two transactions
during the year. The first was Verifiable
Credentials Limited which has been
assigned intellectual property from the
University of Kent, adding its product
‘Identiproof’ to our product portfolio.
Identiproof addresses the growing
‘digital credentials’ market whereby tens
of millions of physical certificates (such
as academic certificates, insurance
documents, health certificates and many
others) will be converted into digital
certificates that need to be verified to
confirm their authenticity. Identiproof
was created by Professor David
Chadwick, an acknowledged expert and
co-author of the global W3C standard in
the digital credentials field, who joined
Crossword’s team.
The second, Stega UK Limited, the
threat intelligence and monitoring
company that is particularly strong in
the financial services and hedge fund
sector, added significant technical
expertise, in-depth cyber threat data
and thirty new clients, bringing our
revenue generating services client
base to over 100 organisations. We also
signed a heads of terms for our third
acquisition, Threat Status Limited, a
threat intelligence company, that we
completed in March 2022. Following the
acquisition of Threat Status Limited,
products Trillion™ and Arc will be
incorporated into Crossword’s product
suite, completing our aim of having five
products in the market by the end of
2022.
Rizikon, Crossword’s leading product,
continued to make strong progress
as we rolled it out to a wide range of
clients, driven by our membership
body programme. Our agreement to
launch Rizikon to the 10,000 Chartered
Institute of Information Security
members resulted in great take-up.
We also signed up a number of other
membership organisations. As a result,
we ended 2021 with more than 500
organisations using Rizikon, either in
trials or contracted. We also enhanced
the product by integrating Darkbeam
cyber risk audits into Rizikon.
04
�of 260 pence per share. In May, we
competed a 10:1 share split to support
liquidity and following the share split,
we raised £5m at a price of 30 pence
in July 2021. I was delighted with the
level of support from our existing
shareholders through this period and
was very pleased to welcome several
major new shareholders.
At our AGM in May 2021, we welcomed
two new Board members, Dr Robert
Coles and Tara Cemlyn-Jones.
Robert was lead partner for KPMG’s
Information Security consulting
business prior to moving into industry
where he held a number of CISO
positions at large corporations
including GlaxoSmithKline. Robert
previously chaired Crossword’s
Advisory Board and continues to chair
our consulting business. Tara has 28
years experience in financial services
with specialist knowledge of capital
markets, M&A, strategy and digital
transformation. We would like to thank
Dr David Stupples and Gordon Matthew
for their excellent contribution over the
years as they retired from the Board at
the AGM.
As Crossword continues to grow and
mature as an organisation, a keen
focus is kept on our wider stakeholder
and social responsibilities. Our Polish
team reacted quickly to the suffering
of Ukrainians evacuating to Poland,
putting a donations scheme in place,
and sharing experiences with the whole
group. Crossword is considering the
BCorp accreditation, as we believe
that this will provide external parties
with confidence that Crossword holds
itself to high standards in relation
to stakeholders, in areas such as
governance, employees, community,
environment and customers.
I want to close by thanking all those
who helped Crossword accelerate
through a tricky year which ended
with an excellent result. As we look
forward, 2022 looks incredibly exciting
for Crossword. We are aiming for 75%
revenue growth across the Group and
with Crossword’s outstanding team and
our culture of responsibility, openness,
flexibility and learning, I am confident
that we will achieve our goals.
TOM ILUBE
Chief Executive Officer
13 April 2022
Our R&D team, who work closely with
universities on cyber risk intellectual
property-based product ideas,
completed a revenue generating
project with the University of Glasgow
on privacy governance software. They
also completed an Innovate UK-funded
project to investigate Manufacturing
Supply Chain Risk with Liverpool John
Moores University and a number of
industry partners. Concepts generated
by this project will be used to enhance
Rizikon over the coming year.
Crossword’s Consulting division
continued to secure projects with major
FTSE, mid-market and fast-growing
entrepreneurial companies. We are
particularly pleased that our consulting
services division has secured a good
mix of vCISO revenue contracts,
which will deliver recurring revenue
through 2022 and beyond. vCISO is a
virtual/remote CISO (Chief Information
Security Officer) service, provided by
Crossword Consulting cyber security
experts at a fraction of the cost of an
in-house CISO. Crossword services
recurring revenue, strengthened by the
acquisition of Stega UK Ltd, increased
by almost 100% over the prior year.
Following consulting and market
research projects carried out in the
region in 2020, Crossword established
an Oman subsidiary, in partnership
with Al-Rawahy Holdings, a significant
Omani Group with extensive interests
across the Gulf region. Our subsidiary,
Crossword Cybersecurity LLC, will be
the exclusive third-party distributor of
Crossword’s existing and future cyber
security products, including Rizikon.
Our full range of products and services
will be made available across the
region to help organisations improve
their cyber security posture.
On the corporate front, Crossword
strengthened its balance sheet,
completing a £1.6m equity fundraise in
2021 through a placing and subscription
of Crossword Ordinary Shares at a price
05
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Performance Review
FINANCIAL REVIEW
Financial Position
Crossword Cybersecurity plc finished
the year with a cash balance of £3.4m.
Results
2021 income (including grant income
£152k) was £2.3m; an increase of £696k,
43% on the prior year. The planned
termination of the one remaining
software development contract resulted
in a 39% reduction in development
revenue and a 56% increase in
product and services (consulting and
Nightingale) revenue, Crossword’s core
offerings. The shape of the revenue has
changed over the previous years; in
2018, software development accounted
for 38% of revenue, reducing to 6% in
2021. In 2021, product income (including
grant income £152k) grew by 268%
(2020: 95%) and accounted for 22%
(2020: 8%). Services income grew by
33% (2020: 35%) and accounted for 72%
(2020: 78%).
Total comprehensive loss for the year
was £2.46m.
Total cost of sales and administrative
expenses increased by £1.3m in 2021
compared to 2020. The increase is
primarily driven by the increase in
staff with full-time equivalents (“FTE”)
increasing by 74% compared to the
closing FTE at the end of 2020. Organic
FTE growth was 48%, with the balance
driven by the two acquisitions during the
year, Stega UK Limited (“Stega”) and
Verifiable Credentials Limited (“VCL”).
In 2021, Crossword continued to invest
in sales and marketing, and product
development, which are the areas which
saw the largest FTE growth.
An increase in professional fees in 2021
was driven by two equity fundraises,
two acquisitions and the opening of an
overseas company in Oman.
Crossword completed a £1.6m equity
fundraise in February 2021 through a
placing and subscription of Crossword
ordinary shares at a price of 260 pence
per share. In May, 10:1 share split to
support liquidity was completed and,
following the share split, a £5m equity
fundraise at a price of 30 pence in July
2021 was completed.
In May 2021, Crossword acquired the
whole of the share capital of VCL, the
provider of Identiproof™, the World
Wide Web Consortium (“W3C”) verifiable
credentials compatible middleware
and wallet technology. In August
2021, the acquisition of the whole of
the share capital of Stega, the threat
intelligence and monitoring company,
was announced. This acquisition brought
the additional capability of threat
intelligence and monitoring services,
using its sophisticated in-house
platform, Nightingale.
Consultancy cost increases were a result
of the requirement to use third-party
providers to deliver consulting revenue
due to a shortage of internal capacity.
The gain on revaluation of financial
assets reflects the fair value of shares
held.
Cashflows
Net cash inflows of the Group in 2021
were £2.4m. Excluding proceeds from
issue of loan notes and cash paid for
acquisitions, net cash outflows of the
Group were £3.3m (2020: £1.6m).
Taxation
The Group continues to claim research
and development tax credits, with £206k
accounted for in 2021 (2020: £210k).
KPIS
Average product and services revenue per client
Number of product and services clients
120
100
80
60
40
20
0
2017
2018
2019
2020
2021
2017
2018
2019
2020
2021
£25,000
£20,000
£15,000
£10,000
£5,000
£0
06
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�Section 172(1) Statement
The Company has complied with the requirements of s414CZA of the Companies Act 2006 by including certain information
within the Strategic and Governance Reports, that informs members of the Company how the Directors have considered the
matters set out in section 172(1)(a) to (f) of the Companies Act 2006 when performing their duty under section 172 to promote
the success of the Company. The following table outlines where the key content as required by the regulations can be found in
this report.
Matters considered by the Board
Where to read more in this Annual Report
The likely consequences of any decision in the long term
The interests of the Company’s employees
The need to foster the Company’s business relationships with
suppliers, customers and others
Strategic Report on page 02
Corporate Governance Report on page 23
Directors Report on page 35
Corporate Social Responsibility on page 08
Corporate Governance Report on page 23
Corporate Governance Report on page 23
The impact of the Company’s operations on the community
and the environment
Corporate Social Responsibility on page 08
Corporate Governance Report on page 23
The desirability of the Company maintaining a reputation for
high standards of business conduct
The need to act fairly as between members of the Company
Performance Review on page 06
Strategic Report on page 02
Corporate Governance Report on page 23
Corporate Governance Report on page 23
Directors Report on page 35
07
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
Corporate Social Responsibility
I believe every employee will affirm
this; Crossword Cybersecurity is an
exceptional company that truly cares.”
OMOLOLA ADEYEMI
Technical Product Associate
ENVIRONMENTAL,
SOCIAL & GOVERNANCE
As Crossword continues to grow and
mature as an organisation, a keen focus
is kept on our wider stakeholder and
social responsibilities. Crossword is
considering the BCorp accreditation.
Certified B Corporations, or B Corps, are
companies verified by B Lab to meet high
standards of social and environmental
performance, transparency, and
accountability. We believe that this
accreditation will provide external
parties with confidence that Crossword
holds itself to high standards in relation
to stakeholders, in areas such as
governance, employees, community,
environment and customers.
Crossword recognises that we have
a responsibility to manage our
environmental impacts carefully,
including meeting all legal and
regulatory requirements. We
are committed to reducing our
environmental impact and continually
improving our environmental
performance as an integral part of
our business strategy and operating
methods, with regular review points.
We will encourage customers, suppliers
and other stakeholders to do the same.
At Crossword, we value the people and
we believe our greatest strength is a
good team of experts.
We aim to make progress on gender
diversity with the Board being 37.5%
women and Advisory Board at 50:50
parity. The Women at Crossword Group
was established during 2021 and has
met 3 times covering an interesting
range of topics and speakers.
Our culture
Our culture is that distinct differentiator
which drives our decisions and actions.
We are energetic, agile and passionate
about the quality of work we deliver.
We encourage responsibility early in the
lifecycle of an employee’s career, along
with which comes valuable learning.
We make sure we have fun while
doing our work and look out for each
other by being open, transparent and
flexible to adapt to each other’s needs
and the needs of our customers and
stakeholders. The Board is committed
to promoting a strong ethical and
values-driven culture throughout the
Company and has a people- oriented
ethos where hard work and
commitment is recognised.
The benefit of experience
The make-up of our team gives us
something unique to offer. It’s rare
to find such richness of leadership
experience in a small organisation
and the advantage of our size is that
our leadership team are present,
accessible and engaged with the whole
team. Employees will get to know
the leadership well and our staff tell
us time and time again that they find
this level of exposure invaluable in
developing their own knowledge and
business acumen.
In 2021, we looked after our health
and well-being in many ways, including
with online yoga classes,
a Wellness Week and post-COVID-19,
the re-establishment of the Social
Committee who organised several
enjoyable events. A Mental Health First
Aider was appointed to provide support
where required. We have a ‘Balance’
channel on Slack, which is a dedicated
space to bring interesting articles,
blogs, websites and general content
about Mental Wellbeing.
Our Mental Wellbeing Policy outlines
our provisions to prevent and address
mental health issues among our
employees. Mental Health is just as
important as physical health. Mental ill
health may be detrimental to a person
as it impacts happiness, productivity,
and collaboration.
Crossword in the UK has an Employee
Assistance Programme (EAP) which
includes a wealth of resources like
confidential health assessments, online
resources, and telephone support.
08
�Company values
Flexibility
We adapt to changing needs and empower our employees with the trust and autonomy they
need to deliver high quality work.
Learning
We promote continuous learning culture and believe that knowledge and competence drives
performance and growth of the individual and organisation.
Responsibility
We take the ownership to demonstrate a high standard of work as we are personally
responsible for the work we deliver.
Openness
We encourage openness between all employees and with clients, we are inclusive adaptive
collaborative, and committed to accepting people from diverse backgrounds.
More reasons to join us
Leadership
support
Asking for help and support is celebrated and highly encouraged at Crossword. The support can
be available in the form of Mentoring, knowledge sharing and we also have a ‘Buddy system’ for
new starters. The Executive team is committed to their team’s professional development.
Great working
environment
We strive to better the employee experience by providing proper work equipment and also
through workplace engagement surveys which encourage open communication and feedback.
Our offices are modern and equipped with kitchen and shower facilities, coffee machines and
breakout spaces.
Inclusivity &
Diversity
Work-life
balance
Our collective strength is in our individual uniqueness and the range of experiences we can
bring to the table. When we recruit, we don’t look for a ‘Culture fit’, to fit any specific but
rather what the person brings, but Our culture is extremely collaborative and adapts to cater
to the needs of our biggest asset – our people!
We are focused on achievements at work, not how long you spend in the office. We believe in being
agile and adapt to work around employees’ commitments and working styles. We prioritise our
employees’ mental well-being above everything else. All employees are encouraged to take timely
breaks to spend time doing what they love and pursue their recreations.
Some of the initiatives which highlight the elements of our culture are as follows:
• Employee Engagement through our Corporate Social
• Excellent communication channels like Slack, Google
Responsibility initiative drives a common goal and brings
employees together for a higher purpose. We have
partnered with SPEAR, a local charity in Richmond, to
raise funds and help the homeless. Our Krakow office
employees carry out philanthropic initiatives every year to
help the disadvantaged and needy.
• We also have other interesting employee engagement
events like our company away days, social events, lunch
Mondays, etc.
Meet, virtual fortnightly coffee mornings allow for an easy
flow of communication.
• Flexible and family-friendly policies which enable an
enviable work environment.
• Open recognition initiatives as well as a 5-year
Long Service Award to acknowledge hard work and
commitment to the business.
09
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com
�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
Principal Risks
and Uncertainties
The Board has overall responsibility for ensuring
that risk is appropriately managed throughout
the business.
The Board is aware of the need to conduct regular risk
assessments to identify any deficiencies in the controls
currently operating over all aspects of the Company.
Risks to the achievement of strategic objectives are identified
by the Executive. The degree of risk is evaluated by reference
to the impact and probability of the risk, considering inherent
and residual risk. The Executive considers the nature and
extent of the risks, the threat of such risks becoming reality,
the ability to reduce the incidence and impact on its business
if the risk materialises, and the costs and benefits resulting
from operating relevant controls.
A Risk Register is prepared and regularly reviewed by
the Executive, and shared with the Audit Committee for
independent review and robust challenge. The Risk Register
includes a plan for mitigation of risks above the risk appetite
of the business.
RISKS RELATING TO THE GROUP AND THE
INDUSTRY IN WHICH IT OPERATES
1
2
INTELLECTUAL
PROPERTY ACQUISITION
AND DEVELOPMENT
Crossword acquires intellectual
property (IP) rights from universities
via licensing, IP transfer arrangements
and acquisitions, and then develops this
IP into commercial products. Failure
to secure good quality IP deals, and to
quickly and appropriately meet new
cyber security challenges, will make it
difficult for the Group to generate new
products.
The success of this strategy depends
on the ability of Crossword to source
suitable IP and use its expertise in
business management, marketing
and product development to build
solutions attractive to its potential
customer base. Ultimately, Crossword
will only succeed if it is able to acquire
design, develop and sell new software
solutions in a timely fashion that deliver
operational reliability and effectiveness.
TECHNOLOGICAL
CHANGES
Generally, product markets are
exposed to rapid technological change,
changes in use, changes to customer
requirements and preferences, and
services employing new technologies
and the emergence of new industry
standards and practices. The Group
operates in a market with such
changes, which have the potential to
render the Group’s existing technology
and products obsolete or uncompetitive.
To remain competitive, the Group
must ensure continued product
improvement, and the development
of new markets and capabilities
to maintain a pace congruent with
changing technology.
This added strain may stretch the
Company’s capital resources, which
may adversely impact the revenues
and profitability of the Company. The
Company’s success is dependent on
the ability to effectively respond and
adapt to technological changes and
changes to customer preferences.
There can be no assurance that the
Company will be able to effectively
anticipate future technological changes
or changes in customer preferences.
Furthermore, there is also no
assurance that the Company will
have sufficient financial resources to
effectively respond in a timely manner
if such a change is anticipated.
10
10
�3
4
REPUTATIONAL
RISKS
COMPETITION
As a cyber security company,
Crossword is very conscious of its
external reputation. If the Group
is compromised as a result of a
cyber incident, it would impact its
clients’ confidence. Crossword has
an experienced cyber security expert
acting as its Chief Information Security
Officer (CISO) and a strong technical
team who actively seek to mitigate
threats. Nonetheless, should an event
take place which adversely affects
the reputation of the Group, its future
prospects and value could suffer.
There is no guarantee against new
entrants or current competitors
providing superior technologies,
products or services to the market.
There is no certainty that new entrants
or current competitors will not provide
equivalent products for a lower
price. The Company may be forced
to make changes to one or more of
its products or to its pricing strategy
to effectively respond to changes in
customer preferences in order to
remain competitive. This may impact
negatively on the Company’s financial
performance.
The Group’s consulting division
operates in an environment that
includes large international accounting
firms and consultancies and a number
of smaller niche players.
There are very low start-up costs for
any new entrant into the market and
the Group cannot prevent any person or
organisation from seeking to compete
with it. There is a risk that an existing
competitor or a new entrant may, over
time, be able to win work from the
Group’s existing and future customers.
In addition, larger competitors may,
in the future, adopt more aggressive
expansion strategies, which could
include hiring additional experienced
consultants and changing their
business model and service offering
to one that is directly comparable to
that of the Group. This could, in theory,
result in a material loss of customers
from the Group to larger competitors
and therefore have a material adverse
impact on the financial performance of
the Group.
11
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com
�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
Principal Risks
and Uncertainties
CONTINUED
RISKS RELATING TO THE GROUP AND THE
INDUSTRY IN WHICH IT OPERATES
5
6
KEY SYSTEM FAILURE,
DISRUPTION OR
INTERRUPTION
The Company’s reliance on technology
exposes the Company to a significant
risk in the event that such technology,
or the Company’s systems, experience
damage, interruption or failure in
some form. A malfunctioning of the
Company’s technology and systems,
or those of key parties, could result
in a diminished confidence in the
Company’s services, resulting in a
consequential material adverse effect
on the Company’s operations and
results.
DEPENDENCE ON THIRD PARTIES AND
BUSINESS CONTINUITY
Key components of Crossword’s
technology platform may be dependent
on the continuing availability of a
particular supplier.
The software development environment
or data processing platforms may
become unavailable for an extended
period of time thereby disrupting
customers’ experience of Crossword’s
products and services.
Crossword’s business is at risk from
disruption of key systems and assets on
which it depends.
The functioning of the IT systems on
which it relies could be disrupted for
reasons either within or beyond its
control, including but not limited to:
accidental damage; disruption to the
supply of utilities or services; security
breaches; extreme weather events;
systems failure; or workforce actions.
There is a risk that such disruption
may materially and adversely affect
Crossword’s ability to offer services
to customers and therefore materially
and adversely affect its reputation,
performance or financial condition.
12
12
�GENERAL
BUSINESS RISKS
7
8
9
ABILITY TO RECRUIT
AND RETAIN SKILLED
PERSONNEL
The Company believes that it has
the appropriate incentive structures
and culture to attract and retain the
calibre of employees and contractors
necessary to ensure the efficient
management and development of the
Company. However, any difficulties
encountered in hiring, and retaining,
appropriate employees and/or
contractors and the failure to do so,
or a change in market conditions that
renders current incentive structures
unattractive, may have a detrimental
effect upon the trading performance
of the Company. With recognised
shortage of skilled technical people
post COVID-19, the ability to attract new
employees and contractors with the
appropriate expertise and skills cannot
be guaranteed.
FINANCIAL CONTROLS
AND INTERNAL
REPORTING
PROCEDURES
The Company’s future growth and
prospects will depend on its ability
to manage growth and to continue
to maintain, expand and improve
operational, financial and management
information systems on a timely basis,
whilst at the same time maintaining
effective cost controls. Any damage
to, failure of or inability to maintain,
expand and upgrade effective
operational, financial and management
information systems and internal
controls in line with the Company’s
growth could have a material adverse
effect on the Company’s business,
financial condition and results of
operations.
TAXATION
RISK
The Company is subject to taxation
and the application of such taxes may
change over time due to changes in
laws, regulations or interpretations by
the relevant tax authorities. The recent
proposed changes to the research and
development tax incentives may have
an adverse effect on the Company’s
results of operations.
The continuing status of the Ordinary
Shares as a qualifying holding for VCT
and/or EIS purposes will be conditional
(amongst other things) on the qualifying
conditions being satisfied throughout
the period of ownership. There can be
no assurance that the Company will
continue to conduct its activities in a
way that will secure or retain qualifying
status for VCT and/or EIS purposes.
13
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com
�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
Principal Risks
and Uncertainties
CONTINUED
GENERAL
BUSINESS RISKS
10
11
12
COUNTERPARTY
CREDIT RISK
There is a risk that parties with whom
the Company trades or has other
business relationships (including
partners, customers, suppliers,
subcontractors and other parties) may
become insolvent. This may be as a
result of general economic conditions
or factors specific to that company,
or exceptional circumstances such as
COVID-19. In the event that a party with
whom the Company trades becomes
insolvent, this could have an adverse
impact on the revenues and profitability
of the Company.
LEGAL RISK
INSURANCE RISK
Legal risks include the inability to
enforce security arrangements, an
absence of adequate protection for
intellectual property rights, an inability
to enforce foreign judgments relating to
contracts entered into by the Company
that are governed by law outside
England and Wales, absence of a choice
of law, and an inability to refer disputes
to arbitration or to have a limited choice
with regard to arbitration rules, venue
and language.
Mitigation measures for these risks
may also be limited.
There can be no certainty that the
Group’s insurance cover is adequate to
protect against every eventuality.
The occurrence of an event for which
the Group did not have adequate
insurance cover could have a materially
adverse effect on the Group’s
business, revenue, financial condition,
profitability, results, prospects and/or
future operations.
14
�13
14
15
ECONOMIC
CONDITIONS
The Group could be affected by
unforeseen events outside its control
including economic and political events
and trends, inflation and deflation or
currency exchange fluctuations. There
is likely to be global economic impact
as a result of the Ukraine crisis. The
impact is likely to include interrupted
power supply, disruption to financial
markets and higher inflation. Any
economic downturn either globally or
locally in any area in which the Group
operates may have an adverse effect on
the demand for the Group’s products
and services. A more prolonged
economic downturn may lead to an
overall decline in the volume of the
Group’s activities and sales, restricting
the Group’s ability to realise a profit.
The markets in which the Group offers
its services are directly affected by
many national and international factors
that are beyond the Group’s control.
CURRENCY
EXCHANGE RISK
The Group’s functional currency is
Sterling. One subsidiary, Crossword
Cybersecurity Sp. Z.o.o is based
in Poland, and another subsidiary,
Crossword Cybersecurity LLC, is based
in Oman. Crossword Cybersecurity Sp.
Z.o.o, where the functional currency
is zloty, accounts for approximately
11 per cent of the total costs of the
business. Crossword Cybersecurity
LLC‘s functional currency is Omani
rials, which is pegged to the US Dollar.
Exposure to this and other exchange
rates may effect the Company’s
results. The Company may consider
implementing policies to limit its
currency exposure and will consider
currency hedging instruments when
they prove to be available and cost-
effective.
GOING CONCERN RISK
The £6.6m placings in February
and July 2021, put the Company in
a strong financial position at that
time. The acquisition of Threat Status
Limited in March 2022, reduced cash
resources by £714k. In December
2022, the £1.4m convertible loan notes
mature. There is an expectation by the
Directors, based on current growth
plans, that the Company will replace
the convertible loan notes with further
debt. There is a risk that the Group
will not be able to raise cash when it is
required. This could be as a result of
poor performance within the Group or
turmoil within the markets following
COVID-19, or other economic issues
such as the Ukraine crisis.
15
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Rizikon Assurance
RIZIKON HELPS YOU STAY
ON TOP OF YOUR CYBER
SECURITY AND SUPPLY
CHAIN RISK
Rizikon is an online platform that
improves third-party assurance
and risk management, by
providing efficiency, automation
and better visibility.
You count on third party companies
to fulfil essential services for your
business. You also count on them
to protect the security of the data
and the availability of the services
with which they are entrusted. Your
customers, partners, regulators and
board count on you to keep track of
all your suppliers and continuously
monitor for security risks.
Many organisations use manual
processes for their cyber security
based supplier assessments,
sending spreadsheet, Word or PDF
questionnaires by email, but this
quickly becomes a cumbersome
manual process.
Rizikon Assurance makes it easy
to manage, assess and act on your
cyber based supply chain risks.
AUTOMATION
AND EFFICIENCY
IN YOUR CYBER
SECURITY
ASSESSMENT
PROCESS:
Create and send cyber
security questionnaires at
scale from a single online
portal
Control of all assessments
and responses in a single
place with tracking of any
changes and an audit trail
of updates
Suppliers receive
a link to an intuitive
online interface with smart
questionnaires meaning
a supplier only sees the
questions that are appropriate
to them - no more supplier
confusion
Assessments instantly
generate a report with a visual
scorecard of risk as soon as
the assessment is completed
and submitted by the supplier
Track progress, send
reminders and communicate
with your suppliers all in
one place
Flag answers to
suppliers and provide
notes, such as requests
for clarification or
additional evidence
upload
A document repository
for suppliers to upload
evidence, such as policies and
certifications which can be
tracked for expiry dates
A single heatmap view
of your suppliers based
on the results of the
assessments completed
Run non-intrusive digital
risk audits on demand to
generate a technical cyber
risk rating and to identify
indicators of weakness in
the cyber posture of your
suppliers
16
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�Customer testimonials
We continue in our mission to reduce
the cyber risks for our clients by
providing a portfolio of innovative
products and services.”
TOM ILUBE
CEO
14 March 2022
Rizikon has helped
us make our supplier
onboarding processes
more efficient, improving
the consistency of
communications with
suppliers, which has
given us insight into
new ways of reviewing
risks. NNL can manage
any query related to
the completion of
assessments securely
through this platform,
which makes the process
quicker and more
efficient, especially with
features such as credit
checks, and integration
with Dark Beam for
cyber security audits.”
VICTORIA McCONVILLE
Senior Business Analyst –
Procurement, at National
Nuclear Laboratory
All of our supplier
onboarding
communication and
management now takes
place in Rizikon. As a
result, we have halved
the time we spend on
supplier management
and made the process
easier for our suppliers.
All the information
and discussions about
questionnaires is kept
in one place and we can
clearly see when forms
were completed and by
whom, removing any
nonrepudiation risk.”
VICTOR MIHAILESCU
Head of Security at Spotlight
Sports Group
The solution developed
by Rizikon Assurance
will become one
of our key tools in
identifying, quantifying
and managing the
risk and compliance
with our suppliers and
service providers. The
customisable nature of
this system has enabled
us to focus the attention
on the areas which are of
the greatest significance
to our business.”
RICHARD JOHNSON
Leader for Procurement &
Supply Chain at Barron McCann
www.crosswordcybersecurity.com
17
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
The Board
The Directors in office during the year and at the date of this report are as shown below:
Sir Richard Dearlove
KCMG OBE
Thomas Ilube CBE
Mary Dowd
Dr Robert Coles
Non-Executive Chairman
Chief Executive Officer
Chief Financial Officer
Independent
Non-Executive Director
Appointment Date:
1 September 2016
Appointment Date:
6 March 2014
Appointment Date:
14 June 2018
Appointment Date:
25 May 2021
Skills and Experience: Sir
Richard brings to the Board
extensive experience across
government, education and
global business.
Sir Richard joined MI6 in 1966,
undertaking various overseas and
head office roles before being
promoted to Chief of the Secret
Intelligence Service in 1999. He
retired from the Service in 2004.
External Appointments: Sir
Richard is presently Chair of
Trustees of University of London,
Chairman of Ascot Underwriting
Limited at Lloyd’s of London and
a Director of Kosmos Energy, the
New York Stock Exchange listed
oil and gas exploration company.
Sir Richard is a Director of The
Cambridge Security Initiative
2017 and the Cambridge Arts
Theatre Trust Limited. He also
holds several advisory roles.
Committee Memberships: None
Skills and Experience: Robert is
a highly experienced IT Risk and
Cyber Security leader. He is the
former Chief Information Security
Officer of GlaxoSmithKline (GSK)
and of the NHS, with over 30
years’ commercial experience.
Prior to his time at the NHS,
Robert worked for GSK from
2013 and was the company’s
Chief Information Security
Officer (CISO). Before GSK,
Robert served as CISO for the
National Grid and Merrill Lynch.
Robert has extensive links with
major industry information
security networking groups and
government security agencies.
Robert is Chair of the Group’s
subsidiary, Crossword Consulting
Limited.
External Appointments:
Honorary Professor at UCL,
Governor of University of
Brighton.
Committee Memberships:
Nomination (Member)
Skills and Experience: Tom is
founder and CEO of Crossword.
Tom served as Chief Information
Officer of Egg Banking PLC,
which at the time was a
pioneering main market listed
UK internet bank. Tom chaired
the UK Government Technology
Strategy Board’s Network
Security Innovation panel. He
was a member of the High
Level Expert Group on cyber
security at the International
Telecommunication Union (ITU),
a Geneva-based UN agency.
He was awarded a Doctor of
Science (Honoris Causa) by
City, University of London, an
Honorary Doctor of Technology by
the University of Wolverhampton
and was appointed a CBE in
the 2018 Birthday Honours for
services to Technology and
Philanthropy.
External Appointments: Non-
Executive Director of WPP PLC
and Chair of the RFU. Director of
Iternal Limited, Advisory Fellow
of St Anne’s College, Oxford
and member of African Gifted
Foundation.
Committee Memberships: None
Skills and Experience: Mary was
most recently Chief Operating
Officer for Europe, the Middle
East and Africa, and previously
Chief Financial Officer at
Cordium Consulting Group
Limited, a leading provider of
governance, risk and compliance
services, with operations in
London, Hong Kong, Malta, New
York, Boston and San Francisco.
Mary brings over 20 years’
experience of working alongside
business leaders.
She has demonstrated a track
record of managing finance
teams to ensure timely delivery
of relevant financial information
to all stakeholders, providing
clear leadership, continuous
process improvement, and
excellent communication.
She also brings to Crossword
extensive experience of working
in acquisitive businesses and
providing transactional support.
Mary graduated from University
College Galway, Ireland and
has a postgraduate Diploma
in Business Studies from the
same university. She is a Fellow
of the Chartered Institute of
Management Accountants.
External Appointments: The
Groundwork South Trust Limited.
Committee Memberships: None
18
�Dr David Secher
Ruth Anderson
Tara Cemlyn-Jones
Independent Non-Executive Director
Appointment Date:
16 June 2014
Skills and Experience: David
is an international expert in
intellectual property, technology
transfer and research
management. His experience
includes Japan, Jordan, South
Africa, Brazil, Chile, Australia,
Argentina, India, Saudi Arabia
and Lebanon as well as Europe
and the USA. David is a Life
Fellow and until 2018 was
Senior Bursar at Gonville &
Caius College, Cambridge
where he was responsible for
the investment of a £210m
endowment.
David was co-founder and
chairman of Praxis (now
PraxisAuril), the leading UK
technology transfer training
programme, of which he is
now Patron. He served as
Director of Research Services,
University of Cambridge, where
he was responsible for creating
and directing a new division
of 80 staff, for designing and
implementing an intellectual
policy for the university and for
technology transfer throughout
the university resulting in
£2m licensing revenue, 40
new licences and six spin outs
per year.
David was Chief Executive of N8
Limited, a consortium of eight
research-intensive universities
in the North of England,
securing initial funding of £6m
from Regional Development
Agencies. His earlier career
was in molecular biology
research with MRC Laboratory
of Molecular Biology, Celltech
Limited and Cancer Research
Campaign (now Cancer
Research UK).
David held or was named on
three patents and is the holder
of a Lifetime Queen’s Award
for Enterprise Promotion for
creating ‘environments that
favour enterprise, specialising
in the practical aspects of
commercialising the results of
academic research’.
External Appointments: David
is a Director of Cambridge KT
Limited, Trustee of Cambridge
United Charities, Chairman
of Fitzwilliam Museum
(Enterprises) Limited and Hon.
Treasurer of the César and Celia
Milstein Foundation. David is
Interim Bursar of Trinity College,
Cambridge.
Committee Memberships:
Audit (Chair), and Remuneration
(Member).
Independent
Non-Executive Director
Independent
Non-Executive Director
Appointment Date:
1 February 2018
Appointment Date:
25 May 2021
Skills and Experience: Tara
has 28 years’ experience
in financial services with
specialist knowledge of capital
markets, M&A, strategy and
digital transformation across
many sectors, including
financial services (asset &
wealth management, retail
banking and fintech), energy &
infrastructure and healthcare.
Tara was head of M&A at
Lastminute.com and has held
senior positions at Schroders,
Citigroup and Espirito Santo
Investment Bank.
External Appointments:
25x25 Ltd
Skills and Experience: Ruth
has over 15 years’ experience
in the fields of security,
intelligence, cyber crime and
risk management.
She brings to the Board
extensive experience across
defence and law enforcement
sectors and within financial
services, developing and
implementing cyber risk
governance frameworks.
Ruth is currently Chief
Operating Officer for
Technology, Security and Data
divisions at Lloyds Banking
Group. She was previously
a Director of Cyber in the
Financial Services Department
of KPMG. She served as the
Head of Specialist Operational
Support and also as the
Head of Intelligence at the
Child Exploitation and Online
Protection Centre, where
she delivered the first-ever
strategic threat assessment
on child abuse in the online
environment.
Prior to this, Ruth served in
intelligence and security in the
British Army.
External Appointments: None.
Committee Memberships:
Audit (member), Remuneration
(Member) and Nomination
(Member).
19
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
The Board
CONTINUED
THE EXECUTIVE BOARD
Andy Gueritz
Independent Non-Executive Director
Thomas Ilube CBE
Chief Executive Officer
Mary Dowd
Chief Financial Officer
and billing systems; a call centre
based on workflow and CTI
technologies; and a client-server
insurance claims handling
system, incorporating document
image processing. Prior to
4Front, Andy was a Development
Executive at McDonnell Douglas
Information Systems and also
worked for Marconi Defence
Systems on a number of
electronic warfare and guided
weapons projects.
Andy is a Chartered Fellow of
the BCS (FBCS), Chartered IT
Practitioner (CITP), Chartered
Engineer (C.Eng), Fellow of
the IET (FIET), and a European
Engineer registered at FEANI.
He holds a First Class Honours
degree in Electrical and
Electronic Engineering with
Computer Science from Queen
Mary University of London.
External Appointments: None.
Committee Memberships: Audit
(member), Remuneration (Chair)
and Nomination (Chair).
Appointment Date:
6 March 2014
Appointment Date:
14 June 2018
Skills and Experience:
Tom is founder and CEO of
Crossword. Tom chaired the
UK Government Technology
Strategy Board’s Network
Security Innovation panel. He
was a member of the High
Level Expert Group on cyber
security at the International
Telecommunication Union (ITU),
a Geneva-based UN agency.
Tom was appointed a CBE in
the 2018 Birthday Honours for
services to Technology and
Philanthropy.
External Appointments: Non-
Executive Director of WPP
PLC, chair of RFU, Director of
Iternal Limited, Advisory Fellow
of St Anne’s College, Oxford
and member of African Gifted
Foundation.
Skills and Experience: Mary
brings over 20 years’ experience
of working alongside business
leaders.
She has demonstrated a track
record of managing finance
teams to ensure timely delivery
of relevant financial information
to all stakeholders, providing
clear leadership, continuous
process improvement, and
excellent communication.
She also brings to Crossword
extensive experience of working
in acquisitive businesses and
providing transactional support.
Mary graduated from University
College Galway, Ireland and
has a postgraduate Diploma in
Business Studies from the same
university. She is an associate
member of the Chartered
Institute of Management
Accountants.
External Appointments:
The Groundwork South Trust
Limited.
Appointment Date:
21 September 2015
Skills and Experience: Andy is
an experienced Senior Advisor
with a successful track record
in helping clients improve and
transform their business by
managing technology better and
creating new technology-based
ventures. In recent years,
Andy has advised clients in
a broad range of industries
on topics such as business/
technology strategy and
investment planning; customer
data analytics; transformation
for innovation and agility;
performance improvement and
cost optimisation, and other
ways using technology to get
and deliver better value. As a
Vice President at marchFIRST
(formerly Mitchell Madison
Group), Andy led the European
B2B eCommerce Strategy
and IT Strategy Practices.
Before becoming a consultant,
he attained Board-level
responsibility in a successful
career in software development
and systems implementation.
At K2 Systems PLC (subsidiary
of 4Front Technology Inc.),
he was Customer Service
and Development Director,
responsible for all client
service and delivery operations,
amongst other roles. Notable
systems implemented in his
time at K2/4Front include,
bespoke procurement, telesales
20
�Jake Holloway
Chief Product Officer
Stuart Jubb
Group Managing Director
Sean Arrowsmith
Sean Arrowsmith
Group Sales Director
Group Sales Director
Stuart joined Crossword from
KPMG where he was Associate
Director, Defence & Security.
Prior to that, he was Chief
Operating Officer of a global
consulting team of over 200 in
KPMG Advisory. Stuart spent
nine years as an officer in HM
Forces, after Sandhurst, serving
in Afghanistan, NATO and
elsewhere.
Jake has over 30 years of
experience in technology across
a wide range of industries
and roles – including as CTO
and Head of Product for two
well-known software houses,
and as CEO/Founder of an
innovative Online Systems
House. In his two most recent
roles before joining Crossword,
he was advising Worldpay on
their separation from RBS, and
founded Xendpay, a Fintech
startup, where he was COO.
Jake authored books on project
management in 2015 and 2016.
Sean has over 20 years’ sales
Sean has over 20 years’ sales
experience in cyber/information
experience in cyber/information
security and technology.
security and technology.
He was previously Group Sales
He was previously Group Sales
Director at IRM Limited, the
Director at IRM Limited, the
World Class Centre in Cyber
World Class Centre in Cyber
Security of Altran Technologies
Security of Altran Technologies
SA, the global innovation and
SA, the global innovation and
engineering consulting firm.
engineering consulting firm.
Here, Sean was accountable
Here, Sean was accountable
for revenue target achievement
for revenue target achievement
across all of IRM’s business
across all of IRM’s business
streams including consulting,
streams including consulting,
software and training.
software and training.
Prior to that, Sean was
Prior to that, Sean was
responsible for leading
responsible for leading
consulting sales at Siemens
consulting sales at Siemens
Insight Consulting.
Insight Consulting.
21
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com
�CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021
The Board
CONTINUED
THE ADVISORY BOARD
Alison Dyer
Chair of the Advisory
Board
Alison Dyer joined URENCO, a
global supplier of enrichment
services and fuel cycle products,
in 2018 and is responsible for all
aspects of their information and
cyber security, covering both
information and operational
technology.
Prior to this, Alison was
Director of GlaxoSmithKline’s
(GSK) global cyber security
programme, where she led
multiple strategic delivery
workstreams including security
technology, governance, culture,
third party management
and operational technology
security. Alison holds a BEng in
Mechanical Engineering from
Imperial College, London and
an MSc in Information Security
from Royal Holloway University.
General Nick Houghton,
Baron Houghton of
Richmond, GCB CBE DL
Advisory Board Member
General the Lord Nick Houghton
(Baron Houghton of Richmond)
brings unparalleled experience
across both government
and business. In July 2013,
General Houghton assumed the
appointed position of Chief of
the Defence Staff of the British
Armed Forces, retiring in 2016.
Previously General Houghton
was Vice Chief of the Defence
Staff from May 2009.
Educated at Sandhurst and
Oxford, General Houghton
commanded 1st Battalion The
Green Howards and an Infantry
Brigade in Northern Ireland.
Following his retirement from
the army, General Houghton
became the 160th Constable
of the Tower of London and
a Trustee of Historic Royal
Palaces.
Professor David
Stupples
Naina Bhattacharya
Advisory Board Member
Advisory Board Member
Naina Bhattacharya is Global
Chief Information Security
Officer at Danone S.A., the
multinational food product
corporation with over 100,000
staff in 120 countries. She
is responsible for delivering
the cyber security vision and
roadmap for the company.
Prior to Danone, she worked
in consulting and had the
privilege of working on complex
cyber security and data privacy
projects across multiple
companies in several industries.
She is passionate about
diversity and inclusion with a
specific interest in increasing
the representation of women
in technology. Naina holds a
BEng in Computer Science from
BITS, Pilani, India and a post-
graduation in management from
the Indian School of Business in
Hyderabad.
David is currently Director of the
Centre for Cyber and Security
Sciences at City University
London. In his early career, he
was employed as an engineer
in signals intelligence in the
Royal Air Force followed by a
period of intensive research
into surveillance systems at
the Royal Signal and Radar
Establishment, Malvern. He
spent three years developing
highly secure communications
for surveillance satellites for
Hughes Aircraft Corporation in
the United States of America.
Later, he became a senior
partner with PA Consulting
Group where he undertook
surveillance and intelligence
systems research for Ministry
of Defence (Navy) and was
responsible for consultancy in
secure communications and
surveillance systems for world-
wide clients.
Since 2003, David has been
researching internet security
at City University focused on
cyber terrorism and organized
cyber crime for both the UK
government and commercial
companies. However, he still
maintains an active interest in
radar surveillance research.
Professor Stupples is a member
of the Defence Scientific
Advisory Council (DSAC), the
Defence Procurement Agency’s
Independent Advisory Board
on Systems Integration, and
he consults worldwide in cyber
intelligence.
22
�Corporate Governance Report
CHAIRMAN’S
INTRODUCTION
The Directors acknowledge the
importance of high standards of
corporate governance and have
adopted the principles set out in the
Quoted Companies Alliance Corporate
Governance Code for Small and
Mid-Size Quoted Companies (the ‘QCA
Code’) 2018, given the Group’s size and
the constitution of the Board. The QCA
Code sets out a standard of minimum
best practice for small and mid-size
quoted companies, particularly AIM
companies.
The Chairman and the Board accept
the importance and responsibility
of setting good corporate culture,
values and behaviours. The Board
also acknowledges its responsibility
in delivering the long-term success
of the Company for the benefit of
shareholders and other stakeholders.
This Corporate Governance Report
describes how the Company has
applied the principles and standards
set out in the Code during the year and,
to the extent it has not done so, any
deviations from them. It is the Board’s
view that the Company has complied
with all of the provisions of the Code
during the year ended 31 December
2021.
PRINCIPLE 1:
ESTABLISH A STRATEGY
AND BUSINESS MODEL
WHICH PROMOTE
LONG-TERM VALUE FOR
SHAREHOLDERS
The Company’s Strategic Report is on
pages 02 to 17 of this report.
Crossword’s vision is to partner with
organisations to keep them secure in
the digital world. The Group reduces
cyber risks for their clients by providing
a portfolio of innovative products and
services, powered by university and
other research-driven insights.
Crossword Cybersecurity plc
focuses on the development and
commercialisation of cyber security and
risk management-related software and
cyber security consulting and threat
intelligence services. The Group’s
specialist cyber security product
development and software engineering
teams develop the concept into a fully-
fledged commercial product that it will
then take to market. The Group’s aim
is to build up a portfolio of revenue
generating, intellectual property-based,
cyber security products. Rizikon
Assurance, Crossword’s leading
product, is a SaaS platform that
enables medium to large companies
to assess and manage all risks from
their suppliers. Nixer CyberML is a
new tool for businesses that want to
solve advanced security and cybercrime
problems, such as detecting and
dealing with compromised accounts,
fraud, and in-application denial
of service attacks. Identiproof,
Crossword’s third product, is the World
Wide Web Consortium (W3C) verifiable
credentials compatible middleware and
wallet technology. Trillion™ and Arc
are the latest additions to Crossword’s
product suite, offering some of the
strongest and most advanced credential
leak monitoring services in the market.
Crossword’s team of expert cyber
security consultants leverages years of
experience in national security, defence
and commercial cyber intelligence and
operations to provide bespoke cyber
security consulting advice tailored to
its clients’ business needs, including
threat monitoring using Nightingale,
our world class platform.
Where appropriate, Crossword will
transfer the IP to separate companies
in which it will retain a commercial
interest. So far, Crossword has been
instrumental in the development of two
such companies, ByzGen Limited and
CyberOwl Limited.
PRINCIPLE 2: SEEK
TO UNDERSTAND AND
MEET SHAREHOLDER
NEEDS AND
EXPECTATIONS
Crossword is committed to engaging
with its shareholders to ensure that
its strategy, business model and
performance is clearly understood.
The Company communicates with
shareholders and potential investors
through a variety of channels,
including webinars, regular financial
reporting, direct contact with its major
shareholders and release of regulatory
announcements, which are available on
its website.
Regulatory announcements include
details of the Company’s website and
the relevant contact at the Company, as
well as its professional advisors.
The Annual General Meeting (AGM)
provides another opportunity for
dialogue between shareholders and
the Board. The Chair of the Board and
of the Committees, together with other
Directors, routinely attend the AGM
and are available to answer questions
23
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Corporate Governance Report
CONTINUED
raised by the shareholders. At the
meeting, each vote, the number of
proxy votes received for, against and
withheld is announced.
The results of the AGM are
subsequently published on the
Company’s website and released via a
regulatory information service provider.
A range of corporate information,
including all Company announcements,
is also available to shareholders,
investors and the public on the
Company’s corporate website,
www.crosswordcybersecurity.com.
PRINCIPLE 3: TAKE
INTO ACCOUNT
WIDER STAKEHOLDER
AND SOCIAL
RESPONSIBILITIES AND
THEIR IMPLICATIONS
FOR LONG-TERM
SUCCESS
Apart from our shareholders, our
most important stakeholder groups
are our employees, our clients and
partners and the universities we work
with. The Board is regularly updated
on stakeholder feedback and their
potential impact on our business
to enable them to understand and
consider the feedback in decision-
making. The Board understands that
maintaining the support of all its
stakeholders is paramount for the long-
term success of the Company.
Employees
Crossword aims to provide an
environment which will attract, retain
and motivate its team. The Company has
a growing number of permanent staff
employed across the UK and Poland
and therefore employee engagement
with the senior management, who
pride themselves on their availability
and flexibility, is frequent through daily
discussions and meetings. Staff are
encouraged to give regular feedback
in relation to their needs, interests and
expectations on away days, general
discussions or one-to-one meetings
with their line managers. These can
then be addressed at the fortnightly
management meeting to all senior
members of the team where further
actions will be discussed. Furthermore,
the team engages in a weekly call where
staff are able to communicate with all
levels of the team across both countries.
Crossword reviews its processes and
policies, which are guided by our values
of Responsibility, Openness, Learning
and Flexibility, to make continuous
improvements for its staff.
The Company has developed its
induction programme for new staff,
engages with employees to maintain
its culture and values and expected
behaviours, performs exit interviews
in the event people decide to leave the
business, and follow-up interviews with
new employees.
Crossword is supportive of career
development of its employees and
provides training programmes and
Masters degree opportunities where
appropriate.
Crossword’s clients and partners
Crossword develops mutually
beneficial commercial relationships
with companies to support sourcing
and commercialising cyber security
intellectual property originating
from university and other research
projects and evaluating and exploiting
routes to distributing and reselling its
products. Crossword recognises that
the establishment of a close working
relationship with its partners is
essential for its long-term success.
Crossword maintains its relationship
with its partners through regular
meetings, mutual understanding
and aligned objectives. Feedback
from partners is communicated to
the relevant teams and the Board as
appropriate.
Crosswords interacts closely with its
clients to understand the cyber issues
organisations are facing, in order
to support clients and help them to
reduce cyber risks. Crossword provides
a portfolio of innovative products and
services, aimed at addressing risks
clients have identified.
Universities
Crossword has excellent connections
with universities in the UK and
elsewhere through members of the
Board and Management, who include
some of the most highly regarded
experts in IP commercialisation and
the cyber security sector. Crossword
maintains regular interaction with the
universities with which it engages. This
is predominantly achieved by digital
means (e.g. frequent email exchanges
and video calls), in which both parties
can feedback to one another to ensure
their needs are being met. The team
also has face-to-face meetings with
academics and works alongside
universities at various events, such as
talks and conferences. This continuous
engagement with universities is
paramount to the long-term success of
the Company.
Social responsibility
Crossword partners with charities both
in UK and Poland, where our offices are
based. Crossword employees propose
and vote on which charity they would
like to support. Previously work has
been undertaken to help a charity in
their efforts to support the homeless
and lead them to independence. In
Poland, Crossword is supporting one
of the largest, most recognisable and
effective social schemes in Poland
which implements and develops a
system of smart, personalised aid that
is unique in the world.
24
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�PRINCIPLE 4: EMBED
EFFECTIVE RISK
MANAGEMENT,
CONSIDERING BOTH
OPPORTUNITIES AND
THREATS, THROUGHOUT
THE ORGANISATION
Audit, risk and internal control
Financial controls
The Group has an established
framework of internal financial controls,
the effectiveness of which is regularly
reviewed by the Executive Management,
the Audit Committee and the Board,
in light of an ongoing assessment of
significant risks facing the Group.
• The Board is ultimately responsible
for the effectiveness of the Group’s
system of internal controls. Its
key strategy has been to establish
financial reporting procedures that
provide the Board of Directors with
a reasonable basis upon which
to make judgements as to the
financial position and prospects of
the Group. Executive Directors and
Non-Executive Directors have been
appointed by the Board to assist with
the implementation of this strategy
and report progress to the Board.
• The Audit Committee has
the primary responsibility for
monitoring the quality of internal
controls to ensure that the financial
performance of the Group is
properly measured and reported
on. It receives and reviews reports
from the Group’s management and
external auditors relating to the
interim and annual accounts and
the accounting and internal control
systems in use throughout the
Group. The Audit Committee meets
not less than three times in each
financial year and has unrestricted
access to the Group’s external
auditors.
• Regular budgeting and forecasting
is conducted to monitor the Group’s
ongoing cash requirements and
cash flow forecasts are circulated to
the Board.
The Group continues to review its
system of internal control to ensure
compliance with best practice, whilst
also having regard to its size and the
resources available.
Standards and policies
The Board is committed to maintaining
appropriate standards for all the
Group’s business activities and
ensuring that these standards are set
out in written policies. Key examples of
such standards and policies include:
• Anti-bribery and Corruption Policy
•
Information Security Policy
• Data Protection Policy
• Share Dealing Code.
All policies are documented and
senior managers and Directors
are responsible for monitoring the
compliance of these policies.
Approval process
All contracts are required to be
reviewed and signed by a Director of the
Company.
• The Group has a Risk Register
which identifies the potential
possibility and impact of risks
associated with the Group and
allocates an owner to mitigate each
risk. The Risk Register is updated
by the Chief Financial Officer and
reviewed by the Executive, the Audit
Committee and the Board.
Non-financial controls
The Board has ultimate responsibility
for the Group’s system of internal
control and for reviewing its
effectiveness. However, any such
system of internal control can
provide only reasonable, but not
absolute, assurance against material
misstatement or loss. The Board
considers that the internal controls
in place are appropriate for the size,
complexity and risk profile of the Group.
The principal elements of the Group’s
internal control system include:
• Close management of the day-to-
day activities of the Group by the
Executive Directors;
• An organisational structure with
defined levels of responsibility,
which promotes entrepreneurial
decision-making and rapid
implementation whilst minimising
risks;
• Central control over key areas such
as capital expenditure authorisation
and banking facilities;
• A comprehensive annual budgeting
process producing a detailed
integrated profit and loss, balance
sheet and cash flow, which is
approved by the Board; and
• Detailed monthly reporting of
performance against budget.
25
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Corporate Governance Report
CONTINUED
PRINCIPLE 5:
MAINTAINING
THE BOARD AS A
WELL-FUNCTIONING,
BALANCED TEAM,
LED BY THE CHAIR
Composition, qualification and
independence of the board
The Board comprises six Non-Executive
and two Executive Directors. The
names and responsibilities of the
current Directors, together with their
biographical details, are set out on
pages 18 to 20.
37.5%
62.5%
Female
Male
The Board considers each of the
Non-Executive Directors to be
independent in character and
judgement. Two of the Non-Executive
Directors do not meet the strict criteria
for independence set out in the QCA
Code, due to their participation in the
Company’s share option arrangements,
as part of their remuneration
arrangements.
The Board considers that the ownership
of shares and participation in the
Company’s share options to certain of
the Non-Executive Directors encourages
the alignment of their interests with
those of the Company’s shareholders
and are not material enough to
compromise their independence,
character and judgement.
26
Therefore, the Company considers
all Non-Executive Directors to be
independent for the purposes of the
QCA Code.
The Non-Executive Directors provide
independent, robust and constructive
challenge to the Executive Management
and monitor the performance of the
management team in delivering the
agreed objectives.
All Directors have disclosed their other
significant commitments and confirmed
that they have sufficient time to
discharge their duties effectively.
Appointment and tenure
The Board makes decisions regarding
the appointment and removal of
Directors and there is a formal,
rigorous and transparent procedure for
appointments, some of which has been
delegated to the Nomination Committee.
Appointments are made on merit,
taking account of the balance of skills,
experience and knowledge required.
The Company’s Articles of Association
require that all Directors retire by
rotation at regular intervals and that
any new Directors appointed during
the year must stand for election at
the AGM immediately following their
appointment.
PRINCIPLE 6: ENSURE
THAT, BETWEEN THEM,
THE DIRECTORS HAVE
THE NECESSARY
UP-TO-DATE
EXPERIENCE, SKILLS
AND CAPABILITIES
The names and responsibilities of the
current Directors, together with their
biographical details, are set out on
pages 18 to 20.
The Board believes that its composition
brings a desirable range of skills and
experience in light of the Group’s
challenges and opportunities following
Admission, while at the same time
ensuring that no individuals or a small
group of individuals can dominate the
Board’s decision-making.
The current Board, although considered
to have a sufficient level of skills in all
areas of the business, is always looking
to improve and further its knowledge
of the industry. All Directors receive
regular and timely information on
the Group’s operational and financial
performance and on technical issues.
Induction
Upon appointment, all Directors are
provided with training in respect of
their legal, regulatory and governance
responsibilities and obligations, in
accordance with the UK regulatory
regime.
The induction includes face-to-face
meetings with Executive Management
and site visits to orientate and
familiarise the new Directors with
the Company’s industry, organisation,
business, strategy, commercial
objectives and key risks.
The Board is kept up to date on legal,
regulatory and governance matters at
Board meetings. Additional training
is available on request, where
appropriate, so that Directors can
update their skills and knowledge as
applicable.
Independent advice
All Directors are able to take
independent professional advice in the
furtherance of their duties, if necessary,
at the Company’s expense. In addition,
the Directors have direct access to the
advice and services of the Company
Secretary and Chief Financial Officer.
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�PRINCIPLE 7: EVALUATE
BOARD PERFORMANCE
BASED ON CLEAR AND
RELEVANT OBJECTIVES,
SEEKING CONTINUOUS
IMPROVEMENT
Board effectiveness review
The Board undertook a further
evaluation of its performance for the
during the financial year. Some of the
main themes and focus areas resulting
from the evaluation included:
• Focus on strategy and
Company culture;
• Managing and communicating risk
and implementing internal controls;
• Shareholder sentiment;
• Diversity; and
• Board Development and
Succession Planning.
The Board has continued throughout
the year to measure progress against
the recommendations resulting
from the Board evaluation and will
continue to assess its effectiveness
in implementing new processes
to achieve the recommendations.
Furthermore, the Board conducted
an evaluation in March 2022 to assess
current performance and the progress
made against the key focus areas.
The Nomination Committee and
Board were satisfied that previous
recommendations and focus areas had
been implemented and were being
continually assessed.
The Nominations Committee will
regularly review the structure, size
and composition (including the skills,
knowledge, independence, experience
and diversity) of the Board and make
recommendations concerning plans
for succession for both Executive
and Non-Executive Directors and in
particular for the key roles of Chair and
Chief Executive Officer.
PRINCIPLE 8: PROMOTE
A CORPORATE CULTURE
THAT IS BASED ON
ETHICAL VALUES AND
BEHAVIOURS
The Board is committed to promoting a
strong ethical and values-driven culture
throughout the Company and has a
people-oriented ethos where hard work
and commitment is recognised. The
Company has articulated its values as
Responsibility, Openness, Learning
and Flexibility, and develops its
values and expected behaviours on an
ongoing basis.
Crossword also recognises that
employees will have interests outside
work and consequently supports
flexibility around these interests.
PRINCIPLE 9: MAINTAIN
GOVERNANCE
STRUCTURES AND
PROCESSES THAT ARE
FIT FOR PURPOSE
AND SUPPORT GOOD
DECISION-MAKING BY
THE BOARD
The role of the Board
The Board is responsible for the long-
term success and strategic leadership
of the Group. It is responsible for
reviewing, formulating and approving
the strategy of the Group and its
subsidiaries, corporate actions and
overseeing the Group’s progress
towards its goals. In addition, it also
approves the annual and interim
results and monitors the exposure
to key business risks. The Board’s
full responsibilities are set out in a
schedule of matters reserved for the
Board.
The matters reserved for the attention
of the Board include:
• The approval of interim and annual
financial statements, dividends and
significant changes in accounting
practices;
• Review of bi-monthly financial
statements;
• Board membership, reviewed by
NOMAD, and powers including
the appointment and removal of
Board members, determining the
terms of reference of the Board
and establishing the overall control
framework;
• AIM-related issues including the
approval of communications to
the London Stock Exchange and
communications with shareholders
will be dealt with by the Market
Disclosure Committee and reviewed
by the NOMAD, or delegated by the
Board to the Executive Directors;
• Senior management, remuneration,
contracts, and the grant of share
options will be addressed by the
Remuneration Committee;
• Key commercial matters where the
financial commitment is in excess of
£50,000 per annum;
• Taking of loans or other credit;
• Financial matters including the
approval of the budget and financial
plans and performance against
such plans and budgets;
• Approval of the appointment of the
current period auditor, year-end
audited statutory accounts and
audit-related queries addressed by
the Audit Committee;
• Risk management review;
• Changes to the Company’s capital
structure, its business strategy,
acquisitions and disposals of
businesses, and capital expenditures
outside of budget approval; and
• Other matters including, but not
limited to, health and safety policy,
insurance and legal compliance.
27
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Corporate Governance Report
CONTINUED
Role of the Chairman and Chief
Executive Officer
There is a clear division of
responsibility at the head of the
Company. The Chairman is responsible
for running the business of the Board
and for ensuring appropriate strategic
focus and direction, whilst the Chief
Executive Officer is responsible for
proposing the strategic focus to the
Board, implementing it once approved,
and overseeing the management of
the Company through the Executive
Management. The Chief Executive
Officer is also responsible for
communicating with shareholders,
assisted by the Chief Financial Officer.
This separation of responsibilities
is clearly defined and agreed by the
Board.
Board and Committee meetings
The Board meets at least six times each
year, in accordance with its scheduled
meeting calendar (these may be
supplemented by additional meetings
as and when required) to review,
formulate and approve the Group’s
strategy, budgets, corporate actions
and oversee the Group’s progress
towards its goals. At each meeting, the
Board considers a number of matters,
which include technical, operational,
financial, risk and corporate governance
reports, in addition to an update from its
Committees, where applicable.
Any Director can challenge proposals,
and decisions are taken democratically
after discussion. Any Director who feels
that any concern remains unresolved
after discussion may ask for that
concern to be noted in the minutes of
the meeting, which are then circulated
to all Directors. Specific actions arising
from such meetings are agreed by the
Board or relevant committee and then
followed up by Management.
The Group has established an
Audit Committee, a Remuneration
Committee, and a Nomination
Committee, each with formally
delegated duties and responsibilities
outlined within terms of reference
reviewed and approved by the Board on
an annual basis.
From time to time, separate
committees may be set up by the Board
to consider specific issues when the
need arises.
The Board and its Committees are
supported by the Company Secretary,
who ensures that the Board receives
regular and timely information ahead
of each meeting. A formal agenda
is produced for each meeting and
the Company Secretary distributes
papers several days before meetings
take place to provide the Board with
sufficient time to consider the matters
to be discussed. Each Committee has
access to such resources, information
and advice as it deems necessary, at
the cost of the Company, to enable it to
discharge its duties.
The table below sets out the attendance record of individual Directors at the scheduled and unscheduled Board meetings held
during the year:
Name
Richard Dearlove
Tom Ilube
Andy Gueritz
Ruth Anderson
David Secher
David Stupples*
Gordon Matthew*
Mary Dowd
Tara Cemlyn Jones*
Robert Coles*
Board
Meetings
3/6
6/6
6/6
6/6
6/6
3/3
2/3
6/6
3/3
3/3
Audit
–
–
2/2
2/2
2/2
–
–
–
–
–
Nomination Remuneration
–
–
1/1
0/1
1/1
0/1
–
–
–
–
–
–
2/2
1/2
–
1/2
1/2
–
–
1/1
* Both David Stupples and Gordon Matthew resigned from the Board on the 25 May 2021. Tara Cemlyn-Jones and Robert Coles were appointed to the Board on the
25 May 2021.
28
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�PRINCIPLE 10:
COMMUNICATE HOW
THE COMPANY IS
GOVERNED AND
IS PERFORMING
BY MAINTAINING
A DIALOGUE WITH
SHAREHOLDERS AND
OTHER RELEVANT
STAKEHOLDERS
The Board attaches considerable
importance to the maintenance
of constructive relationships
with shareholders and its other
stakeholders.
As mentioned above, the Company
communicates with shareholders
through the Annual Report and
accounts, full-year and half-year
results announcements, the AGM and
one-to-one meetings with large existing
or potential new shareholders. The
Company regularly releases regulatory
and other announcements covering
operational and corporate matters.
A range of corporate information
(including all Company
announcements) is also available to
shareholders, investors and the public
on the Company’s corporate website,
www.crosswordcybersecurity.com
including:
• Our Articles of Association and
admission document;
• A detailed account of how we have
applied the principles of the QCA
Code;
• Latest Crossword Cybersecurity
news and press releases; and
• Annual and Interim Reports.
The Board receives regular updates
on the views of shareholders through
briefings from the Chief Executive
Officer, Chief Financial Officer and the
Company’s brokers.
Sir Richard Dearlove KCMG OBE
Chairman
13 April 2022
29
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Corporate Governance Report
CONTINUED
AUDIT COMMITTEE
REPORT
I am pleased to present the
Committee’s report for the year
ended 31 December 2021. The
following pages provide an insight into
how the Committee discharged its
responsibilities during the year and the
key topics that it considered in doing so.
The role of the Audit Committee is to
monitor the integrity of the Group’s
Financial Statements, including its
annual and half-yearly reports and any
other formal statements relating to its
financial performance. It monitors and
reviews the effectiveness of the Group’s
system of internal financial control
systems that identify, assess, manage
and monitor financial risks, and other
internal control and risk management
systems.
Committee membership
and governance
The Audit Committee is comprised
of three independent Non-Executive
Directors, currently David Secher, Ruth
Anderson and Andrew Gueritz. David
Secher, Chair of the Committee, is
considered by the Board to have recent
and relevant financial experience
and the Committee as a whole has
competence relevant to the sector in
which the Company operates. At the
request of the Chair of the Committee,
the Chief Executive Officer, Chief
Financial Officer and other members of
the senior management team may also
be invited to attend meetings as guests.
The Audit Committee aims to meet
twice in each financial year and has
unrestricted access to the Group’s
external Auditor. The Committee works
to a planned programme of activities
focused on key events in the annual
financial reporting cycle and standing
items that it considers regularly under
its Terms of Reference.
Principal activities during the year
The Committee held two meetings
during the year under review and
considered the following:
• The external Auditor’s 2020
year-end audit report and opinion;
• The Company’s Report for the
financial year ended 31 December
2020 and the related results
announcements and the Half-Yearly
Report to 30 June 2021;
• Evaluation of the performance of
the external Auditor including their
independence, objectivity and the
effectiveness of the audit process;
• The re-appointment of MHA
MacIntyre Hudson as the external
Auditor for the Company;
• The Committee’s Terms of Reference;
and
• The Company’s Risk Register as
well as the internal controls and
risk management systems in place.
The Committee is planning the
following activities during 2022:
• Review the Company’s procedures,
systems and controls for the
prevention of bribery or fraud;
• Review the adequacy and security
of the Company’s arrangements for
its employees to raise concerns,
in confidence, about possible
wrongdoing in financial reporting or
other matters. The Committee shall
ensure that these arrangements
allow proportionate and independent
investigation of such matters and
appropriate follow-up action;
• Review and approve the FY22
external Auditor’s plan, including
the proposed materiality threshold,
the scope of the audit, the
significant audit risks and fees;
• Review the Committee’s internal
audit role, in the absence of an
external provider of an internal
audit service; and
• Risk – review and challenge the
Risk Register, and consider the risk
appetite of the business.
The Committee members’ attendance
at meetings during the year is set out
on page 28 above.
External Auditor
MHA MacIntyre Hudson has been the
external Auditor of the Group since
2014. The continued appointment of
MHA MacIntyre Hudson is reviewed
by the Committee each year, taking
into account the relevant legislation,
guidance and best practice appropriate
for a Company of Crossword’s size,
nature and stage of development.
The Committee considers a number
of areas when reviewing the external
Auditor appointment, namely its
performance in discharging the audit,
the scope of the audit and terms of
engagement, its independence and
objectivity, and its reappointment and
remuneration.
The breakdown of fees between audit
and non-audit services paid to MHA
MacIntyre Hudson during the financial
year is set out in Note 8 to the Group’s
Consolidated Financial Statements.
The non-audit fees relate to tax advice.
Following Implementation of the Revised
Ethical Standard by MHA MacIntyre
Hudson, non-audit services have ceased.
Internal audit
The Audit Committee presently
considers it appropriate that the
Group uses the audit committee to
undertake the internal audit function.
This is due to the effectiveness
of the Group’s internal financial
control systems that identify, assess,
manage and monitor financial risks,
and other internal control and risk
management systems, and the close
involvement of the Executive Directors
and senior management on a day-to-
day operational basis. However, the
need for an internal audit function
will be kept under review by the Audit
Committee on behalf of the Board.
DAVID SECHER
Chair, Audit Committee
13 April 2022
30
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�NOMINATION
COMMITTEE REPORT
The Nomination Committee is
responsible for reviewing the
composition of the Board taking into
account the skills, experience and
diversity of the Directors in light of the
challenges and opportunities facing the
Company and makes recommendations
for the appointment and reappointment
of Board members.
Committee membership and
governance
The Nomination Committee is chaired
by Andrew Gueritz and its other
members are Ruth Anderson and
Robert Coles. Under the Committee’s
Terms of Reference, the Committee is
required to meet at least twice in each
financial year and must comprise of
at least three members, two of whom
must be independent Non-Executive
Directors. The Committee held two
meetings during the year.
The Committee members’ attendance
at meetings during 2021 is set out on
page 28.
Board effectiveness review
In compliance with the QCA Code, the
Board undertook an evaluation of its
performance in January 2021. The
evaluation was conducted by way of
a questionnaire designed to assess
the effectiveness of the Board, the
Directors and the Chairman, as well as
the Board’s Committees and identify
any areas for improvement.
The results of the evaluation were
presented to the Board for review
in early April 2021 and revealed no
significant concerns amongst Directors
about the effectiveness of the Board.
Actions arising from recommendations
to further improve the effectiveness of
the Board are being implemented and
include the review of succession plans
for key members of management and
Board members.
Diversity
The Company has not adopted a formal
policy on diversity and, therefore, has
no measurable objectives to disclose.
Appointments, including appointments
to the Board and senior management
positions, are made on merit, taking
account of the balance of skills and
experience required.
Key areas of focus for 2022:
• Review the time committed to the
development of individual Directors
and the Board as a whole;
• Put in place succession plans for
both Executive and Non-Executive
Directors and, in particular, for
the key roles of Chair and Chief
Executive Officer; and
• Conduct a further internal
evaluation of the Board, its
Committees and individual
Directors, to assess improvements
in the key focus areas, using
questionnaires.
ANDREW GUERITZ
Chair, Nomination Committee
13 April 2022
31
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Corporate Governance Report
CONTINUED
REMUNERATION
COMMITTEE REPORT
The Remuneration Committee is
responsible for determining and
agreeing with the Board the framework
or broad policy for the remuneration
of all Executive Directors, the Chair
of the Board, including pension rights
and any compensation payments, and
such other members of the senior
management as it is designated to
consider. In addition, the Committee
makes recommendations to the Board
on proposals for the granting of share
options and other equity incentives,
pursuant to any employee share option
scheme or equity incentive plans in
operation from time to time.
Committee membership and
governance
The Remuneration Committee is a
formal committee of the Board and
has powers delegated to it under the
Articles of Association. Its remit is set
out in Terms of Reference formally
adopted by the Board, which are
reviewed annually.
The Remuneration Committee is
currently comprised of Andrew Gueritz
(as Chair), David Secher and Ruth
Anderson. The Committee meets at
least once in each financial year and
held four meetings during the year.
The Committee members’ attendance
at meetings during the year is set out
on page 28.
Letters of appointment, service
contracts and termination
Thomas IIube (Chief Executive Officer)
Tom Ilube is appointed as Chief
Executive Officer under an Executive
service contract dated 1 April 2014 (as
amended). The employment commenced
on 1 April 2014 and will continue unless
terminated by either party giving 12
months’ written notice. The Company
may terminate the contract without
notice (or with payment in lieu of notice)
if, inter alia, Tom is guilty of gross
misconduct, commits a serious breach
of the employment contract, commits a
criminal offence, is declared bankrupt
or becomes of unsound mind. The
Company may, after giving or receiving
notice of termination, immediately end
the employee’s employment and make
payment in lieu of salary with no other
benefit for the remaining period of
notice.
Mary Dowd (Chief Financial Officer)
Mary Dowd is employed as Chief
Financial Officer under an employee
service contract dated 10 May 2018.
The employment commenced on 16
May 2018 and will continue unless
terminated by either party giving six
months’ written notice. The Company
may terminate the contract on shorter
notice if the employee is absent from
work for an extended period through
sickness or injury and may terminate
without notice (or with payment in lieu
of notice) if, inter alia, Mary is guilty of
gross misconduct, commits a serious
breach of the employment contract,
commits a criminal offence, is declared
bankrupt or becomes of unsound
mind. The Company may, after giving
or receiving notice of termination,
immediately end the employee’s
employment and make payment in
lieu of salary with no other benefit
for the remaining period of notice.
Following termination of employment,
Mary is subject to certain restrictions
for a period of six months, including
a restriction on dealing with the
Company’s customers and suppliers and
from working for a competing business.
Non-Executive Directors
All Non-Executive Directors, including
the Chairman, serve on the basis
of letters of appointment which are
terminable by three months’ written
notice and are available for inspection
at the Company’s registered office.
Subject to continued satisfactory
performance, the Board does not
think it appropriate at this time to
limit the term of appointment of the
Non-Executive Directors.
The Executive Directors’ service
contracts are also available for
inspection at the Company’s
registered office.
32
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�The remuneration of the Directors who served in the current year was as follows:
Executive Directors
Tom Ilube*
Mary Dowd
Non-Executive Directors
Sir Richard Dearlove
Ruth Anderson
Andy Gueritz
Gordon Matthew
Dr David Secher
Prof David Stupples
Robert Coles
Tara Cemlyn-Jones
Total
Basic Salary
and Fees
£
Bonus
£
Taxable
Benefits
£
Employer’s
Pension
Contribution
£
Total
£
128,311
130,000
25,000
12,000
16,000
6,000
16,000
4,750
7,250
7,231
352,542
–
–
–
–
–
–
–
–
–
–
–
3,942
–
25,000
–
–
–
–
–
–
–
28,942
1,318
10,000
133,572
140,000
–
–
–
–
–
–
–
–
11,318
50,000
12,000
16,000
6,000
16,000
4,750
7,250
7,231
392,802
Directors’ shareholdings and share interests
The table below sets out the Directors’ interests in the ordinary shares of the Company as at 31 December 2021. There have
been no changes in the current Directors’ interests in shares or options granted by the Company between the end of the
financial year and 26 April 2021.
Name
Tom Ilube*
Dr David Secher
Number of
Issued
Ordinary
Shares
14,560,250
263,650
% of Issued
Shares
19.42%
0.35%
* Thomas Ilube’s shareholding is made up of 12,255,810 shares held by him personally and 1,304,440 held by Share Nominees Limited on his behalf.
33
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Corporate Governance Report
CONTINUED
Share option and incentivisation arrangements
The Board considers employee share ownership to be an important part of its strategy for employee incentivisation and
retention. The Group has established share option programmes that entitle certain employees to purchase shares in the
Company. These were issued in July 2014, November 2014, July 2015, December 2015, January 2016, June 2016,
September 2016, June 2017, January 2018, May 2018, July 2018, October 2018, June 2019, November 2019, June 2020, October
2020, August 2021, and November 2021. There are no performance conditions attaching to these options, other than to awards
made under the Long-Term Incentive Plan awards issued in Nov 2021.
The Directors hold the following shares under option:
Name
Sir Richard Dearlove
Sir Richard Dearlove
Sir Richard Dearlove
Sir Richard Dearlove
Sir Richard Dearlove
Sir Richard Dearlove
Dr David Secher
Mary Dowd
Mary Dowd
Mary Dowd
Number of
Ordinary
Shares
under option
131,580
67,570
45,870
52,080
94,340
70,423
150,000
79,360
100,000
25,000
Date of
grant
03/10/2016
25/05/2018
04/06/2019
28/11/2019
16/10/2020
10/08/2021
18/07/2014
24/10/2018
04/06/2019
18/06/2020
Exercise
Price
19p
37p
54.5p
48p
26.5p
35.5p
5.4p
31.5p
54.5p
30.5p
Vesting
Conditions
1
1
1
1
1
1
1
1
1
1
Expiry Date
03/10/2026
25/05/2028
04/06/2029
28/11/2029
16/10/1930
10/08/1931
17/07/2024
24/10/2028
04/06/2029
18/06/1930
(1) Option Shares to vest in three equal tranches on the first, second and third anniversary of the date of grant.
In addition, the Company has issued 1,202,213 options to members of staff and up to 3,000,000 share options to Executives.
EMI share option plan
The Company has established an enterprise management incentive share option plan under scheme rules dated 21 May 2014
(‘EMI Option Plan’) for the purposes of recruiting and retaining its staff. The Company may grant an Option intended to be a
qualifying option under the Income Tax (Earnings and Pensions) Act 2003 (‘ITEPA 2003’) (‘EMI Option’) to any eligible employee
it chooses, subject to the limitations and conditions of the EMI Option Plan. EMI Options may not be granted where prohibited
by law or any corporate governance code which applies to the Company or after the tenth anniversary of the date of the EMI
Option Plan.
Long-Term Incentive Plan
During the year, the Company implemented a Long-Term Incentive Plan (LTIP) whereby awards have been made to the
following Executives – Mary Dowd, Stuart Jubb, Jake Holloway and Sean Arrowsmith. Each award is of nominal cost (0.5p)
options to acquire up to 750,000 Crossword ordinary shares of 0.5p each which vest at the average mid-market price of the
Ordinary Shares over the 20 trading days preceding the end of the performance period which ends on 30 September 2024. 25%
of the options will vest if the Award Price is 50p, and 100% will vest if the Award Price is equal to or greater than 100p, with
straight-line vesting between 50p and 100p.
ANDREW GUERITZ
Chair, Remuneration Committee
13 April 2022
34
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�Directors’ Report & Statement of
Directors’ Responsibilities
DIRECTORS’ REPORT
This Directors’ Report includes the
information required to be included
under the Companies Act 2006
or, where provided elsewhere, an
appropriate cross-reference is given.
The Corporate Governance Report
approved by the Board is provided on
pages 23 to 34 and incorporated by
reference into this Directors’ Report.
Principal activity, review
of the business and future
developments
Crossword Cybersecurity PLC
(08927013) is a public company, limited
by shares, incorporated in the United
Kingdom under the Companies Act,
with operations in the UK, Poland and
Oman. Its shares are traded on AIM,
a sub-market of the London Stock
Exchange (‘AIM’).
Crossword Cybersecurity PLC
focuses on the development and
commercialisation of university
research-based cyber security and
risk management related software and
cyber security consulting. The Group’s
specialist cyber security product
development and software engineering
teams work with its university partners
to develop the research concept into a
fully-fledged commercial product that
it will then take to market. The Group’s
aim is to build up a portfolio of revenue
generating, intellectual property
based, cyber security products. Rizikon
Assurance, Crossword’s leading
product, is a SaaS platform that
enables medium to large companies
to assess and manage all risks from
their suppliers. Nixer CyberML, another
Crossword product, is a new tool for
businesses that want to solve advanced
security and cybercrime problems,
such as detecting and dealing with
compromised accounts, fraud, and
in-application denial of service attacks.
Identiproof, Crossword’s most recent
product, is the World Wide Web
Consortium (W3C) verifiable credentials
compatible middleware and wallet
technology. Trillion™ and Arc are the
latest additions to Crossword’s product
suite, offering some of the strongest
and most advanced credential leak
monitoring services in the market.
Crossword’s team of expert cyber
security consultants leverages years of
experience in national security, defence
and commercial cyber intelligence and
operations to provide bespoke cyber
security consulting advice tailored to
its clients’ business needs, including
threat monitoring using Nightingale,
our world class platform.
More details on the strategy, nature
of the Group’s operations and future
developments are set out in the
Strategic Report on pages 02 to 17.
Share capital and rights attaching
to the shares
The number of shares in issue as at
the date of publication of this report
was 74,957,150 (31 December 2020:
5,761,890 ordinary shares of 5 pence)
ordinary shares of 0.5 pence, each with
one vote.
In accordance with applicable laws and
the Company’s Articles of Association,
holders of ordinary shares are
entitled to:
• Receive shareholder documentation
including the notice of any general
meeting;
• Attend, speak and exercise voting
rights at general meetings, either in
person or by proxy; and
• A dividend, where declared and
paid out of profits available for such
purposes. On a return of capital on
a winding up, holders of ordinary
shares are entitled to participate in
such a return.
Articles of Association
The Company’s Articles of Association
can only be amended by special
resolution and are available at
https://www.crosswordcybersecurity.com
Engagement with employees
With the continuing growth in staff
numbers, the Directors recognise
the need to ensure excellence in
engagement with employees. Two
staff away days took place during 2019
with feedback from staff forming a
prioritised action plan.
Included was an action to ensure that
the Company’s culture is maintained
during its growth. To this effect, a
project to define the Company’s culture
was started. At the end of this project,
the Company was in a position to state
its values and expected behaviours. The
values were shared with all staff at an
away day in February 2020.
Engagement with charities was another
action from the away days. In 2020, the
Company supported two charities.
In Richmond, Surrey, the Company
is working with SPEAR, a charity for
people experiencing homelessness in
South West London. In Kraków, Poland,
the Company supported Noble Gift, a
charity which provides aid in the form
of Christmas gifts in response to the
actual needs of the recipients, providing
an impulse for change and motivation
for them to become independent and
take responsibility for their lives.
During 2021, Crossword continued to
support these charities.
More details are available on page 09.
Sustainability and climate change
The group does not need to comply
with SECR. The Directors take
their responsibilities relating to the
environment seriously and aim to
minimise the impact of the Company’s
activities on the environment.
35
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Directors’ Report & Statement of
Directors’ Responsibilities
CONTINUED
The key points of their strategy to
achieve this are:
• Minimise waste by evaluating
operations and ensuring they are as
efficient as possible;
• Minimise toxic emissions through
the selection and use of its power
requirement;
• Actively promote recycling;
• Source and promote a
product range to minimise the
environmental impact of both
production and distribution; and
• Meet or exceed all the
environmental legislation that
relates to the Company.
Powers of Directors
The Directors may exercise powers
subject to applicable legislation and
regulations and the Company’s Articles
of Association. The Directors in office
at the date of this Annual Report are
shown on pages 18 to 20.
Directors’ conflict of interest
The Board may authorise, to the fullest
extent permitted by law, any matter
which, if not so authorised, would or
may result in a Director infringing his
or her duty to avoid a situation in which
he/she can have a direct or indirect
interest that conflicts, or possibly
may conflict, with the interests of the
Company and which may reasonably
be regarded as likely to give rise to a
conflict of interest.
The Company has effective procedures
in place to monitor and deal with
conflicts of interest. The Board is
aware of the other commitments and
interests of its Directors, and changes
to these commitments and interests
are reported to and, where appropriate,
agreed with the rest of the Board.
Directors’ insurance and
indemnity
The Group maintains Directors’ and
Officers’ liability insurance which
gives appropriate cover for any legal
action brought against its Directors.
In accordance with Section 234 of
the Companies Act 2006, qualifying
third-party indemnity provisions are
in place for the Directors in respect of
liabilities incurred as a result of their
office to the extent permitted by law.
Purchase of own shares
The Company has not acquired any
of its own shares in the period to
31 December 2020, nor in the period up
to the date of approval of this Annual
Report.
Subsequent events
On the 14th March 2022, Crossword
Cybersecurity Plc acquired the whole
of the share capital of Threat Status
Limited, the threat intelligence
company and provider of Trillion™,
the cloud based software as a service
(SaaS) platform for enterprise-level
credential breach intelligence, for a
total consideration of £1,529,000.
Dividend
The Directors do not intend that the
Company will declare a dividend in the
near term, but instead channel the
available cash resources into funding
the expansion of the Group. The Board
intends to commence the payment
of dividends only when it becomes
commercially prudent to do so, having
regard to the Group’s earnings,
financial position, cash requirements
and availability of distributable profits,
as well as the provisions of relevant
laws and/or generally accepted
accounting principles from time to time.
Political donations
No political donations have been made
during this financial year.
Principal shareholder
Tom Ilube is the Company’s principal
shareholder, holding a total of 1,456,025
ordinary shares, representing 25.27% of
the voting rights attached to the current
issued share capital of the Company.
Of the 1,456,025 shares held, 1,325,581
shares are held by Tom Ilube directly
and 130,444 shares are held on his
behalf by Share Nominees Limited.
Annual General Meeting
The Annual General Meeting of the
Company will be held on the 5 May
2022 at 3.00 pm at the offices of
Shakespeare Martineau LLP, 6th Floor,
60 Gracechurch Street, London EC3V
0HR. The Notice of Meeting will be
available to view on the Company’s
website in advance of that meeting.
Approval of Directors’ Report
This Directors’ Report, including the
Corporate Governance Statement and
Strategic Report, was approved for and
on behalf of the Board on 13 April 2021.
STATEMENT OF
DIRECTORS’
RESPONSIBILITIES
IN RESPECT OF THE
ANNUAL REPORT
AND THE FINANCIAL
STATEMENTS
The Directors are responsible for
preparing the Annual Report and the
financial statements in accordance with
applicable law and regulations.
Company law requires the Directors
to prepare financial statements for
each financial year. Under that law,
the Directors have elected to prepare
the consolidated and parent company
financial statements in accordance with
International Accounting Standards as
adopted in the United Kingdom (“UK
adopted IFRS”). Under Company law,
the Directors must not approve the
36
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�DISCLOSURE OF
INFORMATION TO
THE AUDITOR
We, the Directors of the Company who
held office at the date of approval of
these financial statements as set out
above, each confirm, so far as we are
aware, that:
• There is no relevant audit
information of which the Company’s
Auditor is unaware; and
• We have taken all the steps that we
ought to have taken as Directors in
order to make ourselves aware of
any relevant audit information and
to establish that the Company’s
Auditor is aware of that information.
This Statement of Responsibilities and
the Directors’ Report were approved by
the Board on 13 April 2022.
TOM IIUBE
Chief Executive Officer
13 April 2022
Crossword Cybersecurity PLC
60 Gracechurch Street,
London EC3V 0HR
e: info@crosswordcybersecurity.com
twitter: @crosswordcyber
t: +44 (0)333 090 2587
financial statements unless they are
satisfied that they give a true and fair
view of the state of affairs and profit or
loss of the Group and parent company
for that period. In preparing the
financial statements, the Directors are
required to:
• Select suitable accounting policies
and then apply them consistently;
• Make judgements and accounting
estimates that are reasonable and
prudent;
• State whether applicable UK
adopted IFRS has been followed,
subject to any material departures
disclosed and explained in the
financial statements; and
• Prepare the financial statements
on the going concern basis, unless
it is inappropriate to presume that
the Group and parent company will
continue in business.
The Directors are responsible for
keeping adequate accounting records
that are sufficient to show and explain
the Group and parent company’s
transactions and disclose with
reasonable accuracy at any time the
financial position of the Group and
parent company and enable them to
ensure that the financial statements
and the Directors’ Remuneration
Report comply with the Companies
Act 2006. They are also responsible
for safeguarding the assets of the
Group and parent company and, hence,
for taking reasonable steps for the
prevention and detection of fraud and
other irregularities.
The Directors are responsible for
the maintenance and integrity of the
parent company’s website. Legislation
in the United Kingdom governing the
preparation and dissemination of
financial statements may differ from
legislation in other jurisdictions.
Responsibility Statement of the
Directors in respect of the Annual
Report and Accounts
The Directors consider that the Annual
Report and accounts, taken as a whole,
is fair, balanced and understandable and
provides the information necessary for
shareholders to assess the Group and
parent company’s position, performance,
business model and strategy.
Each of the Directors, whose names
and functions are listed in the
Corporate Governance Section confirm
to the best of our knowledge, that:
• The parent company and Group
financial statements, prepared
in accordance with International
Financial Reporting Standards in
conformity with the requirements
of the Companies Act 2006, give
a true and fair view of the assets,
liabilities, financial position and
profit or loss of the Company and
the undertakings included in the
consolidation as a whole;
• The Annual Report includes a fair
review of the development and
performance of the business and
the position of the Company and
the undertakings included in the
consolidation taken as a whole,
together with a description of the
principal risks and uncertainties
that they face;
• The Annual Report and accounts,
taken as a whole, is fair, balanced
and understandable and provides
the information necessary for the
shareholders to assess the Group
and parent company’s position,
performance, business model and
strategy; and
• The Strategic Report includes a
fair review of the development
and performance of the business
and the position of the Group and
parent company, together with a
description of the principal risks
and uncertainties that it faces.
37
GOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORTwww.crosswordcybersecurity.com�Independent Auditor’s Report
To the Members of Crossword Cybersecurity PLC
For the purpose of this report, the terms “we” and “our” denote MHA MacIntyre Hudson in relation to UK legal, professional
and regulatory responsibilities and reporting obligations to the members of Crossword Cybersecurity plc. For the purposes
of the table on pages 39 to 40 that sets out the key audit matters and how our audit addressed the key audit matters, the
terms “we” and “our” refer to MHA MacIntyre Hudson. The Group financial statements, as defined below, consolidate the
accounts of Crossword Cybersecurity plc and its subsidiaries (the “Group”). The “Parent Company” is defined as Crossword
Cybersecurity plc. The relevant legislation governing the Parent Company is the United Kingdom Companies Act 2006
(“Companies Act 2006”).
OPINION
We have audited the financial statements of Crossword Cybersecurity plc for the year ended 31 December 2021. The financial
statements that we have audited comprise:
• Consolidated Statement of Comprehensive Income;
• Statements of Financial Position;
• Statements of Changes in Equity;
• Statements of Cashflows;
• Notes 1 to 29 to the financial statements, including significant accounting policies.
The financial reporting framework that has been applied in their preparation is applicable law and UK adopted international
financial reporting standards.
In our opinion, the financial statements:
• give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 31 December 2021 and the
group’s loss for the year then ended;
• have been properly prepared in accordance with UK adopted international financial reporting standards; and
• have been prepared in accordance with the requirements of the Companies Act 2006.
BASIS FOR OPINION
We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our
responsibilities under those standards are further described in the auditor’s responsibilities for the audit of the financial
statements section of our report. We are independent of the group in accordance with the ethical requirements that are
relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities,
and we have fulfilled our ethical responsibilities in accordance with these requirements. We believe that the audit evidence we
have obtained is sufficient and appropriate to provide a basis for our opinion.
MATERIAL UNCERTAINTY RELATE TO GOING CONCERN
We draw your attention to note 1.3 of the financial statements, which indicates that for the Group and Parent to continue as a
going concern they will require fundraising in 2022 to support the cash flow requirement of the Group’s business model, aims
for growth and the contractual repayment of £1.4M convertible loan notes which mature in December 2022. As stated in note
1.3, these events or conditions, along with the other matters as set forth in note 1.3, indicate that a material uncertainty exists
that may cast significant doubt on the Group and Parent Company’s ability to continue as a going concern. Our opinion is not
modified in respect of this matter.
In auditing the financial statements, we have concluded that the directors’ use of the going concern basis of accounting in the
preparation of the financial statements is appropriate. Our evaluation of the directors’ assessment of the entity’s ability to
continue to adopt the going concern basis of accounting included:
• The consideration of inherent risks to the group’s operations and specifically its business model.
• The evaluation of how those risks might impact on the group’s available financial resources.
38
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�• Where additional resources may be required the reasonableness and practicality of the assumptions made by the Directors
when assessing the probability and likelihood of those resources becoming available.
• Liquidity considerations including examination of cash flow projections.
• Solvency considerations including examination of budgets and forecasts and their basis of preparation, including review and
assessment of the model’s mechanical accuracy and the reasonableness of assumptions included within.
• Consideration of availability of funds required to settle funding facilities due for repayment during the going concern
review period. Assessing the reasonableness and practicality of the mitigation measures identified by management in their
conservative case scenario and considered by them in arriving at their conclusions about the existence of any uncertainties
in respect of going concern.
Our responsibilities and the responsibilities of the directors with respect to going concern are described in the relevant
sections of this report.
OVERVIEW OF OUR AUDIT APPROACH
Materiality
Group
2021
£100,000
2020
£77,000
2% of aggregate of cost of sales and administrative expenses
Parent company
£99,000
£76,000
2% of aggregate of cost of sales and administrative expenses reduced to
below group materiality
Key Audit Matters
Event driven
Recurring Parent
• Accounting for the business combinations
• Valuation of investment and non-current loans to its subsidiaries
KEY AUDIT MATTERS
Key Audit Matters are those matters that, in our professional judgement, were of most significance in our audit of the financial
statements of the current period and include the most significant assessed risks of material misstatement (whether or not due
to fraud) that we identified. These matters included those matters which had the greatest effect on:
•
•
the overall audit strategy;
the allocation of resources in the audit; and
• directing the efforts of the engagement team and our results from those procedures.
These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion
thereon, and we do not provide a separate opinion on these matters.
39
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�Independent Auditor’s Report CONTINUED
To the Members of Crossword Cybersecurity PLC
ACCOUNTING FOR THE BUSINESS COMBINATIONS
Key audit matter
description
Business combinations in the year are material to the Croup and Parent Company financial
statements. Business combinations must be accounted for in accordance with IFRS 3 ‘Business
combinations’ which requires management to fair value the consideration payable, and account for
the fair value of identifiable assets and liabilities acquired and the resultant determination of any
goodwill arising from the business combinations.
How the scope of our
audit responded to the
key audit matter
These estimates give rise to the risk of material misstatement relating to the accounting of Business
Combinations and have been the focus our audit enquiry relating to the accounting of the Business
Combinations in the year.
Our procedures included:
• A detailed review of the discount rate applied to determining the fair value of deferred and
contingent consideration and the fair value of assets acquired in the business combinations.
• We challenged management whether they had recognised all assets and liabilities that should
have been recorded as part of the business combination.
• We reviewed the computation of the accounting of the Business Combination in determining the
amount recognised as goodwill.
• We reviewed and challenged management’s assumptions used to determine the level of
contingent consideration.
Key observations
• Ensured that the disclosures in the financial statements are adequate.
We concluded that the business combinations were correctly accounted for and disclosed in
accordance with the requirements of IFRS 3.
VALUATION OF INVESTMENT AND NON-CURRENT LOANS TO ITS SUBSIDIARIES
Key audit matter
description
The Parent Company makes non-interest-bearing loans available to its subsidiary Crossword
Consulting Limited through a mix of debt finance and loans. The investment and loans owed to the
Parent Company have been subject to an impairment review to determine whether an expected credit
loss provision is required. As no interest is charged on these loans then a notional interest is assumed
to be embedded in the principal amount of the loan which is computed and treated as a further capital
contribution by the Parent Company in its subsidiary, Crossword Consulting Limited.
Our procedures included:
• Challenged management’s allocation of the financing arrangement between a capital contribution
and loans in the subsidiary.
• Challenged management’s assessment of expected credit losses.
• Benchmarked the discount rate used in management’s assessment.
• Reviewed and checked management’s amortised cost calculations.
• Considered management’s assessment of the strategy options which the Parent Company would
pursue in recovering the amounts due from the subsidiary.
• Reviewed management’s assessment as to the impairment of the Parent Company’s investment in
its subsidiary, Crossword Consulting Limited.
• Ensured that the disclosures in the financial statements are adequate.
We concluded that the financing arrangement at Parent Company level was correctly classified
between capital contribution and loans due from its subsidiary and that the carrying amounts
exceeded the recoverable amount and no impairment was required of these non-current assets at the
Parent Company level.
How the scope of our
audit responded to the
key audit matter
Key observations
40
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�OUR APPLICATION OF MATERIALITY
Our definition of materiality considers the value of error or omission on the financial statements that, individually or in
aggregate, would change or influence the economic decision of a reasonably knowledgeable user of those financial statements.
Misstatements below these levels will not necessarily be evaluated as immaterial as we also take account of the nature of
identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial
statements as a whole. Materiality is used in planning the scope of our work, executing that work, and evaluating the results.
Materiality in respect of the group was set at £100,000 (2020: £77,000) which was determined based on 2% of aggregate of cost
of sales and administrative expenses in both years. This was deemed to be the most appropriate metric for materiality as this
is primarily what the users of the financial statements are concerned with.
Performance materiality is the application of materiality at the individual account or balance level, set at an amount to
reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds
materiality for the financial statements as a whole.
Performance materiality for the group was set at £85,000 (2020: £65,500) which represents 85% (2020: 85%) of the above
materiality level.
The determination of performance materiality reflects our assessment of the risk of undetected errors existing, the nature of
the systems and controls and the level of misstatements arising in previous audits.
Materiality in respect of the Parent Company was set at £99,000 (2020: £76,000) which was determined based on 2% of the
Parent Company’s aggregate of costs of sales and administrative expenses reduced to below group materiality. Performance
materiality for the Parent Company was set at £84,150 (2020: £64,600) which represents 85% (2020: 85%) of the above
materiality level.
In addition, we applied the following materiality to the audit of specific financial statement areas:
• Related Party transactions and disclosure
£5,000
We agreed to report any corrected or uncorrected adjustments exceeding £5,000 to the Audit Committee as well as differences
below this threshold that in our view warranted reporting on qualitative grounds.
OTHER INFORMATION
The other information comprises the information included in the annual report other than the financial statements and our
auditor’s report thereon. The directors are responsible for the other information contained within the annual report. Our
opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated
in our report, we do not express any form of assurance conclusion thereon. Our responsibility is to read the other information
and, in doing so, consider whether the other information is materially inconsistent with the financial statements, or our
knowledge obtained in the course of the audit, or otherwise appears to be materially misstated. If we identify such material
inconsistencies or apparent material misstatements, we are required to determine whether this gives rise to a material
misstatement in the financial statements themselves. If, based on the work we have performed, we conclude that there is a
material misstatement of this other information, we are required to report that fact.
We have nothing to report in this regard.
41
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�Independent Auditor’s Report CONTINUED
To the Members of Crossword Cybersecurity PLC
OPINIONS ON OTHER MATTERS PRESCRIBED BY THE COMPANIES ACT 2006
In our opinion, based on the work undertaken in the course of the audit:
•
the information given in the strategic report and the directors’ report for the financial year for which the financial
statements are prepared is consistent with the financial statements; and
•
the strategic report and the directors’ report have been prepared in accordance with applicable legal requirements.
MATTERS ON WHICH WE ARE REQUIRED TO REPORT BY EXCEPTION
In the light of the knowledge and understanding of the group and the Parent Company and their environment obtained in the
course of the audit, we have not identified material misstatements in the strategic report or the directors’ report.
We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report
to you if, in our opinion:
• adequate accounting records have not been kept by the Parent Company, or returns adequate for our audit have not been
received by branches not visited by us; or
•
the Parent Company financial statements are not in agreement with the accounting records and returns; or
• certain disclosures of directors’ remuneration specified by law are not made; or
• we have not received all the information and explanations we require for our audit.
RESPONSIBILITIES OF DIRECTORS
As explained more fully in the directors’ responsibilities statement, the directors are responsible for the preparation of the
financial statements and for being satisfied that they give a true and fair view, and for such internal control as the directors
determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether
due to fraud or error. In preparing the financial statements, the directors are responsible for assessing the Group and Parent
Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the
going concern basis of accounting unless the directors either intend to liquidate the group or the Parent Company or to cease
operations, or have no realistic alternative but to do so.
AUDITOR’S RESPONSIBILITIES FOR THE AUDIT OF THE FINANCIAL STATEMENTS
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material
misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance
is a high level of assurance but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a
material misstatement when it exists.
Misstatements can arise from fraud or error and are considered material if, individually or in aggregate, they could reasonably
be expected to influence the economic decisions of users taken on the basis of these financial statements.
Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with
our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud.
Because of the inherent limitations of an audit, there is a risk that we will not detect all irregularities, including those leading
to a material misstatement in the financial statements or non-compliance with regulation. This risk increases the more that
compliance with a law or regulation is removed from the events and transactions reflected in the financial statements, as we
will be less likely to become aware of instances of non-compliance. The risk is also greater regarding irregularities occurring
due to fraud rather than error, as fraud involves intentional concealment, forgery, collusion, omission or misrepresentation.
42
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�The specific procedures for this engagement and the extent to which these are capable of detecting irregularities, including
fraud is detailed below:
• Obtaining an understanding of the legal and regulatory frameworks that the Group operates in, focusing on those laws and
regulations that had a direct effect on the financial statements. The key laws and regulations we considered in this context
included the UK Companies Act 2006, AIM regulations and applicable tax legislation. In addition, we considered compliance
with the UK Bribery Act and employee legislation, as fundamental to the Group’s operations.
• Enquiry of management to identify any instances of non-compliance with laws and regulations.
• Enquiry of management around actual and potential litigation and claims.
• Review of legal expenses incurred during the year and post year end to identify potential actual or contingent liabilities in
existence as at the year end.
• Enquiry of management to identify any instances of known or suspected instances of fraud.
• Discussing among the engagement team regarding how and where fraud might occur in the financial statements and any
potential indicators of fraud.
• Reviewing minutes of those charged with governance.
• Review of revenue recognition policies adopted and substantive testing of revenue transactions.
• Performing audit work over the risk of management override of controls, including testing of journal entries and other
adjustments for appropriateness, evaluating the business rationale of significant transactions outside the normal course of
business, and reviewing accounting estimates for bias; and
• Challenging assumptions and judgements made by management in their significant accounting estimates, in particular
with respect to the fair value of options granted to employees, accounting for business combinations, and consideration of
the valuation of the investment and non-current loans to subsidiaries.
A further description of our responsibilities for the financial statements is located on the FRC’s website at:
www.frc.org.uk/auditorsresponsibilities
This description forms part of our auditor’s report.
USE OF OUR REPORT
This report is made solely to the Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act
2006. Our audit work has been undertaken so that we might state to the Company’s members those matters we are required
to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or
assume responsibility to anyone other than the Company and the Company’s members as a body, for our audit work, for this
report, or for the opinions we have formed.
ANDREW MOYSER FCA FCCA
(Senior Statutory Auditor)
for and on behalf of MHA MacIntyre Hudson, Statutory Auditor
London, United Kingdom
13 April 2022
43
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�Consolidated Financial Statements
for Crossword Cybersecurity PLC company number 08927013
CONSOLIDATED STATEMENT OF COMPREHENSIVE INCOME
12 Months
ended
31 December
2021
2,171,137
(1,957,178)
213,959
12 Months
ended
31 December
2020
1,627,611
(1,582,194)
45,416
Notes
2
3
3,4
(3,260,139)
(2,320,675)
6
7
22
358,727
4,956
(220,545)
456,803
(2,446,239)
209,647
(3,205)
(204,679)
–
(2,273,497)
9
172,615
(4,840)
(2,273,624)
(2,278,336)
(13,220)
(13,220)
9,595
9,595
(2,286,844)
(2,268,741)
(2,229,296)
(44,328)
(2,273,624)
(2,249,707)
(28,629)
(2,278,336)
(2,242,516)
(44,328)
(2,286,844)
(2,240,112)
(28,629)
(2,268,741)
20
(0.03)
(0.03)
(0.05)
(0.05)
Revenue
Cost of Sales
Gross Profit
Administrative expenses
Other operating income
Finance income-bank interest income and foreign exchange
Finance costs-other interest expense
Gain on revaluation of financial assets
Loss for the year before taxation
Tax credit / (expense)
Loss for the Year
Other Comprehensive Income
Items that may be reclassified to profit or loss:
Foreign exchange translation Gain / (Loss)
Other Comprehensive Income
Total Comprehensive Loss
Loss for the period attributable to:
Owners of the parent
Non-controlling interests
Total Loss for the Year
Total comprehensive loss for the period attributable to:
Owners of the parent
Non-controlling interests
Total Comprehensive Loss
Loss Per Share (basic)*
Loss Per Share (diluted)
All results are derived from continuing operations
* 2020 Loss per share was re-stated following share split in 2021
44
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�STATEMENTS OF FINANCIAL POSITION AS AT 31 DECEMBER
Group
2021
£
Group
2020
£
Company
2021
£
Company
2020
£
Notes
Non-Current Assets
Intangible assets
Tangible assets
Investments in subsidiaries
Goodwill
Unlisted investment
Intercompany receivable greater than one year
Total non-current assets
Current Assets
Trade and other receivables
Cash and cash equivalents
Total current assets
TOTAL ASSETS
EQUITY
Attributable to the owners of the Company
Share Capital
Share premium account
Other reserves
Retained earnings
Translation of foreign operations
Attributable to owners of the parent
Non-controlling interests
Total equity
LIABILITIES
Current Liabilities
Trade and other payables
Other current liabilities
Total current liabilities
Long Term Liabilities
Other non-current liabilities
Total long term liabilities
Total Liabilities
Total Equity & Liabilities
11
12
14
10
13
15
19
19
21
16
17
18
1,103,679
5,460
-
875,277
456,834
-
2,441,250
-
70,064
-
-
31
-
70,095
521,603
-
1,637,518
-
456,834
918,206
3,534,161
-
38,392
458,164
-
31
653,316
1,149,902
1,066,076
3,373,062
4,439,138
6,880,388
497,912
958,341
1,456,253
1,526,348
838,622
3,106,817
3,945,439
7,479,600
275,680
824,667
1,100,347
2,250,249
374,786
14,971,221
240,310
(11,827,351)
(14,992)
3,743,974
(139,127)
3,604,847
256,605
8,518,391
181,618
374,786
14,971,221
240,310
(9,598,055) (10,800,700)
-
4,785,617
-
4,785,617
(1,772)
(643,213)
(94,799)
(738,012)
256,605
8,518,391
181,618
(8,835,874)
-
120,740
-
120,740
1,413,658
1,368,638
2,782,296
929,038
-
929,038
1,049,960
1,351,471
2,401,431
794,187
-
794,187
493,245
493,245
1,335,322
1,335,322
292,552
292,552
1,335,322
1,335,322
3,275,541
6,880,388
2,264,360
1,526,348
2,693,983
7,479,600
2,129,509
2,250,249
The company’s loss for the year was £1,964,825 (2020: £1,921,160).
The financial statements were approved by the Board and authorised for issue on 13 April 2022. They were signed on its behalf
by
TOM ILUBE
Chief Executive Officer
45
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�STATEMENTS OF CHANGES IN EQUITY
Group 2021
£
At 1 January
Issue of shares
Transaction costs
Employee share schemes -
value of employee services
Loss for the period
Other comprehensive loss
for the period
At 31 December
Group 2020
At 1 January
Issue of shares
Transaction costs
Employee share schemes -
value of employee services
Transfer on issue of shares
to non-controlling interest
Gain from issue of shares
to non-controlling interest
Loss for the period
Other comprehensive loss
for the period
At 31 December
Company 2021
£
At 1 January
Issue of shares
Transaction costs
Employee share schemes -
value of employee services
Loss for the period
At 31 December
Company 2020
At 1 January
Issue of shares
Transaction costs
Employee share schemes -
value of employee services
Loss for the period
At 31 December
Share Capital
256,605
118,181
–
Share
Premium
8,518,391
6,770,954
(318,124)
Equity
Reserve
181,618
–
–
Retained
Earnings
(9,598,056)
–
–
Translation
Reserve
(1,772)
–
–
Non-
controlling
interests
(94,799)
–
–
Total
(738,012)
6,889,135
(318,124)
–
–
–
–
58,692
–
–
(2,229,296)
–
–
–
(44,328)
58,692
(2,273,624)
–
374,786
–
14,971,221
–
240,310
–
(11,827,351)
(13,220)
(14,992)
–
(139,127)
(13,220)
3,604,847
234,061
22,543
–
7,515,744
1,021,108
(18,461)
128,826
–
–
(7,428,818)
–
–
(11,367)
–
–
–
–
–
–
–
–
–
–
52,792
–
–
–
–
66,169
14,300
(2,249,707)
–
–
–
–
–
–
–
–
438,447
1,043,651
(18,461)
52,792
(66,169)
–
–
(28,629)
14,300
(2,278,336)
–
256,605
–
8,518,391
–
181,618
(9,598,056)
9,595
(1,772)
–
(94,799)
9,595
(738,012)
Share Capital
256,605
118,181
–
Share
Premium
8,518,391
6,770,954
(318,124)
Equity
Reserve
181,618
–
–
Retained
Earnings
(8,835,874)
–
–
Translation
Reserve
–
–
–
Non-
controlling
interests
–
–
–
–
–
374,786
–
–
14,971,221
58,692
–
240,310
–
(1,964,825)
(10,800,699)
234,061
22,543
–
–
–
256,605
7,515,744
1,021,108
(18,461)
128,826
–
–
(6,914,714)
–
–
–
–
8,518,391
52,792
–
181,618
–
(1,921,160)
(8,835,874)
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Total
120,740
6,889,135
(318,124)
58,692
(1,964,825)
4,785,618
963,917
1,043,651
(18,461)
52,792
(1,921,160)
120,740
46
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�STATEMENTS OF CASHFLOWS
Years
Loss for the year / period
Cashflows From Operating Activities
Movement in trade and other receivables
Movement in trade and other payables
Depreciation
Amortisation
Finance Costs
Gain on measurement of financial assets
Employee share schemes
Tax (credit) / expense
Tax paid
Net Cashflow from Operating Activities
Cashflow From Investing Activities
Investment in intangible assets
Purchase of tangible assets
Acquisition of subsidiaries, net of cash acquired
Net Cashflow from Investing Activities
Cashflows From Financing Activities
Proceeds from issue of ordinary shares
Share issuance costs
Interest paid on convertible loan notes
Proceeds from issue of shares in subsidiary to non-controlling
interests
Interest paid
Payments for right of use assets
Net Cash Inflow from Financing Activities
12 Months
ended
31 December
Group
2021
£
(2,273,624)
12 Months
ended
31 December
Group
2020
£
(2,278,336)
12 Months
ended
31 December
Company
2021
£
(1,964,825)
12 Months
ended
31 December
Company
2020
£
(1,921,160)
Notes
3
3
7
22
4
9
11
12
10
(412,005)
86,231
66,243
37,881
220,545
(456,803)
58,692
(172,615)
(5,396)
(2,850,851)
128,385
457,260
10,740
139,697
204,681
–
52,792
4,840
(4,840)
(1,284,780)
(837,873)
40,374
38,392
9,931
138,742
(456,803)
58,692
–
–
(2,973,370)
450,691
(265,054)
7,774
98,478
200,844
–
52,792
–
–
(1,375,635)
(183,796)
–
(645,390)
(829,186)
–
(2,001)
–
(2,001)
(183,796)
–
(700,000)
(883,796)
–
–
–
–
6,639,135
(318,124)
(168,000)
1,043,651
(18,461)
(168,000)
6,639,135
(318,124)
(168,000)
1,043,651
(18,461)
(168,000)
–
(1,638)
(43,734)
6,107,639
14,300
(1,592)
(148,536)
721,362
–
(186)
(13,507)
6,139,319
–
(460)
(108,513)
748,217
Net Increase in Cash & Cash Equivalents
Foreign Currency Translation Difference
Cash and Cash Equivalent at the beginning of the period
Cash and Cash Equivalent at the end of the period
2,427,602
(12,881)
958,341
3,373,062
(565,419)
9,595
1,514,166
958,341
2,282,149
-
824,667
3,106,816
(627,418)
-
1,452,085
824,667
47
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�NOTES TO THE FINANCIAL INFORMATION
1. ACCOUNTING POLICIES
1.1 The Group and its operations
Crossword Cybersecurity plc (the “Company”) is a Company
incorporated on 6 March 2014 in England and Wales under
the Companies Act 2006. The Company is the parent company
of the Crossword Group of Companies focusing on the cyber
security sector. The principal activities are the development
and commercialisation of university research-based cyber
security related software and cyber security consulting.
The financial information includes the results of the Company
and its subsidiaries (together referred to as the “Group” and
individually as “Group entities”).
The principal accounting policies applied in the preparation
of the financial information are set out below. These policies
have been consistently applied to all the periods presented,
unless otherwise stated.
1.2 Basis of preparation of financial information
The financial information has been prepared in accordance
with the requirements of the London Stock Exchange plc AIM
Rules for Companies and in accordance with International
Financial Reporting Standards as adopted in the United
Kingdom (“UK adopted IFRS”) and those parts of the
Companies Act 2006 applicable to companies reporting in
accordance with UK adopted IFRS.
The financial information has been prepared on the historical
cost basis. The preparation of financial information in
conformity with UK adopted IFRS requires the use of certain
critical accounting estimates. It also requires management to
exercise its judgement in the process of applying the Group’s
accounting policies. Changes in assumptions may have a
significant impact on the financial information in the year
the assumptions changed. Management believes that the
underlying assumptions are appropriate. The areas involving
a higher degree of judgement or complexity, or areas where
assumptions and estimates are significant to the financial
information are disclosed in note 1.21.
Changes in accounting policy and disclosures
There were no changes in the accounting policy and
disclosures in the current financial year.
At the year end, the following standards and interpretations
which have not been applied in these financial statements
were in issue but not yet effective. The group is considering
their impact but do not expect a material on the future results
of the Group.
New standards, interpretations and amendments
adopted in current period
The following new standards or amendments to existing
standards were applicable for the first time and have not had
an impact on the financial statements.
Amendments to IFRS 9, IAS 39, IFRS 7, IFRS 4 and IFRS
16 Interest Rate Benchmark Reform – Phase 2 (issued in
August 2020)
The amendments are aimed at helping companies to provide
investors with useful information about the effects of the
reform of interest rate benchmarks on those companies’
financial statements.
The amendments complement those issued in 2019 and
focus on the effects on financial statements when a company
replaces the old interest rate benchmark with an alternative
benchmark rate as a result of the reform. The Phase 2
amendments relate to:
• changes to contractual cash flows – a company will not
have to derecognise or adjust the carrying amount of
financial instruments for changes required by the reform,
but will instead update the effective interest rate to reflect
the change to the alternative benchmark rate;
• hedge accounting – a company will not have to
discontinue its hedge accounting solely because it makes
changes required by the reform, if the hedge meets other
hedge accounting criteria; and
• disclosures – a company is required to disclose information
about new risks arising from the reform and how it manages
the transition to alternative benchmark rates.
The Group has not had a material impact on its consolidated
financial statements from these amendments.
New standards, interpretations and amendments not
yet adopted
The Group adopt early the following amendments to
standards which are not yet mandatory.
IFRS 17 Insurance Contracts (including the June 2020
Amendments to IFRS 17, effective from 1 January 2023)
Amendments to IFRS 3 Business Combinations – Reference
to the Conceptual Framework (effective from 1 January 2022)
Amendments to IAS 16 Property, Plant and Equipment –
Proceeds before Intended Use (effective from 1 January 2022).
Amendments to IAS 8 Accounting Policies, Changes in
Accounting Estimates and Errors – Definition of Accounting
Estimates (effective 1 January 2023).
48
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�Amendments to IAS 1 Presentation of Financial Statements
and IFRS Practice Statement 2: Disclosure of Accounting
policies (effective 1 January 2023).
Amendments to IAS 12 Income Taxes – Deferred Tax related
to Assets and Liabilities arising from a Single Transaction
(effective 1 January 2023).
Amendments to IAS 1 Presentation of Financial Statements
– Classification of Liabilities as Current or Non-current
(effective 1 January 2024).
1.3 Going Concern
The financial information has been prepared on a going
concern basis. The Group’s business model has been
enhanced following the two acquisitions in 2021 and a
further acquisition in early 2022. The Group’s operations
have incurred a loss in the financial year whilst the Group’s
products and services continue to be enhanced, developed
and brought to market. The Directors forecast in 2022 show a
trading loss with net cash outflows as the business continues
to develop and enhance its products and services and grows
revenue. In 2021, the Groups operations have been supported
by cash inflows from customers and from the issue of £6.3m
equity net of costs during 2021.
The Directors have considered the Group’s future and
forecast business and cash requirements. Following the
completion of successful fundraises in 2021, the Directors
have determined that the group wants to continue to expand,
potentially through future acquisitions, which will require a
further fund raise in 2022.
In December 2022, the £1.4m convertible loan notes
mature and will either be converted to equity, repaid, or re-
negotiated. The outcome of the settlement of the convertible
loan notes is uncertain but may require further finance for
repayment of the debt.
Whilst the Group has £3.4m as cash and cash equivalent at
31 December 2021, on 14 March 2022, the Group acquired
another acquisition for a total consideration of £1.5m.
The Directors have concluded that these circumstances
could give rise to a material uncertainty arising from events
or conditions that may cast significant doubt on the entity’s
ability to continue as a going concern if a further fund raise
was unsuccessful. However, considering recent successful
fund raises the Directors are confident that they can continue
to adopt the going concern basis in preparing the financial
statements.
The financial statements do not include any adjustment
that may arise in the event that the Group is unable to raise
finance, realise its assets and discharge its liabilities in the
normal course of business.
1.4 Basis of consolidation
Subsidiaries are fully consolidated from the date on which
control is transferred to the Group. Control exists when then
the Group has:
−
−
−
the power over the investee;
exposure, or rights, to variable returns from its
involvement with the investee; and
the ability to use its power over the investee to affect the
amount of the investor’s returns.
All intra-Group transactions balances income and expenses
are eliminated on consolidation. Uniform accounting policies
are applied by the Group entities to ensure consistency.
1.5 Revenue
Revenue comprises the fair value of consideration received or
receivable for licence income and the rendering of services
in the ordinary course of the Group’s activities. Revenue is
shown net of value added tax and trade discounts. Income is
reported as follows:
(a) Licence income
Technology and product licensing revenue represents
amounts earned for licences granted under licensing
agreements and recognized over time. Revenues relating
to up-front payments are recognised when the obligations
related to the revenues have been completed.
Revenues for maintenance and support services are
recognised in the accounting periods in which the services
are rendered.
(b) Rendering of Services
Services relate to implementation and deployment fees
for the technology and products licensed to customers.
Revenue is recognised in the accounting periods in which
the services are rendered.
(c) Consulting
Consulting revenue is recognised when the performance
obligation is met, primarily at a point of time. Contracts
are structured to support the revenue recognition process
by stating what the objectives and deliverables are for
each part of the project, and the revenue attributable to
each deliverable
1.6 Functional and presentation currency
The presentation currency of the Group is pounds sterling
(GBP). The functional currency of the Company is pounds
sterling. The functional currency of the Company’s polish
subsidiary is Polish Zloty (PLN).
49
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT
�1. ACCOUNTING POLICIES CONTINUED
1.7 Business combinations
The acquisition of subsidiaries is accounted for using the
acquisition method. The cost of the acquisition is measured
as the aggregate of the fair values, at the date of exchange,
of assets given, liabilities incurred or assumed, and equity
instruments issued by the Group in exchange for control of
the acquiree. Acquisition related costs are recognised in the
income statement as incurred.
Any contingent consideration to be transferred by the Group
is recognised at fair value at the acquisition date. Subsequent
changes to the fair value of the contingent consideration
that is deemed to be an asset or liability is recognised in the
consolidated income statement. Contingent consideration
that is classified as equity is not remeasured, and its
subsequent settlement is accounted for within equity.
Goodwill arising on acquisition is recognised as an asset and
initially measured at cost, being the excess of the cost of the
business combination over the Group’s interest in the net
fair value of the identifiable assets, liabilities and contingent
liabilities recognised. For the purpose of impairment testing,
goodwill acquired in a business combination is, from the
acquisition date, allocated to the cash generating unit
(“CGU”) that is expected to benefit from the synergies of
the combination. CGU to which goodwill has been allocated
is tested for impairment annually, or more frequently
when there is an indication that the unit may be impaired.
Any impairment loss is recognised directly in the income
statement.
1.8 Foreign operations
The assets and liabilities of foreign operations are translated
into Pound sterling using the exchange rates at the reporting
date. The revenues and expenses of foreign operations are
translated into Pound sterling using the average exchange
rates, which approximate the rates at the dates of the
transactions, for the period.
All resulting foreign exchange differences are recognised in
other comprehensive income through the foreign currency
reserve in equity.
On disposal of a foreign operation, the cumulative exchange
differences recognised in the foreign exchange reserve
relating to that operation up to the date of disposal are
transferred to the consolidated statement of comprehensive
income as part of the profit or loss on disposal.
1.9 Intangible assets – research and development
Expenditure on research is written off in the period in which it
is incurred.
Development expenditure incurred on specific projects is
capitalised where the management is satisfied that the
following criteria have been met:
•
it is technically feasible to complete the software product
so that it will be available for use;
• management intends to complete the software product
and use or sell it;
•
•
there is an ability to use or sell the software product;
it can be demonstrated how the software product will
generate probable future economic benefits;
• adequate technical, financial and other resources to
complete the development and to use or sell the software
product are available; and
•
the expenditure attributable to the software product
during its development can be reliably measured.
Directly attributable costs that are capitalised as part of the
software product include the software development employee
costs and an appropriate portion of relevant overheads.
Other development expenditure that does not meet these
criteria is recognised as an expense as incurred.
1.10 Property, plant and equipment
Property, plant and equipment is stated at purchase price
less accumulated depreciation and impairment losses. The
cost includes all expenses directly related to the purchase of
a relevant asset.
All other repair and maintenance costs are charged to the
income statement for the period during the reporting period
in which they are incurred.
1.11 Depreciation and amortisation
Each item of property, plant and equipment is depreciated
using the straight-line method over the estimated useful life
and depreciation charge is included in the income statement
for the period.
The depreciation is charged to the income statement for the
period and determined using the straight-line method over
the estimated useful life of the item of property, plant and
equipment.
50
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�The expected useful lives of property, plant and equipment in
the reporting and comparative periods are as follows:
Computers
Furniture & fittings
Useful lives in years
3.33
3.33
Computer software development expenditure recognised
as assets is amortised on a straight-line basis over their
estimated useful lives, which does not exceed 5 years.
1.12 Impairment of non-financial assets
The residual value of an asset is the estimated amount that the
Group would currently obtain from disposal of the asset less
the estimated costs of disposal, if the asset was already of the
age and in the condition expected at the end of its physical life.
The assets’ residual values and useful lives are reviewed, and
adjusted if appropriate, at each reporting date.
At the end of each reporting period management assesses
whether the indicators of impairment of property, plant and
equipment exists.
The carrying amounts of property, plant and equipment and
all other non-financial assets are reviewed for impairment if
there is any indication that the carrying amount may not be
recoverable.
For the purpose of impairment testing the recoverable
amount is measured by reference to the higher of value in
use (being the net present value of expected future cashflows
of a relevant cash generating unit) and fair value less costs
to sell (the amount obtainable from the sale of an asset or
cash generating unit in an arm’s length transaction between
knowledgeable, willing parties who are independent from
each other less the costs of disposal).
Where there is no binding sale agreement or active market,
fair value less costs to sell is based on the best information
available to reflect the amount the Group would receive for
the cash generating unit.
A cash generating unit is the smallest identifiable group
of assets that generates cash inflows that are largely
independent of the cash inflows from other assets or groups
of assets.
If the carrying amount of the asset exceeds its recoverable
amount, the asset is impaired and an impairment loss
is charged to the income statement so as to reduce the
carrying amount in the statement of financial position to its
recoverable amount.
A previously recognised impairment loss is reversed if the
recoverable amount increases as a result of a reversal of the
conditions that originally resulted in the impairment.
This reversal is recognised in profit or loss for the period
and is limited to the carrying amount that would have been
determined, net of depreciation, had no impairment loss been
recognised in prior years.
1.13 Financial Instruments
Financial assets and financial liabilities are recognised when
the Company becomes a party to the contractual provisions of
the instrument.
Financial assets and financial liabilities are initially measured
at fair value. Transaction costs that are directly attributable
to the acquisition or issue of financial assets and financial
liabilities (other than financial assets and financial liabilities
at fair value through profit or loss) are added to or deducted
from the fair value of the financial assets or financial
liabilities, as appropriate, on initial recognition. Transaction
costs directly attributable to the acquisition of financial
assets or financial liabilities at fair value through profit or
loss are recognised immediately in profit or loss.
All financial instruments are classified in accordance with the
principles of IFRS 9 Financial Instruments.
1.13 (a) Financial assets
Classification of financial assets
Debt instruments that meet the following conditions are
subsequently measured at amortised cost:
•
•
the financial asset is held within a business model whose
objective is to hold financial assets in order to collect
contractual cash flows; and
the contractual terms of the financial asset give rise on
specified dates to cash flows that are solely payments of
principal and interest on the principal amount outstanding.
Debt instruments that meet the following conditions are
subsequently measured at FVTOCI:
•
•
the financial asset is held within a business model whose
objective is achieved by both collecting contractual cash
flows and selling the financial assets; and
the contractual terms of the financial asset give rise on
specified dates to cash flows that are solely payments
of principal and interest on the principal amount
outstanding.
By default, all other financial assets are subsequently
measured at FVTPL.
Amortised cost and effective interest method
The effective interest method is a method of calculating the
amortised cost of a debt instrument and of allocating interest
income over the relevant period.
51
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT
�1. ACCOUNTING POLICIES CONTINUED
For financial instruments other than purchased or originated
credit-impaired financial assets, the effective interest rate is
the rate that exactly discounts estimated future cash receipts
(including all fees and points paid or received that form an
integral part of the effective interest rate, transaction costs
and other premiums or discounts) excluding expected credit
losses, through the expected life of the debt instrument, or,
where appropriate, a shorter period to the gross carrying
amount of the debt instrument on initial recognition. For
purchased or originated credit-impaired financial assets,
a credit-adjusted effective interest rate is calculated by
discounting the estimated future cash flows, including
expected credit losses, to the amortised cost of the debt
instrument on initial recognition.
The amortised cost of a financial asset is the amount at which
the financial asset is measured at initial recognition minus
the principal repayments, plus the cumulative amortisation
using the effective interest method of any difference between
that initial amount and the maturity amount, adjusted for any
loss allowance. On the other hand, the gross carrying amount
of a financial asset is the amortised cost of a financial asset
before adjusting for any loss allowance.
Impairment of financial assets
The Company recognises a loss allowance for expected credit
losses on financial assets that are measured at amortised
cost. The amount of expected credit losses is updated at each
reporting date to reflect changes in credit risk since initial
recognition of the respective financial instrument.
Expected credit loss measurement
The consolidated entity has applied the simplified approach
to measuring expected credit losses, which uses a lifetime
expected loss allowance. To measure the expected credit
losses, trade receivables have been grouped based on days
overdue.
1.13 (b) Financial liabilities and equity
Debt and equity instruments are classified as either financial
liabilities or as equity in accordance with the substance of the
contractual arrangement.
Equity instruments
An equity instrument is any contract that evidences a residual
interest in the assets of an entity after deducting all of its
liabilities. Equity instruments issued by the Company entity are
recognised at the proceeds received, net of direct issue costs.
Financial liabilities
All financial liabilities are subsequently measured at
amortised cost using the effective interest method or at ‘Fair
Value Through Profit or Loss’ (‘FVTPL’).
Financial liabilities at FVTPL
Financial liabilities are classified as at FVTPL when the
financial liability is contingent consideration of an acquirer
in a business combination to which IFRS 3 applies, or it is
designated as at FVTPL.
Financial liabilities subsequently measured at amortised cost
Financial liabilities that are not 1) contingent consideration
of an acquirer in a business combination, 2) held-for-trading,
or 3) designated as at FVTPL, are subsequently measured at
amortised cost using the effective interest method.
The effective interest method is a method of calculating the
amortised cost of a financial liability and of allocating interest
expense over the relevant period. The effective interest
rate is the rate that exactly discounts estimated future cash
payments (including all fees and points paid or received that
form an integral part of the effective interest rate, transaction
costs and other premiums or discounts) through the expected
life of the financial liability, or (where appropriate) a shorter
period, to the amortised cost of a financial liability.
Derecognition of financial liabilities
The Company derecognises financial liabilities when, and only
when, the Company’s obligations are discharged, cancelled
or they expire. The difference between the carrying amount
of the financial liability derecognised and the consideration
paid and payable, including any non-cash assets transferred
or liabilities assumed, is recognised in the statement of
comprehensive income.
1.14 Leases
The Company assesses whether a contract is or contains a
lease, at inception of the contract. The Company recognises
a right-of-use asset and a corresponding lease liability
with respect to all lease arrangements in which it is the
lessee, except for short-term leases (defined as leases with
a lease term of 12 months or less) and leases of low value
assets. For these leases, the Company recognises the lease
payments as an administrative expense on a straight-line
basis over the term of the lease.
1.15 Taxes
Current tax is calculated using rates and laws enacted or
substantively enacted at the reporting date. Current tax is
recognised in profit or loss unless it relates to an item of other
comprehensive income or equity whereby it is recognised in
other comprehensive income or equity respectively.
Deferred income tax is calculated using rates and laws
enacted or substantively enacted at the reporting date that
are expected to apply on reversal of the related temporary
difference, and is determined in accordance with the expected
manner of recovery of the related asset.
52
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�Deferred income tax is recognised in profit or loss unless it
relates to an item of other comprehensive income or equity
whereby it is recognised in other comprehensive income or
equity respectively.
1.16 Share-based payments
On occasion, the Company has made share-based payments
to certain Directors and employees by way of issue of share
options. The fair value of these payments is calculated by the
Company using the binomial option valuation model and the
Monte Carlo simulation model.
The expense, where material, is recognised on a straight-line
basis over the period from the date of award to the date of
vesting, based on the Company’s best estimate of the number
of shares that will eventually vest.
1.17 Investments
Shares in subsidiary undertakings are stated at cost less
provision for impairment. Unlisted investments are measured
at fair value through profit or loss.
1.18 Intercompany Financing arrangements
The amortised cost methodology is applied to the financing
arrangement between the Company and subsidiary
Crossword Consulting Limited. An assessment in undertaken
to determine weighted average cost of capital to apply
discounting with the principal conceptually including a
financing element.
1.19 Pension Obligations
The Group operates a defined contribution pension scheme
for employees in the United Kingdom. A defined contribution
scheme is a pension plan under which the Group pays fixed
contributions into a separate entity.
Contributions payable to the Group’s pension scheme are
charged to the income statement in the year to which they
relate. The Group has no further payment obligations once
the contributions have been paid.
In Poland, the Group pays the statutory employer’s
contribution into the public pension scheme for each
employee, but does not operate any pension schemes. In
2021, the Group implemented the Employee Capital Plans
(PPK) programme which involved employee consultation and
selection of a financial institution.
1.20 Cash and Cash Equivalents
Cash comprises cash-in-hand and demand deposits. Cash
equivalents are short-term, highly liquid investments that are
readily convertible to known amounts of cash, and which are
subject to an insignificant risk of change in value.
1.21 Accounting for Government Grants
Government grants are not recognised until there is
reasonable assurance that the Group will comply with the
conditions attached to them and that the grants will be
received.
Government grants are recognised as income over the
periods necessary to match them with the costs for which
they are intended to compensate, on a systematic basis.
Government grants that are receivable as compensation
for expenses or losses already incurred or for the purpose
of giving immediate financial support to the Group with no
future related costs are recognised in the income statement
in the period in which they become receivable.
UK Government Furlough Funding is netted of against Gross
Staff Costs in the period in which it is incurred.
1.22 Critical accounting estimates and judgements
and key sources of estimation uncertainty
Estimates and judgements are continually evaluated and are
based on experience and other factors, including expectations
of future events that are believed to be reasonable under the
circumstances.
The following are the key estimates that the directors have
made in the process of applying the Group’s accounting
policies and have the most significant effect on the amounts
recognised in the financial information. There are no further
critical accounting judgements.
Fair value of options granted to employee
The Group uses the Binomial model and Monte Carlo
simulation model in determining the fair value of options
granted to employees under the Group’s various share
schemes. The determination of the fair value of options
requires a number of assumptions. The alteration of
these assumptions may impact charges to the income
statement over the vesting period of the award. Details of the
assumptions used are shown in note 4.
Convertible Loans
The Group has given consideration to the measurement and
presentation of the convertible loans.
On legal execution of the loans the financial liability is initially
measured at its fair value which is the face value of the loans.
Immediately after recognition, at fair value, the financial
liability is measured at amortised cost, using a reasonable
estimate of the Group’s cost of capital. The difference
between the fair value and the amortised cost is taken to the
P&L account.
53
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�1. ACCOUNTING POLICIES CONTINUED
Impairment
An impairment assessment of the carrying value in the
Company of the investment in subsidiaries is undertaken
using an NPV model over the projected cash flows, with a
discount rate based on the assessment of weighted average
cost of capital.
Business combinations
The recognition of business combinations requires
management to make estimates in order to determine fair
value of consideration payable on acquisition as well as
fair value of identifiable assets, particularly intangibles,
and liabilities acquired. These estimates are based on all
available information and in some cases assumptions with
respect to the timing and amount of future revenues and
expenses associated with an asset.
Deferred tax
Deferred tax assets are recognised for unused tax losses
to the extent that it is probable that taxable profit will be
available against which the losses can be utilised. Significant
management judgement is required to determine the amount
of deferred tax assets that can be recognised, based upon the
likely timing and the level of future taxable profits, together
with future tax planning strategies. The company has taxable
temporary differences that partly support the recognition
of the losses as deferred tax assets based on the above. The
company has determined that it cannot recognise deferred
tax assets on all of the tax losses carried forward however,
based on the likely characteristics, timing and level of future
taxable profits, together with future tax planning strategies.
Further details on taxes are disclosed in note 9.
2 REVENUE AND SEGMENTAL INFORMATION
An analysis of the Group’s revenue for each period for its continuing operations, is as follows:
£
Revenue from the sale of goods/licences
Revenue from the rendering of services
Revenue from Consulting
Revenue from Byzgen Limited for software development
Revenue from Cyberowl Limited for software development
Total Revenue
Group
2021
189,252
183,855
1,660,207
137,823
–
2,171,137
Group
2020
136,206
34,675
1,229,000
203,030
24,700
1,627,611
The IFRS 8 Operating segments requires the Group to determine its operating segments based on information which is
provided internally. Based on the internal reporting information and management structures within the Group, it has been
determined that there are two operating segments established in accordance to differences in products and services provided –
Software product and services and Cybersecurity consulting.
These operating segments are based on the internal reports that are reviewed and used by the Board of Directors (who are
identified as the Chief Operating Decision Makers (‘CODM’)) in assessing performance and in determining the allocation of
resources. There is no aggregation of operating segments.
The CODM reviews EBITDA (earnings before interest, tax, depreciation and amortisation). The accounting policies adopted for
internal reporting to the CODM are consistent with those adopted in the financial statements. The information regarding the
Group’s reportable segments is presented below:
54
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�2021
£
Revenue
Cost of Sales
Gross Profit
Administrative expenses
Other operating income
Financial income and expenses
Loss for the year before taxation
Tax credit / (expense)
Loss for the Year
Total Comprehensive Loss
Segment assets
Segment liabilities
EBITDA
2020
£
Revenue
Cost of Sales
Gross Profit
Administrative expenses
Other operating income
Financial income and expenses
Loss for the year before taxation
Tax expense
Loss for the Year
Total Comprehensive Loss
Segment assets
Segment liabilities
EBITDA
Software
product and
services
462,108
(358,333)
103,775
(2,703,009)
358,727
323,725
(1,916,782)
172,615
(1,744,167)
(1,757,387)
8,178,282
2,924,439
(2,168,462)
Software
product and
services
553,946
(483,580)
70,366
(2,060,206)
209,647
(102,818)
(1,883,011)
(4,840)
(1,887,850)
Cybersecurity
consulting
1,784,309
(1,598,845)
185,464
(632,410)
–
(82,512)
(529,457)
–
(529,457)
(529,457)
1,029,509
1,762,053
(414,866)
Cybersecurity
consulting
1,285,293
(1,098,615)
186,679
(472,097)
–
(105,067)
(390,486)
–
(390,486)
Eliminations
(75,280)
–
(75,280)
75,280
–
–
–
–
–
–
(2,327,403)
(1,410,951)
–
Total
2,171,137
(1,957,178)
213,959
(3,260,139)
358,727
241,213
(2,446,239)
172,615
(2,273,624)
(2,286,844)
6,880,388
3,275,541
(2,583,328)
Eliminations
(211,629)
–
(211,629)
211,628
–
–
–
–
–
Total
1,627,611
(1,582,194)
45,416
(2,320,675)
209,647
(207,885)
(2,273,497)
(4,840)
(2,278,336)
(1,878,256)
2,480,051
2,129,509
(1,625,501)
(390,486)
375,437
1,340,505
(284,918)
–
(1,329,141)
(1,205,654)
–
(2,268,741)
1,526,348
2,264,360
(1,910,419)
During the year ended 31 December 2021 approximately 17% (2020: 32%) of the consolidated entity’s external revenue was
derived from sales to a major United Kingdom client. No other clients accounted for 10% or more of the consolidated entity’s
external revenue.
No analysis of net assets by geographic segment is provided as the net assets are principally all within the UK.
55
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�3 EXPENSES BY NATURE
£
Staff and related costs
Consultancy and related costs
Professional fees
Property-related costs
Depreciation
Amortisation
Capitalised costs
Other expenses
Total cost of sales and administrative expenses
Expenses by geographic segment
£
UK
Poland
Total cost of sales and administrative expenses
4 STAFF COSTS
Group
2021
3,305,430
450,028
616,791
172,823
66,243
37,881
(138,067)
706,188
5,217,317
Group
2020
2,643,670
280,917
268,567
82,776
150,437
–
–
476,502
3,902,870
Group
2021
4,695,737
521,580
5,217,317
Group
2020
3,410,235
492,635
3,902,870
Staff costs, including Directors’ remuneration, were as follows:
£
Wages and salaries
Furlough receipts for wages and salary
Social security costs
Furlough receipts for social security costs
Other pension costs
Furlough receipts for pension costs
Group
2021
2,924,357
–
327,012
–
54,061
–
3,305,430
Company
2021
1,321,393
–
142,103
–
37,003
–
1,500,499
Group
2020
2,454,980
(93,510)
243,642
(6,363)
46,509
(1,588)
2,643,670
Company
2020
1,150,153
(36,218)
119,755
(2,430)
31,470
(625)
1,262,106
The average monthly number of employees, including the Directors, during the period was as follows:
Group
2021
42
9
51
Company
2021
17
8
25
Group
2020
34
10
44
Company
2020
13
8
21
Staff
Directors
Total
56
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�Share-based payments
The amount recognised in respect of share-based payments was £58,692 (2020: £52,792).
The Group has established share option programmes that entitle certain employees to purchase shares in the Group.
There are no performance conditions attaching to these options. 5,840 options were exercised in 2021 (133,330 in 2020).
Total options issued as at 31 December 2021 amount to 2,348,653 (2020: 2,065,730, re-stated for share split). See details in
Note 13 Loss per share.
The share options have been valued using a binomial model applying the following inputs:
• Exercise price – equal to the share price at grant date;
• Vesting date – all options vest in three tranches, on the first, second and third anniversary from the grant date;
• Expiry/Exercise date – 10 years from the grant date;
• Volatility (sigma) – 40%. This has been calculated based on the historic volatility of the Company’s share price;
• Risk-free rate – yield on a zero coupon government security at each grant date with a life congruent with the expected
option life;
• Dividend yield – 0%;
• Future staff turnover – 0%. We have however adjusted the P+L charge for the current year (and future years) to account for
lapsed options due to Leavers; and
• Performance conditions – none.
Reconciliation of share options – Company
1 January
Granted during the period
Lapsed during the period
Exercised during the period
End of the period
Weighted average
exercise price
Weighted average
exercise price
2021
2,065,730
352,923
(64,160)
(5,840)
2,348,653
2021
0.36
0.36
0.36
0.28
0.36
2020
1,888,890
496,840
(186,670)
(133,330)
2,065,730
2020
0.26
0.70
0.31
0.28
0.36
The 2020 numbers and 2021 opening have been re-stated for share split (Note 19).
The weighted average share Price at the exercise date was £0.36.
The range of exercise prices is from £0.05 to £0.55.
The weighted average remaining life of the options was 6.5 years (2020: 6.7 years).
57
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�5 DIRECTORS’ REMUNERATION
The remuneration of the Directors who served in the current year was as follows:
2021
Executive Directors
Tom Ilube
Mary Dowd*
Non-Executive Directors
Sir Richard Dearlove
Ruth Anderson
Andy Gueritz
Gordon Matthew
Dr David Secher
Prof David Stupples
Robert Coles
Tara Cemlyn-Jones
Total
2020
Executive Directors
Tom Ilube
Mary Dowd*
Non-Executive Directors
Sir Richard Dearlove
Ruth Anderson
Andy Gueritz
Gordon Matthew
Dr David Secher
Prof David Stupples
Total
* Denotes highest paid director.
Share Options issued
Mary Dowd
Sir Richard Dearlove
Sir Richard Dearlove
Basic Salary
and Fees
£
128,311
130,000
25,000
12,000
16,000
6,000
16,000
4,750
7,250
7,231
352,542
Bonus
£
–
–
–
–
–
–
–
–
–
Basic Salary
and Fees
£
Bonus
£
126,622
130,000
25,000
12,000
16,000
12,000
16,000
12,000
349,622
Employer’s
Pension
Contribution
£
Total
£
1,318
10,000
133,572
140,000
Taxable
Benefits
£
3,942
25,000
–
–
–
–
–
–
–
28,942
Taxable
Benefits
£
3,689
25,000
–
–
–
–
–
–
–
–
11,318
Employer’s
Pension
Contribution
£
1,314
10,000
50,000
12,000
16,000
6,000
16,000
4,750
7,250
7,231
392,802
Total
£
131,625
140,000
–
–
50,000
12,000
16,000
12,000
16,000
12,000
389,625
-
28,690
11,314
Year
2020
2020
2021
Share
Options
25,000
94,340
70,423
Exercise
Price
£0.31
£0.27
£0.36
Total
Value
£2,903
£9,496
£25,000
During the year, the Company implemented a Long-Term Incentive Plan (LTIP) whereas awards have been made to the
following Executives – Mary Dowd, Stuart Jubb, Jake Holloway and Sean Arrowsmith. Each award is of nominal cost (£0.005)
options to acquire up to 750,000 Crossword ordinary shares of 0.5p each which vest at the average mid-market price of the
Ordinary Shares over the 20 trading days preceding the end of the performance period which ends on 30 September 2024. 25%
of the options will vest if the Award Price is 50p, and 100% will vest if the Award Price is equal to or greater than 100p, with
straight-line vesting between 50p and 100p.
58
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�6 OTHER OPERATING INCOME
Research and development tax credits
Grant income
Group
2021
£
206,380
152,347
358,727
Group
2020
£
209,647
–
209,647
The grant income represents award from Innovate UK for Group’s participation in feasibility studies on digital supply chain.
7 FINANCE COSTS
Finance Cost of Financial Liabilities (Loan Notes)
Interest on deferred consideration
Company right to use assets Interest
Crossword Cybersecurity sp z.o.o. right to use assets interest
Crossword Consulting Ltd Overdraft Annual Fees & Interest
Crossword Cybersecurity Spolka z.o.o Interest
8 AUDITOR’S REMUNERATION
The expenses for services rendered by the Group Auditor present themselves as follows:
£
Fees for the parent company individual and consolidated financial statements
Fees for legal audit of subsidiary financial information
Fees for tax advisory services
Group
2021
£
184,149
34,978
187
452
735
44
220,545
Group
2021
£
46,000
17,000
–
63,000
Group
2020
£
196,546
–
4,298
2,705
876
256
204,679
Group
2020
£
40,250
6,204
6,000
52,454
59
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�9 TAX
Income tax
£
Current income tax expense
Deferred tax credit
Total tax (credit) / expense
Group
2021
5,396
(178,011)
(172,615)
Group
2020
4,840
–
4,840
There is no tax charge in respect of other comprehensive income.
The deferred tax liability arising on fair value revaluation on acquisitions of Verifiable Credentials Ltd and Stega UK Ltd (note
10) has been offset with a deferred tax asset recognised in respect of losses brought forward from prior periods, resulting in
deferred tax credit to the statement of comprehensive income.
There is a deferred tax liability of £114,201 arising on the fair value uplift of £456,803 of the unlisted investment in CyberOwl
Limited. This deferred tax liability has been offset by trading losses of the group.
Corporation tax losses carried forward for offset against future year’s trading profits amount to approximately £4,800,000
(2020: £4,400,000).
£
Loss before taxation
Average rate of corporation tax
Tax on loss
Effects of:
Expenses not deductible for tax purposes
Depreciation for the period in excess of capital allowances
Trading loss carried forward
Total tax charge
Group
2021
£
2,446,239
19.00%
(464,785)
24,578
104,124
508,699
172,615
Group
2020
£
2,273,497
19.00%
(431,964)
17,640
150,437
259,047
(4,840)
Factors that may affect future tax changes
The rate of corporation tax in the United Kingdom had been expected to reduce from 19% to 17% per cent from 1 April 2020.
However, in March 2020, it was announced that the rate would continue at 19%. In March 2021, it was announced that UK
corporation tax rates would rise to 25% from 2023.
Polish Corporation Tax has been 19% until 1 January 2017, when Crossword started to benefit from the new small companies
reduced rate of 15% adopted by the Parliament Act amendment to Polish CIT Law.
60
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�10 BUSINESS COMBINATIONS
On 26 May 2021 the Group acquired 100% of the issued share capital of Verifiable Credentials Ltd (“VCL”), the provider of
Identiproof, the World Wide Web Consortium verifiable credentials compatible middleware and wallet technology.
The net consideration used in the acquisition of VCL and the provisional fair value of assets acquired and liabilities assumed on
the acquisition date are detailed below:
Intangible assets
Tangible assets
Non-current assets
Trade and other receivables
Cash and cash equivalents
Current assets
Other non-current liabilities
Deferred tax liabilities
Non-current liabilities
Trade and other payables
Current liabilities
Book value
127,306
1,098
128,404
Adjustment
477,728
–
477,728
Fair value
605,034
1,098
606,132
69,538
37,684
107,222
135,953
–
135,953
101,421
101,421
–
–
–
–
95,545
95,545
69,538
37,684
107,222
135,953
95,545
231,498
–
–
101,421
101,421
Total fair value of net assets acquired
(1,748)
382,183
380,435
Fair value of consideration
Cash on completion
Shares at acquisition date
Deferred consideration in shares
Total consideration
Goodwill
100,000
150,000
130,435
380,435
–
Acquisition costs of £17,345 arose as a result of the transaction, which have been recognised as part of administrative
expenses in the statement of comprehensive income.
The Share Purchase Agreement stipulates that contingent consideration becomes payable once certain revenue targets are
achieved, this can range from 0 to £750k for the first earn-out period (12 months after acquisition) and from 0 to £1.5m for
the second earn-out period (24 months after acquisition). The management estimates that it is unlikely that the company will
achieve the revenue necessary to trigger earn-out payments for both periods, hence no contingent consideration has been
recorded. The company did not generate any revenue in 2021.
On 9 August 2021 the Group acquired 100% of the issued share capital of Stega UK Ltd (“Stega”), the threat intelligence and
monitoring company.
61
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�10 BUSINESS COMBINATIONS CONTINUED
The net consideration used in the acquisition of Stega and the provisional fair value of assets acquired and liabilities assumed
on the acquisition date are detailed below:
Intangible assets
Tangible assets
Non-current assets
Trade and other receivables
Cash and cash equivalents
Current assets
Bank loans
Deferred tax liabilities
Non-current liabilities
Trade and other payables
Current liabilities
Current liabilities
Book value
–
30,509
30,509
Adjustment
354,301
(24,437)
329,864
Fair value
354,301
6,072
360,373
86,619
16,927
103,546
68,000
–
68,000
82,990
17,000
99,990
–
–
–
–
82,466
82,466
–
–
–
86,619
16,927
103,546
68,000
82,466
150,466
82,990
17,000
99,990
Total fair value of net assets acquired
(33,935)
247,398
213,463
Fair value of consideration
Cash on completion
Shares at acquisition date
Deferred consideration in cash
Deferred consideration in shares
Contingent consideration in cash
Contingent consideration in shares
Total consideration
Goodwill
600,000
100,000
134,435
84,022
119,604
50,679
1,088,740
875,277
The goodwill relates mainly to the expected synergies and assembled workforce that do not meet criteria for recognition as a
separate intangible assets.
The acquisition terms include additional consideration which is contingent upon achieving certain revenue targets. The
contingent consideration ranges from 0 to £420k for the first earn-out period (12 months after acquisition) and from 0 to £420k
for the second earn-out period (18 months after acquisition).
The Group has recorded the contingent consideration at management's estimate of fair value. For the specific purpose of
estimating the fair value of the contingent liability, management assumes that Stega UK Ltd will achieve revenue target in
the second earn-out period, that the contingent consideration will consequently become payable, and that the timing and the
amount of the resulting cash outflows will be consistent with the terms outlined in the agreement with the seller.
Acquisition costs of £17,780 relating to this transaction have been recognised as part of administrative expenses in the
statement of comprehensive income.
Since the acquisition date, Stega has contributed £210,650 to group revenues and £93,177 to group loss. If the acquisition had
occurred on 1 January 2021, group revenue would have been £2,500,250 and group loss for the period would have been £2,535,237.
These two acquisitions help to implement Group’s strategy to create a portfolio of subscription-based, enterprise-class
products and services for its clients.
62
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�11 INTANGIBLE ASSETS
Software Development
£
Cost b/f
Acquired through business combinations
Additions
Accumulated Depreciation
B/F
Charge for the period
C/d
Net Book Value
Group
2021
–
957,764
183,796
1,141,560
Company
2021
–
347,738
183,796
531,534
–
37,881
37,881
–
9,931
9,931
1,103,679
521,603
Group
2020
–
–
Company
2020
–
–
–
–
–
–
–
–
–
–
–
–
Intangible assets comprise of 3 different software development projects with remaining useful life of approximate 5 years each
and the carrying amounts of £676,022, £326,351 and £101,306.
12 TANGIBLE ASSETS
Computers
£
Cost b/f
Additions
Acquired through business combinations
Accumulated Depreciation
B/F
Charge for the period
Translation adjustments
C/d
Net Book Value
Furniture and Fittings
£
Cost b/f
Accumulated Depreciation
B/F
Charge for the period
C/d
Net Book Value
Group
2021
24,675
–
7,170
31,845
21,124
4,924
337
26,385
5,460
Company
2021
–
–
–
Group
2021
15,157
15,157
Company
2021
15,157
15,157
12,009
3,148
15,157
12,009
3,148
15,157
Group
2020
22,674
2,001
–
24,675
18,157
2,966
–
21,124
3,551
Group
2020
15,157
15,157
4,235
7,773
12,009
Company
2020
–
–
–
Company
2020
15,157
15,157
4,235
7,773
12,009
–
–
3,148
3,148
63
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�12 TANGIBLE ASSETS CONTINUED
Right of Use Assets
£
Cost b/f
Disposals
Accumulated Depreciation
B/F
Charge for the period
Translation adjustments
Disposals
C/d
Net Book Value
Total
£
Cost b/f
Additions/(disposals)
Acquired through business combinations
Accumulated Depreciation
B/F
Charge for the period
Translation adjustments
Disposals
C/d
Net Book Value
13 UNLISTED INVESTMENTS
Fair value at 1 January and 31 December
Group
2021
344,058
(344,058)
–
Company
2021
231,935
(231,935)
–
280,694
58,171
5,193
(344,058)
–
196,687
35,248
–
(231,935)
–
Group
2020
344,058
–
344,058
140,996
139,697
–
–
280,694
Company
2020
231,935
–
231,935
98,209
98,478
–
–
196,687
–
–
63,365
35,248
Group
2021
383,890
(344,058)
7,170
47,002
Company
2021
247,092
(231,935)
-
15,157
313,826
66,243
5,530
(344,058)
41,542
208,696
38,396
-
(231,935)
15,157
Group
2020
381,889
2,001
-
383,890
163,389
150,437
-
-
313,826
Company
2020
247,092
-
-
247,092
102,445
106,252
-
-
208,696
5,460
-
70,064
38,395
Group
2021
456,834
Company
2021
456,834
Group
2020
31
Company
2020
31
The above Group investment represents Crossword Cybersecurity Plc’s 2021 – 4.4% (2020 – 4.4%) holding in CyberOwl Limited
which was purchased on 18 April 2016.
The investment has been revalued at a fair value following successful fundraise by CyberOwl in February 2022.
64
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�14 INVESTMENT IN SUBSIDIARIES
£
Cost b/f 1 January
Acquired during the year
Capital contribution
Cost c/f 31 December
2021
458,164
1,088,740
90,614
1,637,518
2020
11,017
–
447,147
458,164
The group’s subsidiary undertakings are listed below, including name, country of incorporation, and proportion of ownership
interest:
Name
Crossword Consulting
Limited
Crossword Cybersecurity
SP Z.o.o.
Stega UK Ltd
Registered office
6th Floor, 60 Gracechurch Street, London
EC3N 0HR United Kingdom
ul. Wiejska 12a, 00-490 Warszawa, Poland
Principal activity
Cybersecurity services
Cybersecurity services
6th Floor, 60 Gracechurch Street, London
EC3N 0HR United Kingdom
Cybersecurity services
Verifiable Credentials Ltd 6th Floor, 60 Gracechurch Street, London
Cybersecurity services
Crossword Cybersecurity
LLC
EC3N 0HR United Kingdom
PO Box 808, Alwattayah / Muttrah / Muscat
Governorate, Postcode: 100, Oman
Cybersecurity services
15 TRADE AND OTHER RECEIVABLES
2021
%
90
100
100
100
90
2020
%
90
100
–
–
–
£
Trade receivables
Other receivables
Prepayments
Accrued income
VAT Refund
Intercompany receivables within one year
Group
2021
509,576
254,451
149,309
140,708
12,033
–
1,066,076
Company
2021
192,975
247,274
105,101
131,025
–
162,247
838,622
Group
2020
289,811
66,714
102,112
27,394
11,881
–
497,913
Company
2020
125,115
63,067
83,749
3,750
–
–
275,680
All of the above amounts are considered to be due within one year.
The maximum exposure to credit risk at the reporting date is the carrying value as above and the cash and cash equivalents
and none are either past or impaired.
Of the above amounts held within the Group, £18,419 is denominated in Polish Zloty with the remainder in GBP (2020: £15,529).
Foreign exchange risk is currently minimal as balances in Polish Zloty are between the parent and its wholly owned subsidiary.
65
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�16 TRADE AND OTHER PAYABLES
£
Trade payables
Tax payables
Accruals
Deferred income
Deferred consideration
Other payables
Group
2021
331,043
242,642
226,623
331,198
261,606
20,546
1,413,658
Company
2021
459,753
56,790
164,284
94,333
261,606
13,194
1,049,960
Group
2020
204,243
163,002
403,997
101,438
–
56,360
929,038
Company
2020
372,359
38,746
289,488
71,789
–
21,805
794,187
All of the above amounts are considered to be due within one year.
The deferred income relates to contract liabilities arising from contracts with customers.
Of the Trade and Other Payables amounts held within the Group, £57,836 (2020: £29,630) is denominated in Polish Zloty with
the remainder in GBP.
17 OTHER CURRENT LIABILITIES
£
Convertible loan notes
Bank loan
18 OTHER NON-CURRENT LIABILITIES
£
Convertible loan notes
Bank loan
Deferred consideration
Contingent consideration
Deferred grant income
Group
2021
1,351,471
17,167
1,368,638
Company
2021
1,351,471
–
1,351,471
Group
2020
–
–
–
Company
2020
–
–
–
Group
2021
–
68,000
111,900
180,652
132,693
493,245
Company
2021
–
–
111,901
180,652
–
292,552
Group
2020
1,335,322
–
–
–
–
1,335,322
Company
2020
1,335,322
–
–
–
–
1,335,322
66
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�19 SHARE CAPITAL
Allotted called up and fully paid
Number of shares
B/f
Shares Issued in period
C/d
2021
51,320,900
23,636,250
74,957,150
2020
46,805,610
4,515,290
51,320,900
In May 2021 the company sub-divided each existing ordinary share of £0.05 into 10 new ordinary shares of £0.005 each. The
shares issued consequently were ordinary shares of £0.005 issued at a premium of £6,452,830 (2020: £1,002,647). All shares
carry the same voting and capital distribution rights.
£
Share Capital
Cost b/f
Shares Issued in period
Share Premium
B/F
Shares Issued in period
C/d
20 LOSS PER SHARE
2021
2020
256,605
118,181
374,786
234,061
22,544
256,605
8,518,391
6,452,830
14,971,221
7,515,744
1,002,647
8,518,391
Earnings per share is calculated by dividing the loss for the period attributable to ordinary equity shareholders of the parent by
the weighted average number of ordinary shares outstanding during the year.
During the year the calculation for basic loss per share was based on the loss for the year attributable to owners of the parent
of £2,407,307 (2020: £2,249,707) divided by the weighted average number of ordinary shares of 64,491,462 (2020: 49,819,800,
re-stated following share split in 2021).
21 RESERVES
The following describes the nature and purpose of each reserve within owners’ equity:
Reserve
Share capital
Share premium
Equity reserve
Retained earnings
Translation of foreign
operations
Description and purpose
This represents the nominal value of shares issued
Amounts subscribed for share capital less any issue costs more than nominal value
Represents amounts charged on share options that have been granted to employees
Cumulative net gains and losses recognised in the consolidated statement of comprehensive
income
Is the difference that arises due to consolidation of foreign subsidiaries using an average rate
during the period and a closing rate for the period end statement of financial position
67
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�22 FINANCIAL INSTRUMENTS
£
Current Financial Assets
Financial assets measured at amortised cost
Trade and other receivables
Cash and cash equivalents
Non-Current Financial Assets
Financial assets measured at amortised cost
Loan to subsidiary
Financial assets measured at fair value through profit or loss
Financial investments
Group
2021
Group
2020
Company
2021
Company
2020
904,735
3,373,062
383,920
958,341
733,521
3,106,817
191,932
824,667
–
–
918,206
653,316
456,834
4,734,631
31
1,342,292
456,834
5,215,378
31
1,669,945
The financial investments comprise of investment in CyberOwl Ltd, which has been revalued on the basis of valuation per
share at as 1 February 2022 during the investment round, multiplied by the number of shares the Company owns in it. This
methodology of determining a fair value equates to a level 2 assessment based on observed transactions of share price in
recent transactions in the entity’s equity.
£
Current Financial Liabilities
Financial liabilities measured at amortised cost
Trade and other payables
Short-term loans and leases
Non-Current Financial Liabilities
Financial liabilities measured at amortised cost
Loans
Non-current deferred consideration
Financial liabilities measured at fair value through profit or loss
Non-current contingent consideration
Group
2021
Company
2021
Group
2020
Company
2020
839,818
1,368,638
898,836
1,351,471
664,599
–
683,653
–
68,000
111,900
–
111,900
1,335,322
–
1,335,322
–
180,652
180,652
–
–
2,569,008
2,542,858
1,999,921
2,018,974
The contingent consideration becomes payable upon achieving certain revenue targets stipulated in Share Purchase
Agreement of Stega.
The fair value of the liability was established by using income approach, i.e. management’s estimate that Stega will achieve
its revenue target for the period between 12 and 18 months from the date of acquisition based on the latest internal revenue
forecasts (IFRS 13 Level 3 hierarchy approach) and was determined by calculating the present value of estimated future cash
outflows using the discount rate adjustment technique (the discount rate of 15% has been applied).
68
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�22 FINANCIAL INSTRUMENTS CONTINUED
Reconciliation of Level 3 fair value measurements of financial liabilities:
£
B/f
Fair value on initial recognition
Interest
C/d
Contingent
consideration
–
170,283
10,369
180,652
Lease capital liabilities of the group and of the company amounted to £nil in 2021 (2020: £43,734 and £13,416 respectively).
23 FINANCIAL INSTRUMENTS – RISK
The Group could be exposed to risks that arise from its use of financial instruments. Risks in relation to financial assets
include:
Market risk
Market risk covers foreign exchange risk, price risk and interest rate risk.
As the majority of the Group’s transactions are either in Sterling or in Polish Zloty, the Group considers its exposure to foreign
exchange risk to be minimal.
There are no derivatives and hedging instruments.
The Group is not exposed to price risk given that no securities are held under financial assets.
The Group is not exposed to interest rate or cash flow risk due to the fact that the Group has no borrowing or complex financial
instruments.
Credit risk
Credit risk is considered to be the risk of financial loss incurred by the Group in the event that a customer or counterparty to an
asset fails to meet contractual obligations. The Group has adopted a policy of only dealing with credit worthy counterparties.
The Group’s maximum credit exposure at the reporting date is represented by the carrying value of its financial assets.
The Group’s financial instruments do not represent a concentration of credit risk since the Group deals with a variety of
counterparties.
£
Cash and cash equivalents
Trade and other receivables
Loan to subsidiary
Financial investments
Total
Group
2021
3,373,062
904,735
-
456,834
4,734,631
Company
2021
3,106,817
733,521
918,206
456,834
5,215,378
Group
2020
958,341
383,920
-
31
1,342,292
Company
2020
824,667
191,932
653,316
31
1,669,945
69
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�23 FINANCIAL INSTRUMENTS – RISK CONTINUED
Liquidity risk
Management monitor rolling forecasts of the Group’s liquidity reserves, cash and cash equivalents on the basis of expected
cash flows and therefore monitors liquidity risk sufficiently.
Financial Liabilities
£
Trade payables
Accruals
Deferred consideration
Contingent consideration
Other Payables
Loans
Total
2021
2020
due <1
year
331,043
226,623
261,606
–
20,546
1,368,638
2,208,456
due 1–5
years
–
–
111,900
180,652
–
68,000
360,552
due <1
year
204,243
403,997
–
–
56,360
–
664,600
due 1–5
years
–
–
–
–
–
1,335,322
1,335,322
24 CAPITAL MANAGEMENT
The Group considers its capital to comprise of its equity share capital, share premium, foreign exchange reserve, share options
reserve and capital redemption reserve, less its accumulated losses. Quantitative detail is shown in the consolidated statement
of changes in equity.
The Directors’ objective when managing capital is to safeguard the Group’s ability to continue as a going concern in order to
provide returns for the shareholder and benefits for other stakeholders and to maintain an optimal capital structure to reduce
the cost of capital.
The Executive Directors monitor a number of KPIs at both the Group and individual subsidiary level on a monthly basis. As part
of the budgetary process, targets are set with respect to operating expenses in order to effectively manage the activities of the
Group. Performance is reviewed on a regular basis and appropriate actions are taken as required. These internal measures
indicate the performance of the business against budget/forecast and to confirm that the Group has adequate resources to
meet its working capital requirements.
25 PENSIONS
Employer contributions to the Group defined contribution pension scheme for employees in the United Kingdom were £46,509
(2019:33,208). A defined contribution scheme is a pension plan under which the Group pays fixed contributions into a separate
entity. The Group has no legal or constructive obligations to pay further contributions if the fund does not hold sufficient assets
to pay all employees the benefits relating to employee service in the current and prior years.
Contributions payable to the Group’s pension scheme are charged to the income statement in the year to which they relate. The
Group has no further payment obligations once the contributions have been paid.
In Poland, the Group pays the statutory employer’s contribution into the public pension scheme for each employee, but does
not operate any pension schemes.
70
Consolidated Financial StatementsCONTINUEDCROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�26 RELATED PARTY TRANSACTIONS
Subsidiary Transactions
2021
Services received from £
Services supplied to £
Balance trade payable to £
Balance trade receivable from £
Intercompany loan receivable from £
2020
Services received from £
Services supplied to £
Balance trade payable to £
Balance trade receivable from £
Intercompany loan receivable from £
Crossword
Consulting
Limited
274,099
–
150,311
165,757
918,206
Crossword
Cybersecurity
SP Z.o.o
580,704
–
102,067
–
–
"Stega
UK
Limited"
7,000
–
4,200
–
–
Verifiable
Credentials
Limited
–
–
–
10,736
–
56,294
145,466
5,629
368,271
653,316
502,374
–
189,541
–
–
–
–
–
–
–
–
–
–
–
–
Tom Ilube, CEO, has made a loan of £250,000 to the Company on the same terms as the other Lenders as described in Note 27.
The Company has a related party relationship with its key management who are the Executives: Tom Ilube, Mary Dowd, Jake
Holloway, Sean Arrowsmith and Stuart Jubb, whose total compensation amounted to £793,233 (2020: £697,924).
In March 2020, the subsidiary Crossword Consulting Limited issued 110,000 A shares to Stuart Jubb, Managing Director of the
subsidiary and member of the executive team which equated to 10% of the subsidiary entity, for a subscription price of £15,400,
which was estimated to equate to fair value.
27 CONVERTIBLE LOAN NOTES
In 2019, the company received funds for £1.4m of Convertible Loan Notes. The term of the loans is three years and the interest
is 12% payable quarterly in arrears. Early repayment is at the Company’s sole option, subject to a minimum repayment amount
of £10,000. Repayment is at the end of the term, in cash, save that each lender may opt to convert part or all of their loan into
Ordinary Shares at £0.48 (value adjusted following share split in 2021). On repayment of the Loans in cash, each lender will be
issued warrants valid for three months to subscribe for Ordinary Shares representing 10% of the value of the Loan at £4.80.
Included among the commitments is one from Tom Ilube, CEO, for an amount of £250,000. Tom Ilube made a loan to the
Company on the same terms as the other Lenders as described above.
28 CONTROLLING PARTY
The Company does not have a controlling party.
29 SUBSEQUENT EVENTS
On the 14th March 2022, Crossword Cybersecurity Plc acquired the whole of the share capital of Threat Status Limited, the
threat intelligence company and provider of Trillion, the cloud based software as a service (SaaS) platform for enterprise-
level credential breach intelligence, for a total consideration of £1,529,000 (£500,000 paid on completion and the rest deferred
between first and second anniversary of the transaction, all amounts are undiscounted).
The acquisition of Threat Status adds a new cyber security offering to the Group’s portfolio, cross sell opportunities are
currently being explored with the acquisition, alongside operating synergies.
At the date of finalisation of these consolidated financial statements, the necessary market valuations and other calculations in
relation to acquisition accounting had not been completed yet.
71
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�Notice of AGM
Notice is hereby given that the Annual General Meeting of Crossword Cybersecurity plc (the “Company”) will be held at the
offices of Shakespeare Martineau LLP, 6th Floor, 60 Gracechurch Street, London EC3V 0HR on Monday 16 May 2022 at 10.00 am
to consider, and if thought fit, to pass the following resolutions, of which 1 to 7 and 9 will be proposed as Ordinary Resolutions
and resolution 8 will be proposed as a Special Resolution:
Please note that there will be a Shareholder Presentation held on Tuesday 17 May 2022 at 2.00pm. To register for the
Shareholder Presentation please visit www.investormeetcompany.com to register. The title of the presentation is “2021 Final
Results and Shareholder update’. If you require any assistance please do not hesitate to contact the Company Secretary at
ben.harber@shma.co.uk
ORDINARY BUSINESS
1. To receive and adopt the report of the directors and the financial statements for the year ended 31 December 2021 and the
report of the auditors thereon.
2. To re-elect, as a director of the Company, Thomas Ilube who retires in accordance with Article 93.2 of the Company’s Articles
of Association and offers himself for re-election.
3. To re-elect, as a director of the Company, Mary Dowd who retires in accordance with Article 93.2 of the Company’s Articles of
Association and offers herself for re-election.
4. To re-elect, as a director of the Company, Tara Cemlyn-Jones who retires in accordance with Article 93.1 of the Company’s
Articles of Association and offers herself for re-election.
5. To re-elect, as a director of the Company, Robert Coles who retires in accordance with Article 93.1 of the Company’s Articles
of Association and offers himself for re-election.
6. To re-appoint MHA MacIntyre Hudson LLP as auditors of the Company and to authorise the directors to determine the
auditor’s remuneration.
SPECIAL BUSINESS
7. THAT the Directors be and they are hereby generally and unconditionally authorised pursuant to Section 551 of the
Companies Act 2006 (“the Act”), in substitution for all previous powers granted to them, to exercise all the powers of the
Company to allot and make offers to allot relevant securities (within the meaning of the Act) up to an aggregate nominal
amount of £124,927.00 such authority shall, unless previously revoked or varied by the Company in general meeting, expire
on the conclusion of the Annual General Meeting of the Company to be held in 2023 provided that the Company may, at any
time before such expiry, make an offer or enter into an agreement which would or might require relevant securities to be
allotted after such expiry and the Directors may allot relevant securities pursuant to any such offer or agreement as if the
authority conferred hereby had not expired.
8. THAT, subject to and conditional upon the passing of Resolution 7 the Directors be and they are hereby authorised pursuant
to Section 570 of the Act to allot equity securities (as defined in Section 560 of the Act) for cash pursuant to the authority
conferred by resolution 7 above as if Section 561(1) of the Act did not apply to any such allotment, provided that this power
shall be limited to:
(a) the allotment of equity securities in connection with an issue in favour of shareholders where the equity securities
respectively attributable to the interests of all such shareholders are proportionate (or as nearly as may be practicable)
to the respective number of Ordinary Shares in the capital of the Company held by them on the record date for such
allotment, but subject to such exclusions or other arrangements as the Directors may deem necessary or expedient
in relation to fractional entitlements or legal or practical problems under the laws of, or the requirements of, any
recognised regulatory body or any stock exchange, in any territory;
(b) the allotment of equity securities arising from the exercise of options or the conversion of any other convertible
securities outstanding at the date of this resolution; and
(c) the allotment (otherwise than pursuant to sub-paragraph (a) and (b) above) of further equity securities up to an
aggregate nominal amount of £124,927.00;
72
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�provided that this power shall, unless previously revoked or varied by special resolution of the Company in general meeting,
expire at the conclusion of the Annual General Meeting of the Company to be held in 2023. The Company may, before such
expiry, make offers or agreements which would or might require equity securities to be allotted after such expiry and
the Directors are hereby empowered to allot equity securities in pursuance of such offers or agreements as if the power
conferred hereby had not expired.
9. THAT the aggregate amount of fees paid to Directors, other than Executive directors, in any one financial year, as set out
in article 104 of the Articles of Association of the Company, and increased to £125,000 by Ordinary 9 May 2019, be further
increased from £125,000 to £135,000.
BY ORDER OF THE BOARD
B HARBER
Company Secretary
13 April 2022
6th Floor
60 Gracechurch Street
London EC3V 0HR
73
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�Notice of AGM
CONTINUED
Notes
1. Members entitled to appoint a proxy to exercise all or any of their rights to attend and to speak and vote on their behalf at
the meeting. A proxy need not be a shareholder of the Company. A shareholder may appoint more than one proxy in relation
to the Annual General Meeting provided that each proxy is appointed to exercise the rights attached to a different share or
shares held by that shareholder. To appoint more than one proxy you may photocopy this form. Please indicate the proxy
holder’s name and the number of shares in relation to which they are authorised to act as your proxy (which, in aggregate,
should not exceed the number of shares held by you). Please also indicate if the proxy instruction is one of multiple
instructions being given. All forms must be signed and should be returned together in the same envelope. To be valid, the
form of proxy and the power of attorney or other authority (if any) under which it is signed or a certified copy of such power
or authority must be lodged at the offices of the Company’s registrars, Share Registrars Limited, 3 Millennium Centre,
Crosby Way, Farnham, Surrey GU9 7XX by hand, or sent by post, so as to be received not less than 48 hours before the time
fixed for the holding of the meeting (excluding any part of a day which is not a working day) or any adjournment thereof
(as the case may be). Please note the Share Registrars Limited will accept scans of the proxy forms via email sent to the
following address: voting@shareregistrars.uk.com with ‘Crossword Cybersecurity plc AGM vote’ in the subject line provided
that such email is received not less than 48 hours before the time fixed for the holding of the meeting (excluding any part of
a day which is not a working day) or any adjournment thereof (as the case may be).
2. Any member entitled to attend and vote at the meeting may appoint one or more proxies to attend and, on a poll, vote instead
of him. A proxy need not also be a member.
3. The completion and return of a form of proxy will not preclude a member from attending in person at the meeting and voting
should he wish to do so.
4. CREST members may appoint a proxy through CREST by using the procedures described in the CREST Manual (available via
www.euroclear.com/CREST). CREST personal members or other CREST sponsored members and those CREST members
who have appointed a voting service provider should refer to their CREST sponsor or voting service provider, who will be able
to take the appropriate action on their behalf. In order for a proxy appointment or instruction made using the CREST service
to be valid, the appropriate CREST message (“a CREST proxy instruction”) must be properly authenticated in accordance
with Euroclear UK & Ireland Limited’s specifications and must contain the information required for such instructions,
as described in the CREST Manual. All messages relating to the appointment of a proxy or an instruction to a previously
appointed proxy must be transmitted so that they are received by Share Registrars Limited (ID 7RA36) by 3.00 pm (UK time)
on 12 May 2022 (or, if the meeting is adjourned, the time that is 48 hours (excluding non- working days) before the time fixed
for the adjourned meeting). For this purpose, the time of receipt will be taken to be the time (as determined by the time
stamp applied to the message by the CREST Applications Host) from which the issuer’s agent is able to retrieve the message
by enquiry to CREST in the manner prescribed by CREST. Any change of instructions to proxies appointed through CREST
should be communicated to the appointee through other means. CREST members and, where applicable, their CREST
sponsors or voting service providers should note that Euroclear UK & Ireland Limited does not make available special
procedures in CREST for any particular message. Normal system timings and limitations will, therefore, apply in relation to
the input of CREST proxy instructions. It is therefore the responsibility of the CREST member concerned to take (or procure
the taking of) such action as shall be necessary to ensure that a message is transmitted by means of the CREST system
by any particular time. In this connection, CREST members and, where applicable, their CREST sponsors or voting service
providers are referred, in particular, to those sections of the CREST Manual concerning practical limitations of the CREST
system and timings. The Company may treat a CREST Proxy Instruction as invalid in the circumstances set out in Regulation
35(5)(a) of the Uncertificated Securities Regulations 2001.
5. The Company has specified that only those members entered on the register of members at 10.00 am on 12 May 2022 shall
be entitled to vote at the meeting in respect of the number of ordinary shares of £0.005 each in the capital of the Company
held in their name at that time. Changes to the register after 10.00 am on 12 May 2022 shall be disregarded in determining
the rights of any person to attend and vote at the meeting.
6. Resolutions 2 and 5 – Article 93.2 of the Company’s Articles of Association require that a director of the Company who
held office at the time of the two preceding annual general meetings and who did not retire at either of them must offer
themselves for re-election at the next Annual General Meeting. This year Thomas Ilube and Mary Dowd are offering
themselves for re-election. In addition both Tara Cemlyn-Jones and Robert Coles were appointed to the board since the
previous AGM and therefore are required to stand for re-election under Article 93.1 of the Company’s Articles of Association.
74
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021�7. Resolution 7 – As required by the Act, this resolution, to be proposed as an Ordinary Resolution, relates to the grant to the
Directors of authority to allot unissued Ordinary Shares until the conclusion of the Annual General Meeting to be held in
2023, unless the authority is renewed or revoked prior to such time. If approved, this authority is limited to a maximum of
24,985,400 Ordinary Shares. This represents one-third of the issued share capital of the Company.
8. Resolution 8 – The Act requires that if the Directors decide to allot unissued Ordinary Shares in the Company the shares
proposed to be issued be first offered to existing shareholders in proportion to their existing holdings. This is known as
shareholders’ pre-emption rights. However, to act in the best interests of the Company the Directors may require flexibility
to allot shares for cash without regard to the provisions of Section 561(1) of the Act. Therefore this resolution, to be proposed
as a Special Resolution, seeks authority to enable the Directors to allot equity securities up to a maximum of 24,985,400
Ordinary Shares. This authority expires at the conclusion of the Annual General Meeting to be held in 2023 and represents
one third of the issued share capital.
9. Resolution 9 - The purpose of this resolution is to increase the existing cap set out in the Company’s articles of association
to ensure the Company has sufficient headroom to pay fees to non-executive directors. The existing cap was last increased
on 9 May 2019 by Ordinary Resolution to £125,000. Resolution 9 proposes to increase the cap by a further £10,000 to
£135,000.
75
www.crosswordcybersecurity.comGOVERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT�Company Information
DIRECTORS
Sir Richard Dearlove (Chairman)
T Ilube (CEO)
Dr D Secher
A Gueritz
R Anderson
M Dowd
Dr R Coles
T Cemlyn Jones
REGISTERED NUMBER
08927013
REGISTERED OFFICE
60 Gracechurch Street
London
EC3V 0HR
INDEPENDENT AUDITOR
MHA MacIntryre Hudson
Chartered Accountants & Statutory
Auditors 6th Floor
2 London Wall Place
London
EC2Y 5AU
NOMAD
Grant Thornton LLP
30 Finsbury Square
London
EC2P 2YU
CORPORATE BROKER
Hybridan LLP
1 Poultry
London
EC2R 8EJ
76
CROSSWORD CYBERSECURITY PLC Annual Report and accounts 2021��C
R
O
S
S
W
O
R
D
C
Y
B
E
R
S
E
C
U
R
I
T
Y
P
L
C
A
n
n
u
a
l
R
e
p
o
r
t
a
n
d
a
c
c
o
u
n
t
s
2
0
2
1
Crossword Cybersecurity plc
60 Gracechurch Street,
London EC3V 0HR
e: info@crosswordcybersecurity.com
twitter: @crosswordcyber
t: +44 (0) 203 953 8466
�