Cohen & Steers
Annual Report 2020

Download report
Bookmark report

More annual reports from Cohen & Steers:

2023 Report
2022 Report
2021 Report
2020 Report
2018 Report

Plain-text annual report

Annual Report and Accounts 2020 Corero Network Security plc A Leader in real-time, high performance, automatic DDoS cyber defense solutions Corero is dedicated to improving the security and availability of the internet through the deployment of innovative Distributed Denial of Service (DDoS) protection solutions. DDoS Protection Without the Downtime Corero is a leader in real-time, high-performance, automatic DDoS protection: on-premises, as-a-service and in the cloud, with comprehensive visibility, analytics and reporting. We protect thousands of organisations worldwide, across many verticals. Our customers include corporate enterprises, network security providers, hosting and data centre providers, co-location providers, network edge providers, and managed security service providers. We are deployed internationally in over 40 countries and, through our own teams and strategic partners, we are expanding our global footprint. Operational Highlights • Global acceleration of remote working and internet usage as a result of COVID-19 has reinforced the need for online security and further emphasised the on-going importance of Corero’s high quality solutions • Order intake increased by 61% to $20.9 million (2019: $13.0 million) • Addition of 42 new customers in 2020 (2019: 18 new customers) — 17 of which were acquired through Corero’s strategic partnership with Juniper Networks (2019: 6 new Juniper customers) • Strong growth in DDPaaS and software subscriptions continues to support recurring revenues and earnings visibility • Sustained high levels of customer satisfaction continue to result in follow-on orders, which were $10.3 million in 2020 (2019: $6.1 million) • Lionel Chmilewsky, CEO and Neil Pritchard, Group Finance Director joined the Company during 2020, with Ashley Stephenson appointed Chief Technology Officer • Significant progress in delivering the Group’s growth strategy: — Continued investment in sales and marketing underpins on-going direct and channel sales efforts globally — Addition of more agent, distributor and reseller relationships and in more geographies — Leveraging strategic partnerships with Juniper and GTT and adding new complementary partners — Amplifying the Group’s services offering — Intensifying relationships with global and major accounts — Continuing to focus on technological innovation 2020 Highlights $20.9m $16.9m $9.8m $13.0m $11.1m $8.8m $8.5m $10.0m $9.7m $9.3m $7.0m $7.2m $5.8m $5.0m $4.5m 16 17 18 19 20 16 17 18 19 20 16 17 18 19 20 Order intake Revenue ARR1 61% increase over the prior year $16.9m (2019: $9.7 million) 36% increase over the prior year 16 17 18 19 20 16 17 18 19 20 $7.6m $5.4m $4.4m $2.9m $1.4m $-1.7m $-1.4m $-3.2m $-0.6m $-1.7m $-2.5m 16 17 18 19 20 $-5.1m $-5.8m $-5.0m $-6.4m Net cash EBITDA2 loss Adjusted EBITDA3 $7.6m (2019: $5.4 million) $1.4m (2019: loss $3.2 million) $0.6m (2019: loss $2.5 million) Financial Highlights • Significant revenue growth underpinned by record order intake and strong H2 2020 performance — Revenues increased 74% to $16.9 million (2019: $9.7 million) — Record H2 2020 revenues, up 93% at $10.6 million (H2 2019: $5.5 million) — Annualised Recurring Revenues1 (‘ARR’) up 36% to $9.8 million as at 1 January 2021 (1 January 2020: $7.2 million) — Revenue from DDoS Protection as-a-Service (‘DDPaaS’) contracts increased to $2.9 million (2019: $1.3 million) • Gross margins of 77% (2019: 81%) • EBITDA2 loss of $1.4 million (2019: loss of $3.2 million) • Adjusted EBITDA3 loss of $0.6 million (2019: loss of $2.5 million) • Loss before taxation of $4.0 million (2019: loss of $6.6 million) • Loss per share of 0.8 cents (2019: loss per share of 1.6 cents) • Net cash at 31 December 2020 of $7.6 million (30 June 2020: $3.3 million, 31 December 2019: $5.4 million) 1 2 3 ARR is defined as the normalised annualised recurring revenues and includes recurring revenues from contract values of annual support, software subscription and from DDoS Protection-as-a-Service (DDPaaS) contracts Defined as Earnings before Interest, Taxation, Depreciation and Amortisation. The Directors consider EBITDA to be a better measure of profitability as it excludes non-cash items Defined as Earnings before Interest, Taxation, Depreciation (including DDPaaS assets‘ depreciation which is charged to cost of sales) and Amortisation, before share-based payments, and less unrealised foreign exchange differences on an intercompany loan Contents Overview 01 2020 Highlights 02 At a glance 04 Market overview 05 2020 Key Trends 06 Corero Explained 08 How does the technology work? 09 Customer proposition 09 Investor proposition 10 Business model 11 Our Strategy Strategic Report 12 Chief Executive’s strategic update 17 Financial Review 18 Key Performance Indicators 20 Key Stakeholders Section 172 Statement 21 Principal Risks 22 Risk Management 23 Environmental, Social and Governance report Governance 24 Board of Directors 26 Chairman’s Corporate Governance Introduction 27 QCA Code Compliance 28 Corporate Governance Report 31 Board Performance and Remuneration Policy 32 Board Committee Reports 33 Directors’ Report 36 Statement of Directors’ Responsibilities Financial Statements and associated notes 37 Independent Auditor’s Report 42 Consolidated Income Statement 43 Consolidated Statement of Comprehensive Income 44 Consolidated Statement of Financial Position 45 Company Statement of Financial Position 46 Consolidated Statement of Cash Flows 47 Consolidated Statement of Changes in Equity 48 Company Statement of Changes in Equity 49 Notes to the Financial Statements Corporate Directory 80 Corporate Directory 81 Glossary For more information visit corero.com 01 Corporate DirectoryOVERVIEWStrategic ReportGovernanceFinancial Statements At a glance Corero is dedicated to improving the security and availability of the internet through the deployment of innovative DDoS protection solutions. Who we are • Corero is a leader in real-time, high-performance, automatic Distributed Denial of Service cyber defense solutions, with comprehensive visibility, analytics and reporting • Corero is active in the following customer segments: Enterprise, Telecommunications and Service providers, Hosting providers, Co-location, Edge providers, Managed Service Providers & Managed Security Service Providers • Corero protects thousands of organisations across 40+ countries worldwide • Corero invests approximately 18% of its revenue in R&D, with development in-house and owns strategic patents • Corero has strategic partnerships with companies including Juniper Networks, GTT Communications, Neustar and Splunk • Corero Network Security plc is publicly traded on the London Stock Exchange under CNS.L. and is headquartered in London with offices near Boston (US) and in Edinburgh (UK) Corero in numbers Thousands of organisations protected by Corero solutions 40+ countries Corero is deployed in more than 40 countries $16.9 million 2020 annual revenue c18% of revenues reinvested in R&D Why customers choose us Speed Attacks mitigated in seconds versus minutes or tens of minutes for competing technologies Simplicity Automatic software, plug and play appliances for lowest TCO Flexibility Multiple deployment options: on-premises, hybrid and cloud protection 02 Corero Network Security plc – Annual Report and Accounts 2020 Raw Internet SmartWall® Good Traffic Allowed Attack Traffic Blocked Protected Network Revenue-protecting real- time DDoS mitigation product optimised for service providers and cloud providers Available for rapid deployment within the provider’s own infrastructure delivering compelling ROI Revenue and reputation- protecting real-time DDoS mitigation product for digital enterprises Solves for the scalability & accuracy demands of both service cloud providers and digital enterprise businesses Corero’s product mitigates attacks in seconds, unlike competing technologies which mitigate attacks in tens of minutes Global reach and world-class customers Corero has global reach, and an outstanding portfolio of world-class customers. The Company has an outstanding reputation for technological innovation, supported by a clear strategy, strengthened global sales team, multiple routes to market and an experienced management team. 42 new customers added in 2020 (2019: 18) 17 new customers acquired through Corero’s strategic partnership with Juniper Networks (2019: 6 customers) Corero is now deployed in over 40 countries Geographic revenue Employees Protection for All Environments Americas – 65% EMEA – 26% APAC – 9% Engineering – 34% Sales & Marketing – 33% Support & Services – 23% Management & other support functions – 10% INTERNET Appliances SmartWall TDS physical or virtual software solutions protect inbound traffic with always-on blocking of DDoS attack packets Infrastructure SmartWall TDD virtual software solution protects inbound traffic by enabling edge devices to block DDoS attack packets Cloud SmartWall TDC protects other inbound traffic from saturation attacks by blocking larger DDoS attacks in the cloud Scalability Modular and distributed, pay as you grow protection Visibility Accurate, forensic-level attack and traffic visibility with SecureWatch Analytics Support World-Class 24x7x365 SOC support with SecureWatch Managed Services 03 Corporate DirectoryOVERVIEWStrategic ReportGovernanceFinancial Statements Market overview Critical cybersecurity DDoS attacks continue to grow in sophistication, scale and frequency. Cyber threats and DDoS attacks A wide range of critical cybersecurity issues face every internet connected organisation. These threats include DDoS, hacking, breach, phishing, fraud, ransom, data theft and exfiltration. These cyber threats present themselves via the essential internet connections that are required to support the online business. DDoS Protection Market in 2020 $2.7bn in 2020 Global DDoS Protection Market expected to reach $4.7bn by 2024 at 14% CAGR* Today, internet service providers typically sell raw internet transit connectivity. This raw internet connectivity, usually sold via 1Gbps, 10Gbps and increasingly 100Gbps transport connections, carries good customer traffic and malicious bad traffic without discrimination. If an enterprise, data centre, or hosting facility connects to these raw transit providers they will be exposed to internet-borne cyber threats and their information security posture must be prepared to detect and protect against any associated malicious intent. Corero focuses on one specific category of these cybersecurity threats encompassing DDoS and has developed a real-time detection and mitigation solution that delivers automatic detection and protection against DDoS attacks. The broad range of motives for executing DDoS attacks, coupled with the relative ease with which attacks can be launched, means that they are easily carried out by a variety of actors, including; criminal gangs, activists, terrorist groups and even nation states. Aside from those who are focused purely on disrupting services, some of those who carry out DDoS attacks do so for extortion via ransom DDoS or as a smokescreen for other cyberattacks designed to steal data, or plant malware. DDoS attacks continue to grow in sophistication, scale and frequency. Businesses and public-sector organisations are equally vulnerable to DDoS attacks and recent years have seen some of the world’s best-known companies fall victim to DDoS attacks with catastrophic impact for their customers. DDoS protection market driven by growing need for enterprise business continuity. Increasingly always-on protection is the only answer to defend against the smaller attacks which dominate. 4,694 2,441 2,097 1,789 2017 2018 2019-e 2024-p Global DDoS Protection Market Market Size (USD Millions) >26,000 Daily DDoS attacks were recorded during 2020, up 15% YoY** What are the key DDoS market drivers? • Rise in multi-vector DDoS attacks, availability of DDoS-for-hire services and growing demand for hybrid DDoS protection and mitigations services and solutions.1 • Internet of Things (‘IoT’) devices, which are the source of high- intensity DDoS attacks, forecast to grow 18 billion devices by 2022.1 • The increased bandwidth of 5G networks opens avenues for DDoS attackers to induce large DDoS attacks capable of impacting millions of mobile and IoT devices.1 • Communication service providers (‘CSPs’) are increasingly targets of DDoS attacks. 85% of survey respondents say DDoS attacks against their organisations are either increasing or continuing at the same relentless pace and 71% of respondents say they are not or only somewhat capable of launching measures to moderate the impact of DDoS attacks. The increase in IoT devices due to the growth of 5G increases the risk to CSPs.2 1 2 MarketsandMarkets DDoS Global Forecast Report, Forecast to 2024, June 2019 Ponemon Institute The State of DDoS Attacks Against Communication Service Providers, April 2019 * Markets & Markets DDoS protection Global forecast to 2024 ** NetScout 2020 report 04 Corero Network Security plc – Annual Report and Accounts 2020 2020 Key Trends 99% OF OBSERVED ATTACKS ARE BELOW LINK SATURATION 17% INCREASE IN HIGH PACKET RATE ATTACKS 86% ATTACKS OF 10 MINUTES DURATION OR LESS 70% INCREASE IN ATTACKS OVER 10 GBPS 400% INCREASE IN OPENVPN ATTACKS ON REMOTE WORKERS 68% INCREASED PROBABILITY OF A REPEAT ATTACK WITHIN A WEEK Every half and full year, Corero looks at the latest trends it is seeing in the DDoS market. The above observations are from our 2020 DDoS Threat Intelligence Report. ‘DDoS attacks have become harder to detect and mitigate as they are increasing in frequency and sophistication. In today’s online world, even seconds of downtime can cost… and tarnish brand reputation. The only way to ensure business continuity when faced with the growing threat of attacks, is by investing in a real-time, always-on DDoS detection and mitigation solution. However, be sure to assess your risk tolerance and that of your customers. If any amount of downtime cannot be tolerated, you should invest in an always-on solution. Like many organisations, even a minute of downtime is too much. Relying on a cloud solution alone can disrupt internet availability. Many cloud services advertise ‘always- on’ however, that often means just always-routed through their cloud, it does not mean you are always protected, resulting in additional delays for time-to-mitigation that may still be measured in minutes.’1 There are a variety of protection options available, on-premises, in the cloud or a combination of the two commonly referred to as hybrid DDoS protection. 1 Page 10, 2020 Corero DDoS Threat Intelligence Report 05 Corporate DirectoryOVERVIEWStrategic ReportGovernanceFinancial Statements Corero Explained: Your Questions Answered What is our mission? Corero is dedicated to improving the security and availability of the Internet through the deployment of innovative DDoS protection and mitigation cyber solutions. DDoS attacks are a threat to service availability, network security, brand reputation and ultimately lead to lost revenues. Attackers are continuing to leverage DDoS attacks as part of their cyber threat arsenal to either disrupt business operations or provide a smokescreen while they attempt to access sensitive corporate information. What is a DDoS attack? A DDoS attack is a cyber threat, in which multiple computer systems or devices attack a target, such as a server, website or other network asset, and cause a denial of service for users of the targeted resources. The flood of incoming messages, connection requests or malformed packets to the target system, causes it to slow down or shut down, thereby denying service to legitimate users or systems. Attackers are leveraging increasingly creative ways to circumvent traditional security solutions or reduce the effectiveness of DDoS scrubbing centres. DDoS attacks can be found in a multitude of sizes and are launched for a variety of motivations. They may also be used to extort payments via Ransom DDoS. Today’s cyber criminals do not even have to construct the attacks themselves, they can simply download DDoS malware or rent the botnet they need to accomplish their goal. Baby Monitors Video Cameras Home/ Office Routers WiFi Access Points Botnet Machine Botnet Machine Botnet Machine Botnet Machine Step 3 Open devices respond with UPnP ‘reply’ packets to victim’s network because of botnet spoofing victim’s IP addresses. Allows for a 30.8x amplification factor. SSDP Amplification DDoS Attack Victim IPS/APT SLB/ADC WAF Step 2 Botnet is told to spoof IP address of victim’s network and sends UPnP ‘discovery’ packets to open devices. Attacker Step 1 Attacker sends command and control attack signals to small botnet. 06 Corero Network Security plc – Annual Report and Accounts 2020 What damage can a DDoS attack do? High availability of Cloud services and applications are critical for modern businesses and institutions. Any DDoS downtime brings risk: • Lost revenue or loss of control • Operational costs to mitigate or recover from attacks • Increased costs to retain unhappy customers and attract new customers • Brand and reputation damage leading to competitive disadvantage or loss of confidence • Regulatory fines, legal action, resignations What solutions do we have? The goal of the Corero SmartWall real-time DDoS protection solutions are to protect business continuity, service availability, revenues and brand reputations from harmful DDoS attacks. We do this for corporate enterprises, network security providers, hosting and data centre providers, co-location providers, network edge providers, and managed security service providers. The SmartWall family of products utilises innovative, patented, technology to automatically and surgically remove DDoS attack traffic, while allowing good traffic to flow uninterrupted. Corero solutions are amongst the highest performing in the industry, while providing the most automated DDoS protection, at unprecedented scale, with the lowest total cost of ownership to the customer. We protect against DDoS attacks in seconds, or less, rather than the minutes or tens of minutes taken by legacy solutions. Corero has a market leading SmartWall Threat Defense System (‘TDS’) solution portfolio endorsed by over 160 direct customers, many of whom are providers using it to protect hundreds, or thousands, of their customers. Our products are recommended by NSS Labs (a leading independent product testing laboratory). Our SmartWall Threat Defense Director (‘TDD’) delivers edge protection for even the largest provider networks. Powering the silicon filtering capabilities increasingly built into modern edge routers, TDD software scales to tens-of-terabits per second of protection, without the need to deploy additional appliances at the edge or needing to back-haul large volumes of attack traffic to scrubbing centres. What strategic alliances do we have? Juniper Networks Juniper Networks, Inc. (NYSE: JNPR) (‘Juniper’) is one of the world’s largest networking product, solutions and services companies, with revenues of over $4.4bn in 2020. Corero has a global partnership agreement with Juniper enabling Juniper to select Corero as their DDoS protection solution and to sell Corero’s SmartWall Threat Defense Director (‘TDD’) software product in conjunction with its own MX Series routers. Juniper and Corero have developed this integrated solution for large-scale network-edge DDoS defence that leverages powerful filtering capabilities in the latest generation of Juniper’s MX Series routers. GTT Communications GTT Communications, Inc. (NYSE: GTT) (‘GTT’) is a leading global cloud networking provider to multinational clients, with over 600 points of presence (‘POPs’), with revenues of $1.7bn in 2019. GTT operates a global Tier 1 internet network and provides a comprehensive suite of cloud networking services. GTT customers can purchase IP transit with DDoS protection provided by Corero’s SmartWall TDS’s which are deployed within the GTT network. Neustar Neustar, Inc. (‘Neustar’) is an American technology company that provides real-time information and analytics for the Internet, risk, digital performance and defense, telecommunications, entertainment, and marketing industries, and also provides clearinghouse and directory services to the global communications and Internet industries. Corero has a hybrid DDoS protection solution combining on-premises TDS with the SmartWall Threat Defense Cloud (‘TDC’) service, powered by Neustar, which provides protection against the largest attacks which can saturate an organisation’s internet connections and overwhelm legitimate traffic. Where are we located? Corero’s key operational centres are in Marlborough, Massachusetts in the USA and Edinburgh in Scotland, UK, with the Company’s registered office in Amersham in England, UK. 07 Corporate DirectoryOVERVIEWStrategic ReportGovernanceFinancial Statements How does the technology work? How do we combat DDoS Attacks? Traditional DDoS providers use net flow sampling, which requires spotting mainstream anomalies, re-directing traffic, to be cleaned in scrubbing centres (which may be overseas, or some distance away) with manual intervention, and then traffic is re-directed back. This is a time-consuming and costly process when the length of an attack might be short – but it takes hold quickly and the impact is high. High availability of cloud services and applications are critical for modern businesses and institutions. Traffic providers which use DDoS providers that have this simple generic approach have basic DDoS protection. While this may be adequate for simple and obvious attacks, it may not be for sophisticated, highly engineered attacks. So, for example, Ransom DDoS attacks are real-time, in depth (deep packets) and highly automated. However, Corero uses Deep Packet Inspection (‘DPI’) and processes packets in real-time and on-data path (‘in-line’) with as much automation as possible. Our approach is very scalable to the tens of terabits per second which makes our cost per performance ratio superior in the industry. It can also be used to augment broad upstream netflow based basic protection with an in-line, on-data- path DPI tool on network edges. Corero operates ‘SmartWall’ and ‘SecureWatch’ solutions. SmartWall Corero’s SmartWall solution is highly automated, detecting and mitigating attacks surgically, without the intervention of security analysts or network operators, who may not even know the network is under attack unless they are monitoring Corero’s dashboard or subscribed to the automated mitigation alerts. With varied deployment topologies (in-line, scrubbing, edge or cloud) Corero’s SmartWall family of solutions utilise innovative, patented technology to automatically and surgically remove the vast majority of DDoS attack traffic. Protection is available in cost-effective scaling increments, from 1Gbps, 10Gbps and 100Gbps to tens-of-terabits, to support the full spectrum of customer bandwidth and inspection requirements. We have combined advances in Intel x86 multicore CPU technology, Data Plane Development Kit (‘DPDK’) software for packet processing acceleration, and high-performance network interface cards (‘NICs’), together with an innovative, patented, and highly efficient software architecture, to develop a new generation of physical and virtual appliances providing breakthrough price/ performance for DDoS defense. SmartWall appliances perform sampled DPI to generate security metadata from traffic flows. The internal rules-engines examine this metadata to flag offending packet flows in real-time and block attacks. At the same time, the security metadata is streamed to the Corero SecureWatch® Analytics platform, where further analysis, involving correlation with other performance metrics and event data, enables rapid identification of new attack vectors. SecureWatch Analytics can formulate new mitigation rules for these vectors that are distributed out to each SmartWall instance. SecureWatch The Corero SecureWatch service is a tiered offering comprised of configuration optimisation, monitoring and mitigation response services. Corero SecureWatch Analytics leverages Splunk’s analytics engine and provides robust reporting to transform sophisticated DDoS event data into easily consumable dashboards accessed via the SecureWatch Analytics web portal. The portal allows customer security operators to monitor and manage incident response, with the ability to conduct sophisticated forensic analysis. The Corero Service Portal enables providers’ customers (or ‘tenants’) to gain visibility into attacks via per-tenant dashboards. Providers can assign tenant service levels and automatically distribute reports which showcase the value of the protection their customers are receiving. Threat Defense System (TDS) Physical & Virtual Appliances – On-premises Threat Defense Director (TDD) Provider Edge – Sampled Detection 1G 10G 100G 100G > Multi-Tbps + NTD220 • Standalone 2x1/10G Solution NTD280 • Up to 8x10G Protection NTD1100 • 1x100G Protection • 100G-40Tbps Edge Protection • Basic Volumetric Attacks • Easiest for Small Deployments • Scales to Terabits/s • Scales to Terabits/s • Supports Juniper MX Routers vNTD Software Cloud & Virtualised Net Flow Protection 08 Corero Network Security plc – Annual Report and Accounts 2020 Customer proposition What really sets Corero apart Speed Attacks mitigated in seconds versus minutes or tens of minutes for competing technologies with zero downtime Simplicity Automatic software, plug and play appliances for lowest TCO Flexibility Multiple deployment options: on-premises, hybrid and cloud protection Scalability Modular and distributed, pay-as-you-grow protection Visibility Accurate, forensic-level attack and traffic visibility with SecureWatch Analytics Support World-Class 24x7x365 SOC support with SecureWatch Managed Services Investor proposition Superior Performance High performance, class leading solutions: real time effective DDoS protection and mitigation without disrupting or delaying legitimate network traffic Time to Market Unlike some technology companies, we have that superior solution already developed No development cycle with customers On-going R&D investment reflects solution refresh and enhancements High growth markets This increasingly inter-connected world grows faster and more complex with higher speed connections, the proliferation of IoT devices and the continued growth of cloud services Corero market share leaves lots of headroom expansion opportunity Customer relationships We enjoy high levels of trust with our customers which translates into high retention rates and long-term relationships Our diverse customer base includes blue chip global customers High annualised recurring revenues demonstrate such enduring relationships Proprietary Intellectual Property In-house expertise and proprietary knowledge means we can innovate without significant outsourcing dependencies or royalty costs Many engineer years of software development leveraged to expand feature set and pipeline Customer support and service We provide high levels of customer support and service through our sales engineers, SOC and Operations Team We can provide high levels of compatibility with customer indigenous equipment and systems We have key relationships with other providers Scalability – organic and partners Where appliances are employed for the software solution, manufacturing is outsourced so there are no in-house supply constraints We have established and extensive global routes to market through our own direct sales force, agents, resellers, distributors, and strategic partnerships 09 Corporate DirectoryOVERVIEWStrategic ReportGovernanceFinancial Statements Business model Corero SmartWall real-time DDoS mitigation protects business continuity, service availability, revenues and brand reputations from harmful DDoS attacks. A Customer Driven Business Model Key solutions Sales channels Customer segments Source of Revenue SmartWall Threat Defence System (‘TDS’) Available in physical and virtual for 10G, 100G and cloud SmartWall Threat Defence Director (‘TDD’) Delivers software edge protection for even the largest networks SmartWall Threat Defence Cloud (‘TDC’) Protects against the largest Cloud attacks SecureWatch Support, updates, maintenance, monitoring 10 Direct sales Own sales team Service Providers Indirect sales Agents, value- added resellers and distributors Cloud hosting providers Co-location providers Edge providers Partners Enterprises Juniper, GTT and Neustar Managed Security Service Providers Appliance & perpetual software licence sale SmartWall TDS Term Licence SmartWall vNTD and SmartWall TDD DDoS Protection as-a-Service SmartWall TDS and TDC Revenue share SmartWall TDS (through GTT) Support and services SmartWall TDS and TDD Corero Network Security plc – Annual Report and Accounts 2020 Our Strategy Strategic vision and focus Our vision is to become the world leader in DDoS protection, servicing a significant proportion of our growing target market. Our focus, while maintaining our superior technological performance, is delivering sustainable, long-term value to our stakeholders. Our strategic pillars 1. Increase our international presence • Our solutions are now deployed in 40 countries • We are leveraging on our strategic partnerships (9 new countries in 2020) to penetrate more countries • We have appointed new agents in 2020 in Latin America and the Caribbean, APAC, Europe, and Middle East • We are enabling more international distributor and reseller channel partners 2. Leverage our existing partnerships and bring new ones • 17 new customers with Juniper (vs 6 in 2019), increased scale with GTT and significant growth in our business with Juniper • Looking at further partnerships with System Integrators and Managed Security Service Providers • Looking at further business arrangements with • Establishing additional go-to-market relationships technology partners 3. Intensify our global, Tier One and major account relationships • Strengthened our position in 2020 with our existing customer accounts with significant add-on and upgrade business as these customers grow in scale • Increasingly active prospects for larger customers in our pipeline and targeting our sales resources to address these prospects • Secured in 2020 many new major and tier one operators both as direct sales or through partners 4. Better monetise our existing services and introduce new services • Increasing service offering including deployment support, training and other professional services with a higher attach rate for existing and new customers • We are adding new services to our portfolio: pre-sales, consulting services, bespoke services and development 5. Amplify our demand generation programmes • Increased focus and optimisation on both in-house and external outsourced resource lead generation activity • Increased marketing activity and resourcing to new geographies • Increased ‘Account Based Marketing’ initiatives 6. Continue to increase our technological innovation leadership • We have delivered major new SmartWall portfolio software • We are providing greater focus on our product releases to customers and partners line management • We are enhancing our solution portfolio to take into account the new market trends for the short and long term 11 Corporate DirectoryOVERVIEWStrategic ReportGovernanceFinancial Statements Chief Executive’s strategic update Introduction Corero’s performance across 2020 clearly demonstrates that the Company’s renewed strategic focus on its global sales and marketing efforts is delivering tangible benefits. In the year ended 31 December 2020, the Company generated a 74% increase in revenue to $16.9 million (2019: $9.7 million), which as announced in January 2020, was ahead of market expectations, with H2 2020 revenues at a record high of $10.6 million (H2 2019: $5.5 million). The Company’s trading was underpinned by order intake reaching an all-time high at $20.9 million for 2020 (2019: $13.0 million), representing an increase of 61%, with $13.0 million secured in H2 2020 (H2 2019: $8.0 million), another period of record order intake for the Company. It is important to note that revenues associated with order intake are recognisable over the lifetime of each of the contracts. Significantly, Corero achieved a marked increase in Annualised Recurring Revenues in the year to $9.8 million as at 1 January 2021, driven by growth in DDoS Protection-as-a-Service and software subscription orders, which continues to give management better visibility over the Company’s future earnings (ARR at 1 January 2020: $7.2 million). This strong performance was delivered against the backdrop of the COVID-19 pandemic, which presented both opportunities and challenges for the Group. The health and safety of our global workforce was and continues to be of paramount importance and the transition to remote working was implemented seamlessly across the Group with business continuity maintained throughout. Corero continued to achieve extremely high customer satisfaction metrics throughout the pandemic, and this could only have been delivered through the dedication of our highly talented and hard working employees. The pandemic also reinforced the importance of both effective and scalable cyber defense solutions as increased remote working and significantly higher levels of internet usage and e-commerce created new challenges for the sector and the number of DDoS attacks rose globally. This market dynamic coupled with our customer centric values and market-leading solutions created a strong growth platform for the Group across 2020. Strategic Progress The Group has a clearly defined set of near and mid-term strategic priorities, and during 2020, Corero delivered significant progress across all of these ambitious initiatives. These priorities are focused on expanding our market coverage and capitalising on our industry-leading technology stack and are to: • increase our international footprint; • leverage sales channel and business partnerships; • broaden our Global, major and Tier One client base; • augment our services portfolio; • amplify our demand generation programmes; and • continue to increase our technological innovation leadership. Increase our international footprint The Group’s solutions are now deployed across more than 40 countries, with nine new territories added during the year. Central to enhancing the Group’s global presence are our strategic business relationships and agents, which accelerate our sales growth. During the year, we added six new agents across Eastern Europe, Latin America, APAC, Europe and the Middle East. These new relationships are important in increasing our profile across a number of high growth and strategically important markets. Leverage sales channel and business partnerships The Group also continues to leverage its existing strategic partners, such as Juniper, and GTT, embedding our products into these highly valuable sales ecosystems. During 2020, we signed 17 new customers through our Juniper partnership, compared to six in the previous year. We also significantly increased the level of business generated with Juniper compared to previous year. This strong traction is testament to the excellent work carried out by our sales teams in engaging in closer new business collaboration and product Lionel Chmilewsky, CEO The successful implementation of our strategic priorities is creating a strong platform for the business. These are centred across geographic expansion, creating sustainable sales growth and maintaining our product excellence. The Company is confident in the market dynamics and drivers and well placed for future growth. $20.9m $13.0m $11.1m $9.3m $7.0m 16 17 18 19 20 Order intake growth 61% increase over the prior year 12 Corero Network Security plc – Annual Report and Accounts 2020 support with the Juniper team. We intend to continue to increase the level of engagement across all our sales channels and believe this is central to creating additional revenue growth. Broaden our Global, major and Tier One client base As set out during 2020, the Group sought to both secure new mandates and expand existing mandates with Tier One and Major customers. During 2020 we secured a number of new mandates with global operators either directly or via our partner network. Augment our services portfolio During the period, the Group further increased the level of revenues generated from Managed Professional Services as part of total order intake, launching a number of initiatives to significantly increase development and promotion of our services offering and therefore increase our recurring revenue base. Continue to increase our technological innovation leadership Alongside our on-going investment in enhancing the features and offering of our solutions, the Group has created a number of internal initiatives to examine product development and enhancements to drive near-term and mid-term improvements across our existing software portfolio. This is key to ensuring Corero maintains its market leading position to take advantage of new market trends. As part of this process, Corero has created a number of customer-facing task forces to both improve and expand customer engagement. DDoS market dynamics Organisations around the world depend on the Internet now more than ever to conduct business and deliver services. This Internet- first world grows more complex each year due to the demand for faster connections, 5G, Internet of Things (‘IoT’) devices, and cloud services. DDoS attacks are growing in sophistication, size, recurrency and frequency. Each year, we see a rising number of total recorded attacks. Often such attacks are cover for other nefarious motives and attacks. Service Providers and Hosting Providers are increasingly expected to assume the responsibility for upholding their customers’ internet availability. Real-time DDoS protection has become more critical now than ever before. Unfortunately, in parallel, DDoS-for-hire services, that make it cheap and easy to launch attacks, have become increasingly common. Expectations for Internet response and resilience comes down to seconds not minutes. When the Internet goes down, organisations that rely on Internet service go down with it. DDoS attacks are considered one of the most serious yet most common threats to Internet availability. Downtime and internet disruption can damage brand reputation, customer trust and revenue. Market reports have commented that during 2020, the average number of attacks per customer per day increased by c.20%, as did the chance of being attacked again within 24 hours, with the average duration of an attack less than five minutes making them more difficult to detect. In addition, during the COVID-19 pandemic, Corero has seen a 400% year-on-year increase in the use of OpenVPN attacks as businesses transitioned to working remotely. Opportunities for Corero 2020 was clearly a watershed moment for the digital community with heightened levels of remote working, and online commerce highlighting the importance of cyber security innovation. Whilst it is difficult to predict if consumer demand will be maintained, what is clearly evident, is the need for highly robust and secure IT infrastructure is set to continue, as we saw before the pandemic. Corero’s solutions sit firmly at the centre of this trend with customers across telecommunications, retail, banking, data-centres, hosting, and infrastructure all putting DDoS mitigation as a key near-term priority. 13 Corporate DirectoryOverviewSTRATEGIC REPORTGovernanceFinancial Statements Chief Executive’s strategic update continued In addition, the expansion of 5G mobile broadband and Edge computing, coupled with the on-going global reliance on data, business intelligence and Artificial Intelligence (AI) based services, will undoubtably accelerate the creation of more sophisticated cyber threats. Corero intends to continue its path of product development alongside geographic and market coverage expansion to further ensure its customers are best protected from the threat of DDoS attacks. Financial Summary The Group generated revenues of $16.9 million in 2020 (2019: $9.7 million), with total operating expenses before share-based payments of $16.4 million (2019: $13.8 million) while continuing to invest in sales and marketing expansion and R&D efforts. • Operating expenses net of capitalised R&D costs and before depreciation and amortisation of intangible assets and before share-based payments were $14.1 million (2019: $10.8 million). Capitalised R&D costs were $1.4 million (2019: $1.4 million) • Operating expenses include an unrealised exchange loss of $0.3 million (2019: loss of $0.3 million) arising from an intercompany loan • Depreciation and amortisation of intangible assets was $2.3 million (2019: $3.0 million). The EBITDA loss in 2020 of $1.4m narrowed by 56% over the prior year (2019: $3.2m loss) and Adjusted EBITDA loss reduced by 76% to $0.6m (2019: loss of $2.5m). Losses before taxation in 2020 were $4.0 million (2019: loss $6.6 million) including amortisation of capitalised R&D of $1.9 million (2019: $2.6 million). Losses after interest and taxation were $3.8m (2019: $6.6m). The reported loss per share was therefore 0.8 cents (2019: loss per share 1.6 cents). The 2020 losses decreased primarily due to the increased revenues ahead of the increase in operating expenses. The net cash generated from operating activities in the year was $5.1 million (2019: net cash outflow of $0.6 million) reflecting the loss for the year and improvement in working capital investment in the period of $5.7 million (2019: decrease in working capital investment of $2.2 million). This improvement was partly due to an order received from a sizeable customer in the third quarter, the proceeds of which were received towards the end of the fourth quarter, but the associated outflows for which fell into the first quarter of the 2021 year. In terms of overall position, Corero had net cash of $7.6 million at 31 December 2020 (31 December 2019: $5.4 million; H1 2020 $3.3 million), comprising: • Cash at bank of $10.1 million as at 31 December 2020 (2019: $8.3 million) • Debt of $2.5 million (2019: $2.9 million) including $0.6 million of a US Paycheck Protection Program (“PPP”) Loan. This PPP loan was forgiven by the Group’s US bank in January 2021. In April 2021 we have entered into a new banking facility for up to £3.0 million (circa $4.1 million), the net proceeds of which will be used for working capital purposes and our on-going investment programme to support our growth strategy ahead. Outlook The Company begun 2021 with a solid pipeline and encouraging levels of business activity from both new and existing customers, particularly through our strategic partnerships. The requirement for its products and the need for cyber security mitigation remains high and continues to grow, and this has undoubtedly been accelerated by the increased levels of remote working and online commerce. However, the Company remains mindful of the risks and challenges presented by COVID-19 including the on-going wider economic impact and customer purchasing decisions. The successful implementation of our strategic priorities is creating a strong platform for the business. These are centred across geographic expansion, creating sustainable sales growth and maintaining our product excellence. The Company is confident in the market dynamics and drivers and believes it is well placed for future growth. The strong sales traction over the last 12 months, combined with the Group’s attractive customer offering and recurring revenue generation provide us with renewed optimism and vigour as we navigate 2021 and beyond. Lionel Chmilewsky Chief Executive Officer 12 April 2021 14 Corero Network Security plc – Annual Report and Accounts 2020 Chief Executive’s strategic update Q&A with Lionel Chmilewsky to a virtual or a cloud type of protection architecture and have several pricing models aligned to match our customers’ priorities. You implemented a number of new strategic initiatives since joining, could you explain why you felt the Company needed a change in direction and when you expect to see the benefits of these changes? As I said, the Company had built some foundations on the technology and with customers. I believed it was time to take it to the next level of expansion by being active in more countries, with more larger accounts, a broader software and services offering and an intensified relationship with our strategic partners. Pleasingly, we are already seeing the benefits of our new strategic drivers as illustrated by a strong order book and revenue performance in the full year 2020 and expect this to continue over the next years. What does Corero’s go to market strategy look like across the medium-term and should we expect an increase in sales and marketing headcount, or are channel partnerships the focus? I would expect a combination of all of these. There is scope to further deepen our relationships and increase traction with our existing partners, building on the success that we achieved – in particular with Juniper and GTT – during 2020. We are also aiming at adding additional business partners operating in different fields and at acquiring larger customers in order to grow our share in this significant DDoS market. Our approach is to have a very complementary and not an overlapping go-to-market strategy. What attracted you to Corero and how would describe your first 10 months in the role? The market Corero is operating in is very dynamic and the Company has built over the last few years some solid foundations. These foundations are the people, the technology, and the solid base of customers we have acquired since we started to focus on DDoS seven years ago. I felt that there was an interesting opportunity to take the Company to the next stage of performance, capitalising on our existing assets while implementing an augmented strategy around market coverage, business and strategic alliances, innovation and new solutions offering. I joined the company at the beginning phase of the global COVID-19 pandemic. I then had to adjust to a very new working environment with new teams and limited possibilities to meet in person. I must say above all else, that I have been incredibly impressed with the tenacity and dedication of the Corero team and their ability to successfully drive the activity in difficult conditions. We were able to launch and implement all together some new pillars to our strategy and generate some strong growth in 2020. What differentiates Corero in, what is, a very crowded market? Quite simply, our technology and our customer-driven flexible mindset. Corero’s SmartWall products are the leading DDoS defense solutions out there and offer the best performance over total cost of ownership ratio in the industry. SmartWall mitigates an attack in seconds, while other competitors take minutes or tens of minutes. Furthermore, more than 95% of the attacks are mitigating automatically without any human intervention. Corero is also a very customer-centric company, 100% focused on DDoS defense solutions with a global footprint and thousands of organisations in more than 40 countries being protected by our software. We are extremely flexible and offer a range of deployment solutions from an “always on” 15 $9.8m $7.2m $5.8m $5.0m $4.5m 16 17 18 19 20 ARR 36% increase over the prior year Corporate DirectoryOverviewSTRATEGIC REPORTGovernanceFinancial Statements For you, what does success for Corero really look like? Success is very much about increasing our market share and taking the company to the next level of growth and financial performance. It’s all about achieving full customers’ satisfaction, happy shareholders and happy employees. Chief Executive’s strategic update Q&A with Lionel Chmilewsky continued What are the barriers to entry to stop the large network players from developing their own DDoS solutions and therefore shrinking Corero’s addressable market? The barriers to entry are really entrenched in the knowhow and technology that Corero developed over the last seven years. And importantly, the customer’s experience that we have acquired and the thousands of case studies we have experienced is not something you can build from scratch. There are domains where a large investment does not ensure success and does not replace years of customer practice. What, if any, product development initiatives will you implement? Will the focus always be on DDoS specifically or is there scope to broaden your specialty? That is a great question! Our focus remains right now on DDoS and execution of our strategy for growth as I believe that there is still a lot to capture in the DDoS market. This market, while growing, will continue to evolve taking into account some new trends like IoT, 5G, Multi-Cloud, Edge Computing, Virtualisation etc… So keep your eyes open in that domain as we will always look to enhance our solution offerings which may take us into adjacent and complementary spaces in time. It is well understood that the increase in remote working during COVID-19 has resulted in an increase in cyber-attacks and therefore demand for cybersecurity solutions, how do you see this recent trend developing? We expect the increase in demand for cybersecurity solutions that has been apparent worldwide over the last 12 months to continue, as the pandemic has caused a shift in behaviour which we believe is here to stay. Not only are many corporations permanently moving to a more flexible working model, but digital transformation has been accelerated as a result of the pandemic, giving rise to the potential for more cyber security attacks and therefore the heightened requirement for defense solutions. How do you see the DDoS landscape evolving over the coming years? During 2020, the average number of attacks per customer per day increased by c.20%, as did the chance of a customer being attacked again within 24 hours. In addition, the average duration of an attack is now less than five minutes, making these kinds of attacks particularly insidious as they are more difficult to detect. We would expect these trends to continue in the near-term, with DDoS continuing to pose a significant threat to businesses globally. We also predict that with an increasing number of businesses making the digital transition and with the rush to do so, that DDoS protection may be delayed, making many businesses increasingly vulnerable. The proliferation of 5G, Cloud based services and IoT will also give rise to an increasing number of opportunities for DDoS attacks, so overall we expect the threat of DDoS attacks is heightened and here to stay. 16 Corero Network Security plc – Annual Report and Accounts 2020 Financial Review Revenue and gross margins Deriving from heightened order intakes, revenue recognised increased from $9.7m to $16.9m, a 74% improvement. All revenue categorisations (appliance and licence revenue; DDoS Protection-as-a-Service revenue; maintenance and support services revenue) advanced year-on-year. Annualised recurring revenues1 increased in the year with ARR of $9.8 million as at 1 January 2021, driven by growth in DDPaaS and software subscription orders (ARR at 1 January 2020: $7.2 million). Corero’s overall gross margin, while remaining high, slightly decreased from last year’s high of 81.0%. New and add-on and upgrade business represented a higher proportion of the overall business mix, leading to this slightly lower overall gross margin of 77.3%. Operating expenses and R&D investment Operating expenses increased by $2.6 million from $13.8 million to $16.4 million. Underlying operating expenses were $3.3 million higher, reflecting the continued strategic scale up of the Group’s investment in its front-line sales and marketing resources, increase in central costs, mitigated to a minor extent by lower travel and acommodation costs due to the COVID-19 pandemic. Underlying operating expenses were offset by a lower amortisation charge for research and development (‘R&D’) by $0.7 million between 2020’s $1.9 million and the $2.6 million in 2019. During the year, the Group enhanced its existing products with new features and functionality, with R&D investment of $1.4 million (2019: $1.4 million). In relation to this on-going investment in R&D to maintain the Group’s competitive edge, we secured UK R&D tax credits of $0.2 million in 2020 (2019: Nil) relating to the 2018 and 2019 tax years. Capital expenditures in property plant and equipment increased to $1.0 million ($0.6 million) due mainly to increased investment in assets to facilitate our DDPaaS offerings, both directly ourselves and through our GTT strategic partner. Share based payments increased from $0.3 million in 2019 to $0.4 million in 2020, reflecting the granting of increased options to staff and management in the year, including the successful cancellation, re-pricing and re-grant exercise that took place in June 2020. Financing costs were slightly lower in the year at $0.3 million (2019: $0.4 million) due to the Company’s $1.2 million progressive repayment of its borrowings in accordance with its agreed banking schedule. Profitability The classic EBITDA2 loss measure decreased in the year from $3.2 million in 2019 to $1.4 million in 2020, or a 56% favourable variance. Fully adjusted EBITDA3 loss measure improved from $2.5 million in 2019 to $0.6 million in 2020, or a 76% improvement. Further details on these measures are provided in the Key Performance Indicators section on pages 18 to 19. Loss before taxation was materially lower at $4.0 million (2019: $6.6 million). With the addition of the R&D tax credit mentioned above, loss after taxation was $3.8 million (2019: $6.6 million). Basic and diluted loss per share was halved from 1.6 cents per share to 0.8 cents per share. Cash and operating cash Net cash at 31 December 2020 was $7.6 million (H1 2020: $3.3 million; 2019: $5.4 million). Gross cash at bank at 31 December 2020 was $10.1 million (H1 2020: $6.2 million; 2019: $8.3 million). Gross cash at the year end was high in part due to the proceeds received from an atypical sizeable multi- million-dollar contract awarded by a customer in the third quarter, the proceeds of which were received towards the end of the fourth quarter, but the associated outflows for which fell into the first quarter of the 2021 year. Borrowings were $2.5 million, including $0.6 million of a US Paycheck Protection Program (“PPP”) loan (H1 2020: $2.9 million including PPP loan; 2019: $2.9 million of borrowings). Bank borrowings decreased due to the repayment schedule discussed. Notification of the forgiveness of the PPP loan was received from our US bank at the end of January 2021 and will therefore be credited to the Consolidated Income Statement in 2021. Overall, net cash from operating activities of $5.1m was generated by the business (2019: $0.6 million used in the business) and overall, cash and cash equivalents increased by $1.8 million (2019: $0.3 million). No equity raises were conducted in 2020. Neil Pritchard Group Finance Director 12 April 2021 1 2 3 Defined as the normalised annualised recurring revenue and includes recurring revenues from contract values of annual support, software subscription and from DDoS Protection-as- a-Service contracts Defined as Earnings before Interest, Taxation, Depreciation and Amortisation Defined as Earnings before Interest, Taxation, Depreciation (include DDPaaS assets’ depreciation which is charged to cost of sales), Amortisation, share-based payments and less unrealised foreign exchange differences on an intercompany loan 17 Neil Pritchard, GFD The 2020 year saw very significant and pleasing progress in our strategic objectives to increase Group revenues and attain EBITDA break-even and, thereafter, profitability. $16.9m $10.0m $9.7m $8.8m $8.5m 16 17 18 19 20 Revenue +74.0% increase over the prior year 16 17 18 19 20 $-1.7m $-1.4m $-3.2m $-5.1m $-5.8m EBITDA loss2 $1.4m (2020: loss $3.2 million) Corporate DirectoryOverviewSTRATEGIC REPORTGovernanceFinancial Statements Key Performance Indicators $20.9m $16.9m $9.8m 76.4% 75.1% 78.4% 81.0% 77.3% $13.0m $11.1m $10.0m $9.7m $8.8m $8.5m $7.2m $5.8m $5.0m $4.5m $9.3m $7.0m 16 17 18 19 20 16 17 18 19 20 16 17 18 19 20 16 17 18 19 20 Order intake Revenue $16.9m +74% Represents statutory- recognised revenue from Corero solutions. Performance Revenue for the year ended 31 December 2020 increased by 74% to $16.9 million (2019: $9.7 million). H2 2020 revenue was also a record high, at $10.6 million (H2 2019: $5.5 million), up 93%. $20.9m +61% Represents purchase orders from customers including multi-year services and support orders. Performance Order intake for the year ended 31 December 2020 was $20.9 million (2019: $13.0 million), an increase of 61%. H2 2020 order intake was at record levels at $13.0 million (H2 2019: $8.0 million), up 63%. It is important to remember that revenues associated with order intake are recognisable over the lifetime of each of the contracts. ARR (annualised recurring revenues) $9.8m +36% Represents the normalised annualised recurring revenues and includes recurring revenues from contract values of annual support, software subscription and from DDPaaS contracts. Performance Annualised recurring revenues increased in the year with ARR of $9.8 million as at 1 January 2021, driven by growth in DDPaaS and software subscription orders (ARR at 1 January 2020: $7.2 million). Gross margin % 77.3% Represents statutory gross profit divided by statutory revenue. It measures the Group’s underlying profitability before overheads. Performance Corero’s overall gross margin of 77.3% slightly decreased from last year’s high of 81.0%. New and add-on and upgrade business represented a higher proportion of overall business, leading to a slightly lower overall gross margin. 18 Corero Network Security plc – Annual Report and Accounts 2020 16 17 18 19 20 16 17 18 19 20 $-1.7m $-1.4m $-3.2m $-0.6m $-1.7m $-2.5m $2.9m $1.4m $7.6m $5.4m $4.4m $-5.1m $-5.8m EBITDA -$1.4m +56% Represents the classic EBITDA definition: operating loss less depreciation, amortisation and any impairment of goodwill. The Board considers EBITDA to be a useful measure of profitability as it excludes typical non-cash items. For further details please see note 8. Performance Loss before taxation as a starting point was materially lower at $4.0 million (2019: $6.6m). This was due to an increase in revenues driving gross margin improvement of $5.2 million, more than offsetting the $2.6 million increase in operating expenses. An increased share option charge between the years was approximately matched by lower financing costs following the progressive paydown in the Group’s borrowings. Underlying operating expenses were $3.3 million higher, reflecting the continued scale up of the Group’s investment in its front-line sales and marketing functions, increase in central costs, mitigated to a minor extent by lower travel and accomodation costs due to the COVID-19 pandemic. Underlying operating expenses were offset by lower amortisation of R&D costs by $0.7m between 2020’s $1.9m and the $2.6 million in 2019. Depreciation was at similar levels between the years. $-5.0m $-6.4m Adjusted EBITDA – Fully adjusted basis -$0.6m +76% Represents the operating loss less unrealised foreign exchange differences on an intercompany loan, depreciation (including adjusting for DDaaP assets depreciation which is charged to cost of sales), amortisation and any impairment of goodwill, and share based-payment non-cash costs. The Board considers the Adjusted EBITDA – Fully adjusted basis to be a further useful measure of profitability as it excludes other significant non- cash items in addition to classic typical EBITDA non-cash items. For further details please see note 8. Performance The fully adjusted EBITDA loss measure improved from $2.5 million in 2019 to $0.6 million in 2020, or a 76% improvement. The main reasons for this $1.9 million change aside from that already described for EBITDA were: an increase in depreciation on DDPaaS assets of $0.1 million in 2020 over 2019 (due itself to an increase in those contracts between the years); an increase in share-based payments non- cash cost of $0.1 million between the years (a reflection of increased share based payments made to management and staff); and, a similar in both periods but sizeable adverse unrealised (non- cash) foreign exchange difference on an intercompany loan between sterling and dollar denominated subsidiaries. 16 17 18 19 20 Net cash $7.6m +41% Represents cash at bank less total debt. Performance Net cash as at 31 December 2020 was $7.6 million (H1 2020: $3.3 million; 2019: $5.4 million). Net cash is derived from gross cash (cash at bank and in hand) less borrowings. Gross cash at bank as at 31 December 2020 was $10.1 million (H1 2020: $6.2m; 2019: $8.3 million). Gross cash at the year end was high in part due to the proceeds received from an atypical, sizeable, multi-million-dollar contract awarded by a customer in the third quarter, the proceeds of which were received towards the end of the fourth quarter, but the associated outflows for which fell into the first quarter of the 2021 year. The Group continues to pay down its bank borrowings according to the agreed loan repayment schedule. Borrowings were $2.5 million, including $0.6 million of a US Paycheck Protection Program (“PPP”) loan (see note 18) (H1 2020: $2.9 million including PPP loan; 2019: $2.9 million of borrowings). 19 Corporate DirectoryOverviewSTRATEGIC REPORTGovernanceFinancial Statements Key Stakeholders Section 172 Statement The Directors are aware of their duty under Section 172 of the Companies Act 2006 to act in the way which they consider, in good faith, would be most likely to promote the success of the Company for the benefit of its members as a whole and, in doing so, to have regard (amongst other matters) to the: likely consequences of any decisions in the long-term; interests of the Company’s employees; need to foster the Company’s business relationships with suppliers, customers and others; impact of the Company’s operations on the community and environment; Company’s reputation for high standards of business conduct; and need to act fairly as between members of the Company. The Board reviewed and re-confirmed the Company’s key stakeholder groups during the year. These are set out below along with details of the forms of engagement undertaken by the Board: Why they matter What matters to them Corero’s engagement The Board’s engagement Key events in the year Stakeholder: Customers Customers are the lifeblood of a successful growing business. Executive Directors meet with customers throughout the year and feedback issues to the Board. Corero customers are concerned with having products and services that protect their online presence and operations from the increasing threat of DDoS attacks. High availability of cloud services and applications are critical for modern businesses and institutions, their revenue streams rely on having internet connectivity protected from the threat of DDoS attacks. The Board reviews strategy and monitors performance during the year with the aim of meeting customers’ needs more effectively. Receives regular competitor updates to understand Corero’s competitive performance and its strengths and weaknesses as regards meeting customer needs. Every day Corero is interacting with potential and actual customers in the business – including in tenders, in technical presentations, in quoting, in invoicing, in deployment, and in after-sales and on-going customer support roles. Stakeholder: Shareholders Shareholders own the business. They are the providers of capital to grow and invest for future success. Concerned with a broad range of issues including, but not limited to, Corero’s financial and operational performance, strategic execution, investment plans and governance. Communications such as annual reports, interim reports and notices of general meetings. Investor roadshows, Stock Exchange announcements and press releases; www.corero.com. Board attendance at the AGM to answer questions. Feed back on investor meetings held by the Chairman. Executive Director meetings with investors in the UK. In conjunction with the Company NOMAD, Corero consulted with major shareholders and key strategic partners regarding a share option cancellation, reprice, and regrant exercise in June 2020. Stakeholder: Partners Partners are an extension of Corero, representing the Corero brand in the market, providing an additional route to market to scale the business. Corero’s partners harness Corero’s innovative technology to deliver customer success through creation of unique joint value propositions. They share insights into what current and future customers want, ultimately impacting product strategy and roadmaps and accelerating business growth through sales and marketing programmes, as well as technical training, often with a greater, and more geographically dispersed sales force. Partner Code of Conduct define expectations of responsible business and behaviour. Board reports, including updates on performance and key partner issues, are regularly made. Senior management engaged in quarterly review of progress of the Corero-Juniper and GTT engagements. Stakeholder: Employees Corero employees are a key resource, dedicated to creating, selling and supporting solutions that protect Corero’s customers from the increasing threat of DDoS attacks. Opportunities for personal development and career progression, a culture of inclusion and diversity, compensation and benefits, and the ability to make a difference within Corero. Various activities and forums to foster participation in Group events, invite opinions, questions and ideas. Monthly ‘All Hands’ meetings are held. Board updates regarding partner relationships, development and engagement. The Board provides on-going consideration of key strategic partnerships, and whether to change or add to existing relationships. Board engaged in quarterly review of progress of the Corero- Juniper and Corero-GTT engagements. Regular Board member engagement with senior Juniper management. In pre-COVID-19 times, Non- executive Directors have provided ‘town hall’ meetings for employees at Corero’s key locations to participate in a Q&A session. New style performance appraisal and objective setting processes have been rolled-out in 2021. An employee survey is also planned. 20 Corero Network Security plc – Annual Report and Accounts 2020 Principal Risks Principal risks and uncertainties The Group has a number of principal risks and uncertainties. Revenue growth People Corero’s strategy outlined on page 11 depends on delivering revenue growth to meet these ambitions. Clearly, higher order intake and related revenue growth provides the opportunity for Corero to invest further in its future. Revenue growth, given high cyber security industry salaries, is highly important to deliver profitable growth for the business. Conversely, lower sales growth reduces the Company’s cash resources which could impact the Company’s investment in sales and marketing and product development and its other associated goals. To deliver this order intake and, as a subset, revenue growth then Corero needs to identify, meet and exceed customer needs and desires. If Corero is not successful in identifying customer prospects with a business need Corero can solve, or developing go to market partner and channel partner relationships which generate revenue, this will compromise growth plans and success. The Group seeks to maintain a diverse customer base and over different revenue streams and several target customer verticals. To be successful Corero is: • focussing its lead generation and sales resources, and product development, on its target markets; • working closely with go to market partners to progress sales opportunities and generate revenue; and • developing relationships with new go to market partners and channel partners to expand its routes to market. Market awareness Corero is an emerging player in the DDoS prevention market and competes with much larger, traditional, established organisations. If Corero is not successful in connecting with the market and raising its profile this will compromise growth plans. To raise market awareness of Corero and its DDoS protection solutions, the Company will continue to invest in targeted digital marketing and lead generation programmes, together with its brand marketing programmes. Technology change and innovation The DDoS mitigation market is competitive and characterised by changes in technology, customer requirements and frequent new product introductions and improvements. Cybersecurity and DDoS attacks are constantly evolving and changing as attackers develop new methods and tools to evade defenses. Corero is focused on its chosen markets and delivering continuous innovation by adding new DDoS attack defenses and new machine learning and artificial intelligence capabilities, and striving to provide market leading solutions to secure customers from the threat of DDoS attacks. Retaining and recruiting people with the necessary skills and experience. To grow and address the challenges resulting from technology change and innovation in the DDoS protection market, the Company needs to retain and recruit the required sales, business development, and software development skills. Corero operates in a high growth cyber security market, and in a thriving DDoS protection sector of that market, with new players emerging. If Corero is unable to recruit and retain the right skills this will compromise growth plans. Consequently, Corero targets paying salaries in the upper quartile for comparable positions and has a share options plan to provide an attraction and retention incentive for employees. Foreign exchange fluctuations Past Corero equity fund raises have been in GBP and its debt is denominated in GBP. To the extent such funds are required to support US dollar denominated funding requirements more generally for the Group, the exchange rate value of GBP to the value of US dollar may vary, either impacting adversely or favourably compared to the denominated funding requirements that can be funded from such fund raises. The Group mitigates this risk by utilising US denominated funds received by the Group’s UK subsidiary to fund the Group’s US subsidiary to the extent such funding is required, with the GBP funding requirements satisfied from the GBP denominated funds generated from GBP equity and debt fund raises, where possible. COVID-19 Pandemic The global COVID-19 pandemic in 2020 and 2021 has brought tragic consequences, uncertainty, and wider market disruption globally. Corero has, to date, not seen short-term adverse impact on the provision of its solutions; indeed, the global increase in remote working and internet usage as a result of COVID-19 restrictions have further emphasised the on-going relevance of Corero’s solutions. Nevertheless, COVID-19 may have a wider, more consequential effect on economies as a whole as the pandemic continues and where tighter fiscal policy follows to pay for governmental support, this may lead to a tougher economic climate in which to operate. The Board will continue to monitor the situation very closely. Operationally, remote working across the Group continues to be fully operational worldwide, as the health and wellbeing of Corero’s workforce is of the utmost importance. There continues to be the possibility of localised virus outbreaks impacting the Company’s supply chain, and we continue to closely monitor for any signs of this and take action as appropriate. Other non-principal risks and uncertainties There are a multitude of other risks and uncertainties that face companies like Corero, these include: risks and uncertainties associated with local legal requirements, political and geographic risk, the enforceability of laws and contracts, changes in tax laws, terrorist activities, natural disasters and other types of health epidemics. 21 Corporate DirectoryOverviewSTRATEGIC REPORTGovernanceFinancial Statements Risk Management Risk Management The Company operates a risk assessment process, which is embedded in day-to-day management and governance processes. As part of the annual planning and budgeting process, Corero management document the significant risks identified, the probability of those risks occurring, their potential impact and the plans for managing and mitigating each of those risks. The Board reviews the annual risk assessment including an annual assessment of the effectiveness of the Company’s internal control system, comprising financial, operational and compliance controls, to ensure that the Company’s risk management framework identifies and addresses all relevant risks in order to execute and deliver the Company’s strategy. The Directors are responsible for the Company’s system of internal control and for reviewing its effectiveness, whilst the role of management is to implement policies on risk management and control. The Company’s system of internal control is designed to manage, rather than eliminate, the risk of failure to achieve the Company’s business objectives and can only provide reasonable, and not absolute, assurance against material misstatement or loss. The Company operates a series of controls to meet its needs. These controls include, but are not limited to, the annual strategic planning and budgeting process, a clearly defined organisational structure with authorisation limits, reviews by senior management of monthly financial and operating information including comparisons with budgets, and forecasts to the Board. Given the size of the Company, the Board has concluded it is not appropriate to establish a separate, independent internal audit function. The Board will keep this under review. The Audit, Risk and Compliance Committee (‘ARCC’) reviews the effectiveness of internal controls. The ARCC receives reports from management and observations from the external auditors concerning the system of internal control and any material control weaknesses. Significant risk issues, if any, are referred to the Board for consideration. The Corero Risk Register, auditor’s report, assessment of the effectiveness of the internal control system and key judgements report for the Annual Report and Accounts are tabled and reviewed by the ARCC. 22 Corero Network Security plc – Annual Report and Accounts 2020 Environmental, Social and Governance (ESG) Report Corero aspires to carry out its business to the highest ethical standards, treating customers, partners, suppliers and employees in a professional, courteous and honest manner. Corero’s culture and Values Our defined values are: Customers First; Technology Leadership & Innovation; Operational Excellence; Integrity; and, Our People, Empowerment & Team Work. We seek to live our culture and values every day, in a dynamic and professional manner. In common with most intellectual property technology businesses, we know that the expertise, experience, and passion of our employees at Corero are genuinely what make our products and services market leading. For example, Corero’s Security Operation Centre (‘SOC’) comprises a team of highly experienced security analysts whose role it is to assist our customers’ IT and security teams mitigate the growing number of increasingly sophisticated DDoS attacks. This service and customer support offering is therefore an important competitive differentiator. Customers tell us they value the service levels and our team regularly receives very favourable feedback from our customers. Corero’s approach to responsible business in society Corero recognises that long-term success is underpinned by good relations with its key stakeholders, both external (partners, suppliers, customers, shareholders, regulators and others) and internal (employees). As part of Corero’s annual planning and budgeting process, the Company identifies its stakeholders and their respective needs, interests and expectations. In addition, the strategy for engaging with these stakeholder groups is formulated and implemented. Corero values feedback from its stakeholders and proactively endeavours to address any matter identified. Feedback is gathered from: customers and partners relating to Corero’s products and services in an on- going, continuous manner; shareholders, for example through investor relation roadshows; and employees, for example as part of monthly Company updates. Environmental sustainability Corero is committed to promoting sustainability. We aim to lead, follow and to promote good sustainability practice, to carry out our operations in a way which manages and minimises any adverse environmental impacts from our activities. Our products are used by thousands of businesses throughout the world to protect against disruptions that could have adverse economic, health, well-being and environmental consequences for the users and customers of those businesses (sometimes in a mission critical way) and the knock-on effects to populations as-a-whole. Corero encourages the reuse or recycling of office waste, including paper, packaging, computer supplies and redundant equipment. Wherever possible we seek to ensure that waste materials are disposed of in an environmentally safe manner and in accordance with regulations. Furthermore employees are encouraged to be environmentally aware. Company cars are not provided. Ethical business Corero is committed to the fundamental values of integrity, transparency and accountability. We have a zero-tolerance policy with regard to bribery and corruption. Corero adopts and enacts an Ethics and Anti-Bribery Policy to record the ethical way in which we conduct business and to make our ethical standards clear to everyone, including those with whom we do business. Employees, equal opportunities and employee interaction Our employees are one of Corero’s most important assets and the continued and sustained development of the Company relies on its ability to retain and attract high calibre employees. Corero operates an all-employee share option plan, with awards approved by the Corero Remuneration Committee. We are proud to have over one- third of our employees with more than five years’ service. The Corero equal opportunities policy ensures that all job applicants and employees are treated fairly, no matter what age, race, colour, gender, religion or beliefs, sexual orientation, marital or partner status, ethnic origin or community, disability, and without favour or prejudice. We are committed to applying this policy throughout all areas of employment, recruitment and selection, training, development and promotion. The Corero equal opportunity policy sets out the Company’s position on equal opportunity in all aspects of employment. The policy has been developed to maintain the following policy objectives: • To provide a safe and welcoming environment, in which individuals are valued, included and respected • To advance equality of opportunity • To eliminate unfair discrimination • To foster good relations between different groups of people Employees are regularly informed of matters concerning their interest and the financial factors affecting the Company. The Company uses company-wide forums to communicate matters as well as team and individual meetings. Strategic Report Sign-Off In accordance with Section 414D(1) of The Companies Act 2006, The Strategic Report on pages 12 to 23 is signed by order of the Board. Duncan Swallow Company Secretary 12 April 2021 23 Corporate DirectoryOverviewSTRATEGIC REPORTGovernanceFinancial Statements Board of Directors Jens Montanana Non-executive Chairman Appointed Richard Last Independent Non-executive Director* Peter George Independent Non-executive Director Andrew Miller Non-executive Director 9 August 2010 22 May 2008 3 January 2019 9 August 2010 Peter George is a US based executive with over 30 years’ experience in the IT networking and cybersecurity industry. He has a successful track record as CEO of leading IT network and security companies and provides sales and marketing leadership experience to the Board. Peter is the CEO of Evolv Technology, a US based leader in human security screening. Prior to that he was President and CEO of empow cybersecurity, a market innovator in AI, machine learning and advanced security analytics. Prior to empow, between 2008 to 2017, he was President and CEO of Fidelis Cybersecurity, a leading US-based Advanced Threat Defense business. Before joining Fidelis, Peter was President and CEO of Crossbeam Systems, a market leader in Unified Threat Management. Prior to that he was the President of Nortel Networks’ enterprise business where he was responsible for growing a $2 billion and 5,000 employee voice and data business in EMEA. Andrew Miller (Non-executive Director) was until 31 May 2020 the CFO of the Company. He is currently the CFO and COO of C5 Capital Limited, an investment firm investing in the secure data ecosystem including cybersecurity, cloud infrastructure, data analytics and space, and CFO of the Haven Group, a private equity backed cyber security services provider. Prior to joining Corero Andrew was with the Datatec Limited group in a number of roles between 2000 and 2009 including the Logicalis Group Limited (‘Logicalis’) Operations Director and Corporate Finance and Strategy Director. Prior to this, Andrew gained considerable corporate finance experience in London with Standard Bank, West Deutsche Landesbank and Coopers & Lybrand. Andrew trained and qualified as a chartered accountant and has a bachelor’s degree in commerce from the University of Natal, South Africa. Andrew is a Chartered Accountant with over 20 years’ experience in the technology industry. CEO of Evolv Technology Inc. None. Background & Experience Jens has spent the majority of his over 30-year career in the technology industry with considerable operational and commercial experience in the resale and distribution of information technology hardware and software solutions. He is the founder and CEO of Datatec Limited, established in 1986 which listed on the Johannesburg Stock Exchange in 1994. Between 1989 and 1993 Jens served as Managing Director and Vice-President of US Robotics (UK) Limited, a wholly owned subsidiary of US Robotics Inc., which was acquired by 3Com. In 1993, he co-founded US start-up Xedia Corporation in Boston, an early pioneer of network switching and IP bandwidth management, which was subsequently sold to Lucent Corporation in 1999 for $246 million. He has previously served on the boards and sub-committees of various public companies. Current Appointments CEO of Datatec Limited and Director of various Datatec Limited subsidiary companies. 24 Richard has over 20 years’ senior experience in information technology having worked at board level for a number of publicly quoted and private companies in the technology sector. He is a Fellow of the Institute of Chartered Accountants in England and Wales (‘FCA’). * as Richard Last is a Corero shareholder and has been a Non-executive Director of the Company for over 10 years, his independence has been considered by the Board. The Board is satisfied that Richard Last is independent. Chairman of Hyve Group plc, an international events and exhibitions group listed on the London Stock Exchange. Chairman of AIM listed Gamma Communications plc, a UK telecommunications service provider, Tribal Group plc, a technology company, and Arcontech Group plc, a provider of IT solutions for the financial services sector. Richard is also a director of a number of private companies. Corero Network Security plc – Annual Report and Accounts 2020 Lionel Chmilewsky Chief Executive Officer Ashley Stephenson Chief Technology Officer Duncan Swallow Company Secretary 1 May 2020 6 September 2013 1 November 2007 Duncan is responsible for the Company secretarial function and is also the Group Financial Controller. Prior to joining the Company, Duncan was Divisional Financial Controller for CCH, a Wolters Kluwer business, specialising in providing books, online information, software, CPD and fee protection to tax and accounting professionals. He is a fellow of the Association of Chartered Certified Accountants. Lionel has 30 years of international experience in the technology field, in particular in the Infrastructure, Software and Services domains. Most recently Lionel was CEO of Cambridge Broadband Networks Ltd, a leader in wireless solutions based in the UK. Before joining CBNL, Lionel was CEO of Comverse IP Communications and Senior Vice President of Comverse Group. Prior to that, he was Executive Vice- President of Proxim Wireless, leading the worldwide business activity and subsidiaries. Lionel’s background also includes General Management and Senior Executive roles in Alcatel, JDS Uniphase, EXFO and Fairchild in the USA. Lionel is a French national and earned an MBA from NEOMA (Rouen Business School). Lionel has a successful track record as CEO of leading technology companies together with sales and managerial leadership experience. Ashley Stephenson (CTO) first joined Corero Network Security as Executive Vice President of the Network Security division, with responsibility for product and solution strategy in March 2012, and was appointed Chief Executive Officer of Corero in January 2013. An IT industry executive and internet technology entrepreneur, Ashley has operating experience in the United States, Europe and Asia. His previous experience includes: CEO of Reva Systems, which was acquired by ODIN, and CEO of Xedia Corporation, which was acquired by Lucent. He has provided strategic advisory services to a number of leading multinational IT companies including technology vendors, distributors and services companies. Ashley began his career at IBM Research & Development in the UK. He is a graduate of Imperial College, London with a degree in Physics and is an Associate of the Royal College of Science. Ashley has deep technology and software development skills and experience. Cambridge Broadband Networks Limited. Director of Eyealike, Inc. and StepVest LLC. None. Nomination Committee Remuneration Committee Audit, Risk and Compliance Committee Chair of Committee 25 Corporate DirectoryOverviewStrategic ReportGOVERNANCEFinancial Statements Chairman’s Corporate Governance Introduction Board composition The Board comprises two Executive Directors and four Non- executive Directors (including the Chairman), two of whom are independent. Andrew Miller, former Chief Financial Officer of the Company, became a Non-executive Director on 1 May 2020. With effect from 1 May 2020, Lionel Chmilewsky joined the Board as an Executive Director and CEO of the Company from 1 July 2020. The Board extends its gratitude to Ashley Stephenson for having led the organisation over the past seven years while helping to pioneer and position our cutting-edge technology in the marketplace. The Company continues to benefit from his extensive experience and technology leadership in his new role as Chief Technology Officer and Executive Director. Lionel Chmilewsky has been an excellent addition to Corero’s executive management team, the Company will benefit from his extensive expertise in international business development for technology companies as we enter the next phase of our evolution. We are equally delighted with the hiring of Neil Pritchard who joined at the same time. Neil is an experienced listed Group Finance Director, who strongly complements the existing team and has been active in various strategic initiatives such as our recently announced new debt financing arrangements. Stakeholder engagement Details of our stakeholders along with details of the forms of engagement undertaken by the Board are set out on page 20. We seek to maintain an open dialogue with all stakeholders including shareholders, customers, partners, suppliers and our employees, even in these on-going uncertain times with the global pandemic. In this context, I would like to give my continued thanks to our institutional and private investors for their continued support; to all wider stakeholders such as our customers, strategic partners and suppliers; and thank you to all our employees for their efforts, hard work and commitment. Looking ahead The results for 2020 represent the next stage of Corero’s growth. The strategy and its implementation remains focused on acquiring new customers with a high degree of recurring revenues to deliver growth. Our continually developing technology, OEM partnership and growing channel momentum complements our investments in expanding our direct business development and marketing. The expectation of strong forecast growth in the DDoS market underpins our continued confidence in the greater growth potential of Corero. Jens Montanana Non-executive Chairman 12 April 2021 The results for 2020 represent the next stage of Corero’s growth. The strategy and its implementation remains focused on acquiring new customers with a high degree of recurring revenues to deliver growth. Board commitment to governance The Board is committed to continue to uphold high standards of corporate governance, protecting and growing shareholder value, and engaging in a fair and transparent manner with all of the Group’s stakeholders. The Board therefore supports and is committed to the principles of the QCA Corporate Governance Code. Details of our governance processes and procedures are set in out in the following pages. Board leadership and effectiveness The Board recognises that to remain effective it must ensure that it has the right balance of skills, experience, knowledge and independence to enable it to discharge its duties and responsibilities. The Directors believe in the necessity for open debate in the boardroom and consider that existing Board dynamics and processes encourage honest, constructive and open debate with the Executive Directors. We conduct an annual internal Board evaluation review. The most recent review conducted in February 2020 showed that the Board is operating effectively. Our culture The Board undertakes informal enquiries of employees to ensure our values are upheld and promoted to maintain a healthy corporate culture. Board meetings are normally held at Corero’s offices in the US and UK which gives the Board the opportunity to informally interact with employees based at those office locations. Due to the COVID-19 pandemic, however, virtual Board meetings have been required in 2020. 26 Corero Network Security plc – Annual Report and Accounts 2020 QCA Code Compliance As an AIM-listed company, Corero adopts the principles of the Quoted Companies Alliance Corporate Governance Code (the ‘QCA Code’). The QCA Code identifies ten principles to be followed in order for companies to deliver growth in long-term shareholder value, encompassing an efficient, effective and dynamic management framework accompanied by good communication to promote confidence and trust. The following explains how Corero follows those QCA Code principles: Establish a strategy and business model to promote long-term value for shareholders Corero’s strategy is focused on being the leader in real-time, high performance DDoS protection and scaling the business for profitability though revenue growth. For more information please see pages 10 and 11 Understand and meet shareholder needs and expectations The CEO and GFD communicate regularly with shareholders, investors and analysts, including at our half-yearly results roadshows. The full Board is available at the AGM to communicate with shareholders. For more information please visit: http://www. corero.com/who-we-are/ investor-relations Take into account wider stakeholder and social responsibilities and their implications for long-term success Shareholders, our customers, partners and employees are our most important stakeholders. We engage with these communities via regular communications in our day-to-day activities, and via formal feedback requests. For more information please see page 20 Embed effective risk management, considering both opportunities and threats, throughout the organisation Maintain the Board as a well- functioning, balanced team led by the Chair Ensure that between them the Directors have the necessary up-to-date experience, skills and capabilities Evaluate Board performance based on clear and relevant objectives, seeking continuous improvement Ultimate responsibility for risk management rests with the Board. Day-to-day management of risk is delivered through the way we do business and our culture. For more information please see pages 21 and 22 The Board has three established Committees: Audit, Risk and Compliance Committee; Nomination Committee; and Remuneration Committee. The composition and experience of the Board is reviewed regularly, primarily by the Nomination Committee. For more information please see pages 28 to 30 and 32 The Board is satisfied that its current composition includes an appropriate balance of skills, experience and capabilities, including experience of the cyber security market and international markets. For more information please see pages 24, 25 and 31 The Board regularly considers the effectiveness and relevance of its contributions, any learning and development needs and the level of scrutiny of the senior management team. An annual Board effectiveness review is undertaken to enable the Board to stand back and assess its strengths and areas for development. For more information please see page 31 Promote a corporate culture that is based on ethical values and behaviours Corero recognises the importance of culture and values and in conjunction with employees, defined the Company’s agreed values which are reinforced via training and performance management. For more information please see page 23 1 2 3 4 5 6 7 8 9 Maintain governance structures and processes that are fit for purpose and support good decision making by the Board 10 Communicate how the Company is governed and is performing by maintaining a dialogue with shareholders and other relevant stakeholders The Board is responsible for the Group’s overall strategic direction and management, and for the establishment and maintenance of a framework of delegated authorities and controls to ensure the efficient and effective management of the Group’s operations. The Board is satisfied that the necessary controls and resources exist within the Company to enable these responsibilities to be met. For more information please see pages 28 to 31 The investors section of our website includes our Annual Report, results, presentations, notice of AGM and results of the AGM and general meetings. For more information please visit: http://www. corero.com/who-we-are/ investor-relations 27 Corporate DirectoryOverviewStrategic ReportGOVERNANCEFinancial Statements Corporate Governance Report Board composition and responsibilities The Board sets Corero’s overall strategic direction, reviews management performance and ensures that the Company has the necessary financial and human resource in place to meet its objectives. Operational management of the Company is delegated to the Chief Executive Officer. The Board comprises the Non-executive Chairman, two independent Non-executive Directors, one non-independent Non-executive Director and two Executive Directors whose Board and Committee responsibilities are set out below: Non-executive / Executive Director Audit, Risk and Board Compliance Committee Remuneration Committee Jens Montanana Richard Last Peter George Andrew Miller Lionel Chmilewsky Ashley Stephenson Non-executive Non-executive Non-executive Non-executive Executive Executive Chairman Member Member Member Member Member Chairman Member Member Member Chairman Nomination Committee Chairman Member Member One third of all Directors are subject to annual reappointment by shareholders, as well as any Director appointed to the Board in the period since the last AGM, and any Non-executive Director whose tenure is more than nine years or whose independence is the subject of Board judgement. Lionel Chmilewsky, Richard Last and Andrew Miller will be offering themselves for re-election at the forthcoming AGM. The Corero Board members’ biographies and their relevant experience, capabilities and skills and are set out on pages 24 and 25. Board balance and independence The composition of the Board is reviewed regularly. Appropriate training, briefings, and inductions are available to all Directors on appointment and subsequently as necessary, taking into account existing qualifications and experience. The Board is satisfied that, between the Directors, it has an effective and appropriate balance of skills and experience, including operational, commercial and technology expertise and experience. All members of the Board have more than 20 years’ technology experience through investing in and working for a range of companies from start-ups to large established technology companies, with complementary financial, commercial, sales and marketing skills. The skills and experience of the Board are summarised in the table below: Technology Cyber security Sales and marketing People International Governance Finance Jens Montanana Richard Last Peter George Andrew Miller Lionel Chmilewsky Ashley Stephenson The Board is cognisant of the lack of gender diversity and plans to address this as the Company grows. All Directors are able to take independent legal advice in relation to their duties, if necessary at the Company’s expense. In addition, the Directors have direct access to the advice and services of the Company Secretary and Group Finance Director. The Directors keep their skills up to date through a combination of their other roles (if applicable), attending appropriate training courses and seminars funded by the Company if appropriate, and by reading widely. 28 Corero Network Security plc – Annual Report and Accounts 2020 Board responsibilities The Board meets, virtually or in person, on average once a quarter; additional meetings or conference calls are held as required. Each Director is provided with sufficient information to enable them to consider matters in good time for meetings and enable them to discharge their duties properly. The Board also ensures that the principal goal of the Company is to create shareholder value, while having regard to other stakeholder interests, and takes responsibility for setting the Company’s values and standards. The Board has a formal schedule of matters reserved to it for consideration and approval. These include: • Strategy and management. • Responsibility for the overall strategy and management of the Company. • Approval of strategic plans and budgets and any material changes to them. • Approval of the acquisition or disposal of subsidiaries and major investments, projects and contracts. • Changes relating to the Company’s capital structure. • Delegation of the Board’s powers and authorities. There are no external advisers to the Board or any of its Committees, other than the brokers (Canaccord Genuity) and the auditors (BDO LLP). Corero’s Chairman, Jens Montanana, is a material shareholder with an equity interest in Corero of 37.85% at 12 April 2021. His interests are strongly aligned with all shareholders. Richard Last is a Corero shareholder with a 0.51% equity interest in Corero at 12 April 2021 and has been a Non-executive Director of the Company for over 10 years. His independence has been considered by the Board. The Board is satisfied that Richard Last is independent. Andrew Miller is a Corero shareholder with a 0.22% equity interest in Corero at 12 April 2021 and was previously Chief Financial Officer of the Company for over 10 years. His independence has been considered by the Board. The Board considers him to be not independent. Employment and service agreements The Director employment and service contracts are summarised below: • Lionel Chmilewsky, Executive Director, has an employment agreement which provides for the payment of six months’ base salary if the agreement is terminated by the Company without cause. • Ashley Stephenson, Executive Director, has an employment agreement which provides for the payment of six months’ base salary if the agreement is terminated by the Company without cause. • The Non-executive Director’s letters of appointment are for 12-month terms and provide that the appointment may be terminated by either party giving to the other not less than three months’ notice. Non-executive Directors, per their letters of appointment, have a time commitment to the Company of not less than eight days per annum including the attendance of Board meetings and the Company AGM. In addition, Non-executive Directors are expected to devote appropriate preparation time ahead of each meeting. 29 Corporate DirectoryOverviewStrategic ReportGOVERNANCEFinancial Statements Corporate Governance Report continued Directors’ conflict of interest The Company has effective procedures in place to monitor and deal with conflicts of interest. The Board is aware of the other commitments and interests of the Directors, and changes to these commitments and interests are reported to and, where appropriate, agreed with the rest of the Board. Evolution of the Company’s governance framework The Board will, on an on-going basis, and as the Company’s business develops and grows, review the appropriateness of the governance framework, including the composition of the Board and the need for an internal audit function, to ensure the Company delivers on its strategy and goals whilst maintaining appropriate governance structures. Financial matters and internal controls • Oversight of the Company’s operations ensuring competent and prudent management, sound planning and management of adequate accounting and other records. • Approval of the annual and interim financial statements and accounting policies. • Approval of the dividend policy. • Ensuring an appropriate system of internal control and risk management is in place. Corporate Governance • Approval of changes to the structure, size, and composition of the Board. • Review of the management structure and senior management responsibilities. • With the assistance of the Remuneration Committee, approval of remuneration policies. • Consideration of the independence of the Non-executive Directors. • Receiving reports on the views of the Company’s shareholders. The Board receives monthly briefings on the Company’s performance (including commentary and analysis), key issues and risks affecting the Company’s business. The Company maintains liability insurance for its Directors and Officers. The Company has also entered into indemnity agreements with the Directors, in terms of which the Company has indemnified its Directors, subject to the Companies Act limitations, against any liability arising out of the exercise of the Directors’ powers, duties and responsibilities as a Director or Officer. In the year ended 31 December 2020, the Board met, virtually or physically, on five scheduled occasions; further meetings and conference calls were held as and when necessary (with four additional such meetings in the year ended 31 December 2020). Details of Directors’ attendance at scheduled meetings in the year to 31 December 2020 is shown in the table below: Jens Montanana Richard Last Peter George Andrew Miller Lionel Chmilewsky Ashley Stephenson * Lionel Chmilewsky joined the Board on 1 May 2020 Meetings attended 5/5 5/5 5/5 5/5 3/5* 5/5 30 Corero Network Security plc – Annual Report and Accounts 2020 Board Performance and Remuneration Policy Introduction An annual Board effectiveness review is undertaken to enable the Board to stand back and assess its strengths and areas for development. This review is conducted internally. A review was conducted in February 2020, the results of which showed that the Board is operating effectively. Each Board member’s performance over the past twelve months was formally reviewed by the Chairman at the December 2020 Board meeting. The Board may refresh the performance assessment process based on external advice and if appropriate engage a third-party facilitator to assist in the performance of such effectiveness reviews every three years. The Remuneration Committee’s (‘RC’) remit is to measure the performance of and determine the remuneration policy relating to Directors and senior employees. To support this responsibility, it has access to professional and other advice external to the Group. Taking the performance factors into account, it then makes recommendations to the Board. To assist the work of the RC, the views of the Chief Executive Officer and Group Finance Director are also invited where appropriate. However, they do not participate in any decision related to their own remuneration. The Nomination Committee reviews and recommends nominees as new Directors to the Board. Senior management appointments are required to be approved by the RC. The Group is committed to the governing objective of maximising shareholder value over time. Each year the remuneration framework and the packages of the Directors are reviewed to ensure they continue to achieve this objective. The Group operates in the cyber security market which is a market with significant growth potential. It is also a competitive market with a number of companies who are significantly larger than Corero. The Group’s Executive Director remuneration policy is designed to attract and retain Directors of the calibre required to maintain the Group’s position in its marketplace. This is maintained through the use of bonus and share option schemes, as follows: Bonus A cash bonus designed to incentivise specific short-term financial goals. Goals and objectives are set for the Executive Directors with a significant weight being on key financial performance metrics. Executive Directors’ on-target bonuses are set at two-thirds of base salary. Share options Share options are granted to encourage and reward delivery of the Company’s long-term strategic objectives and provide alignment with shareholders through the use of share-based incentives. All share-based incentives offered to Directors have a three year vesting schedule, with one-third vesting on the first anniversary of the grant/start date, a further third on the second anniversary of the grant/start date and the final third the third anniversary of the grant/start date. Shares acquired on the exercise of options may not be sold until the second anniversary of the grant date. Share options are granted with an exercise price set at the higher of market price or such other price as determined by the RC. In order to ensure that share options in issue continue to act as an effective incentive and staff retention tool, the Company sought shareholder approval at the AGM for the cancellation, and subsequent regrant, of certain Existing Share Options granted to various of its directors and employees, and this was enacted on 16 June 2020. Conflicts of interest The members of the RC do not have any conflicts from cross- directorships that relate to the business of the Committee. The members of the RC do not have any day-to-day involvement in the running of the Group. Board changes Given Corero’s size, the Company does not have internal succession candidates for the Executive Directors. In the event an Executive Director replacement is required, the Company would seek to recruit a replacement through a recruitment search process. The Board is satisfied that the Company’s middle management will ensure the Company’s business is not adversely impacted in the period between an Executive Director leaving and a replacement being recruited. 31 Corporate DirectoryOverviewStrategic ReportGOVERNANCEFinancial Statements Board Committee Reports The Board has three established Committees: • Audit, Risk and Compliance Committee: responsible for reviewing the Group’s interim and year end results announcements, and the Annual Report and Accounts; determining the application of the financial reporting and internal control and risk management procedures and assessing the scope, quality and results of the external audit. • Remuneration Committee: responsible for the policy for the remuneration of the Executive Directors and senior management; setting the remuneration of the Executive Directors, determining the payment of bonuses to Executive Directors; and approving the Company’s bonus and incentive arrangements for employees. • Nomination Committee: responsible for reviewing the composition, structure and size of the Board; assessing the leadership needs of the Group; and recommending nominees as new Directors to the Board. Audit, Risk and Compliance Committee (‘ARCC’) Report The ARCC members comprise Richard Last, who is the Committee Chairman, and member Peter George, and meets at least twice a year. The Company’s Group Finance Director and Group Financial Controller, and the Company’s external auditors attend the meetings. In the year ended 31 December 2020, the ARCC met on two occasions. The attendance of individual Committee members at ARCC meetings in the year to 31 December 2020 is shown in the table below: Remuneration Committee (‘RC’) Report The RC comprises Peter George, and members Jens Montanana and Richard Last. The RC meets at least twice a year. In the year ended 31 December 2020, the RC met on two scheduled occasions; further meetings and conference calls were held as and when necessary (with one additional meeting in the year ended 31 December 2020). The attendance of individual Committee members at scheduled RC meetings in the year to 31 December 2020 is shown in the table below: Peter George (Committee Chairman) Richard Last Jens Montanana Meetings attended 3/3 3/3 3/3 The RC’s activities during the year, which are based on its terms of reference, are set out below: • Reviewed the performance of the Executive Directors and set the remuneration of the Executive Directors. • Determined the payment of bonuses to Executive Directors and approved the Company’s bonus and incentive arrangements for employees. • Ensured the Company’s share option schemes were operated properly and approved the share option grants to Executive Directors and employees. Meetings attended The remuneration of the Chairman and Non-executive Directors is decided upon by the Board. Richard Last (Committee Chairman) Peter George 2/2 2/2 The ARCC’s activities during the year, based on its terms of reference, are set out below: • Reviewed the scope and results of the external audit, its cost effectiveness and the objectivity of the auditors. • Reviewed, prior to publication, the interim financial statements, preliminary results announcement, the annual financial statements and the other information included in the Annual Report. Considered the regulatory, technical and operational risks of the Company and ensured these risks are properly assessed, monitored and reported on and the appropriate policies and procedures are in place. Details of Directors’ remuneration for the year ended 31 December 2020 is set out in note 23 of the financial statements. Nomination Committee (‘NC’) Report The NC comprises Jens Montanana (Chairman), Richard Last and Peter George. The NC meets as required. In the year ended 31 December 2020, the NC met on one scheduled occasion. The attendance of individual Committee members at NC meetings in the year to 31 December 2020 is shown in the table below: Meetings attended 1/1 1/1 1/1 The key financial reporting judgements relating to the financial statements for the year ended 31 December 2020 which the ARCC have considered and discussed with the auditors, include: Richard Last Peter George Jens Montanana (Committee Chairman) Financial Statements note The NC’s activities during the year, which are based on its terms of reference, are set out below: Going concern basis for financial statements Revenue recognition 2.2 2.5 Carrying value of goodwill and intangible assets 2.12 and 8 The ARCC is satisfied with the treatment in the financial statements and the disclosure in the notes. • Reviewed the composition, structure, and size of the Board. • Reviewed the leadership needs of the Group. 32 Corero Network Security plc – Annual Report and Accounts 2020 Directors’ Report Group results The Group’s Income Statement on page 42 shows a loss for the year of $3.8 million (2019: loss $6.6 million). Dividends The Directors have not recommended a dividend (2019: $nil). Going concern The financial position and cash flows are described in the Financial Review on page 17. An indication of likely future developments affecting the Company is included in the Strategic Report on pages 12 to 23. The Directors are, based on detailed financial projections, of the opinion that the Group and Company has adequate working capital to continue as a going concern for the foreseeable future and, in particular, for a period of at least 12 months from the date of approval of these financial statements. The financial projections take into account the operational and financial progress made by the Company over the past year and future opportunities as described in the Chief Executive Strategic Update on pages 12 and 13, and the Group’s Strategy as detailed on page 11 which is focused on scaling the business towards profitability. However, the ability of the Company and Group to achieve the future profit and cash flow projections cannot be predicted with certainty. Additionally, the on-going impact of the COVID-19 global pandemic on the business of the Company and Group is subject to continuing uncertainty. Failure of the Company and the Group to meet these projections and deliver revenue growth may adversely impact the achievability of the bank loan covenants which may result in the bank loan being required to be repaid before the maturity date if the revenue and cash consumption covenants are not met and cannot be renegotiated. This would adversely impact the Company and the Group’s working capital position and would require the Company to raise additional funding, with no absolute guarantee such funding would be secured. These circumstances indicate a material uncertainty that may cast significant doubt on the Company and the Group’s ability to continue as a going concern for the foreseeable future. However, although the Directors are confident, based on the forecast assumptions and information available at the present time, that the Company and Group will achieve the forecasts, they consider if it becomes necessary that the covenants could be renegotiated or further funds raised, and have therefore concluded that it is appropriate to prepare the financial statements on a going concern basis. The financial statements do not include the adjustments that would result if the Group and Company were unable to continue as a going concern. Further details are included within notes 2 and 3 to the financial statements. Share capital The issued share capital of the Company, together with details of movements in the Company’s issued share capital during the financial period are shown in note 22 to the financial statements. As at the date of this report, 494,852,304 ordinary shares of 1p each (‘ordinary shares’) were in issue and fully paid with an aggregate nominal value of $6.9 million. The market price of the ordinary shares at 31 December 2020 was 10.0p and the shares traded in the range 3.6p to 11.6p (as at 31 December 2019 was 5.88p and the shares traded in the range 2.4p to 12.9p during the year ended 31 December 2019). Issue of shares powers at the AGM At the AGM held on 11 June 2020, shareholders granted authority to the Board under the Articles and section 551 of the Companies Act 2006 (the ‘Act’) to exercise all powers of the Company to allot relevant securities up to an aggregate nominal amount of £494,852.30. Also at the AGM held on 11 June 2020, shareholders granted authority to the Board under the Articles and section 570(1) of the Act to exercise all powers of the Company to allot equity securities wholly for cash up to an aggregate nominal amount of £494,852.30 without application of the statutory pre-emption rights contained in section 561(1) of the Act. Substantial shareholdings The Company has been notified of the following holdings that are 3% or more of the Group’s ordinary share capital as at 12 April 2021: Ordinary shares of 1 pence each Jens Montanana* Premier Miton Group PLC Juniper Networks, Inc. Sabvest Capital Holdings Limited Herald Investment Management Richard John Koch Peter Kennedy Gain** Number 187,300,406 54,107,140 49,179,772 36,250,000 34,592,121 29,701,500 25,815,241 % 37.85 10.93 9.94 7.33 6.99 6.00 5.22 * of which 33,674,846 are held in the name of JPM International Limited, which is wholly owned by Jens Montanana, and 125,871,751 are held in the name of The New Millennium Technology Trust of which Jens Montanana is a beneficiary ** of which 4,900,000 shares are held in the name of Draper Gain Investments Ltd 33 Corporate DirectoryOverviewStrategic ReportGOVERNANCEFinancial Statements Directors’ Report continued Directors’ shareholdings Jens Montanana Richard Last Peter George Andrew Miller Lionel Chmilewsky Ashley Stephenson 3 April 2021 31 December 2020 31 December 2019 Number 187,300,406 2,500,000 – 1,091,437 – 38,000 % 37.85 0.51 – 0.22 – 0.01 Number 187,300,406 2,500,000 – 1,091,437 – 38,000 % 37.85 0.51 – 0.22 – 0.01 Number 187,300,406 2,500,000 – 1,091,437 – 38,000 % 37.85 0.51 – 0.22 – 0.01 Directors’ indemnities The Company has qualifying third party indemnity provisions in place for the benefit of its Directors. These remain in force at the date of this report. Directors and Directors’ interests The Directors who served in office during the year and up to the date of this report and their interests in the Company’s shares were as above. The biographical details of the current Directors of the Company are set out on pages 24 and 25. Jens Montanana, Richard Last, Peter George, Andrew Miller, Lionel Chmilewsky and Ashley Stephenson, hold share options, details of which are shown in note 27 to the financial statements. Financial risk management objectives and policies The Group’s business activities expose it to a variety of financial risks. The policies for managing these risks are described below: • Liquidity risk – arises from the Group’s management of working capital and finance charges. It is a risk that the Group will encounter difficulty in meeting its financial obligations, including a repayment term bank loan drawn down by the Company in May 2018 ($1.8 million at 31 December 2020) details of which are set out in note 18, as they fall due. Liquidity risk is managed by the Finance function. Annual budgets are agreed by the Board, enabling the Group’s cash flow requirements to be anticipated. • Credit risk – arises from cash and cash equivalents and from credit exposures to the Group’s customers including outstanding receivables and committed transactions. Credit risk is managed with regular reports of exposures reviewed by management. The Group does not set individual credit limits but seeks to ensure that customers enter into legally enforceable contracts that include settlement terms that demonstrate the customers’ commitment to the transaction and minimise this risk exposure. The amounts of trade receivables presented in the Statement of Financial Position are shown net of allowances for doubtful accounts estimated by management based on prior experience and their assessment of the current economic environment (note 15). The Group has no significant concentration of credit risk, with exposure spread over a number of customers. The credit risk on liquid funds and financial instruments is limited because the counterparties are banks with acceptable credit ratings assigned by international credit rating agencies. • Cash flow interest rate risk – the Group’s policy is to as far as possible minimise interest rate cash flow risk exposure on its financing. The Group is exposed to interest rate increases on the term bank loan ($1.8 million at 31 December 2020) details of which are set out in note 18, which bears interest at 3-month GBP Libor plus 7.5%. The bank loan does not have early repayment penalties and thus the Group can if GBP interest rates increase to punitive levels, seek to refinance the loan. The Group’s policy is to balance the risk in relation to cash balances held by spreading these across a number of financial institutions as opposed to maximising interest income. • Currency risk – there was no material impact from trading currency risk on the Group’s profit or loss for the year from exchange rate movements, as foreign currency transactions are entered into by Group companies whose functional currency is aligned with the currencies in which it transacts. Exchange rate risks do arise in relation to (i) the bank loan which is GBP denominated and equity fund raises which are in GBP, given the Company’s AIM listing, to the extent such funds are required to support US dollar denominated funding requirements, and (ii) GBP denominated obligations of the Group given the invoicing currency of the Group is US dollar denominated. The Group has not hedged such GBP debt and equity fund raises or GBP denominated expenses in the past as US denominated funds received by the Group’s UK subsidiary have been used to fund the Group’s US subsidiary to the extent such funding has been required, with the GBP funding requirements satisfied from the GBP denominated funds generated from GBP debt and equity fund raises. The Group keeps this policy under review based on the expected timing of US dollar and GBP operational funding requirements. The global COVID-19 pandemic brings on-going uncertainty and wider market disruption globally. The Company continues to closely monitor its supply chain for the supply and delivery of hardware appliances to customers. There is a continued risk of COVID-19 resulting in possible supply chain constraints in the short-term and some IT purchasing decisions by customers being delayed in the medium-term as the virus transmission effects continue. The Group has undertaken financial scenario planning to identify actions that may need to be taken in the event that delays to customers decision making impacts revenue and cash. These actions will be implemented as required. 34 Corero Network Security plc – Annual Report and Accounts 2020 Employees The quality and commitment of the Group’s employees has played a major role in the Company’s continued progress. This has been demonstrated in many ways, including strong customer satisfaction, the development of new product offerings and the flexibility employees have shown in adapting to changing business requirements. The Group operates sales commission, incentive bonus plans and share option plans to provide incentives for achievements which add value to the business. Annual General Meeting Notice of the AGM together with details of the business to be considered will be sent to shareholders in due course. Auditors In so far as each Director is aware: • there is no relevant audit information of which the Company’s auditors are unaware; and • the Directors have taken all the steps that they ought to have taken to make themselves aware of any relevant audit information and to establish that the Company’s auditors are aware of that information. By order of the Board Duncan Swallow Company Secretary 12 April 2021 The principal risk which applies to the Parent Company’s financial statements is the risk that the returns generated by the subsidiaries might not support the carrying value of the cost of the investments in subsidiaries. The carrying value is tested at least annually for impairment and, if necessary, impaired as appropriate. Capital management The Group monitors its available capital, which it considers to be all components of equity against its expected requirements. The Group’s objectives when maintaining capital are to safeguard the entity’s ability to continue as a going concern, so that it can continue to provide returns for shareholders and benefits for other stakeholders, and to ensure that sufficient funds can be raised for investing activities. In order to maintain or adjust the capital structure, the Company may return capital to shareholders, issue new shares, or sell assets. The Group does not review its capital requirements according to any specified targets or ratios. Treasury management The objectives of Group treasury policies are to ensure that adequate financial resources are available for development of the business while at the same time managing financial risks. Financial instruments may be used to reduce financial risk exposures arising from the Group’s business activities and not for speculative purposes. The Group’s treasury activities are managed by the Group Financial Controller who reports to the Board on the implementation of the Group treasury policy. Environment The Group’s activities are primarily office-based and as such the Directors believe that there is no significant environmental impact arising from the Group’s activities. The Group complies with local WEEE regulations. No environmental performance indicators are therefore included within this report. The Group’s environmental policy states: “We endeavour to recycle appropriate materials where possible and to efficiently use natural resources and energy supplies so as to minimise our environmental impact. We will comply with the relevant statutes and legislation. Furthermore, employees are encouraged to be environmentally aware. Company cars are not provided.” Research and development The development of computer software is an integral part of the Group’s business and the Group continues to develop its software in response to user demand, and particularly the changing IT security threat landscape. During the year the Group enhanced the features and functionality of its existing products. A capital investment of $1.4 million (2019: $1.4 million) was made during the year. Amortisation of $1.9 million (2019: $2.6 million) and costs not capitalised of $1.6 million (2019: £1.4 million) were charged to the Group Income Statement during the year. 35 Corporate DirectoryOverviewStrategic ReportGOVERNANCEFinancial Statements Statement of Directors’ Responsibilities The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Group’s transactions and disclose with reasonable accuracy at any time the financial position of the Group and enable them to ensure that the financial statements comply with the Companies Act 2006. They are also responsible for safeguarding the assets of the Group and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. The Directors are responsible for ensuring the Annual Report and the financial statements are made available on a website. Financial statements are published on the Company’s website in accordance with legislation in the United Kingdom governing the preparation and dissemination of financial statements, which may vary from legislation in other jurisdictions. The maintenance and integrity of the Company’s website is the responsibility of the Directors. The Directors’ responsibility also extends to the on-going integrity of the financial statements contained therein. The Directors are responsible for preparing the Annual Report and Financial Statements in accordance with applicable law and regulations. Company law requires the Directors to prepare financial statements for each financial year. Under that law the Directors have elected to prepare the Group financial statements in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006. The Directors have chosen to prepare the Company financial statements in accordance with FRS101. Under company law the Directors must not approve the financial statements unless they give a true and fair view of the state of affairs of the Group and Parent Company and of the profit or loss of the Group for that period. The Directors are also required to prepare financial statements in accordance with the rules of the London Stock Exchange for companies trading securities on the AIM. In preparing these financial statements, the Directors are required to: • select suitable accounting policies and then apply them consistently; • make judgements and estimates that are reasonable and prudent; • state whether they have been prepared in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006, subject to any material departures disclosed and explained in the financial statements; and • prepare the financial statements on the going concern basis unless it is inappropriate to presume that the Group will continue in business. 36 Corero Network Security plc – Annual Report and Accounts 2020 Independent Auditor’s Report to the members of Corero Network Security plc Opinion on the financial statements In our opinion: • the financial statements give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 31 December 2020 and of the Group’s loss for the year then ended; • the Group financial statements have been properly prepared in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006; • the Parent Company financial statements have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice; and • the financial statements have been prepared in accordance with the requirements of the Companies Act 2006. We have audited the financial statements of Corero Network Security plc (the ‘Parent Company’) and its subsidiaries (the ‘Group’) for the year ended 31 December 2020 which comprise the Consolidated Income Statement, the Consolidated Statement of Comprehensive Income, the Consolidated and Company Statements of Financial Position, the Consolidated Statement of Cash Flows, the Consolidated and Company Statements of Changes in Equity and the notes to the Financial Statements, including a summary of significant accounting policies. The financial reporting framework that has been applied in the preparation of the Group financial statements is applicable law and international accounting standards in conformity with the requirements of the Companies Act 2006. The financial reporting framework that has been applied in the preparation of the Parent Company financial statements is applicable law and United Kingdom Accounting Standards, including Financial Reporting Standard 101 Reduced Disclosure Framework (United Kingdom Generally Accepted Accounting Practice). Basis for opinion We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Independence We remain independent of the Group and the Parent Company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. Material uncertainty related to going concern We draw attention to note 2.2 to the financial statements which states that the ability of the Group and Parent Company to continue as a going concern is reliant on the continued availability of its bank loan, the terms of which require compliance with certain covenants. Failure to achieve revenue and cash flow projections may adversely impact the achievability of the bank loan covenants which could result in the bank calling in the loan. This would require the Company to raise additional funding, with no guarantee such funding would be secured. As stated in note 2.2, these events and conditions indicate that a material uncertainty exists that may cast significant doubt on the Group and Parent Company’s ability to continue as a going concern. Our opinion is not modified in respect of this matter. In auditing the financial statements, we have concluded that the Directors’ use of the going concern basis of accounting in the preparation of the financial statements is appropriate. Given the conditions and uncertainties noted above, we considered going concern to be a key audit matter. Our evaluation of the Directors’ assessment of the Group’s and Parent Company’s ability to continue to adopt the going concern basis of accounting, and our response to the key audit matter has been set out below: • we reviewed the bank loan documents to understand the terms and covenants which the Group and Parent Company is required to comply with, comparing these to the Group’s forecasts; • we reviewed the new loan agreement that was signed in the subsequent period to understand the new terms and covenants; • we recalculated management’s covenant compliance calculations for the period under audit using the Directors’ forecasts for a period of at least 12 months from the date of approval of the financial statements, and compared them to the covenants in place for each period; and • we challenged the forecasts and sensitivity analysis used by the Directors to assess the Group’s and Parent Company’s ability to meet its financial obligations as they fall due for a period of at least 12 months from the date of approval of the financial statements, by examining post year end order values compared to forecast financial information and by comparing previous forecast financial performance to subsequent actual results. We challenged the Directors’ assessment of the impact of the COVID-19 pandemic. Our responsibilities and the responsibilities of the Directors with respect to going concern are described in the relevant sections of this report. 37 Corporate DirectoryOverviewStrategic ReportGovernanceFINANCIAL STATEMENTS Independent Auditor’s Report to the members of Corero Network Security plc continued Overview Coverage1 Key audit matters 100% (2019: 100%) of Group profit before tax 100% (2019: 100%) of Group revenue 100% (2019: 100%) of Group total assets Revenue recognition Goodwill and intangible asset impairment Going concern 2020    2019    Materiality Group financial statements as a whole $381,000 based on 2.26% of revenue (2019: $318,000 based on 2% of aggregate operating expenses and cost of sales) 1 These are areas which have been subject to a full scope audit by the group engagement team An overview of the scope of our audit Our Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of internal control, and assessing the risks of material misstatement in the financial statements. We also addressed the risk of management override of internal controls, including assessing whether there was evidence of bias by the Directors that may have represented a risk of material misstatement. A full scope audit was performed for each component included in the consolidation. All audit work was undertaken by the Group audit team. There were no non-significant components. Key audit matters Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified, including those which had the greatest effect on: the overall audit strategy, the allocation of resources in the audit, and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. In addition to the matter described in the Material uncertainty related to going concern section, we have determined the matters described below to be the key audit matters. Key Audit matter Revenue recognition See accounting policy at note 2.5, the key accounting estimate at note 3.2 and note 4. The Group generates revenue primarily from the sale of hardware and associated software and related maintenance and support contracts. It does this directly through arrangements with end-users (either through the sale of hardware and a software licence or by selling the software as a service) as well as through distributors. The sales of licences may be on a perpetual or a fixed term basis. We considered there to be a significant audit risk arising from the allocation of the value of the transaction between the multiple elements of deliverables included in the sale as well as the timing of revenue recognition with regard to appropriate deferral of maintenance and support revenues and cut off around the year-end. How the scope of our audit addressed the key audit matter We assessed the appropriateness of the revenue recognition policy in accordance with applicable accounting standards and management’s related accounting treatments. We gained an understanding of the detail of the Group’s methodology in determining the fair value of the different deliverables in multiple element arrangements as set out in note 2.5 and examined management’s approach and resulting fair value measurements, to check that it provided a suitable basis on which to recognise revenues. We confirmed the proper identification of performance obligations and price allocation in bundled products by benchmarking to standalone prices in the price lists. We assessed the basis upon which performance obligations were recognised for each material product sold and compared this to accounting guidance, industry practice, and the Group’s specific circumstances. We also tested the accuracy of the deferred income balance and tested a sample of transactions around the year-end to check that they were recorded in the correct period. Key observations: We are satisfied through the testing performed that revenue and the related deferred income have been appropriately recognised. 38 Key Audit matter How the scope of our audit addressed the key audit matter Goodwill and intangible asset impairment review See accounting policy at note 2.12, the key accounting estimate at note 3.2 and note 9. Management performed an impairment review over its sole cash generating unit (CGU) – Corero Network Security (CNS) – as at 31 December 2020 using a discounted cash flow model to calculate fair value less costs to sell. The impairment review necessitates significant management judgement over the timing and degree of certainty attaching to forecast net cash flows and the rate at which those future cash flows should be discounted to present value. Certain key assumptions and data points are required to be disclosed along with sensitivity calculations where reasonably possible changes in key assumptions could give rise to an impairment. The accurate disclosure of such information formed part of the risk we assessed as being present. Our work on the impairment review prepared by management had a dual focus: firstly, to check that the model was mechanically accurate and prepared in accordance with the requirements of applicable accounting standards and secondly, to check that the assumptions regarding future cash flows and the rate at which they had been discounted were appropriate to the Group’s circumstances. We checked and confirmed the consistency of the forecasts used for impairment with the forecasts used for going concern. We used our internal valuations experts to assist with our interrogation of the model and access the appropriateness of the discount rate. This work also included comparison to industry data, historic trading, and macro-economic factors. Our audit procedures relating to the review of forecast operating cash flows included agreeing the existence of these to selected post year-end sales and gaining an understanding of company internal sales initiatives which are expected to drive growth in 2021, as well as a comparison of previous forecast to actual outcomes. We checked that no additional impairment indicators in respect of development costs, intangible assets and property, plant and equipment were present. We also considered the appropriateness of the disclosures made in the financial statements with reference to the requirements of applicable accounting standards. Key observations: Based on the procedures we performed we consider the judgements made by management in assessing the carrying value of goodwill and intangible assets to be reasonable and the disclosures are appropriate. Our application of materiality We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. We consider materiality to be the magnitude by which misstatements, including omissions, could influence the economic decisions of reasonable users that are taken on the basis of the financial statements. In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level, performance materiality, to determine the extent of testing needed. Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also take account of the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements as a whole. Based on our professional judgement, we determined materiality for the financial statements as a whole and performance materiality as follows: Key Audit matter Group financial statements Parent company financial statements 2020 $’000 Materiality 381 2019 $’000 318 2020 $’000 190.5 2019 $’000 159 Basis for determining materiality Rationale for the benchmark applied Performance materiality Basis for determining performance materiality 2.26% of revenue 2% of aggregate operating expenses and cost of sales 50% of Group materiality 50% of Group materiality We believe that revenue has become the most appropriate benchmark for materiality since revenue has become more consistent and a better indicator of the performance of the business. In 2019 and previous years we believed that this was the most appropriate benchmark for materiality since it represented the more consistent measure from year to year. We deem this to be the most appropriate measure for assessing the Group’s scale of operations and level of activity We deem this to be the most appropriate measure for assessing the Group’s scale of operations and level of activity 75% – 285.75 75% – 238.50 75% – 142.86 75% – 119.25 based on past experience and other factors based on past experience and other factors based on past experience and other factors based on past experience and other factors 39 Independent Auditor’s Report to the members of Corero Network Security plc continued Component materiality We set materiality for the Corero Network Security Inc. component of the Group based on 90% (2019: 90%) of Group materiality as it makes up the majority of the Group’s external revenue generating activities. UK components were audited to a lower materiality of between 10% and 26% (2019: between 5% and 30%) of Group materiality. In the audit of each component, we further applied a performance materiality level of 75% of the component materiality level to our testing to ensure that the risk of errors exceeding component materiality was appropriately mitigated. Reporting threshold We agreed with the Audit Committee that we would report to them all individual audit differences in excess of £19,050 (2019:£14,650). We also agreed to report differences below this threshold that, in our view, warranted reporting on qualitative grounds. Other information The directors are responsible for the other information. The other information comprises the information included in the Annual Report and Accounts, other than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. Our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the course of the audit, or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether this gives rise to a material misstatement in the financial statements themselves. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. Other Companies Act 2006 reporting Based on the responsibilities described below and our work performed during the course of the audit, we are required by the Companies Act 2006 and ISAs (UK) to report on certain opinions and matters as described below. Strategic Report and Directors’ report In our opinion, based on the work undertaken in the course of the audit: • the information given in the Strategic Report and the Directors’ Report for the financial year for which the financial statements are prepared is consistent with the financial statements; and • the Strategic Report and the Directors’ Report have been prepared in accordance with applicable legal requirements. In the light of the knowledge and understanding of the Group and Parent Company and its environment obtained in the course of the audit, we have not identified material misstatements in the Strategic Report or the Directors’ Report. Matters on which we are required to report by exception We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion: • adequate accounting records have not been kept by the Parent Company, or returns adequate for our audit have not been received from branches not visited by us; or • the Parent Company financial statements are not in agreement with the accounting records and returns; or • certain disclosures of Directors’ remuneration specified by law are not made; or • we have not received all the information and explanations we require for our audit. 40 • We communicated relevant identified laws and regulations and potential fraud risks to all engagement team members and remained alert to any indications of fraud or non-compliance with laws and regulations throughout the audit. • We had regular discussion with management during the audit on the instances of identified fraud and non-compliance with laws and regulations. • We designed our audit procedures to detect irregularities, including fraud. Our procedures included journal entry testing, with a focus on large or unusual transactions based on our knowledge of the business; enquiries with in-house Legal and Group Management; and focussed testing as referred to in the Key Audit Matters section above. Our audit procedures were designed to respond to risks of material misstatement in the financial statements, recognising that the risk of not detecting a material misstatement due to fraud is higher than the risk of not detecting one resulting from error, as fraud may involve deliberate concealment by, for example, forgery, misrepresentations or through collusion. There are inherent limitations in the audit procedures performed and the further removed non-compliance with laws and regulations is from the events and transactions reflected in the financial statements, the less likely we are to become aware of it. A further description of our responsibilities is available on the Financial Reporting Council’s website at: www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report. Use of our report This report is made solely to the Parent Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the Parent Company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Parent Company and the Parent Company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Julian Frost (Senior Statutory Auditor) For and on behalf of BDO LLP, Statutory Auditor London, UK 12 April 2021 BDO LLP is a limited liability partnership registered in England and Wales (with registered number OC305127). Responsibilities of Directors As explained more fully in the statement of Directors’ responsibilities, the Directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Parent Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so. Auditor’s responsibilities for the audit of the financial statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. Extent to which the audit was capable of detecting irregularities, including fraud Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. The extent to which our procedures are capable of detecting irregularities, including fraud is detailed below: • We obtained an understanding of the legal and regulatory frameworks that are applicable to the Group and its components and determined that the most significant frameworks which are directly relevant to specific assertions in the financial statements are those than relate to the reporting framework, Companies Act 2006 and the AIM rules and data privacy and the relevant tax regulations. • We understood how the Group and its components are complying with those frameworks by making enquiries of management, those responsible for legal and compliance procedures. We corroborated our enquiries through our review of board minutes and papers provided to the Audit Committee. • We assessed the susceptibility of the Group’s financial statements to material misstatement, including how fraud might occur, by meeting with management to understand where they considered there was a susceptibility to fraud. • Our audit planning identified fraud risks in relation to management override and risk of fraud in revenue recognition which has been assessed as a Key Audit Matter above. We obtained an understanding of the processes and controls that the Group has established to address risks identified, or that otherwise prevent, deter and detect fraud and how management monitors the processes and controls. 41 Consolidated Income Statement for the year ended 31 December 2020 Continuing operations Revenue Cost of sales Gross profit Operating expenses Consisting of: Note 4 Operating expenses before depreciation and amortisation Depreciation and amortisation of intangible assets 10,11,12 Loss from operations Share-based payments Operating loss Finance income Finance costs Loss before taxation Taxation credit Loss after taxation Loss after taxation attributable to equity owners of the parent Basic and diluted loss per share Basic and diluted loss per share EBITDA Adjusted EBITDA – for DDPaaS depreciation Adjusted EBITDA – for DDPaaS depreciation and share based payments Adjusted EBITDA – for DDPaaS depreciation, share based payments and unrealised foreign exchange differences on intercompany loan – Fully adjusted basis The notes on pages 49 to 79 form part of these financial statements. 5 6 7 8 8 8 8 Year ended Year ended 31 December 2020 $’000 31 December 2019 $’000 16,877 (3,832) 13,045 (16,431) (14,114) (2,317) (3,386) (359) (3,745) 16 (301) (4,030) 246 (3,784) (3,784) Cents (0.8) (1,428) (1,173) (814) (551) 9,714 (1,842) 7,872 (13,808) (10,767) (3,041) (5,936) (265) (6,201) 15 (375) (6,561) – (6,561) (6,561) Cents (1.6) (3,160) (3,035) (2,770) (2,457) 42 Consolidated Statement of Comprehensive Income for the year ended 31 December 2020 Loss for the year Other comprehensive (expense)/income: Items reclassified subsequently to profit or loss upon derecognition: Foreign exchange differences Other comprehensive income for the year net of taxation attributable to the equity owners of the parent Total comprehensive expense for the year attributable to the equity owners of the parent Year ended Year ended 31 December 2020 $’000 31 December 2019 $’000 (3,784) (6,561) 216 216 (3,568) 429 429 (6,132) 43 Consolidated Statement of Financial Position as at 31 December 2020 Assets Non-current assets Goodwill Acquired intangible assets Capitalised development expenditure Property, plant and equipment – owned assets Leased right of use assets Trade and other receivables Current assets Inventories Trade and other receivables Cash and cash equivalents Total assets Liabilities Current Liabilities Trade and other payables Lease liabilities Deferred income Borrowings Net current assets Non-current liabilities Trade and other payables Lease liabilities Deferred income Borrowings Net assets Capital and reserves attributable to the equity owners of the parent Share capital Share premium Capital redemption reserve Share options reserve Foreign exchange translation reserve Accumulated profit and loss reserve Total shareholders’ equity As at 31 December 2020 $’000 As at 31 December 2019 $’000 Note 9 10 11 12 12 15 14 15 18 17 20 18 18 17 20 18 22 23 8,991 9 4,646 1,099 237 694 15,676 98 3,714 10,140 13,952 29,628 (6,461) (86) (3,444) (2,073) (12,064) 1,888 (402) (171) (2,705) (405) (3,683) 13,881 6,914 82,122 7,051 968 (1,384) (81,790) 13,881 8,991 7 5,169 652 357 307 15,483 63 2,572 8,321 10,956 26,439 (2,008) (112) (2,800) (1,149) (6,069) 4,887 (139) (257) (1,096) (1,788) (3,280) 17,090 6,914 82,122 7,051 609 (1,600) (78,006) 17,090 These financial statements were approved by the Board of Directors on 12 April 2021 and signed on their behalf. Lionel Chmilewsky Director The notes on pages 49 to 79 form part of these financial statements. 44 Company Statement of Financial Position as at 31 December 2020 Assets Non-current assets Investments in subsidiaries Trade and other receivables Current assets Trade and other receivables Cash and cash equivalents Liabilities Current Liabilities Trade and other payables Borrowings Net current assets Non-current liabilities Trade and other payables Borrowings Net assets Total equity attributable to owners of the Parent Share capital Share premium Capital redemption reserve Share options reserve Foreign exchange translation reserve Accumulated profit and loss reserve Total equity As at 31 December 2020 $’000 As at 31 December 2019 $’000 Note 13 15 15 18 18 18 18 22 23 60,921 77 60,998 – 9,875 9,875 (5,845) (1,436) (7,281) 2,594 (143) (405) (548) 63,044 6,914 82,122 7,051 968 (9,947) (24,064) 63,044 20,772 74 20,846 8 7,636 7,644 (5) (1,149) (1,154) 6,490 (139) (1,788) (1,927) 25,409 6,914 82,122 7,051 609 (10,724) (60,563) 25,409 The Company financial statements were prepared in accordance with Financial Reporting Standard 101 Reduced Disclosure Framework. The Company has taken advantage of the following disclosure exemptions: The requirements of IAS 7 Statement of Cash Flows, IFRS 7 Financial Instruments: Disclosures and IAS 24 Related Party Disclosures. The Company has taken advantage of section 408 of the Companies Act 2006 and has not included an income statement in these financial statements. The Parent Company’s profit for the year was $36.5 million (2019: loss $8.9 million). These financial statements were approved by the Board of Directors on 12 April 2021 and signed on their behalf. Lionel Chmilewsky Director The notes on pages 49 to 79 form part of these financial statements. 45 Consolidated Statement of Cash Flows for the year ended 31 December 2020 Operating activities Loss before taxation for the year Adjustments for movements: Amortisation of acquired intangible assets Amortisation of capitalised development expenditure Depreciation – owned assets Depreciation – leased assets Finance income Finance expense Finance lease interest costs Share based payments expense Cash used in operating activities before movement in working capital Movement in working capital: Decrease in inventories and sales evaluation assets (Increase)/decrease in trade and other receivables Increase in trade and other payables Net movement in working capital Cash generated from/(used in) operating activities Taxation received Net cash generated from/(used in) operating activities Cash flows from investing activities Purchase of intangible assets Investment in development expenditure Purchase of property, plant and equipment Net cash used in investing activities Cash flows from financing activities Net proceeds from issue of share capital (post fees) Proceeds from borrowings Finance income Lease liability payments Finance expense Repayments of borrowings Net cash (used in)/generated from financing activities Increase in cash and cash equivalents Effects of exchange rates on cash and cash equivalents Cash and cash equivalents at 1 January Cash and cash equivalents at 31 December The notes on pages 49 to 79 form part of these financial statements. 46 Year ended 31 December 2020 $’000 Year ended 31 December 2019 $’000 (4,030) (6,561) 6 1,933 514 119 (16) 274 27 359 (814) 45 (1,187) 6,852 5,710 4,896 246 5,142 (8) (1,410) (1,015) (2,433) – 637 16 (136) (206) (1,187) (876) 1,833 (14) 8,321 10,140 13 2,638 450 65 (15) 364 11 265 (2,770) 153 937 1,129 2,219 (551) – (551) (6) (1,360) (579) (1.945) 3,958 – 15 (74) (296) (856) 2,747 251 44 8,026 8,321 Consolidated Statement of Changes in Equity for the year ended 31 December 2020 Share capital $’000 Share premium account $’000 Capital redemption reserve $’000 Share options reserve $’000 Foreign exchange translation reserve $’000 Accumulated profit and loss reserve $’000 Total attributable to equity owners of the parent $’000 5,740 79,338 7,051 344 (2,029) 1 January 2019 Loss for the year Other comprehensive expense Total comprehensive expense for the year Contributions by and distributions to owners Share based payments Issue of share capital Total contributions by and distributions to owners 31 December 2019 and 1 January 2020 Loss for the year Other comprehensive expense Total comprehensive expense for the year Contributions by and distributions to owners Share based payments Total contributions by and distributions to owners – – – 1,174 1,174 6,914 – – – – – – – – 2,784 2,784 82,122 – – – – – – – – – – 7,051 – – – – – 429 429 – – – (1,600) – 216 216 – – – – 265 – 265 609 – – – 359 359 968 (71,445) (6,561) – (6,561) – – – (78,006) (3,784) – (3,784) – – 18,999 (6,561) 429 (6,132) 265 3,958 4,223 17,090 (3,784) 216 (3,568) 359 359 31 December 2020 6,914 82,122 7,051 The share capital comprises the nominal values of all shares issued. (1,384) (81,790) 13,881 The share premium account comprises the amounts subscribed for share capital in excess of the nominal value, net of issuance costs. The capital redemption reserve comprises the amount transferred from deferred shares on redemption of the deferred shares. The share options reserve represents the cost to the Group of share options. The foreign exchange translation reserve arises on retranslating the net assets of UK operations into US dollars. The retained earnings are all other net gains and losses and transactions with owners not recognised elsewhere. The notes on pages 49 to 79 form part of these financial statements. 47 Company Statement of Changes in Equity for the year ended 31 December 2020 Share capital $’000 Share premium account $’000 Capital redemption reserve $’000 Share options reserve $’000 Foreign exchange translation reserve $’000 Accumulated profit and loss reserve $’000 Total equity $’000 5,740 79,338 7,051 344 (12,073) (51,650) 28,750 – – – 265 – 265 609 – – – 359 359 968 – 1,349 1,349 – – – (8,913) – (8,913) – – – (10,724) (60,563) (8,913) 1,349 (7,564) 265 3,958 4,223 25,409 36,499 777 – 777 777 – – 36,499 – 36,499 37,276 – – 359 359 (9,947) (24,064) 63,044 1 January 2019 Loss for the year Other comprehensive income Total comprehensive expense for the year Contributions by and distributions to owners Share-based payments Issue of share capital Total contributions by and distributions to owners 31 December 2019 and 1 January 2020 Profit for the year Other comprehensive income Total comprehensive income for the year Contributions by and distributions to owners Share-based payments Total contributions by and distributions to owners – – – – – – – – 1,174 1,174 6,914 2,784 2,784 82,122 – – – – – – – – – – – – – – – – 7,051 – – – – – 31 December 2020 6,914 82,122 7,051 The notes on pages 49 to 79 form part of these financial statements. 48     Notes to the Financial Statements 1. General information Presentation currency These consolidated financial statements are presented in US dollars (‘$’) which represents the presentation and functional currency of the Group. The average $–GBP sterling (‘GBP’) exchange rate used for the conversion of the Consolidated Income Statement for the 12 months ended 31 December 2020 was 1.28 (2019: 1.28). The closing $–GBP exchange rate used for the conversion of the Group’s assets and liabilities at 31 December 2020 was 1.37 (2019: 1.33). Corero Network Security plc is a public limited company incorporated in the United Kingdom under the Companies Act 2006 and registered in England and Wales. The functional currency of the Company entity is GBP. 2. Significant accounting policies 2.1 Basis of preparation The Group financial statements have been prepared in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006. The Parent Company financial statements have been prepared in accordance with Financial Reporting Standard 101 (‘FRS 101’) ‘Reduced Disclosure Framework’. 2.2 Going Concern The financial statements have been prepared on a going concern basis. The Directors have prepared detailed income statement, balance sheet and cash flow projections for the period to 31 December 2022. The cash flow projections have been subjected to sensitivity analysis at the revenue, cost and combined revenue and cost levels. The cash flow projections show that the Group and Company will maintain a positive cash balance until at least December 2022. In addition, the projections and sensitivity analyses confirm that the bank loan covenants will be met for a period of at least 12 months from the date of approval of these financial statements. On this basis, the Directors have therefore concluded that it is appropriate to prepare the financial statements on a going concern basis. However, the ability of the Company and Group to achieve the future profit and cash flow projections cannot be predicted with certainty. Additionally, the impact of the on-going COVID-19 global pandemic on the business of the Company and Group brings continued global uncertainties. The inability of the Company and the Group to meet these projections and deliver revenue growth may adversely impact the achievability of the bank loan covenants which may result in the bank loan being required to be repaid before the maturity date, assuming that the revenue and cash consumption covenants are not met and cannot be renegotiated. This would adversely impact the Company and the Group’s working capital position and could require the Company to raise additional funding, with no guarantee such funding could be secured. These circumstances therefore indicate a material uncertainty that may cast significant doubt on the Company and the Group’s ability to continue as a going concern for the foreseeable future. Although the Directors are confident, based on the forecast assumptions and information available at the present time, that the Company and Group will achieve the forecasts, they consider if it becomes necessary, that the covenants could be renegotiated or further funds raised, and have therefore concluded that it is appropriate to prepare the financial statements on a going concern basis. The financial statements do not include the adjustments that would result if the Group and Company were unable to continue as a going concern. Further details are included within notes 2 and 3 to the financial statements. 49         Notes to the Financial Statements continued 2. Significant accounting policies continued 2.3 Basis of consolidation The consolidated financial statements incorporate the results, assets, liabilities, and cash flows of the Company and each of its subsidiaries for the financial year ended 31 December 2020. Subsidiaries are entities controlled by the Group. Control is deemed to exist when the Group has all of the following elements: a) power over the subsidiary, b) exposure or rights to variable returns from that subsidiary, and c) ability to use its power to affect the amount of the return from the subsidiary. The results, assets, liabilities and cash flows of subsidiaries are included in the consolidated financial statements from the date control commences until the date that control ceases. Where necessary, adjustments are made to the financial statements of subsidiaries to bring the accounting policies used into line with those used by the Group. Intra-group balances and transactions are eliminated on consolidation. 2.4 Business combinations The acquisition method is used to account for all acquisitions. The cost of an acquisition is measured at the fair values, on the date of acquisition, of assets given, liabilities incurred or assumed, and equity instruments issued. At the date of acquisition, the identifiable assets and liabilities and contingent liabilities of a subsidiary are measured at their fair values. Any excess of the cost of acquisition over the fair values of the identifiable net assets acquired is recognised as goodwill. 2.5 Revenue The Group’s revenue is derived from the following products and services: • appliance and perpetual software licenses; • support services for a defined term; • installation and training services; • DDoS Protection as-a-Service (‘DDPaaS’) for a defined term; • SecureWatch Managed Service (enhanced security monitoring services) for a defined term; and • software subscription licenses for a defined term. The element of DDPaaS revenues pertaining to the lease of as-a-service assets is included in reported revenues and is recognised on a straight-line basis over the term of the contract. Performance obligations, timing of revenue recognition and revenue recognition Revenue is recognised when control of the goods (appliances and software) transfer to the customer and services are delivered. Goods are shipped free on board (‘FOB’) from Corero, or Corero’s contract manufacturer, to the customer. The point of transfer of control for appliances is at the point of FOB shipment to the customer and for software at the point of electronic transfer to the customer. Revenue recognised on transfer of control of appliance and software products Appliance, perpetual software licenses and software subscription licenses Revenue recognised over-time (over the term of the contract) Support, DDPaaS and SecureWatch Managed services Revenue recognised once the service has been delivered Installation and training services Determining the transaction price The contract price is determined by reference to the Corero Sales Quotation or DDPaaS Agreement and is a fixed price. Certain DDPaaS contracts have an element of the transaction value or all of the transaction value determined by reference to a share of the customers’ revenue generated from the Corero solution (‘Revenue Share’). This Revenue Share revenue is recognised when the Revenue Share is determined. Corero does not have any other variable consideration payable by the customer and does not pay any consideration to the customer. There is no provision for purchase price adjustments, right of return or price concessions. 50 Allocating amounts to performance obligations For contracts containing only a single performance obligation (annual support services, ‘DDPaaS’ and SecureWatch Managed Service) there is no requirement to make an allocation of the contract price. For contracts containing multiple products, the transaction price is allocated to the separate performance obligations based on relative stand-alone selling prices (‘SSP’). The SSP is determined using defined price lists and historic customer discount rates. Incremental costs of obtaining a contract Sales commission paid to Corero sales employees is an incremental cost of obtaining a contract. Sales commission relating to the support revenue from a new sales contract is recorded in prepayments and amortised over five years. Corero follows the requirements of the IFRS 15 standard with regards to the amortisation period which requires amortisation on a systematic basis that is consistent with the transfer to the customer of the goods or services to which the asset relates. The expectation, supported by historic evidence, is that customers will generally renew their support contracts for more than three years with the additional expectation of follow-on hardware and software (and associated services) business from a significant number of existing customers. Based on this, and consistent with previous treatment, Corero has assessed that a reasonable period for capitalised sales commission to be amortised is five years. Periodic customer reviews will be undertaken to ascertain if there is any evidence that the value of the customer relationship has been negatively impacted, in which case the prepayment will be appropriately written down. Applying the practical expedient, Corero recognises the incremental costs of obtaining contracts as an expense when incurred if the amortisation period of the prepayment that Corero otherwise would have recognised is one year or less. Fulfilment costs Corero’s principal fulfilment costs relate to the costs of the Corero customer support team which delivers the customer support services, DDPaaS services and the SecureWatch Managed services. These costs are not separately allocated or identifiable against specific customers. Therefore, these costs are recognised in the period in which they are incurred in the Consolidated Income Statement. Contract assets and liabilities Contract assets arise when goods and services have been delivered and invoiced but payment is not yet due. Contract liabilities arise for future delivery of services which have been invoiced and payment is due. Contract liabilities are shown as deferred income in the Statement of Financial Position. 2.6 Government grants Government grants are recognised at fair value when there is reasonable assurance that the Group will comply with the conditions attaching to them and the grant will be received. Grants related to purchase of assets are treated as deferred income and allocated to the Consolidated Income Statement over the useful lives of the related assets while grants related to expenses are netted off against the related item of expenditure in the Consolidated Income Statement. 2.7 Cost of sales Cost of sales includes all direct costs associated with revenue generation, including goods directly related to revenue, services delivery, operation costs, DDoS as-a-service depreciation and amounts charged by external third parties for services. Examples of such costs would include third-party appliance costs and third-party software license costs. 2.8 Foreign currencies Transactions in foreign currencies are translated at the exchange rate ruling at the date of each transaction. Foreign currency monetary assets and liabilities are retranslated using the exchange rates at the reporting date. Gains and losses arising from changes in exchange rates after the date of the transaction are recognised in profit or loss in the Consolidated Income Statement. Non-monetary assets and liabilities that are measured in terms of historical cost in a foreign currency are translated at the exchange rate at the date of the original transaction. In the consolidated financial statements, the net assets of the Group’s UK operations are translated from GBP into US dollars at the exchange rate at the reporting date. Income and expense items are translated into US dollars at the average exchange rates for the period. The resulting exchange differences are recognised in the foreign exchange translation reserve. 51   2. Significant accounting policies continued 2.9 Intangible assets Internally generated intangible assets The Group’s internally generated intangible asset relates to its development expenditure. Development expenditure is capitalised only when it is probable that future economic benefit will result from the project and the following criteria are met: • the technical feasibility of the product has been ascertained; • adequate technical, financial and other resources are available to complete and sell or use the intangible asset; • the Group can demonstrate how the intangible asset will generate future economic benefits and the ability to use or sell the intangible asset can be demonstrated; • it is the intention of management to complete the intangible asset and use it or sell it; and • the development costs can be measured reliably. Expenditure not meeting these criteria is expensed in the Consolidated Income Statement. After initial recognition, internally-generated intangible assets are carried at cost less accumulated amortisation and any impairment losses. Amortisation is charged once the asset is capable of generating economic benefits. Acquired intangible assets Identifiable intangible assets acquired as part of a business combination are initially recognised separately from goodwill, irrespective of whether the assets have been recognised by the acquiree before the business combination. An intangible asset is considered identifiable only if it is separable or if it arises from contractual or other legal rights, regardless of whether those rights are transferable or separable from the entity or from other rights and obligations. Intangible assets acquired as part of a business combination and recognised by the Group are computer software and customer relationships. Purchased computer software is carried at cost less accumulated amortisation and any impairment losses. Customer contracts and the related customer relationships are carried at cost less accumulated amortisation and any impairment losses. Amortisation Intangible assets are amortised on a straight-line basis to reduce their carrying value to zero over their estimated useful lives. The following useful lives were applied during the year: • Computer software acquired – three years straight line. • Capitalised development expenditure – five years straight line. Amortisation costs are included within operating expenses in the Consolidated Income Statement. Methods of amortisation and useful lives are reviewed, and if necessary adjusted, at each reporting date. 2.10 Property, plant and equipment Depreciation commences when an asset is available for use. Depreciation is calculated so as to write off the cost or value of an asset, net of anticipated disposal proceeds, over the useful life of that asset as follows: • Leasehold improvements – period of the lease (straight-line basis). • Right-of-use assets – period of the lease (straight-line basis). • Computer equipment, evaluation assets and DDoS Protection as-a-Service assets – three years (straight-line basis). • Fixtures and fittings – five years (straight-line basis). Property, plant and equipment is stated at cost less accumulated depreciation and any impairment losses. Cost comprises the purchase cost of property, plant and equipment together with any directly attributable costs. Evaluation assets are used by customers during proof- of-concept trials. Evaluation assets are stated at cost less accumulated depreciation. When an evaluation asset is retained by a customer as part of a sale, the net book value of the evaluation asset is charged to cost of sales. Depreciation of DDoS Protection as-a-Service assets is charged to cost of sales. 52       Subsequent costs are included in an asset carrying value or are recognised as a separate asset when it is probable that future economic benefits associated with the additional expenditure will flow to the Group and the cost of the item can be measured reliably. All other costs are charged to the Consolidated Income Statement as incurred. Methods of depreciation, residual values and useful lives are reviewed, and if necessary adjusted, at each balance sheet date. The gain or loss arising from the disposal or retirement of an item of property, plant and equipment is determined as the difference between the net disposal proceeds and the carrying amount of the item and included in the Consolidated Income Statement. 2.11 Inventory Inventory is stated at the lower of cost or net realisable value. Cost is computed using standard cost, which approximates to actual cost, on a first-in, first-out basis. Rapid technological change and new product introductions and enhancements could result in excess or obsolete inventory, the value of which may not be recoverable. To minimise this risk, the Group evaluates inventory levels and expected usage on a periodic basis and records valuation allowances as required. 2.12 Impairment At each reporting date, the Group assesses whether there is any indication that its assets have been impaired. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of any impairment. If it is not possible to estimate the recoverable amount of the individual asset, the recoverable amount of the cash-generating unit (‘CGU’) to which the asset belongs is determined. The recoverable amount of an asset or a CGU is the higher of its fair value less costs to sell and its value in use. The recoverable amount is calculated using the present value of the future cash flows expected to be derived from an asset or CGU. This present value is derived using a cost of capital rate that reflects current market assessments of the time value of money and of the risks specific to the asset for which future cash flow estimates have not been adjusted. If the recoverable amount of an asset is less than its carrying amount, the carrying amount of the asset or CGU is reduced to its recoverable amount. That reduction is recognised as an impairment loss. An impairment loss relating to assets carried at cost less any accumulated depreciation or amortisation is recognised immediately in the Consolidated Income Statement. Goodwill acquired in a business combination is, from the acquisition date, allocated to each of the CGU’s or groups of CGU’s that are expected to benefit from the synergies of the combination. Goodwill is tested for impairment at least annually, and whenever there is an indication that the asset may be impaired. An impairment loss is recognised for CGU’s if the recoverable amount of the CGU is less than the carrying amount of the CGU. The impairment loss is allocated to reduce the carrying amount of the assets of the CGU by first reducing the carrying amount of any goodwill allocated to the CGU, and then reducing the carrying amounts of the other assets of the CGU pro rata. If an impairment loss subsequently reverses, the carrying amount of the asset or CGU is increased to the revised estimate of its recoverable amount but limited to the carrying amount that would have been determined had no impairment loss been recognised in prior years. A reversal of an impairment loss is recognised in the Consolidated Income Statement. Impairment losses on goodwill are not subsequently reversed. 2.13 Leases All leases are accounted for by recognising a right-of-use asset and a lease liability except for: • leases with a duration of 12 months or less; and • leases of low value assets. Lease liabilities are measured at the present value of the contractual payments due to the lessor over the lease term, with the discount rate determined by reference to the rate inherent in the lease unless this is not readily determinable, in which case the Group’s incremental borrowing rate on commencement of the lease is used. 53     2. Significant accounting policies continued On initial recognition, the carrying value of the lease liability also includes: • amounts expected to be payable under any residual value guarantee; • the exercise price of any purchase option granted in favour of the Group if it is reasonably certain to assess that option; and • any penalties payable for terminating the lease, if the term of the lease has been estimated on the basis of termination option being exercised. Right-of-use assets are initially measured at the amount of the lease liability, reduced for any lease incentives received, and increased for: • lease payments made at or before commencement of the lease; • initial direct costs incurred; and • the amount of any provision recognised where the Group is contractually required to dismantle, remove or restore the lease. Subsequent to initial measurement, lease liabilities increase as a result of interest charged at a constant rate on the balance outstanding and are reduced for lease payments made. Lease payments are analysed between capital and interest. The interest element is charged to the Consolidated Income Statement over the period of the lease. The capital element reduces the balance owed to the lessor. Right-of-use assets are amortised on a straight-line basis over the remaining term of the lease or over the remaining economic life of the asset. The total rentals payable under leases which are not recognised as a right-of-use asset and a lease liability (an ‘operating lease’) are charged to the Consolidated Income Statement on a straight-line basis over the lease term. 2.14 Investments in subsidiaries In the Company’s separate financial statements, investments in subsidiaries are carried at cost less any impairment provisions. 2.15 Taxation The tax expense represents the sum of current tax and deferred tax. Current tax Current tax is based on taxable profit for the year and is calculated using tax rates enacted or substantively enacted at the reporting date. Taxable profit differs from accounting profit either because items are taxable or deductible in periods different to those in which they are recognised in the financial statements (temporary differences), or because they are never taxable or deductible (permanent differences). Deferred tax Deferred tax on temporary differences at the reporting date between the tax bases of assets and liabilities and their carrying amounts for financial reporting purposes is accounted for using the balance sheet liability method. Using the balance sheet liability method, deferred tax liabilities are recognised in full for all taxable temporary differences and deferred tax assets are recognised to the extent that it is probable that taxable profits will be available against which deductible temporary differences can be utilised. However, if the temporary difference arises from the initial recognition of goodwill or the initial recognition of an asset or liability in a transaction other than a business combination, that at the time of the transaction affects neither accounting nor taxable profit, it is not recognised as deferred tax asset or liability. Deferred taxation is measured at the tax rates that are expected to apply when the asset is realised, or the liability settled, based on tax rates and laws enacted or substantively enacted at the reporting date. 2.16 Post-retirement benefits The Group makes contributions in respect of certain employees to defined contribution pension plans under which it is required to pay fixed contributions to group and personal pension funds. Contributions to the schemes are based on a proportion of the employees’ earnings and are charged to the Consolidated Income Statement. The Group has no obligation beyond these contributions. 54   2.17 Financial instruments The Group classifies financial instruments, or their component parts, on initial recognition as a financial asset, a financial liability or an equity instrument in accordance with the substance of the contractual arrangement. Financial assets and financial liabilities are recognised in the Group’s Statement of Financial Position when the Group becomes party to the contractual provisions of the instrument. The particular recognition and measurement methods adopted for the Group’s financial instruments are disclosed below: Trade and other receivables Trade and other receivables are stated at their fair value at time of initial recognition, reflecting, where material, the time value of money. A provision for impairment of trade receivables is established when there is evidence that the Group will not be able to collect all amounts due. The simplified approach is used for assessing the expected credit loss on trade receivables, requiring the lifetime expected credit loss to be recorded as the provision for impairment. An impairment provision is recorded against the intercompany loan note instrument between the Company and Corero Network Security, Inc. based on calculating the risk adjusted carrying value of the loan to take account of the credit loss which is expected to arise over the period until the cash is realised. The amount of the provision is based on whether there has been a significant increase in credit risk since the initial recognition of the loan. In situations where the credit risk has not increased significantly and the loan amount is expected to be recovered, the expected credit loss is limited to the effect of discounting the intercompany loan over the period until repayment is realised at the effective interest rate. Cash and cash equivalents Cash and cash equivalents include cash in hand and deposits on call with banks. Trade and other payables Trade and other payables are not interest bearing and are stated at their fair value at time of initial recognition. Thereafter they are accounted for at amortised cost. Debt obligations Debt obligations include interest bearing bank borrowings which are stated at their fair value less transaction costs at time of initial recognition. Debt obligations are subsequently measured at amortised cost. 2.18 Equity instruments An equity instrument is any contract that evidences a residual interest in the assets of the Company after deducting all its liabilities. Equity instruments issued by the Company are recorded at the proceeds received, net of directly attributable issue costs. 2.19 Employee share option schemes The Group operates an equity-settled share-based compensation plan. The fair value of the employees’ services received in exchange for the grant of share options is measured at grant date and recognised as an expense on a straight-line basis over the vesting period, based on the Group’s estimate of shares that will eventually vest. Fair value is determined by reference to the Black-Scholes option pricing model. If a granted option is cancelled and regranted the increase in fair value of the granted option measured immediately before and after the cancellation and regrant is added to the value of the employee’s service received in exchange for the grant. If an option grant is cancelled the previously recorded expense is credited to the Consolidated Income Statement. At each reporting date, the Group revises its estimate of the number of options that are expected to become exercisable. When share options are exercised, the proceeds received, net of any transaction costs, are credited to share capital (nominal value) and share premium. 2.20 Standards and Interpretations not yet effective There are a number of standards, amendments to standards, and interpretations which have been issued that are effective in future accounting periods that the Group has decided not to adopt early as they will not have a significant impact on the presentation of the Group financial statements. 55               3. Critical accounting judgements and key sources of estimation uncertainty 3.1 Critical judgements in applying the Group’s accounting policies In the process of applying the Group accounting policies, the following judgements have had a significant effect on the amounts recognised in the financial statements: Internally generated research and development costs Management monitors progress of internal research and development projects. Judgement is required in distinguishing the research phase from the development phase. Development costs are recognised as an asset when all criteria are met and a project has passed the feasibility phase, whereas research costs are expensed as incurred. Management monitors whether the recognition requirements for development costs continue to be met. This is necessary as the economic success of any product development is uncertain. 3.2 Key accounting estimates and assumptions Key assumptions concerning the future and other key sources of estimation uncertainty that have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year are as follows: Impairment of intangible assets and property, plant and equipment The Group tests goodwill at least annually for impairment, and whenever there is an indication that the asset may be impaired. All other intangible assets and property, plant and equipment are tested for impairment when indicators of impairment exist. Impairment is determined with reference to the higher of fair value less costs to sell and value in use. Fair value less costs to sell is estimated using discounted future cash flows. Significant assumptions are made in estimating future cash flows about future events including future market conditions, future growth rates and appropriate discount rates. Changes in these assumptions could affect the outcome of impairment reviews. Details of the main assumptions used in the assessment of the carrying value of the Group’s CGU are set out in note 9. Impairment of investments (applies to the Company financial statements only) The Directors have reviewed the cost of investments in subsidiaries of the Company with reference to current and future trading conditions. The investment in subsidiaries has been reviewed with reference to a valuation based on a discounted free cash flow, in conjunction with the goodwill impairment review, which the Directors consider to be an appropriate valuation methodology. Going concern The Directors have reviewed the future profit and cash flow projections in conjunction with the current economic climate in order to express an opinion on the adequacy of working capital and the ability to continue as a going concern for the foreseeable future. The methodology contained in the projections is detailed in the note 2.2. Standalone Selling Price – Revenue recognition On a quarterly basis the Group analyses the selling prices for each deal compared to the current Standalone Selling Price (‘SSP’). This analysis includes grouping similar deals based on qualitative factors such as customer profile, size, and region, together with a quantitative comparison to the then current SSP. SSP fair value prices are adjusted for future quarters if management identifies a pattern of variances of greater than 10% between actual selling prices and the then current SSP. 56 4. Segment reporting Business segments The Group is managed according to one business unit, Corero Network Security, which makes up the Group’s reportable operating segment. This business unit forms the basis on which the Group reports its primary segment information to the Board, which management consider to be the Chief Operating Decision maker for the purposes of IFRS 8 Operating Segments. The Group’s revenues from external customers are divided into the following geographies: Year ended 31 December 2020 $’000 Year ended 31 December 2019 $’000 The Americas EMEA APAC ROW Total 10,988 4,323 1,278 288 16,877 Revenues from external customers are identified on the basis of invoicing systems and adjusted to take into account the difference between invoiced amounts and deferred revenue adjustments as required by IFRS. An international SaaS customer, the Group’s largest customer, accounted for 19% of 2020 revenue (2019: 11%). The revenue is analysed as follows for each revenue category: Software license and appliance revenue DDoS Protection as-a-Service revenue Maintenance and support services revenue Total The revenue is analysed by timing of delivery of goods or services as: Point in time delivery Over time Total 2020 $’000 8,446 2,876 5,555 16,877 2020 $’000 8,446 8,431 16,877 6,552 2,468 395 299 9,714 2019 $’000 3,821 1,287 4,606 9,714 2019 $’000 3,821 5,893 9,714 No unsatisfied performance obligations arise except from those revenues which are recognised over time. See note 20 for further details. The as-a-service assets element of DDoS Protection as-a-Service revenues arise under lease arrangements. 57   4. Segment reporting continued Contract balances Contract assets Contract liabilities At 1 January Transfers in the period to/from trade receivables from/to contract assets Amounts included in contract liabilities that were recognised as revenue in the period from the opening balance Amounts included in contract liabilities that were recognised as revenue from amounts invoiced in the period Amounts invoiced in the period and not recognised as revenue in the period 2020 $’000 1,326 1,103 – – – 2019 $’000 1,360 (34) – – – At 31 December 2,429 1,326 Company The Company has no contract assets or liabilities (2019: $nil). 5. Loss for the year The following items have been included in arriving at the Group’s loss for the year before taxation: 2020 $’000 3,896 – 2019 $’000 2,880 – (3,211) (1,974) (5,219) 10,683 6,149 (3,919) 6,909 3,896 DDoS Protection as-a-Service asset depreciation Unrealised loss on intercompany loan Finance expense – Clydesdale loan including loan fees Finance expense – lease liability Development expenditure not capitalised Amortisation of acquired intangible assets (note 10) Amortisation of capitalised development expenditure (note 11) Depreciation of property, plant and equipment (note 12) Lease rentals payable Auditor’s remuneration Remuneration received by the Company’s auditor for the audit of these Financial Statements The audit of the financial statements of other Group companies Fees payable to the Company’s auditor for taxation compliance services Fees payable to the Company’s auditor for taxation advisory services 2020 $’000 255 263 274 27 1,562 6 1,933 633 216 2020 $’000 105 41 33 17 196 2019 $’000 125 313 364 11 1,423 13 2,638 515 267 2019 $’000 85 37 30 – 152 58     6. Tax on loss on ordinary activities Current tax credit Total 2020 $’000 246 246 2019 $’000 – – The tax assessed on the loss on ordinary activities for the year differs from the weighted average UK corporate rate of tax of 19.0% per the 2019 and 2020 budgets (2019: 19.0%). The differences are reconciled below: Total tax reconciliation Loss before taxation Theoretical tax credit at UK Corporation tax rate 19.0% (2019: 19.0%) Effect of: – expenditure that is not tax deductible – R&D tax credits – accelerated capital allowances – other timing differences – losses not utilised Actual taxation credit 2020 $’000 (4,030) (766) 168 246 (58) – 656 246 2019 $’000 (6,561) (1,247) 296 – (31) 1 981 – Factors affecting future tax charges As at 31 December 2020, the Group’s cumulative fixed asset timing differences were $76,000 (2019: $195,000) and no deferred tax asset has been recognised in respect of these items. In addition, the tax losses at that date amounted to $94.2 million (2019: $91.1 million). This comprised UK tax losses of $13.5 million and US tax losses of $80.7 million. $9.0 million of the tax losses relate to pre-acquisition US tax losses which can be offset against taxable profits over 15 years (there is a limit on the utilisation of pre-acquisition tax losses of $0.7 million per annum and any unused loss may be carried forward to subsequent periods). All other US tax losses expire 20 years from the end of the accounting period in which the loss arose. UK tax losses arising in the period prior to 1 April 2017 can only used against taxable profits of the same trade, after 1 April 2017 the losses can be used against total company profits. Deferred tax assets of $2.5 million (2019: $2.4 million) relating to the UK tax losses (applying a tax rate of 19.0%, the rate substantively enacted on 17 March 2020) and the deferred tax assets of $17.0 million (2019: $16.5 million) relating to the US tax losses and taxable temporary fixed asset differences (applying a tax rate of 21.0%) have not been recognised due to uncertainties as to the extent and timing of their future recovery. 7. Loss per share Loss per share is calculated by dividing the earnings attributable to ordinary shareholders of the Company by the weighted average number of ordinary shares in issue during the year. The effects of anti-dilutive ordinary shares resulting from the exercise of share options are excluded from the calculation of the loss per share. Therefore, the diluted loss per share is equal to the loss per share. Basic and diluted loss per share 2020 weighted average number of 1p shares Thousand 2020 loss per share Cents 494,852 (0.8) 2020 loss $’000 (3,784) 2019 weighted average number of 1p shares Thousand 2019 loss per share Cents 406,574 (1.6) 2019 loss $’000 (6,561) 59 8. Key performance measures EBITDA and Adjusted EBITDA for share based payments Earnings before interest, tax, depreciation, and amortisation (‘EBITDA’) is defined as earnings from operations before interest, tax, depreciation, and amortisation charges. The following is a reconciliation of EBITDA and further adjustments for the periods presented: Loss before taxation Adjustments for: Finance income Finance expense Finance lease interest costs Depreciation – owned assets Depreciation – lease liabilities Amortisation of acquired intangible assets Amortisation of capitalised development expenditure EBITDA Depreciation of DDoS Protection-as-a-Service assets charged to cost of sales Adjusted EBITDA – for DDPaaS depreciation Share based payments Adjusted EBITDA – for DDPaaS depreciation and share based payments Unrealised foreign exchange differences on intercompany loan Adjusted EBITDA – for DDPaaS depreciation, share based payments and unrealised foreign exchange differences on intercompany loan – Fully adjusted basis Year ended 31 December 2020 $’000 Year ended 31 December 2019 $’000 (4,030) (6,561) (16) 274 27 259 119 6 1,933 (1,428) 255 (1,173) 359 (814) 263 (551) (15) 364 11 325 65 13 2,638 (3,160) 125 (3,035) 265 (2,770) 313 (2,457) 60 9. Goodwill Group Cost At 1 January 2019 At 31 December 2019 At 31 December 2020 Impairment At 1 January 2019 At 31 December 2019 At 31 December 2020 Carrying amount At 31 December 2020 At 31 December 2019 At 1 January 2019 $’000 17,983 17,983 17,983 (8,992) (8,992) (8,992) 8,991 8,991 8,991 Goodwill is tested at least annually for impairment and when there are indications that goodwill might be impaired. Goodwill is allocated to the Group’s single CGU, Corero Network Security (‘CNS’). The recoverable amount for the CNS CGU was determined based on a discounted cash flow calculation to calculate fair values less costs to sell using cash flow projections over a 10 year period (2019: 10 year period). The discounted cash flow approach is a level 3 fair value calculation in the IFRS 13 fair value hierarchy. The key assumptions for the discounted cash flow calculation are those regarding revenue growth and discount rates as summarised in the table below and commented on below: Forecast cash flow period Extrapolated cash flow period Cumulative annual growth rate (‘CAGR’) for revenue used for the forecast/extrapolated periods Growth rates (‘CAGR’) used for the forecast/extrapolated periods: Year 1–2 (forecast period) Years 3–5 (extrapolated period) Years 6–10 (extrapolated period) Revenue growth rate used beyond the extrapolated period Discount rate 2020 Years 1–2 Years 3–10 13.1% 29.8% 14.0% 6.5% 2.5% 12.2% 2019 Years 1–2 Years 3–10 14.2% 36.4% 14.0% 6.5% 2.5% 14.0% The pre-tax cash flows for the forecast period are derived from the most recent financial budget for the year ending 31 December 2021 (‘2021 Budget’) and the plan for the year ending 31 December 2022 (‘2022 Plan’) approved by the Board, with a sensitivity reflecting prior year experience and progress made in 2020 (10% applied to the 2021 Budget revenue and 15% to the 2022 Plan revenue). The extrapolation for the period 2023 to 2030 is based on management estimates (with the key assumptions set out below). The future pre-tax cash flows are discounted by a WACC of 12.2% (2019: 14.0%). The key assumptions underlying the cash flow projections and which the recoverable amount is most sensitive to are (i) the revenue growth rates forecast and extrapolated for the period 2021 to 2025 (ii) and the discount rate. 61 9. Goodwill continued The cash flow forecasts assume a CAGR revenue growth of 20.1% in the period 2020 to 2025 (22.5% for the period 2019 to 2024) and 6.5% for the period 2025 to 2030 (a ‘CAGR’ of 13.1% for 10-year forecast period; 2019: 14.2%). The cashflow forecasts reflect a sensitivity of 10% applied to the CNS 2021 Budget revenues and a sensitivity of 15% applied to the 2022 Plan revenues (and a sensitivity of 5% to 2021 operating costs and capital expenditure, and a sensitivity of 7.5% to 2022 operating costs and capital expenditure) reflecting prior year experience. The management of the Group believe these growth rates are appropriate for the forecasts given the significant progress the business made in 2020, the strategy for 2021 which is focused on scaling the business for profitability through leveraging the Group’s expanded routes to market and the on-going investment in sales and marketing. This strategy is expected to deliver further increases in revenue in the forecast period. The global COVID-19 pandemic continues to bring uncertainty and wider market disruption globally. Whilst Corero has to date not seen any significant short-term impact on the provision of its products and services, and the sector within which the Company operates, and indeed to some extent benefits from increased network usage deriving from increased ‘Working From Home’ initiatives, there is likely to be further disruptive impacts on the wider economy and this might impact some of its customer base. This impact continues to be a factor in the on-going assessment on the carrying value of goodwill at future reporting dates. The assumed growth rates are supported by the fact that the IT security market is forecast to grow strongly for the foreseeable future. • According to Gartner (one of the leading global IT analyst firms), the global spending on infrastructure Protection and Network Security Equipment to grow to $14.1 billion and $16.9 billion in 2024 respectively (a ‘CAGR’ of 10.3% and 8.7% over the 2019–2023 forecast period) (Source: Gartner Forecast: Information Security and Risk Management, Worldwide, 2017–2023, Q4-19 Update). • The DDoS market is expected to reach $4.7billion by 2024 (Source: MarketsandMarkets DDoS Protection and Mitigation market – Global Forecast to 2024, June 2019) – a CAGR of 14.0% in the period 2019 to 2024. The above market growth rates used in the future cash flow assumptions reflect that CNS is in the relatively early stages of the commercial exploitation of its intellectual property. In addition, the business’s strategy, aside from greater sales growth penetration, is to continue to develop its product and solution offerings to remain its market leadership technological credentials in its chosen markets thereby providing the opportunity to generate above market average growth rates. The growth rate assumed in the period beyond the 10-year extrapolation period of 2.5% is considered reasonable as historically IT spend has exceeded GDP growth. The discount rate is based on a cost of equity using the Capital Asset Pricing Model with the key inputs being a risk-free interest rate estimate of 0.93% (based on 10-year US government bonds) (2019: 1.75%), comparable company betas, an equity risk premium of 6.2% (2019: 7.4%), and small company risk premium of 4.5% (2019: 4.5%). The WACC has been assessed based on that fact that the Company had debt at 31 December 2020 of $1.8 million (debt at 31 December 2019: $2.9 million). The WACC used in the valuation reflects current market assessments of the time value of money and the risks specific to CNS. As stated above, the valuation to support the value in use of the CNS CGU is sensitive to changes in the cash flow forecasts and the discount rate assumptions, and there is no absolute guarantee that the expected growth will be achieved. If the discount rate is increased from 12.2% to 52.7%, this would mathematically result in an impairment of the carrying value of goodwill of $9.0 million meaning the goodwill would be fully impaired. If the sensitivity of 10% applied to the CNS 2021 Budget and 15% to the 2022 Plan revenues (and sensitivity of 5% to CNS 2021 Budget operating costs and capital expenditure, and 7.5% to the 2022 Plan operating costs and capital expenditure) was increased to 34.6% for the CNS 2021 Budget and 51.9% to the 2022 Plan revenues (and sensitivity of 17.3% to CNS 2021 Budget operating costs and capital expenditure, and 25.95% to the 2022 Plan operating costs and capital expenditure), this would mathematically result in an impairment of the carrying value of goodwill of $9.0 million meaning the goodwill would be fully impaired. Apart from the considerations in determining the value in use of the CNS CGU extensively described above, the management of the Group is not currently aware of any other reasonably possible changes that would necessitate changes in its key estimates. 62 10. Acquired intangible assets Group Cost At 1 January 2019 Additions At 31 December 2019 and at 1 January 2020 Additions At 31 December 2020 Amortisation At 1 January 2019 Charge for year At 31 December 2019 and at 1 January 2020 Charge for year At 31 December 2020 Net book value At 31 December 2020 At 31 December 2019 At 1 January 2019 Company The Company has no intangible fixed assets (2019: $nil). Computer software $’000 Customer relationships $’000 6,003 6 6,009 8 6,017 (5,989) (13) (6,002) (6) (6,008) 9 7 14 197 – 197 – 197 (197) – (197) – (197) – – – Total $’000 6,200 6 6,206 8 6,214 (6,186) (13) (6,199) (6) (6,205) 9 7 14 63 11. Capitalised development expenditure Group Cost At 1 January 2019 Additions At 31 December 2019 and at 1 January 2020 Additions At 31 December 2020 Amortisation At 1 January 2019 Charge for year At 31 December 2019 and at 1 January 2020 Charge for year At 31 December 2020 Net book value At 31 December 2020 At 31 December 2019 At 1 January 2019 Company The Company has no capitalised development expenditure (2019: $nil). Total $’000 19,540 1,360 20,900 1,410 22,310 (13,093) (2,638) (15,731) (1,933) (17,664) 4,646 5,169 6,447 64 12. Property, plant and equipment Group Cost 1 January 2019 Additions Transfers Disposals Foreign currency translation At 31 December 2019 and 1 January 2020 Additions Transfers Disposals Foreign currency translation At 31 December 2020 Depreciation At 1 January 2019 Charge for year Transfers Disposals Foreign currency translation At 31 December 2019 and at 1 January 2020 Charge for year Transfers Disposals Foreign currency translation At 31 December 2020 Net book value At 31 December 2020 At 31 December 2019 At 1 January 2019 Sales evaluation assets $’000 DDoS protection as-a-service assets $’000 Computer Equipment $’000 Fixtures and Fittings $’000 Leasehold Improvements $’000 Right-of-use assets $’000 2,540 87 (2) – 7 2,632 160 – (1,755) 5 1,042 (2,213) (213) 2 – (5) (2,429) (154) – 1,755 (6) (834) 208 203 327 474 184 (8) (140) 1 511 196 (83) (405) (3) 216 (338) (90) 1 49 (1) (379) (68) 16 337 3 (91) 125 132 136 402 204 10 – 5 621 646 83 – 27 69 34 – – 1 104 – – – – 22 70 – – 1 93 13 – – – 77 343 – – 3 423 – – – 3 1,377 104 106 426 (280) (125) (3) – (5) (413) (255) (16) – (11) (695) 682 208 122 (47) (11) – – – (58) (15) – – (1) (74) 30 46 22 (18) (11) – – (1) (30) (22) – – – – (65) – – (1) (66) (119) – – (4) (52) (189) 54 63 4 237 357 77 Total $’000 3,584 922 – (140) 18 4,384 1,015 – (2,160) 32 3,271 (2,896) (515) – 49 (13) (3,375) (633) – 2,092 (19) (1,935) 1,336 1,009 688 DDoS Protection as-a-Service assets depreciation is charged to cost of sales. Company The Company has no property, plant and equipment (2019: $nil). 65 13. Investment in subsidiaries Company Cost At 1 January 2019 Capitalisation of intercompany balances Additions Foreign currency translation At 31 December 2019 and at 1 January 2020 Capitalisation of intercompany balances Additions Foreign currency translation At 31 December 2020 Impairment At 1 January 2019 Impairment charge Foreign currency translation At 31 December 2019 and at 1 January 2020 Impairment credit/(charge) Foreign currency translation At 31 December 2020 Net book value At 31 December 2020 At 31 December 2019 At 1 January 2019 Investment in Corero Network Security, Inc. and Corero Network Security (UK) Limited $’000 Investment in Corero Group Services Limited $’000 63,105 1,828 – 2,512 67,445 849 – 2,008 70,302 (47,447) (7,816) (1,889) (57,152) 36,588 (1,704) (22,268) 48,035 10,293 15,658 7,565 1,202 – 301 9,068 1,540 – 270 10,878 (3,652) (533) (146) (4,331) (469) (128) (4,928) 5,950 4,737 3,913 Loan note $’000 7,292 – 373 305 7,970 – 394 263 8,627 (1,745) (414) (69) (2,228) 604 (67) (1,691) 6,936 5,742 5,547 Total $’000 77,962 3,030 373 3,118 84,483 2,389 394 2,541 89,807 (52,844) (8,763) (2,104) (63,711) 36,723 (1,899) (28,887) 60,921 20,772 25,118 The Directors have reviewed the carrying value of the cost of investments in subsidiaries of the Company with reference to current and future trading conditions and on a discounted free cash flow valuation which the Directors consider to be an appropriate valuation methodology. As at 31 December 2020 the provision against the investment in subsidiaries was $27.2 million (at 31 December 2019: $61.5 million), comprising a provision against the investment in Corero Network Security, Inc. and Corero Network Security (UK) Limited (together ‘CNS’) of $22.3 million and a provision against the investment in Corero Group Services Limited of $4.9 million. As noted in note 9, the discounted cash flow valuation for CNS is sensitive to changes in the cash flow forecast and the discount rate assumptions. If the sensitivity applied to the CNS 2021 Budget and 2022 Plan revenues (and the CNS 2021 Budget operating costs and capital expenditure, and 2022 Plan operating costs and capital expenditure) was increased to 40.0% for the CNS 2021 Budget and 49.1% to the 2022 Plan revenues (and sensitivity of 20.0% to CNS 2021 Budget operating costs and capital expenditure, and 24.6% to the 2022 Plan operating costs and capital expenditure), this would mathematically result in the net book value of the investment in CNS at 31 December 2020 being nil (fully impaired). If the discount rate is increased from 12.2% to 32.8%, this would mathematically result in the net book value of the investment in CNS at 31 December 2020 being nil (fully impaired). The Company’s investment in Corero Network Security, Inc. includes a loan note instrument. These loan notes bear interest at 5.0% per annum which at the election of Corero Network Security, Inc. is payable quarterly or added to the principal amount which is due on 31 October 2021. As at 31 December 2020 the expected credit loss provision was $1.7 million (2019: $2.2 million). 66   The Company owns: • 100% of the issued share capital of Corero Network Security, Inc. a company incorporated in Delaware, USA. The company’s business address is 293 Boston Post Road, Marlborough, MA 01752, USA. The principal business of the company consists of the development and sale of appliance and software security products and solutions. • 100% of the issued share capital of Corero Group Services Limited, a company incorporated and registered in England and Wales. The company’s business address is St Mary’s Court, The Broadway, Amersham, Buckinghamshire, HP7 0UT, England, United Kingdom. The principal business of the company consists of providing administration services to the Group. • 100% of the issued share capital of Corero Network Security (UK) Limited, a company incorporated and registered in England and Wales. The company’s business address is 3rd Floor, 53 Hanover Street, Edinburgh, EH2 2PJ and registered address is St Mary’s Court, The Broadway, Amersham, Buckinghamshire, HP7 0UT, England, United Kingdom. The principal business of the company consists of sale of appliances and software security products and solutions, providing development and marketing services on behalf of Corero Network Security, Inc. 14. Inventories Gross inventory Less: provision for impairment Net inventory Group 2020 $’000 148 (50) 98 Net inventory comprises finished goods and raw materials. The value of inventory recognised as an expense in cost of sales was $2.7 million (2019: $1.2 million). Company The Company holds no inventory (2019: $nil). 15. Trade and other receivables Trade receivables Contract assets (note 4) Less: provision for impairment of trade receivables Net trade receivables Other debtors Prepayments Group 2020 $’000 278 2,429 – 2,707 124 1,577 4,408 2019 $’000 345 1,326 – 1,671 137 1,071 2,879 Company 2020 $’000 – – – – 77 – 77 Group 2019 $’000 104 (41) 63 2019 $’000 – – – – 82 – 82 None of the Company’s trade and other receivables are secured by collateral or credit enhancements. The Group applies the simplified approach to measuring expected credit losses using a lifetime expected credit loss for trade receivables and contract assets. To measure expected credit losses on a collective basis, trade receivables and contract assets are grouped based on a similar credit risk and aging. The expected loss rates are based on the Group’s historical credit losses experienced over a two year period prior to the period end. The historical loss rates are then adjusted for current and forward-looking information on macroeconomic factors affecting the Group’s customers. The Group has identified gross domestic product growth rates, unemployment rates and inflation rates as the key macroeconomic factors in the countries in which the Group operates. The calculated expected credit loss allowance for the current and prior reporting periods has not been included as an impairment provision as the Directors consider it to be immaterial. The Directors consider that the carrying amount of trade and other receivables approximates their fair value. 67   15. Trade and other receivables continued The maturity profile of trade and other receivables is set out in the table below: In one year or less, or on demand In more than one year, but not more than five years Group Company 2020 $’000 3,714 694 4,408 2019 $’000 2,572 307 2,879 2020 $’000 – 77 77 2019 $’000 8 74 82 Balances due in more than one year, but not more than five years, are presented as non-current in the Statement of Financial Position. The analysis of trade and other receivables by foreign currency is set out in the table below: US dollars UK pound Group Company 2020 $’000 3,818 590 4,408 2019 $’000 2,483 396 2,879 2020 $’000 – 77 77 2019 $’000 – 82 82 The Group’s foreign currency receivables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the result for the year from exchange rate movements on such financial instruments. 16. Trade and other payables Trade payables Amounts due to subsidiaries Other payables Accruals Group Company 2020 $’000 3,977 – 348 2,538 6,863 2019 $’000 708 – 103 1,336 2,147 2020 $’000 – 5,845 – 143 5,988 2019 $’000 – – – 144 144 None of the Group or Company’s trade and other payables are secured by collateral or credit enhancements. The Directors consider that the carrying amount of trade and other payables approximates their fair value. 74% (2019: 61%) of the trade and other payables are due in less than three months. The analysis of trade and other payables by foreign currency is set out in the table below: US dollars UK pound Group Company 2020 $’000 4,383 2,480 6,863 2019 $’000 798 1,349 2,147 2020 $’000 – 5,988 5,988 2019 $’000 – 144 144 The Group’s foreign currency payables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the result for the year from exchange rate movements on such financial instruments. 68 17. Lease Liabilities Lease liabilities The Directors consider that the carrying amount of lease liabilities approximates to their fair value. Company The Company has no lease liabilities (2019: $nil). The analysis of lease liabilities by foreign currency is set out in the table below: US dollars UK pound 18. Borrowings The Group borrowings: Bank loans The Company borrowings: Bank loan Group 2020 $’000 257 257 Group 2020 $’000 254 3 257 2020 $’000 2,478 2020 $’000 1,841 Group 2019 $’000 369 369 Group 2019 $’000 327 42 369 2019 $’000 2,937 2019 $’000 2,937 The Company bank loan comprises an initial four-year term GBP sterling bank loan of £3.0 million, which was drawn down in May 2018, with quarterly repayments that commenced on 31 March 2019. These quarterly repayments increase from £150,000 on 31 March 2019 to £310,000 on 31 March 2022 such that the loan will be repaid in full on 31 March 2022. The loan costs were $286,000, $143,000 of which is payable on 31 March 2022. The bank loan has no early repayment penalties or redemption premium. The bank loan terms include the payment of a fee equal to 1.0% of the disposal proceeds on a sale or a change of control of the Company above a threshold amount of £100 million if such disposal or change of control occurs before April 2025. After the financial period under review, the Company has entered into a new borrowing facility for up to £3.0 million (c$4.1 million) with its existing banking partner, the net proceeds of which will be used for working capital purposes and its on-going investment programme to support its growing strategy (see note 29). Interest is payable quarterly in arrears based on 3-month GBP Libor plus 7.5%. The loan principal repayment schedule by year for the bank loan is: Year 2021 2022 $’000 1,510 424 1,934 69   18. Borrowings continued The contractual future cash flows, including undiscounted interest based on the interest rate at 31 December 2020 of 7.561% (at 31 December 2019: 8.292%) for the bank loan, are: Year 2021 2022 $’000 1,613 575 2,188 The bank loan is secured by debentures over the business assets of all Group companies and by Group company guarantees including a guarantee from the Company. The bank loan terms include typical covenants for such a loan, as well as revenue and cash consumption covenants, which are tested quarterly and monthly respectively. These covenants were met for each covenant reporting period in the reporting period ended 31 December 2020. At 31 December 2020, the Group’s liabilities have contractual maturities which are summarised below. These contractual maturities reflect the payment obligations which may differ from the carrying values of the liabilities at the balance sheet date. Group Trade and other payables Lease liabilities Total Company Trade and other payables Total In one year or less, or on demand Between two and five years 2020 $’000 6,461 86 6,547 In one year or less, or on demand 2020 $’000 5,845 5,845 2019 $’000 2,008 112 2,120 2019 $’000 5 5 2020 $’000 402 171 573 Between two and five years 2020 $’000 143 143 2019 $’000 139 257 396 2019 $’000 139 139 Analysis of changes in net cash (cash and cash equivalents, and borrowings) Cash and cash equivalents Bank borrowings Paycheck Protection Program Loan (see below) Total net cash As at 1 Jan 2019 $’000 Movement in period $’000 8,026 (3,606)  – 4,420 295 669  – 964 As at 1 Jan 2020 $’000 8,321 (2,937) – 5,384 Movement in period $’000 As at 31 December 2020 $’000 1,819 1,096 (637) 2,278 10,140 (1,841) (637) 7,662 The movement in the period is a combination of the actual flow (from operating, financing and investing activities) and the exchange rate movement. 70   Paycheck Protection Program Loan (‘PPPL’) The Company’s US trading subsidiary, Corero Network Security, Inc was advanced, via its US bank, Pacific Western Bank, a Paycheck Protection Program Loan for $637,000 on 11 May 2020. The PPPL is a component of the US federal stimulus package known as the Coronavirus Aid, Relief and Economic Security Act, which offers help to businesses in the US during the COVID-19 crisis. The loan, approved under waiver from the Group’s borrowing providers represents allowable US payroll costs, together with a smaller element of associated rent and utility costs. The terms of the PPPL are 1% interest, 2-year term, no early repayment penalties, no collateral/guarantees and no fees. Loan repayments are deferred for 6 months but interest accrues. Under PPP, the loan, or a proportion of it, may be forgivable if the use of the proceeds meets certain criteria, including employee retention and payroll purposes. As at 31 December 2020, loan forgiveness had been applied for but not granted. The Board did not have reasonable assurance that the loan would be forgiven and, as a result, it has not been treated as grant income in the year. Notification of the PPPL forgiveness in full was received from Pacific Western Bank on 28th January 2021. 19. Financial instruments The Group’s financial instruments are categorised as shown below: Group Financial assets Trade and other receivables Cash Group Financial liabilities Trade and other payables Borrowings Book Value 2020 $’000 Book Value 2019 $’000 2,815 10,140 12,955 1,776 8,321 10,097 Book Value 2020 $’000 Book Value 2019 $’000 7,120 2,568 9,688 2,516 3,098 5,614 The Group manages liquidity and credit risk in line with the financial risk management objectives and policies as set out on page 21. At the present time the Group does not have significant exposure to foreign exchange or interest rate risk. There are no differences between the fair values and book values held by the Group. 20. Deferred income Group Current More than one year but less than five years 2020 $’000 3,444 2,705 6,149 2019 $’000 2,800 1,096 3,896 The Group’s deferred income balance will be recognised as revenue evenly over the remaining term of the service and support agreements in place. The service and support agreements expire at various times throughout the year with no particular seasonality. Company The Company has no deferred income (2019: $nil). 71       21. Pensions The Group’s pension arrangements are operated through defined contribution schemes. Defined contribution schemes Defined contribution pension costs 22. Share capital 2020 $’000 153 2019 $’000 145 Authorised share capital The authorised share capital comprises 745,821,970 (2019: 745,821,970) ordinary shares of 1 penny (‘p’) (1.4 cents (‘c’)) each. Issued ordinary share capital 1 January 2019 401,995,161 ordinary shares of 1p each Issued 92,857,143 ordinary shares of 1p each (1.26c) 31 December 2019 and 31 December 2020 494,852,304 ordinary shares of 1p each $’000 5,740 1,174 6,914 There have been no share issues in 2020. On 13 December 2019, 92,857,143 ordinary shares with a nominal value of 1p were issued at 3.5p (4c) per share by way of a subscription and placing. 23. Share premium 1 January 2019 92,857,143 ordinary shares ordinary shares of 3.5p each (4c) less issue costs 31 December 2019 and 31 December 2020 $’000 79,338 2,784 82,122 There have been no share issues in 2020. Consideration received in excess of the nominal value of the 92,857,143 shares issued on 13 December 2019 as a result of the subscription and placing has been included in share premium, less registration, commission and professional fees of $149,000. 24. Employees and Directors Employee expenses, including Directors, during the period Group Wages and salaries Social security costs Other pension costs 72 Total 2020 $’000 9,581 1,166 153 10,900 Total 2019 $’000 7,059 622 145 7,826     Average monthly numbers of employees (including Directors) employed Sales and marketing Technical, support and services Management, operations and administration Company The Company has no employees (2019: nil). Directors, being the Key Management personnel 2020 Number 2019 Number 18 34 7 59 13 32 6 51 Directors Ashley Stephenson Andrew Miller Jens Montanana Lionel Chmilewsky Peter George Richard Last Bonus $’000 Benefits $’000 Pension $’000 Subtotal $’000 Options $’000 Company National Insurance Contributions $’000 Total 2020 $’000 Total 2019 $’000 176 – – 158 – – 334 19 4 – 7 – – 30 – 10 – 35 – – 45 518 129 41 413 36 35 1,172 93 67 – 277 – – 437 9 23 – 50 – 3 85 620 219 41 740 36 38 443 349 41 – 82 38 1,694 953 Salary & fees $’000 323 115 41 213 36 35 763 Bonus payments of $334,000 were awarded to Directors in respect of the year to 31 December 2020 (2019: $175,000). Lionel Chmilewsky has an employment agreement with a wholly owned subsidiary of the Company which provides for the payment of six months’ base salary if the agreement is terminated by the Company without cause. Ashley Stephenson has an employment agreement with a wholly owned subsidiary of the Company which provides for the payment of six months’ base salary if the agreement is terminated by the Company without cause. Andrew Miller resigned as an Executive Director on 31st May 2020 and took up a new role on the Board as a Non-executive Director on 1st June 2020. 25. Lease commitments The Group has total future minimum lease payments under non-cancellable leases totalling $3,000 (2019: $26,000) analysed by year of expiry as follows: Land and building agreements expiring: Within one year Company The Company has no lease commitments (2019: $nil). 2020 $’000 3 3 2019 $’000 26 26 73 26. Contingent liabilities Corero Network Security (UK) Limited was in December 2015 awarded a grant of £600,000 for a development project over three years from Scottish Enterprise. Any monies becoming repayable by Corero Network Security (UK) Limited under the grant terms for breaches of the grant conditions are guaranteed by the Company. These conditions which are typical for a grant of this nature, and which apply for a period of five years from the final grant payment date (being 14 March 2019), include maintaining minimum headcount in Scotland and no change of control. 27. Share options The Company has the following share option schemes: • Enterprise Management Incentive Scheme for its employees, which has been approved by HMRC. • Executive Enterprise Management Incentive Scheme, which has been approved by HMRC. • Unapproved Share Option Scheme. • Deferred Payment Share Plan. In August 2010, 1,257,000 options were granted to certain Directors and employees under the Executive Enterprise Management Incentive scheme and Unapproved Share Option Scheme. The options granted vested immediately upon grant. All other options granted in the period 2010 to 2020 have a three-year vesting period, vesting one third on the first anniversary of grant, one third on the second anniversary of grant and one third on the third anniversary of grant. Shares acquired on the exercise of an option may not be sold until the expiry of the second anniversary following the date of option grant. With the exception of options granted in April 2017 to Directors which include a revenue growth performance vesting condition, there are no vesting conditions for options granted. If an option holder ceases to be in employment or hold office within the Group, options granted shall immediately lapse unless such cessation is because of the option holder’s death; the option holder’s ill health or disability; the company that employs the option holder ceasing to be under the control of the Company or such company ceasing to be within the Group; the transfer of sale of the undertaking or part-undertaking in which the option holder is employed to a person who is neither under the control of the Company nor within the Group; or any other reason that the Board in its absolute discretion shall determine. On a cessation of employment or office as set out above, options shall be exercisable to the extent they have vested according to the terms of the option agreement and the provisions of the relevant share option scheme and must be exercised within 30 days following such cessation unless otherwise determined by the Board or if such cessation is by reason of death in which case the option holder’s personal representatives must exercise the option within 12 months following the date of the option holder’s death. For option agreements granted post June 2020 and subject to the approval of the Board, where an option holder has, as at the date of the grant, been employed by a Group company for a period of at least three years and whose employment is terminated either: (a) by the company other than for cause; or (b) by resignation on the part of the option holder, such option holder shall be entitled to retain the options granted under the option agreement following the effective date of the termination and such retained options shall continue to vest and be exercisable by the option holder in accordance with the vesting terms set out in the agreement. On 18 March 2014, the Enterprise Management Incentive Scheme was extended by 10 years to 20 April 2021. In the year ended 31 December 2020, to continue to attract and retain the Company’s employees, and with the approval of the Company’s significant shareholders, a share option re-pricing, cancellation and re-grant of 25,446,000 options were made on 16 June 2020. A summary of the share option re-pricing, cancellation and re-grant is as follows: • One-for-one basis for ‘out of the money’ options • Share option price of 5.25p (7c): determined from higher of the 90-day volume weighted average share price (VWAP) and the mid-market closing share price on Monday 15 June • 14,403,000 new options were also granted • No performance conditions attached other than: vest one third on the first anniversary, one third on the second anniversary and one third on the third anniversary of the date of grant • Any ordinary shares which are issued following exercise of the first tranche may not be sold or transferred by an option holder prior to the second anniversary • With shareholder approval, the overall limit on share options was increased from the previous limit of 10% of the Company’s issued share capital to the greater of (i) a maximum of 61,856,538 share options (equivalent to 12.5% of the Company’s current issued share capital) or (ii) 10% of the Company’s issued share capital. 74 Share options granted at 31 December 2020 were as follows: Option holders Date granted Expiry date Enterprise Management Incentive Scheme Exercise price – pence (cents) At 1 January 2020 Granted Exercised Forfeit/ cancelled At 31 December 2020 Other Holders April 2015 April 2017 June 2017 April 2025 15p (23c) 500,000 April 2027 8p (10c) 1,586,569 June 2027 13.6 (18c) 1,698,305 September 2017 September 2027 9.1p (12c) 5,000 October 2018 October 2028 11.0p (14c) 2,569,932 April 2019 April 2029 8.4p (11c) 237,500 September 2019 September 2029 2.5p (3c) 5,000 – – – – – – – April 2020 June 2020 April 2030 4.2p (5c) June 2030 5.3p (7c) September 2020 September 2030 7.8p (10c) October 2020 October 2030 9.0p (12c) – – – – 565,000 9,040,500 10,000 12,500 Executive Enterprise Management Incentive Scheme Andrew Miller May 2018 May 2028 13.6p (18c) 2,356,000 Andrew Lloyd April 2017 April 2027 8p (10c) 2,083,333 October 2018 October 2028 11.0p (14c) 599,479 – – – Unapproved French Share Option Scheme Lionel Chmilewsky June 2020 June 2030 5.3p (7c) – 7,000,000 Unapproved Share Option Scheme Jens Montanana Richard Last Andrew Lloyd Ashley Stephenson April 2017 May 2018 April 2027 8p (10c) 994,000 May 2028 13.6p (18c) 425,000 October 2018 October 2028 11.0p (14c) 400,000 April 2017 June 2017 April 2027 8p (10c) 450,000 June 2027 13.6 (18c) 180,000 October 2018 October 2028 11.0p (14c) 200,000 April 2017 June 2017 April 2017 June 2017 April 2027 8p (10c) 580,001 June 2027 13.6 (18c) 200,000 April 2027 8p (10c) 2,319,000 June 2027 13.6 (18c) 3,200,000 October 2018 October 2028 11.0p (14c) 2,400,000 – – – – – – – – – – – June 2020 June 2030 5.3p (7c) – 7,919,000 – – – – – – – – – – – – – – – – – – – – – – – – – – – (500,000) (1,586,569) (1,698,305) (5,000) (2,569,932) (227,500) – (100,000) – – – – – – 5,000 465,000 (55,000) 8,985,500 – – 10,000 12,500 (2,356,000) (599,479) – – – – – – – – – – (2,319,000) (3,200,000) (2,400,000) – – 2,083,333 7,000,000 994,000 425,000 400,000 450,000 180,000 200,000 580,001 200,000 – – – – 7,919,000 75         27. Share options continued Option holders Date granted Expiry date Unapproved Share Option Scheme continued Exercise price – pence (cents) At 1 January 2020 Granted Exercised Forfeit/ cancelled At 31 December 2020 Andrew Miller April 2017 April 2027 8p (10c) 1,919,000 October 2018 October 2028 11.0p (14c) 900,521 – – June 2020 June 2030 5.3p (7c) – 5,775,000 Peter George Other holders January 2019 January 2029 11.3p (15c) 750,000 August 2010 August 2020 31p (50c) 308,000 March 2011 March 2021 40p (65c) 290,000 September 2011 September 2021 37.5p (61c) 40,000 March 2012 March 2022 54.5p (89c) 140,000 April 2013 May 2014 April 2015 April 2023 25p (38c) 100,000 May 2024 25p (42c) 670,666 April 2025 15p (23c) 53,000 October 2015 September 2025 15p (23c) 105,000 May 2016 May 2026 20p (29c) 20,000 September 2016 September 2026 22.5p (33c) 455,000 April 2017 June 2017 April 2027 8p (10c) 623,626 June 2027 13.6 (18c) 665,500 September 2017 September 2027 9.1p (12c) 500,000 October 2018 October 2028 11.0p (14c) 3,268,568 April 2019 April 2029 8.4p (11c) 50,000 September 2019 September 2029 2.5p (3) 4,430,000 – – – – – – – – – – – – – – – – – April 2020 April 2020 June 2020 April 2030 4.2p (5c) April 2030 4.2p (5c) June 2030 5.3p (7c) September 2020 September 2030 7.8p (10c) – – – – 705,000 50,000 4,711,500 300,000 – – – – – – – – – – – – – – – – – – – – – – – – (1,919,000) (900,521) – – (308,000) – – – – – (53,000) (105,000) (20,000) (450,000) (623,626) (665,500) (500,000) – – – 750,000 – 290,000 40,000 140,000 100,000 670,666 – – – 5,000 – – – (3,218,568) 50,000 (50,000) – – 4,430,000 (100,000) – 605,000 50,000 (108,000) 4,603,500 – 300,000 38,278,000 36,088,500 – (26,638,000) 47,728,500 The closing mid-market price for the Company’s shares at 31 December 2020 was 10.0p (13.7c) and the high and low for the year was 11.6p (15.1c) and 3.6p (4.1c). In the 12 months to 31 December 2020, no options were exercised (2019: nil) and 1,192,000 options were forfeited (2019: 2,249,166). Share options granted at 31 December 2019 were as follows: Option holders Date granted Exercise price –pence (cents) Expiry date At 1 January 2019 Granted Exercised Forfeit/ cancelled At 31 December 2019 Enterprise Management Incentive Scheme Other Holders April 2015 April 2017 June 2017 April 2025 15p (23c) 500,000 April 2027 8p (10c) 1,591,569 June 2027 13.6 (18c) 1,705,305 September 2017 September 2027 9.1p (12c) April 2018 April 2028 5.9p (7c) 20,000 13,000 October 2018 October 2028 11.0p (14c) 2,712,432 – – – – – – April 2019 April 2029 8.4p (11c) September 2019 September 2029 2.5p (3c) – –  247,500 5,000 – – – – – – – –  – (5,000) (7,000) (15,000) (13,000) 500,000 1,586,569 1,698,305 5,000 – (142,500) 2,569,932 (10,000) –  237,500 5,000 76 Option holders Date granted Exercise price –pence (cents) Expiry date At 1 January 2019 Granted Exercised Forfeit/ cancelled At 31 December 2019 Executive Enterprise Management Incentive Scheme Andrew Miller May 2018 May 2028 13.6p (18c) 2,356,000 October 2018 October 2028 11.0p (14c) 599,479 Andrew Lloyd April 2017 April 2027 8p (10c) 3,124,999 Unapproved Share Option Scheme Jens Montanana Richard Last Andrew Lloyd Ashley Stephenson April 2017 May 2018 April 2027 8p (10c) 994,000 May 2028 13.6p (18c) 425,000 October 2018 October 2028 11.0p (14c) 400,000 April 2017 June 2017 April 2027 8p (10c) 450,000 June 2027 13.6 (18c) 180,000 October 2018 October 2028 11.0p (14c) 200,000 April 2017 June 2017 April 2017 June 2017 April 2027 8p (10c) 870,001 June 2027 13.6 (18c) 200,000 April 2027 8p (10c) 2,319,000 June 2027 13.6 (18c) 3,200,000 October 2018 October 2028 11.0p (14c) 2,400,000 Andrew Miller April 2017 April 2027 8p (10c) 1,919,000 October 2018 October 2028 11.0p (14c) 900,521 – – – – – – – – – – – – – – – – Peter George Other holders January 2019 January 2029 11.3p (15c) – 750,000 August 2010 August 2020 31p (50c) 308,000 March 2011 March 2021 40p (65c) 290,000 September 2011 September 2021 37.5p (61c) 40,000 March 2012 March 2022 54.5p (89c) 140,000 April 2013 May 2014 April 2015 April 2023 25p (38c) 100,000 May 2024 25p (42c) 670,666 April 2025 15p (23c) 53,000 October 2015 September 2025 15p (23c) 105,000 May 2016 May 2026 20p (29c) 20,000 September 2016 September 2026 22.5p (33c) 455,000 April 2017 June 2017 April 2027 8p (10c) 623,626 June 2027 13.6 (18c) 765,500 September 2017 September 2027 9.1p (12c) 505,000 October 2018 October 2028 11.0p (14c) 3,338,568 – – – – – – – – – – – – – – April 2019 April 2029 8.4p (11c) September 2019 September 2029 2.5p (3c) – – 600,000 4,430,000 34,494,666 6,032,500 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 2,356,000 599,479 (1,041,666) 2,083,333 – – – – – – (290,000) – – – – – – – – – – – – – – – – – – (100,000) (5,000) (70,000) (550,000) 994,000 425,000 400,000 450,000 180,000 200,000 580,001 200,000 2,319,000 3,200,000 2,400,000 1,919,000 900,521 750,000 308,000 290,000 40,000 140,000 100,000 670,666 53,000 105,000 20,000 455,000 623,626 665,500 500,000 3,268,568 50,000 – 4,430,000 (2,249,166) 38,278,000 The closing mid-market price for the Company’s shares at 31 December 2019 was 5.88p (8c) and the high and low for the year was 12.89p (16c) and 2.44p (3c). In the 12 months to 31 December 2019, no options were exercised (2018: 3,333) and 2,249,166 options were forfeited (2018: 4,328,417). 77         27. Share options continued Total number of options granted to Directors 31 December 2020 Options granted 31 December 2019 Options granted Relevant Share Option scheme Ashley Stephenson Andrew Lloyd Andrew Miller Jens Montanana Lionel Chmilewsky Peter George Richard Last 7,919,000 2,863,333 5,915,000 1,819,000 7,000,000 750,000 830,000 7,919,000 Unapproved Share Option Scheme 2,863,333 Executive Enterprise Management Scheme and Unapproved Share Option Scheme 5,915,000 Executive Enterprise Management Scheme and Unapproved Share Option Scheme 1,819,000 Unapproved Share Option Scheme – Unapproved Share Option Scheme 750,000 Unapproved Share Option Scheme 830,000 Unapproved Share Option Scheme 27,096,333 20,096,333 None of the Directors holding office at the balance sheet date exercised options during the year (2019: none). The options held by Andrew Lloyd at 31 December 2018 included 1,331,667 share options which were forfeited in accordance with the settlement agreement with Andrew Lloyd dated 2 January 2019. Andrew Miller has a contractual right (granted in March 2011) to purchase 140,000 ordinary shares in the Company from the Employee Share Ownership Trust at 40p per share pursuant to a grant made to him under the Deferred Payment Share Plan. Share-based payments The Remuneration Committee (‘RC’) approves the grant of share options to employees of the Group under the Group’s share option schemes. Share options are granted with a fixed exercise price which is equal to the market price at the date of the grant or higher price determined by the RC. The share options granted are required to be exercised within 10 years from the date of grant. Share options are valued using the Black-Scholes option-pricing model. The weighted average fair value of the options granted in the year was 2.7p (3.5c). The value of share options granted during the year was calculated using the Black-Scholes option pricing model. The following variables and ranges were used: Share price at date of grants Exercise price Expected volatility Estimated years to exercise Risk free interest rate 2020 2019 4.2p–9.0p (5c–12c) 2.5p–11.3p (3c–15c) 4.2p–9.0p (5c–12c) 2.5p–11.3p (3c–15c) 62.3%–75.6% 4.25–4.8 -0.08%–0.2% 51.9%–62.4% 4.0–4.7 0.3%–0.9% 78     The table below provides information on all options outstanding at the end of the year: Weighted average remaining contractual life Average remaining contractual life Options exercisable Exercise price range Weighted average share price Weighted average exercise price Expected volatility Risk free rate – 5 year gilt rate Expected dividend yield 8.8 years 6.5 years 8,329,667 2.5p-55p (3c-73c) 6p (8c) 6p (8c) 0.2%-70.8% -0.08%-2.5% Nil Volatility is calculated as the standard deviation of the closing daily share price over a period of 24 months prior to the grant date. Operating expenses in the Group Income Statement included a charge of $359,000 (2019: $265,000) relating to employee share-based payments. 28. Related parties and transactions There have been no equity placings or offers in the year ended 31 December 2020. As part of the subscription and placing on 13 December 2019, Jens Montanana contributed $1.5 million and Richard Last contributed $22,000 (note 22). The Directors consider the Group’s key management personnel to be the Board of Directors of the Company whose compensation is detailed in note 24. Company key management compensation was $nil (2019: $nil) as the key management are employed by subsidiaries. 29. Subsequent event New borrowing facility After the financial period under review, the Company has entered into a new borrowing facility for up to £3.0 million (c$4.1 million) with its existing banking partner, the net proceeds of which will be used for working capital purposes and its on-going investment programme to support its growing strategy. The new borrowings facility comprises: a drawn £2.0 million term loan facility and an undrawn £1.0 million Revolving Credit Facility (‘RCF’); is for a three-year term; has no early repayment penalties or redemption premium; a reduced interest payable quarterly at 6.5% per annum over the Bank of England base rate (before any potential EBITDA margin ratchet downwards adjustment); 2.6% interest per annum on the RCF; arrangement fee of 3.75%; and standard security and loan covenants in line with the existing lending arrangement (which will continue to be repaid until its completion in March 2022). Paycheck Protection Program Loan (PPPL) Notification of the PPPL forgiveness in full was received from Pacific Western Bank on 28th January 2021. For further details see note 18. 79   Solicitors Dorsey and Whitney LLP 199 Bishopsgate London EC2M 3UT Bankers Santander 2 The Forbury Reading RG1 3EU Pacific Western Bank 406 Blackwell Street Suite 240 Durham North Carolina 27701 USA Registrars Link Group 10th Floor Central Square 29 Wellington Street Leeds LS1 4DL Website address www.corero.com Corporate Directory Directors Jens Montanana (Non-executive Chairman) Richard Last (Non-executive Director) Peter George (Non-executive Director) Andrew Miller (Non-executive Director) Lionel Chmilewsky (Chief Executive Officer) Ashley Stephenson (Chief Technology Officer) Secretary and Registered Office Duncan Swallow St Mary’s Court The Broadway Amersham Buckinghamshire HP7 0UT Nominated Adviser and Broker Canaccord Genuity Ltd 88 Wood Street London EC2V 7QR Financial Public Relations Vigo Communications Sackville House 40 Piccadilly London W1J 0DR Auditor BDO LLP 55 Baker Street London W1U 7EU 80 Corero Network Security plc – Annual Report and Accounts 2020 Glossary 5G AI AIM ARR CAGR CGU CNS CPU CSPs DDoS DDPaaS DPDK DPI DTR EBITDA EU FCA FRC FRS IAS IASB IFRIC IFRS IoT IP Fifth Generation Cellular Network Technology Artificial Intelligence Alternative Investment Market Annualised Recurring Revenues Compound Annual Growth Rate Cash-Generating Unit Corero Network Security Central Processing Unit Communication Service Providers Distributed Denial of Service DDoS Protection as-a-Service Data Plane Development Kit Deep Packet Inspection Disclosure and Transparency Rules Earnings Before Interest, Tax, Depreciation, and Amortisation European Union Financial Conduct Authority Financial Reporting Council Financial Reporting Standard International Accounting Standards International Accounting Standards Board International Financial Reporting Interpretations Committee International Financial Reporting Standards Internet of Things Internet Protocol IPS/APT Intrusion Prevention System / Advances Persistent Threat ISA MSP MSSP NICs POPs PPPL RCF R&D ROI International Standard on Auditing Managed Service Provider Managed Security Service Provider Network Interface Cards Points of Presence Paycheck Protection Program Loan Revolving Credit Facility Research and Development Return On Investment SLB/ADC Server Load Balancer / Application Delivery Controller SOC SSDP SSP TCO TDC TDD TDS UPnP VWAP WAF Security Operations Center Simple Service Discovery Protocol Stand-alone Selling Prices Total Cost of Ownership SmartWall® Threat Defense Cloud SmartWall® Threat Defense Director SmartWall® Threat Defense System Universal Plug and Play Volume Weighted Average share Price Web Application Firewall O v e r v i e w t S t r a e g c i R e p o r t G o v e r n a n c e i F n a n c a i l t S t a e m e n t s C O R P O R A T E D I R E C T O R Y 81 Registered Office St Mary’s Court The Broadway Amersham Buckinghamshire HP7 0UT UK

Continue reading text version or see original annual report in PDF format above