Annual Report and Accounts 2021
Corero Network Security plc
A Leader in real-time,
high performance,
automatic DDoS
cyber defense
solutions
C
o
r
e
r
o
N
e
t
w
o
r
k
S
e
c
u
r
i
t
y
p
l
c
A
n
n
u
a
l
R
e
p
o
r
t
a
n
d
A
c
c
o
u
n
t
s
2
0
2
1
�Corero Network Security plc – Annual Report and Accounts 2021
OveRview
Strategic Report
Governance
Financial Statements
Corporate Directory
01
Corero is dedicated to
improving the security
and availability of
the internet through
the deployment of
innovative Distributed
Denial of Service (DDoS)
protection solutions.
DDoS
Protection
Without the
Downtime
Corero is a leader in real-time, high-
performance, automatic DDoS protection:
on-premises, as-a-service and in the cloud,
with comprehensive visibility, analytics
and reporting.
We protect thousands of organisations
worldwide, across many verticals. Our
customers include corporate enterprises,
network internet service and communication
providers, hosting and data centre providers,
co-location providers, network edge providers,
and SaaS Enterprises.
We are deployed internationally in over 47
countries, and, through our own teams and
strategic partners, we continue to expand
our global footprint.
Contents
Overview
01 2021 Highlights
02 At a glance
04 Business Model
06 Our strategy in practice
10 Market overview
11 2021 Corero DDos Threat
Intelligence Report
12 Corero Explained
14 How does the technology work?
15 Customer proposition
15 Investor proposition
Strategic Report
16 Chief Executive Officer’s Review
18 Financial Review
20 Key Performance Indicators
22 Key Stakeholders
22 Section 172 Statement
24 Principal Risks and Uncertainties
26 Environmental, Social and
Governance Report
Governance
28 Board of Directors
30 Chairman’s Corporate
Governance Introduction
31 QCA Code Compliance
32 Corporate Governance Report
34 Board Performance and
Remuneration Policy
35 Board Committee Reports
36 Directors’ Report
39 Statement of Directors’
Responsibilities
40 Independent Auditor’s Report
Financial Statements
and associated notes
45 Consolidated Income Statement
46 Consolidated Statement
of Comprehensive Income
47 Consolidated Statement
of Financial Position
48 Company Statement
of Financial Position
49 Consolidated Statement
of Cash Flows
50 Consolidated Statement
of Changes in Equity
51 Company Statement
of Changes in Equity
52 Notes to the Financial Statements
Corporate Directory
81 Glossary
82 Corporate Directory
2021 Highlights
Revenue
24%
increase
ARR1
31%
increase
m
5
8
$
.
7
1
0
2
.
m
0
0
1
$
8
1
0
2
m
7
9
$
.
9
1
0
2
.
m
9
6
1
$
0
2
0
2
.
m
9
0
2
$
1
2
0
2
m
0
5
$
.
7
1
0
2
m
8
5
$
.
8
1
0
2
Gross margin
780 basis points
increase
Net cash
11%
increase
m
2
7
$
.
9
1
0
2
m
8
9
$
.
0
2
0
2
.
m
8
2
1
$
1
2
0
2
.
%
1
5
8
1
2
0
2
m
4
1
$
.
7
1
0
2
m
4
4
$
.
8
1
0
2
m
4
5
$
.
9
1
0
2
m
6
7
$
.
0
2
0
2
m
4
8
$
.
1
2
0
2
%
0
1
8
.
9
1
0
2
%
3
7
7
.
0
2
0
2
%
1
5
7
.
7
1
0
2
%
4
8
7
.
8
1
0
2
EBITDA2
$5.4m
increase
Profit/(loss) before taxation
$5.4m
increase
m
0
4
$
.
1
2
0
2
m
2
5
$
.
-
8
1
0
2
m
7
8
$
.
-
7
1
0
2
m
4
1
$
.
-
0
2
0
2
m
2
3
$
.
-
9
1
0
2
m
7
1
$
.
-
8
1
0
2
m
8
5
$
.
-
7
1
0
2
m
4
1
$
.
1
2
0
2
m
0
4
$
.
-
0
2
0
m 2
6
6
$
.
-
9
1
0
2
Operational Highlights
• Significant financial and operational progress,
leveraging sales and marketing initiatives
alongside established Strategic Alliances and
Channel Partners
• Secured 44 new customers in the period
(2020: 42 customers), adding six new
countries – Corero now active with customers
across 47 countries worldwide
— 18 new customers added through Corero’s
strategic partnership with Juniper Networks
(2020: 17 new customers)
• Strong growth supported by an expanding
DDoS mitigation marketplace, which continues
to be fuelled by the acceleration of digitisation
and the ongoing need for business continuity
• ARR increased to $12.8 million, underpinning
future earnings growth and reinforcing
the importance of Corero’s solutions for
our customers
• The Group continues to prioritise its market
coverage, and remains committed to ongoing
investment across its technology platform and
teams’ expansion to strengthen its market-
leading position
Financial Highlights
• Strong revenue growth in the period:
— Revenues increased 24% to $20.9 million
(2020: $16.9 million)
— Annualised Recurring Revenues1 (“ARR”) up
31% to $12.8 million as at 1 January 2022
(1 January 2021: $9.8 million)
— Revenue from DDoS Protection as a
Service (DDPaaS) contracts increased
to $4.0 million (2020: $2.9 million)
• Gross margins of 85% (2020: 77%)
• EBITDA2 of $4.0 million (2020: EBITDA loss of
$1.4 million) – a transformation of $5.4 million
• Adjusted EBITDA3 of $4.1 million (2020: loss
of $0.6 million)
• Profit before taxation of $1.4 million
(2020: loss before taxation of $4.0 million)
• Earnings and diluted earnings per share of
0.3 cents (2020: loss per share of 0.8 cents)
• Net cash at 31 December 2021 of $8.4 million
(2020: $7.6 million)
For more information visit
corero.com
1
2
3
ARR is defined as the normalised annualised recurring revenues and includes recurring revenues from contract values of annual support, software subscription and from DDoS
Protection-as-a-Service (DDPaaS) contracts
Defined as Earnings before Interest, Taxation, Depreciation and Amortisation. The Directors consider EBITDA to be a better measure of profitability as it excludes non-cash items
Defined as Earnings before Interest, Taxation, Depreciation (including DDPaaS assets‘ depreciation which is charged to cost of sales) and Amortisation, before share-based payments,
and less unrealised foreign exchange differences on an intercompany loan, and PPPL forgiveness – Fully adjusted basis
�02
Corero Network Security plc – Annual Report and Accounts 2021
OveRview
Strategic Report
Governance
Financial Statements
Corporate Directory
03
At a glance
Corero is dedicated to improving the
security and availability of the internet
through the deployment of innovative
DDoS protection solutions.
We are…
Our vision
Our vision is to become the world leader in DDoS protection, servicing
a significant proportion of our growing target market. Our focus, while
maintaining our superior technological performance, is delivering
sustainable, long-term value to our stakeholders.
Achieved through
Our Purpose
Our purpose is to best protect the internet from DDoS cyber
security attacks.
Our Focus
Our focus, while maintaining our superior technological performance,
is delivering sustainable, long-term value to our stakeholders.
Global, Dynamic
and Fast-moving
what we do
• Prevent downtime in the event of a DDoS attack
up to 20x faster than our competition
How we do it
• intelligently automated solution that mitigates
DDoS attacks in under a second
• Eliminate the need for operator intervention by
automatically mitigating over 98% of attacks,
saving your organisation time and money
• Protect internet availability in real time with
up to 50x lower latency than on-demand
solutions, keeping you and your customers
online with zero interruption
why we do it
• To make the internet a safer place by
protecting your organisation from damaging
DDoS attacks and the downtime that comes
with it
• Customers can benefit from Corero
protection because of rapid attack discovery,
rapid mitigation, and the ability to customize
rules to apply special safeguards
Our mission
Corero is dedicated to improving the security and
availability of the internet through the deployment
of innovative Distributed Denial of Service (DDoS)
protection services.
We call it ‘DDoS Protection without the downtime’
because its real-time, high-performance, automatic
DDoS cyber attack protection – something we
excel at compared to our competitors.
• Most flexible and highly scalable deployment
options to meet the needs of any business
• Comprehensive visibility with reporting and
alerting for clear, actionable intelligence on the
DDoS attack activity
Responsible business
Corero aspires to carry out its business to the
highest ethical standards, treating customers,
partners, suppliers, and employees in a
professional, courteous and honest manner.
Corero is committed to promoting sustainability.
We aim to lead, follow and to promote good
sustainability practice, to carry out our operations
in a way which manages and minimises any
adverse environmental impacts.
Our products are used by thousands of businesses
throughout the world to protect against disruptions
that could have adverse economic, health, well-
being and environmental consequences for the
users and customers of those businesses (often in
a mission critical way) and the knock-on effects to
populations as-a-whole.
Our values
Values and beliefs underpin the strategy. These are lived to become
the culture:
Customers First; Technology Leadership & innovation; Operational
excellence; integrity; Our People, empowerment & Teamwork
Delivered by
Our Strategic Goals
1. Increase our international presence
2. Leverage our existing partnerships and develop new ones
3. Intensify our Global, major and Tier One accounts relationships
4. Better monetize our existing services and introduce new services
5. Amplify our demand generation programs
6. Continue to enhance our technological innovation leadership
enabled by
Our Business Model
Please see our business model on pages 4 to 5.
Supported by
Our Supporters
Our supporters are our customers; our partners including strategic alliance
partners; our suppliers, our investors and our employees.
�04
Corero Network Security plc – Annual Report and Accounts 2021
OveRview
Strategic Report
Governance
Financial Statements
Corporate Directory
05
Business Model
Corero SmartWall real-time, automatic
DDoS mitigation protects business
continuity, service availability, revenues,
and brand reputations from harmful
DDoS cyber attacks.
A customer driven Business Model:
inputs
Key solutions
Sales channels
Customer
segments
Support, updates,
maintenance,
monitoring
Securewatch
Available in physical
and virtual for 10G,
100G and cloud
Our Culture
& values
See page 26
Market
Overview
See page 10
TDS
TDD
Juniper, GTT and
Neustar
Strategic
Alliances
indirect
Sales
Partners
Agents, value-added
resellers and
distributors
TDC
Direct Sales
Delivers software edge
protection for even the
largest networks
Protects against the
largest Cloud attacks
Own sales team
SaaS
enterprises
Cloud
hosting
providers
Service
Providers
Source of
Revenue
SmartWall TDS
and TDC
SmartWall TDS
(through GTT)
DDoS
Protection
as-a-Service
edge
providers
Revenue
share
Term
Licence
Co-location
providers
Support and
services
enterprises
u
s
Appliance
e
n
& perpetual
e
v
e
software
R
licence
sale
SmartWall TDS
SmartWall vNTD and
SmartWall TDD
SmartWall TDS
and TDD
Outputs
Cash for
Reinvestment
See page 20
Financial
Returns for
investors
See page 20
eSG
See page 26
�06
Corero Network Security plc – Annual Report and Accounts 2021
OveRview
Strategic Report
Governance
Financial Statements
Corporate Directory
07
Case study: Santa Rosa
Communications
Our strategy
in practice
Corero Smartwall at a glance
• Surgically removes DDoS attack
traffic automatically, before it
reaches critical systems, ensuring
optimal performance and
maximum availability
• Delivers line-rate, in-line DDoS
attack protection, from 1 Gbps
to 100 Gbps per rack unit, in a
solution that scales to terabits
per second of protected
throughput
• Prevents several attacks, from
simple volumetric floods, to
sophisticated state exhaustion
attacks at Layers 3 through 7
• Delivers comprehensive visibility
for analysis and forensics –
before, during and after attacks
Deploys SmartWall
to protect customers
deep in the heart
of Texas
The Challenge
The growing DDoS attacks
experienced would vary in size,
intensity and duration. The company
would see commodity attacks in the
1-2 Gbps range, on average, a few
times a day. In some instances, they
would be hit by up to 10 attacks in
a single day. Midsize attacks, in the
2-8 Gbps range, would occur almost
weekly; and larger attacks would
happen every two to four weeks,
on average. The incumbent DDoS
solution provider, Arbor, said the
attacks would last about 15 minutes
on average, although they did
experience some hour-long attacks
reasonably frequently, and multi-hour
attacks occasionally.
Santa Rosa Communications is
a regional ISP serving several
communities across Texoma, with
an established territory covering
Northern Texas and Southern
Oklahoma. The company provides
residential services such as phone,
Internet and television, as well as
business-grade voice, Wi-Fi and
IT services.
With roots in the rural Texas telephone
business since the 1950s, Santa Rosa
Telephone Cooperative has provided
communication services for many
years in Wilbarger County. In 1999,
the company began construction of
its fiber optic network in Seymour,
Texas. In 2006, the business began
offering fiber-to-the-home technology
to provide customers with access to
ultrafast Internet speeds; and, in 2019,
the company experienced continued
growth through the acquisition of two
companies: Pinnacle Network Solutions
and PCnet, a managed service
provider based in Wichita Falls.
value-added offering
Santa Rosa has enjoyed additional benefits
through the Corero deployment. The ability to
perform full scrubbing helped the company
land several significant new enterprise
customers during 2020. “The fact that we
scrub all traffic is a key selling point for the
business side,” says Tabor.
“Customers are benefiting, because they
must no longer suffer frequent DDoS attacks
if they were targeted, or worse, because they
happened to be collateral damage, when
another customer was attacked,” he adds.
“The Internet is so important to almost
everyone now, so when our Internet service
works well, very nearly all the time, it really
lets customers do what they want in their
lives and businesses.”
In response to the growing number
of attacks, the only available action
the Santa Rosa team could take, was
to blackhole the traffic, dropping
both malicious and legitimate traffic.
Being forced into blackholing (RTBH)
also prevents legitimate traffic
from getting through, resulting in
customer downtime and, ultimately,
considerable dissatisfaction.
“That helped, but was far from
the solution we wanted for our
customers,” says Tabor. “That
could offer some protection, but it
sacrificed the victim. It was automatic,
but it was not ideal. Once the target
was blackholed, we could not see the
attack, so after the timer expired we
would allow the traffic to flow again,
and often find ourselves having to
blackhole it again.”
we love the
visibility and how
we can investigate
components of an
attack. However, at
the end of the day,
the fact it can solve
so many problems for
us without intervention
is fantastic.”
Seth Tabor,
CTO at Santa
Rosa Communications
The Solution
Santa Rosa decided enough was
enough and set about looking for a
solution to address the growing impact
of DDoS. After researching the market,
they chose and deployed the Corero
SmartWall, implementing full inline,
always-on, scrubbing for all traffic.
“We wanted to protect our entire
network and all customers,” says Tabor.
“We chose inline for simplicity and
unobtrusive reactions.”
The company now surgically mitigates
DDoS inline at every transit peer,
effectively scrubbing all inbound
Internet traffic. Tabor says the company
does still blackhole, or swing to cloud
scrubbing, for the very large attacks
which would result in transit saturation,
but these are much less common.
“Since we started scrubbing all
transit peers, DDoS-related trouble
is very rare,” says Tabor. “Customer
satisfaction is up, and any trouble
that remains a mystery, or is directly
attributable to DDoS, is way down.”
The company has also reduced
costs through the implementation,
by reducing the number of trouble
tickets and dispatches.
The team loves how reliable and
“hands off” the Corero system is, as
well as the visibility and how customers
can easily investigate the anatomy of
an attack. But there’s an even more
favourite feature for Tabor: “At the end
of the day, the fact it can solve so many
problems for us, without intervention,
is fantastic!”
�08
Corero Network Security plc – Annual Report and Accounts 2021
OveRview
Strategic Report
Governance
Financial Statements
Corporate Directory
09
Case study: GARR Chooses Corero
for Automated DDoS Protection
Our strategy
in practice continued
Corero Smartwall at a glance
• Surgically and automatically
removes DDoS attack traffic,
before it reaches critical systems,
ensuring optimal performance and
maximum availability
• Delivers line-rate, always-on
distributed denial of service
attack protection, in a solution
that scales to tens of Terabits per
second of protected throughput
• Prevents impact from even the
most sophisticated DDoS attacks
ranging from volumetric floods,
to state exhaustion attacks, at
layers 3 to 7
• Delivers comprehensive visibility
for analysis and forensics, before,
during and after attacks
GARR is the ultra-broadband
network dedicated to the Italian
research and education community.
Its main objective is to provide
high-performance connectivity and to
develop innovative services for the
daily activities of Italian researchers,
professors, and students, as well as
international research collaborators.
The GARR network is an extensive
digital infrastructure with about
15,000 km of optical fibre covering
the entire Italian territory. It reaches
about 4 million users of about 500
organisations and connects more
than 1,200 sites, most of which are
public institutions (research institutes,
universities, research hospitals, cultural
institutes, libraries, museums, schools).
The GARR network is interconnected
with international research networks
and across the worldwide Internet.
The GARR governance model
promotes inclusiveness and involves
users in decision-making on the future
evolution of the network and digital
infrastructures. Unlike with commercial
providers, users on the GARR network
aren’t just consumers of data, content
and services; they are involved in the
development of services and solutions,
and they share their own resources for
the benefit of the scientific community,
thus becoming active contributors.
Challenge
GARR is also known as the Italian
Research and Education Network,
supporting projects involving scientific
and academic cooperation among
Universities, Schools, and Public
Research Institutions in Italy. Like other
national research and education
networks, GARR has a combination of
research-related traffic, and general
Internet traffic. Each “user institution”
has its own network, which typically
has thousands, or even hundreds of
thousands, of individual users. With
its more than three million IPv4 public
nodes and its pioneering infrastructure
that dates back to the early 1990s, the
GARR network has always worked to
minimize any attacks that were sourced
from one of the nodes in their network.
GARR carefully researched the
available DDoS mitigation solutions,
and finally selected Corero’s SmartWall
Threat Defense Director solution,
because it seamlessly integrates
with their existing procedures and
organisational structure, and because
it works synergistically with GARR’s
existing Juniper Network infrastructure.
The SmartWall Threat Defense Director
couples Corero’s surgically accurate,
real-time, automatic DDoS protection
with the high-performance packet
filtering of GARR’s Juniper MX
Series routers.
Results for GARR
• No need to blackhole or null route
all traffic to a DDoS target
• Negligible false positives impacting
legitimate traffic
• Maximum levels of service availability are
maintained for users, even in the face
of a DDoS event
• DDoS attacks are automatically mitigated
locally at each of their PoPs, avoiding
the need to backhaul traffic across the
network for mitigation
• Increased staff efficiency resulting from
the automatic and accurate protection
• Increased user satisfaction resulting from
the speed and accuracy of protection
“In contrast to other mitigation solutions,
based on scrubbing center technology,
that would have to reroute attack traffic
to a single very expensive device,
Corero TDD blocks attacks directly on
the Juniper MX nodes we have at all
our PoPs, enabling us to block them
in a distributed and simple way” said
Massimo Carboni, CTO – Head of
Infrastructure Department at GARR.
This architecture also allows GARR
to simply increase the scale of the
protection in lockstep with any future
network extensions.
Another key factor in GARR’s decision
was that Corero TDD is more suited
to the very high throughput of the
GARR network, where other solutions
would introduce significant risk of
misinterpreting traffic bursts as attacks,
resulting in disruptive false positives.
Benefits
GARR values the automated, hands-
off efficiency of the Corero solution,
which frees up staff to work on other
tasks; “Thanks to the Corero solution,
we operate more efficiently, so we
estimate that we’re saving about 20%
in terms of staff time dedicated to
network security,” said Carboni. “It’s
clear that no human, or even a team
of 10 security analysts, could react
quickly enough to manage these
sophisticated DDoS attacks,” said
Carboni. “For some types of attacks
the solution is so fast that we had
to review our Acceptable Use Policy
and the security incident workflow,
because in most attacks no human
intervention is needed to tackle
the problem.”
The Corero solution also delivers
comprehensive visibility into attacks
with the SecureWatch® Analytics
component of its TDD solution, which
leverages Splunk software for big
data analytics and visualization
capabilities that transform security
event data into sophisticated
dashboards. This information
engine enables GARR to create
custom dashboards and foster its
own statistic and report systems
integration “We definitely like having
visibility into attacks, knowing not
only when and how an attack is
happening, but also the ability to
follow the mitigation process,” said
Carboni. “This provides a higher level
of control in security and increases
our trust in the solution.”
GARR reports that Corero greatly
improved the organisation’s end-user
experience. GARR users are an
active part of the research network
and, in the past, they were often
unaware of any DDoS attacks, so they
considered any downtime or lack of
service as a network problem. The
DDoS mitigation service is a benefit
to all the users. For the future, GARR
is considering integrating its Corero
SmartWall Analytics with its customer-
facing portal, to better communicate
with their users about the DDoS
attacks they are being targeted with.
�10
Corero Network Security plc – Annual Report and Accounts 2021
OveRview
Strategic Report
Governance
Financial Statements
Corporate Directory
11
Market overview
2021 Corero DDoS Threat
Intelligence Report
Critical cybersecurity
DDoS attacks
continue to grow in
sophistication, scale
and frequency.
29%
LIKELIHOOD OF A
REPEAT ATTACK WITHIN
A WEEK
97%
ATTACKS UNDER 10GBPS
82%
OF ATTACKS
<10 MINUTES
297%
INCREASE IN
OPENVPN ATTACKS
29%
INCREASE IN NUMBER OF
ATTACKS PER DAY
Cyber threats and DDoS attacks
A wide range of critical cybersecurity
issues face every internet connected
organisation. These threats include
DDoS, hacking, breach, phishing,
fraud, ransom, data theft and
exfiltration. These cyber threats
present themselves via the essential
internet connections that are required
to support the online business.
The broad range of motives for
executing DDoS attacks, coupled with
the relative ease with which attacks
can be launched, means that they
are easily carried out by a variety
of actors, including; criminal gangs,
activists, terrorist groups and even
nation states. Aside from those who
are focused purely on disrupting
services, some of those who carry out
DDoS attacks do so for extortion via
ransom DDoS or as a smokescreen
for other cyberattacks designed to
steal data, or plant malware.
The DDoS Protection Market
$3.4bn in 2021
Global DDoS Protection Market expected
to reach $6.8bn by 2026 at 15% CAGR*
Today, internet service providers
typically sell raw internet transit
connectivity. This raw internet
connectivity, usually sold via 1Gbps,
10Gbps and increasingly 100Gbps
transport connections, carries good
customer traffic and malicious bad
traffic without discrimination. If an
enterprise, data centre, or hosting
facility connects to these raw transit
providers they will be exposed to
internet-borne cyber threats and
their information security posture
must be prepared to detect and
protect against any associated
malicious intent.
Corero focuses on one specific
category of these cybersecurity
threats encompassing DDoS and
has developed a real-time detection
and mitigation solution that delivers
automatic detection and protection
against DDoS attacks.
DDoS attacks continue to grow in
sophistication, scale and frequency.
Businesses and public-sector
organisations are equally vulnerable
to DDoS attacks and recent years
have seen some of the world’s best-
known companies fall victim to DDoS
attacks with catastrophic impact for
their customers.
The DDoS protection market is driven
by the growing need for enterprise
business continuity. Increasingly
always-on protection is the only
answer to defend against the
smaller attacks which dominate.
These provide increasing revenue
opportunities for Service and
Hosting Providers.
6
6
8
2
$
,
0
2
0
2
6
1
9
3
$
,
2
2
0
2
4
2
2
5
$
,
4
2
0
2
1
7
7
6
$
,
6
2
0
2
Global DDoS Protection Market
Market Size (USD Millions)*
>29,500 Daily Attacks
Daily DDoS attacks were recorded during the first half of 2021,
this has doubled in the last 24 months**
*
MarketsandMarkets DDoS protection Global forecast to 2026
** NetScout H1 2021 report
what are the key DDoS market drivers?
Rise in multi-vector attacks, increase in number of DDoS
attacks across the Internet of Things ('IoT') ecosystem, need
of DDoS defense solutions for the 5G ecosystem, and high
demand of cloud-based and hybrid DDoS protection and
mitigation solutions1.
• IoT devices, which are the source of high-intensity DDoS
attacks, forecast to grow 18 billion devices by 2022.1
• The increased bandwidth of 5G networks opens avenues
for DDoS attackers to induce large DDoS attacks capable
of impacting millions of mobile and IoT devices.1
• Communication service providers (‘CSPs’) are increasingly
targets of DDoS attacks. 85% of survey respondents
say DDoS attacks against their organisations are either
increasing or continuing at the same relentless pace and
71% of respondents say they are not or only somewhat
capable of launching measures to moderate the impact
of DDoS attacks. The increase in IoT devices due to the
growth of 5G increases the risk to CSPs.2
1
2
MarketsandMarkets DDoS Global Forecast Report, Forecast to 2026,
December 2021
Ponemon Institute The State of DDoS Attacks Against Communication
Service Providers, April 2019
every half and full year, Corero looks at the latest trends it is seeing
in the DDoS market. The above observations are from our 2021 DDoS
Threat intelligence Report.
“Once again, we are reporting a
net increase in the number of unique
DDoS attack vectors seen in the wild
and in the level of year-over-year
DDoS activity. With each new vector
we often see a long tail, measured in
years, of subsequent exploitation and
related attacks. … At the same time,
the novel weaponization and abuse
of internet facing applications or
devices continues … . It is important
to be aware of the evolving threat
landscape and not to simply assume
that your Service / Hosting Provider
has effective counter measures in
place to combat the latest DDoS
attack vectors and keep your
business online.
As hackers continue to find new
vectors to launch assaults on
organisations, the best defense
against potential downtime is to
utilize real-time protection. Solutions
which detect and redirect traffic to
the cloud often result in downtime.
On-demand, cloud-based scrubbing
services cannot practically mitigate
the short, frequent attacks that
many organisations now face. As
organisations plan their strategy
for effective DDoS protection, the
relationship between time-to-
mitigation and potential downtime
is a vital consideration.”
2021 Corero DDoS Threat Intelligence Report
�12
Corero Network Security plc – Annual Report and Accounts 2021
OveRview
Strategic Report
Governance
Financial Statements
Corporate Directory
13
Corero Explained
Your Questions
Answered
What is our
mission?
Corero is dedicated to improving
the security and availability of the
Internet through the deployment
of innovative DDoS protection and
mitigation cyber solutions.
Step 3
Open devices respond with UPnP
‘reply’ packets to victim’s network
because of botnet spoofing victim’s
IP addresses. Allows for a 30.8x
amplification factor.
SSDP Amplification DDoS Attack
victim
iPS/APT
SLB/ADC
wAF
Step 2
Botnet is told to spoof IP address
of victim’s network and sends UPnP
‘discovery’ packets to open devices.
Steps in
a typical
DDoS Cyber
Attack
Attacker
Step 1
Attacker sends
command and
control attack
signals to
small botnet.
Baby
Monitors
video
Cameras
Home/
Office
Routers
wiFi
Access
Points
Botnet
Machine
Botnet
Machine
Botnet
Machine
Botnet
Machine
Neustar
Neustar, Inc. (‘Neustar’), through Neustar Security
Services, is an American technology company that
provides real-time information and analytics for
the Internet, risk, digital performance and defense,
telecommunications, entertainment, and marketing
industries, and also provides clearinghouse and
directory services to the global communications
and Internet industries. Corero has a hybrid DDoS
protection solution combining on-premises TDS
with the SmartWall Threat Defense Cloud (‘TDC’)
service, powered by Neustar, which provides
protection against the largest attacks which can
saturate an organisation’s internet connections
and overwhelm legitimate traffic.
where are we located?
Corero’s key operational centres are in
Marlborough, Massachusetts in the USA and
Edinburgh in Scotland, UK, with the Company’s
registered office in Amersham in England, UK.
what is a DDoS attack?
A DDoS attack is a cyber threat, in which multiple
computer systems or devices attack a target, such
as a server, website or other network asset, and
cause a denial of service for users of the
targeted resources.
The flood of incoming messages, connection
requests or malformed packets to the target system
causes it to slow down or shut down, thereby
denying service to legitimate users or systems.
DDoS attacks are a threat to service availability,
network security, brand reputation and ultimately
lead to lost revenues. Attackers are continuing
to leverage DDoS attacks as part of their cyber
threat arsenal to either disrupt business operations
or provide a smokescreen while they attempt to
access sensitive corporate information.
Attackers are leveraging increasingly creative ways
to circumvent traditional security solutions or reduce
the effectiveness of DDoS scrubbing centres. DDoS
attacks can be found in a multitude of sizes and
are launched for a variety of motivations. They
may also be used to extort payments via Ransom
DDoS. Today’s cyber criminals do not even have to
construct the attacks themselves, they can simply
download DDoS malware or rent the botnet they
need to accomplish their goal.
what damage can a DDoS
attack do?
High availability of Cloud services and applications
are critical for modern businesses and institutions.
Any DDoS downtime brings risk:
• Lost revenue or loss of control
• Operational costs to mitigate or recover
from attacks
• Increased costs to retain unhappy customers
and attract new customers
• Brand and reputation damage leading to
competitive disadvantage or loss of confidence
• Regulatory fines, legal action, resignations
what solutions do we have?
The goal of the Corero SmartWall real-time
DDoS protection solutions are to protect business
continuity, service availability, revenues and brand
reputations from harmful DDoS attacks. We do
this for corporate enterprises, network security
providers, hosting and data centre providers, co-
location providers, network edge providers, and
SaaS enterprises.
The SmartWall family of products utilises
innovative, patented, technology to automatically
and surgically remove DDoS attack traffic, while
allowing good traffic to flow uninterrupted. Corero
solutions are amongst the highest performing in
the industry, while providing the most automated
DDoS protection, at unprecedented scale, with the
lowest total cost of ownership to the customer. We
protect against DDoS attacks in seconds, or less,
rather than the minutes or tens of minutes taken
by legacy solutions.
Corero has a market leading SmartWall Threat
Defense System (‘TDS’) solution portfolio endorsed
by over 160 direct customers, many of whom
are providers using it to protect hundreds, or
thousands, of their customers. Our products have
been recommended by NSS Labs (a leading
independent product testing laboratory).
Our SmartWall Threat Defense Director (‘TDD’)
delivers edge protection for even the largest
provider networks. Powering the silicon filtering
capabilities increasingly built into modern edge
routers, TDD software scales to tens-of-terabits per
second of protection, without the need to deploy
additional appliances at the edge or needing
to back-haul large volumes of attack traffic to
scrubbing centres.
what strategic alliances do
we have?
Juniper Networks
Juniper Networks, Inc. (NYSE: JNPR) (‘Juniper’)
is one of the world’s largest networking product,
solutions and services companies, with revenues
of over $4.5bn in 2021. Corero has a global
partnership agreement with Juniper enabling
Juniper to select Corero as their DDoS protection
solution and to sell Corero’s SmartWall Threat
Defense Director (‘TDD’) software product in
conjunction with its own MX Series routers.
Juniper and Corero have developed this
integrated solution for large-scale network-edge
DDoS defence that leverages powerful filtering
capabilities in the latest generation of Juniper’s
MX Series routers.
GTT Communications
GTT Communications, Inc. (NYSE: GTT) (‘GTT’)
is a leading global cloud networking provider
to multinational clients, with over 600 points
of presence (‘POPs’), with revenues of $1.7bn
in 2020. GTT operates a global Tier 1 internet
network and provides a comprehensive suite of
cloud networking services. GTT customers can
purchase IP transit with DDoS protection provided
by Corero’s SmartWall TDS’s which are deployed
within the GTT network.
�14
Corero Network Security plc – Annual Report and Accounts 2021
OveRview
Strategic Report
Governance
Financial Statements
Corporate Directory
15
How does the technology work?
How do we combat DDoS Attacks?
Customer proposition
Traditional DDoS providers use net flow sampling,
which requires spotting mainstream anomalies, re-
directing Internet traffic, to be cleaned in scrubbing
centres (which may be overseas, or some distance
away) with manual intervention, and then Internet
traffic is re-directed back. This is a time-consuming
and costly process when the length of an attack
might be short – but it takes hold quickly and the
impact is high. High availability of cloud services
and applications are critical for modern businesses
and institutions.
Internet traffic providers which use DDoS providers
that have this simple generic approach have basic
DDoS protection. While this may be adequate
for simple and obvious attacks, it may not be for
sophisticated, highly engineered attacks. So, for
example, Ransom DDoS attacks are real-time, in
depth (deep packets) and highly automated.
However, Corero uses Deep Packet Inspection
(‘DPI’) and processes packets in real-time and
on-data path (‘in-line’) with as much automation as
possible. Our approach is very scalable to the tens
of terabits per second which makes our cost per
performance ratio superior in the industry. It can
also be used to augment broad upstream netflow
based basic protection with an in-line, on-data-path
DPI tool on network edges. Corero provides both
‘SmartWall’ and ‘SecureWatch’ solutions.
Smartwall
Corero’s SmartWall solution is highly automated,
detecting and mitigating attacks surgically, without
the expensive intervention of security analysts or
network operators, who may not even know the
network is under attack unless they are monitoring
Corero’s dashboard or subscribed to the automated
mitigation alerts.
With varied deployment topologies (in-line,
scrubbing, edge or cloud) Corero’s SmartWall
family of solutions utilise innovative, patented
technology to automatically and surgically remove
the vast majority of DDoS attack traffic.
Protection is available in cost-effective scaling
increments, from 1Gbps, 10Gbps and 100Gbps
to tens-of-terabits, to support the full spectrum of
customer bandwidth and inspection requirements.
We have combined advances in Intel x86 multicore
CPU technology, Data Plane Development
Kit (‘DPDK’) software for packet processing
acceleration, and high-performance network
interface cards (‘NICs’), together with an
innovative, patented, and highly efficient software
architecture, to develop a new generation
of physical and virtual appliances providing
breakthrough price/performance for DDoS defense.
Threat Defense System (TDS)
Physical & Virtual Appliances – On-premises
SmartWall appliances perform sampled DPI to
generate security metadata from traffic flows.
The internal rules-engines examine this metadata
to flag offending packet flows in real-time and
block attacks. At the same time, the security
metadata is streamed to the Corero SecureWatch®
Analytics platform, where further analysis, involving
correlation with other performance metrics
and event data, enables rapid identification of
new attack vectors. SecureWatch Analytics can
formulate new mitigation rules for these vectors
that are distributed out to each SmartWall instance.
Securewatch
The Corero SecureWatch service is a tiered offering
comprised of configuration optimisation, monitoring
and mitigation response services.
Corero SecureWatch Analytics leverages Splunk’s
analytics engine and provides robust reporting
to transform sophisticated DDoS event data into
easily consumable dashboards accessed via the
SecureWatch Analytics web portal. The portal
allows customer security operators to monitor
and manage incident response, with the ability to
conduct sophisticated forensic analysis.
The Corero Service Portal enables providers’
customers (or ‘tenants’) to gain visibility into attacks
via per-tenant dashboards. Providers can assign
tenant service levels and automatically distribute
reports which showcase the value of the protection
their customers are receiving.
Threat Defense Director (TDD)
Provider Edge – Sampled
Detection
1G
10G
100G
100G -> Multi-Tbps
+
NTD220
• Standalone 2x1/10G
Solution
• Easiest for Small
Deployments
NTD280
• Up to 8x10G
Protection
• Scales to Terabits/s
NTD1100
• 1x100G Protection
• Scales to Terabits/s
• 100G-40Tbps Edge Protection
• Volumetric Attacks
• Supports Juniper MX Routers
vNTD Software
Cloud & Virtualised Protection
Speed
Attacks mitigated in seconds
versus minutes or tens of minutes
for competing technologies with
zero downtime
Scalability
Modular and distributed,
pay-as-you-grow protection
Simplicity
Automatic software, plug and play
appliances for lowest TCO
Flexibility
Multiple deployment options: on-
premises, hybrid and cloud protection
visibility
Accurate, forensic-level attack and
traffic visibility with SecureWatch
Analytics
Support
World-Class 24x7x365 SOC support
with SecureWatch Managed Services
Investor proposition
Superior Performance
High performance, class leading
solutions: real time effective
DDoS protection and mitigation
without disrupting or delaying
legitimate network traffic Corero
automatically mitigates DDoS
attacks in seconds, faster than
any other solutions in the market
High growth markets
This increasingly inter-connected
world grows faster and more
complex with higher speed
connections; higher capacities
and meshed networks; the
proliferation of IoT and 5G
devices; and the continued
growth of cloud services
Corero market share leaves lots
of headroom for key expansion
opportunities
Time to Market
Unlike some technology
companies, we have a superior
solution already developed and
field proven
No development cycle with
customers
Very quick and simple
deployment cycles with high
software content
On-going R&D investment
reflects solution refresh and
enhancements
Customer relationships
We enjoy high levels of trust with
our customers which translates
into high retention rates and
long-term relationships
Our diverse customer base
includes blue chip global
customers and we now operate
in more than 47 countries
High annualised recurring
revenues demonstrate such
enduring relationships
Corero solutions provide
continuity of service and allow
our customers to generate
incremental revenue
Proprietary intellectual
Property
In-house expertise and proprietary
knowledge means we can innovate
without significant outsourcing
dependencies or royalty costs
Eight years of DDoS protection
software development expertise
leveraged to expand feature set
and pipeline
Scalability – organic
and partners
We have established and
extensive global routes to market
through our own direct sales force,
agents, resellers, distributors, and
strategic partnerships
Where appliances are employed for
the software solution, manufacturing
is outsourced so there are no in-
house supply constraints
Customer support
and service
We provide high levels of
customer support and service
through our sales engineers,
SOC and Operations Team –
worldwide, 24x7x365
We can provide high levels
of compatibility with customer
indigenous equipment
and systems
We have key relationships
with global reach and local
implementation
Attractive business
model, performance
and world class team
We have high gross margins,
recurring and repeat business,
and improved financial
performance and position.
Our world class, highly skilled
team have decades of experience
in Technology/Cyber Security and
Go To Market techniques
�16
corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic report
Governance
Financial Statements
Corporate Directory
17
Chief Executive Officer’s Review
2021 was an extremely
productive year for Corero.
The strong performance reflects
the successful implementation
of our growth strategy, with the
Group delivering continued
sales momentum across our
operational footprint.
introduction
2021 was an extremely productive year for Corero,
culminating in the Group reporting a maiden
profit before tax for the year ended 31 December
2021 of $1.4 million (2020: loss of $4.0 million).
The strong performance reflects the successful
implementation of our growth strategy, with the
Group delivering continued sales momentum
across our operational footprint. We improved
against all financial KPIs in the year, achieving
positive EBITDA ahead of market expectations at
$4.0 million (2020: negative EBITDA of $1.4 million).
In addition, and reflecting the ongoing demand for
our products, the Company increased revenues by
24% to $20.9 million in 2021 (2020: $16.9 million).
Corero also increased Annualised Recurring
Revenues (“ARR”) during the year to $12.8 million
as at 1 January 2022 (ARR at 1 January 2021:
$9.8 million), which is a strategically important
KPI as it provides visibility and an underpin for
future earnings.
This record performance, driven by our highly
talented and dedicated workforce, was achieved
despite the ongoing backdrop of the COVID-19
pandemic as well as the well documented global
supply chain challenges, which are also creating
both opportunities and challenges across
our business.
The Board of Directors believes that Corero now
has the financial and operational platform from
which to generate future sustainable growth, with
the Company’s:
• access to large and high growth end markets;
• strong performance of its market-leading
technology and global customer service;
• proprietary intellectual property that
underpins its solutions;
• highly scalable revenue model alongside
its relatively short time to market for
development; and
• strong base of existing customers and
strategic partnerships.
Revenue
24%
increase
ARR
31%
increase
m
5
8
$
.
7
1
0
2
.
m
0
0
1
$
8
1
0
2
m
7
9
$
.
9
1
0
2
.
m
9
6
1
$
0
2
0
2
.
m
9
0
2
$
1
2
0
2
m
0
5
$
.
7
1
0
2
m
8
5
$
.
8
1
0
2
m
2
7
$
.
9
1
0
2
m
8
9
$
.
0
2
0
2
.
m
8
2
1
$
1
2
0
2
Lionel Chmilewsky, CEO
Strategic progress
We made significant operational and financial
progress in 2021, placing our customers at
the heart of everything that we do, as well as
leveraging our routes to market to ultimately
grow market share.
Key strategic progress included:
• increasing our international presence:
during 2021, we secured 44 new customers,
adding customers in six new countries, with
customers in fifteen new countries added
over the last two years. Our solutions are now
deployed with customers across 47 countries
worldwide and across the continents.
• Leveraging our existing strategic
partnerships and developing new ones:
18 customers were added through our
partnership with Juniper in the year and
we continue to grow our business with
GTT. Furthermore, we made progress in
2021 towards the addition of new and
complementary alliances.
• intensifying our relationships with global,
major and tier one accounts: expanding
with large existing customers and adding
new ones, with significant traction continued
to be achieved in the Hosting Providers, Service
Providers and SaaS Enterprise segments.
• Better monetising our existing services and
introducing new services: we continue to
explore and provide service initiatives that
enhance the protection and network security
visibility for our customers.
• amplifying our demand generation
programmes: increased advertising and
marketing efforts have included thought
leadership pieces, webinar and other
speaking opportunities and segment
targeted campaigns.
• continuing to increase our technological
innovation leadership: since the start of 2013
we have invested over $33 million to-date
in R&D, and in 2021 we introduced 100G
adoption enablement, multi-tbps provider edge
and flow detect and redirect to deliver our
widest portfolio of on-premises, and indeed
other solutions for our customers; an offering
unrivalled by our competitors.
DDoS Market Dynamics
DDoS attacks continue to be prevalent as a means
of cyber-attack, as camouflage for a ransomware
attack and even with Ransom-driven attacks.
R&D tax credit of $0.1 million (2020: two years’
equivalent of R&D tax credits of $0.2 million). The
reported earnings per share was therefore 0.3
cents (2020: loss per share 0.8 cents).
The global DDoS protection market was worth
c.$3.4 billion in 2021 and is expected to reach
$6.8 billion by 2026 at a CAGR of 15.1%. Within
this, c.$1.5 billion is the total addressable market
for Corero’s SmartWall solution, with c.$715 million
representing our serviceable addressable market.
To quantify this, there were nearly 30,000 daily
DDoS attacks recorded in the first half of 2021,
a doubling in 24 months.
The DDoS mitigation marketplace continues to
grow apace as a result of the global acceleration
of digitisation and the growing need for enterprises
to ensure business continuity. This is set to continue
with the ongoing proliferation of IoT devices and
the roll-out of 5G networks and the increase
in cloud services creating a large expansion
opportunity for Corero.
Financial Summary
The Group delivered a profit primarily due to
increased revenues coupled with ongoing margin
improvement and maintained operating expenses.
The Group generated revenues of $20.9 million
in 2021 (2020: $16.9 million), with total operating
expenses at a similar level before share-based
payments of $16.1 million (2020: $16.4 million)
while continuing to invest in sales and marketing
expansion and R&D efforts.
• Operating expenses net of capitalised R&D
costs and before depreciation and amortisation
of intangible assets and before share-based
payments were $13.9 million (2020: $14.1
million). Capitalised R&D costs were $1.8
million (2020: $1.4 million)
• Operating expenses include a foreign
exchange gain of $0.2 million (2020: foreign
exchange loss of $0.3 million)
• Depreciation and amortisation of intangible
assets decreased during the year to $2.2
million (2020: $2.3 million)
• The Company received a $0.6 million credit
from the forgiveness of the PPP loan previously
received by its US trading subsidiary in 2020
under the US CARES Act (2020: no credit
received).
The Company delivered its maiden positive EBITDA
performance of $4.0 million (2020: EBITDA negative
of $1.4 million), a transformation of $5.4 million
and Adjusted EBITDA of positive $4.1 million (2020:
negative EBITDA of $0.6 million).
In addition, Corero has achieved its maiden profit
before taxation of $1.4 million (2020: loss before
taxation of $4.0 million) including amortisation of
capitalised R&D costs of $1.9 million (2020: $1.9
million). Profit after taxation was $1.5 million (2020:
loss after taxation of $3.8 million), following a UK
In terms of overall position, Corero held net cash of
$8.4 million at 31 December 2021 (31 December
2020: $7.6 million), comprising:
• Cash at bank of $11.2 million as at
31 December 2021 (2020: $10.1 million); and
• Debt of $2.8 million (2020: $2.5 million).
In April 2021, the Company entered into a new
banking facility for up to £3.0 million (c.$4.1
million), the net proceeds of which are being used
for working capital purposes and our on-going
investment programme to support our growth
strategy ahead.
outlook
The demand for DDoS mitigation solutions
continues to remain strong in all our key territories
and markets. The global acceleration of hybrid
working and internet usage due to the COVID-19
pandemic, and now with the uncertainty created
as a result of current situation in Ukraine with
consequent increased DDoS attack activity,
continues to accelerate these trends and the
need for Corero’s solutions.
The Group has minimal exposure to Russia
and Ukraine both operationally and from a
revenue generation perspective and therefore
we expect the conflict to have little direct impact
on our business. We also continue to monitor the
semiconductor supply chain shortage closely,
and encouragingly there are signs that this is
beginning to abate globally.
2021 was a milestone year for Corero as we
achieved our first profit, supported by strong
revenue growth and heightened demand for our
products. The Board of Directors believe that
there is significant scope to build on this success,
leveraging our technologically superior solutions
and enhanced customer-centric sales strategy,
which is already yielding results. To this end,
Corero will continue to invest in people, marketing
and its solutions in the current financial year to
provide an even wider and stronger platform
for growth for the future.
In summary, Corero has been building and
enhancing its operational and financial platform
to deliver sustainable growth given the market
opportunities available to our business. This gives
us confidence in Corero’s medium to long-term
growth prospects.
Lionel chmilewsky
Chief Executive Officer
25 April 2022
�18
corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic report
Governance
Financial Statements
Corporate Directory
19
Financial Review
Alongside positive $4.0
million EBITDA achievement,
I am proud to report that the
Company registered a maiden
profit before taxation of $1.4
million. This transition to profit
represents a considerable
milestone for the business.
revenue and gross margins
Revenue in the year ended 31 December 2021
increased from $16.9 million to $20.9 million, a
$4.0 million or 24% improvement to a new record.
I am also pleased to report that all revenue
categorisations (appliance and licence revenue;
DDoS Protection-as-a-Service revenue; maintenance
and support services revenue) advanced year-on-
year. Revenues of $20.9 million for 2021 are more
than twice that of those reported in 2019 of $9.7m.
Annualised recurring revenues1 increased in the
year with ARR of $12.8 million as at 1 January
2022, driven by growth in DDPaaS and software
subscription orders (ARR at 1 January 2021: $9.8
million). This measure provides a good indicator
as to an underpin for future revenues.
Building on H1 2021 gross margin gains, the
Company’s overall gross margin significantly
improved in the full year with a margin of 85.1%
(2020: gross margin of 77.3%). Software license
and appliance revenues in particular saw better
margin capture while other revenue streams
recorded similar margins.
EBITDA
Profit/(loss) before taxation
operating expenses and
r&D investment
Operating expenses marginally decreased by
$0.3 million from $16.4 million to $16.1 million.
Underlying operating expenses, excluding
depreciation and amortisation, were $0.2 million
lower. Despite an increase in sales-related costs,
there were some significant decreases in controlled
discretionary expenditures, lower headcount-
associated expenses during the period, positive
foreign exchange swing between the periods of $0.5
million; and reduced travel and accommodation
costs due to the COVID-19 pandemic.
Underlying operating expenses included a
slightly lower depreciation charge between the
years of $0.1 million, $0.7 million (2020: $0.6
million) and similar amortisation charge for
research and development (‘R&D’) of $1.9 million
for both periods. During the year, the Group
enhanced its product offerings with new features
and functionality, with R&D investment of $1.8
million (2020: $1.4 million). In relation to this on-
going investment in R&D to maintain the Group’s
competitive edge, we secured UK R&D tax credits
of $0.1 million in 2021, relating to the 2020 tax
year (2020: $0.2 million, relating to the 2018
and 2019 tax years).
Capital expenditures in property plant and
equipment were lower year-on-year with $0.4
million of capital investment (2020: $1.0 million),
following the higher levels of capex in the two
previous years in our assets to facilitate our
DDPaaS offerings, both directly ourselves and
through our strategic partner, GTT.
Share based payments increased from $0.4
million in 2020 to $0.5 million in 2021, reflecting
the granting of options to staff and management
in the year.
In the year ended 31 December 2021, the
Company received a $0.6 million credit from the
forgiveness of the Paycheck Protection Program
Loan (PPPL) previously received by its US trading
subsidiary under the US CARES Act (2020: nil).
The forgiveness of the PPPL is a non-cash
movement and is shown as ‘other income’ in
the Group Income Statement.
Financing costs were slightly higher in the year
at $0.4 million (2020: $0.3 million) due to the
overlapping arrangements between old and new
loan balances (see Operating cash and cash
later section commentary).
Borrowings were $2.8 million (2020: $2.5 million
of borrowings). Borrowings consisted as at
31 December 2021 of both a new and old facility
with the Company’s bankers.
In April 2021, the Company entered into a new
borrowing facility for up to £3.0 million (c$4.1
million) with its existing banking partner. The new
borrowing facility comprises: a drawn £2.0 million
term loan facility and a (still) undrawn £1.0 million
revolving credit facility; for a three-year term; with
terms and conditions at par or better than the
existing facility. The net proceeds of this new facility
will be used for working capital purposes and the
Company’s on-going investment programme to
support Corero’s growth strategy.
The old loan facility, which stood at $0.4 million as
at 31 December 2021, was paid back in full and
to timetable in March 2022. Also during the current
year, the Company received notification of the
forgiveness of the PPP loan of $0.6 million. This is
shown as a ‘Other Income’ line item in the Group
Income Statement and, give its non-recurring nature
is an adjustment in respect of the Adjusted EBITDA
calculation. For further details on movements in
borrowings please see note 18.
Finally, I can report no equity raises were
conducted in either 2021 nor in 2020.
Neil pritchard
Chief Financial Officer
25 April 2022
profitability
Building on our EBITDA profit in H1 2021, I am
pleased to report positive EBITDA for the business
of $4.0 million in FY21. This represents a material
change from FY20’s negative EBITDA of $1.4 million
(itself a large improvement on the FY19 EBITDA loss
of $3.2 million). Adjusted EBITDA for the period was
$4.1 million (2020: negative $0.6 million). Further
details on these measures are provided in the Key
Performance Indicators section on pages 20 to 21.
Alongside this considerable positive $4.0 million
EBITDA achievement, I am proud to report the
Company registered a maiden profit before
taxation of $1.4 million (2020: loss before taxation
of $4.0 million). This transition to profit represents
a considerable milestone and level of successful
maturity for the business.
With the addition of a UK R&D tax credit of $0.1
million in the period, profit after taxation was $1.5
million (2020: loss after taxation of $3.8 million).
Basic and diluted profit per share was 0.3 cents per
share (2020: loss per share of 0.8 cents per share).
operating cash and cash
Overall, net cash from operating activities of $2.8
million was generated by the business (2020: $5.1
million). The comparative period quantum was
in part due to an order received from a sizeable
customer in the third quarter, the proceeds of which
were received towards the end of the fourth quarter
of the 2020 year, but the associated outflows for
which fell into the first quarter of the 2021 year.
In cash flow terms, cash and cash equivalents
increased by $1.2 million (2020: $1.8 million).
In balance sheet terms, net cash, defined as cash
at bank less total borrowings, at 31 December
2021 was $8.4 million (2020: $7.6 million). Gross
cash at bank at 31 December 2021 was $11.2
million (2020: $10.1 million).
Gross cash
Net cash
$11.2m
+11%
$8.4m
+11%
m
0
4
$
.
1
2
0
2
m
7
8
$
.
-
7
1
0
2
m
2
5
$
.
-
8
1
0
2
m
4
1
$
.
-
0
2
0
2
m
2
3
$
.
-
9
1
0
2
m
8
5
$
.
-
7
1
0
2
m
7
1
$
.
-
8
1
0
2
m
0
4
$
.
-
0
2
0
m 2
6
6
$
.
-
9
1
0
2
m
4
1
$
.
1
2
0
2
Neil Pritchard, CFO
m
4
1
$
.
7
1
0
2
m
0
8
$
.
8
1
0
2
m
3
8
$
.
9
1
0
2
.
m
1
0
1
$
0
2
0
2
.
m
2
1
1
$
1
2
0
2
m
4
1
$
.
7
1
0
2
m
4
4
$
.
8
1
0
2
m
4
5
$
.
9
1
0
2
m
6
7
$
.
0
2
0
2
m
4
8
$
.
1
2
0
2
�20
corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic report
Governance
Financial Statements
Corporate Directory
21
Key Performance Indicators
Revenue
represents statutory-recognised revenue from corero solutions.
$20.9m
+24%
performance
Revenue for the year ended 31 December 2021 increased by 24% to $20.9
million (2020: $16.9 million).
ARR (annualised
recurring revenues)
$12.8m
+31%
represents the normalised annualised recurring revenues and includes
recurring revenues from contract values of annual support, software
subscription and from DDoS protection-as-a-Service (DDpaaS) contracts.
performance
Annualised recurring revenues increased in the year with ARR of $12.8 million
as at 1 January 2022, driven by growth in DDPaaS and software subscription
orders (ARR at 1 January 2021: $9.8 million).
Gross margin %
85.1%
+780 basis points
represents statutory gross profit divided by statutory revenue.
it measures the group’s underlying profitability before overheads.
performance
Corero’s overall gross margin of 85.1% significantly increased from 2020 of
77.3%. Software license and appliance revenue saw better margin capture.
EBITDA
$4.0m
+386%
represents the classic eBitDa definition: operating profit less
depreciation, amortisation and any impairment of goodwill. the Board
considers eBitDa to be a useful measure of profitability as it excludes
typical non-cash items. For further details please see note 8.
performance
EBITDA was firmly in positive territory for the first time for Corero in FY21, with
a positive EBITDA of $4.0 million representing a material change on FY20’s
negative EBITDA of $1.4 million, itself a significant improvement on FY19 with
a negative EBITDA of $3.2 million.
m
5
8
$
.
7
1
0
2
.
m
0
0
1
$
8
1
0
2
m
7
9
$
.
9
1
0
2
.
m
9
6
1
$
0
2
0
2
.
m
9
0
2
$
1
2
0
2
m
0
5
$
.
7
1
0
2
m
8
5
$
.
8
1
0
2
m
2
7
$
.
9
1
0
2
m
8
9
$
.
0
2
0
2
.
m
8
2
1
$
1
2
0
2
%
1
5
7
.
7
1
0
2
%
4
8
7
.
8
1
0
2
%
0
1
8
.
9
1
0
2
%
3
7
7
.
0
2
0
2
.
%
1
5
8
1
2
0
2
m
0
4
$
.
1
2
0
2
m
7
1
$
.
-
8
1
0
2
m
8
5
$
.
-
7
1
0
2
m
4
1
$
.
-
0
2
0
2
m
2
3
$
.
-
9
1
0
2
m
2
5
$
.
-
8
1
0
2
m
7
8
$
.
-
7
1
0
2
m
0
5
$
.
-
7
1
0
2
m
7
1
$
.
-
8
1
0
2
m
0
4
$
.
-
0
2
0
m 2
6
6
$
.
-
9
1
0
2
m
4
1
$
.
1
2
0
2
m
1
4
$
.
1
2
0
2
m
6
0
$
.
-
0
2
0
m 2
5
2
$
.
-
9
1
0
2
m
4
1
$
.
7
1
0
2
m
4
4
$
.
8
1
0
2
m
4
5
$
.
9
1
0
2
m
6
7
$
.
0
2
0
2
m
4
8
$
.
1
2
0
2
Profit before taxation
$1.4m
+135%
For the first time, Corero registered a profit before taxation of $1.4 million
(2020: loss before taxation of $4.0 million). This was due to an increase in
revenues driving gross margin improvement of $4.7 million, with operating
expenses broadly similar. An increased share option charge between the
years and higher financing expenses (due to slightly higher borrowings) was
more than offset by a credit of $0.6 million from forgiveness of the PPPL
(see note 18).
Adjusted EBITDA –
Fully adjusted basis
$4.1m
+844%
represents the operating profit less forgiveness of the pppL, unrealised
foreign exchange differences on an intercompany loan, depreciation
(including adjusting for DDaap assets depreciation which is charged to
cost of sales), amortisation and any impairment of goodwill, and share
based-payment non-cash costs. the Board considers the adjusted eBitDa
– Fully adjusted basis to be a further useful measure of profitability as
it excludes other significant non-cash items in addition to classic typical
eBitDa non-cash items. For further details please see note 8.
performance
Adjusted EBITDA, like the EBITDA measure, was materially positive for the first
time for Corero in the year ended 31 December 2021 at $4.1million (2020:
-$0.6 million), representing a $4.7 million increase.
Net cash
represents cash at bank less total borrowings.
$8.4m
+11%
performance
Net cash as at 31 December 2021 was $8.4 million (H1 2021: $5.1 million;
2020: $7.6 million). Net cash is derived from gross cash (cash at bank and
in hand) less borrowings.
Gross cash at bank as at 31 December 2021 was $11.2 million (2020: $10.1
million). Gross cash at the year end was high from the further improvement
in trading.
Borrowings were $2.8 million (2020: $2.5 million of borrowings). In April 2021,
the Company entered into a new borrowing facility for up to $3.0 million,
comprising a drawn £2.0 million term loan and an undrawn £1.0 million
Revolving Credit Facility for a three-year term (see note 18). The Group
continues to pay down its bank borrowings according to the agreed loan
repayment schedules.
�22
corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic report
Governance
Financial Statements
Corporate Directory
23
Key Stakeholders
Section 172 Statement
The Directors are aware of their duty under Section 172 of the Companies Act 2006 to act in the way which they consider, in good faith,
would be most likely to promote the success of the Company for the benefit of its members as a whole and, in doing so, to have regard
(amongst other matters) to the: likely consequences of any decisions in the long-term; interests of the Company’s employees; need to foster
the Company’s business relationships with suppliers, customers and others; impact of the Company’s operations on the community and
environment; Company’s reputation for high standards of business conduct; and need to act fairly as between members of the Company.
The Board reviewed and re-confirmed the Company’s key stakeholder groups during the year. These are set out below along with details
of the forms of engagement undertaken by the Board:
every day corero is interacting with
customers and prospective customers in the
business – including in tenders, in technical
presentations, in quoting, in invoicing, in
deployment, and in after-sales and
on-going customer support roles.
Why they matter
What matters to them
corero’s engagement
the Board’s engagement
Key events in the year
Stakeholder: customers
Customers are the lifeblood of a successful
growing business.
Stakeholder: Shareholders
Shareholders own the business. They are the
providers of capital to grow and invest for
future success.
Corero customers are concerned with having
products and services that protect their online
presence and operations from the increasing
threat of DDoS attacks. High availability of cloud
services and applications are critical for modern
businesses and institutions, their revenue streams
rely on having internet connectivity protected
from the threat of DDoS attacks.
Concerned with a broad range of issues
including, but not limited to, Corero’s financial
and operational performance, strategic execution,
investment plans and governance.
Stakeholder: partners
Partners are an extension of Corero, representing
the Corero brand in the market, providing an
additional route to market to scale the business.
Corero’s partners harness Corero’s innovative
technology to deliver customer success through
creation of unique joint value propositions.
They share insights into what current and future
customers want, ultimately impacting product
strategy and roadmaps and accelerating business
growth through sales and marketing programmes,
as well as technical training, often with a greater,
and more geographically dispersed sales force.
Executive Directors meet with customers
throughout the year and feedback issues to
the Board.
The Board reviews strategy and monitors
performance during the year with the aim of
meeting customers’ needs more effectively.
Receives regular competitor updates to
understand Corero’s competitive performance and
its strengths and weaknesses as regards meeting
customer needs.
Every day Corero is interacting with customers
and prospective customers – including in tenders,
in technical presentations, in quoting, in invoicing,
in deployment, and in after-sales and on-going
customer support roles.
Communications such as annual reports, interim
reports and notices of general meetings.
Board attendance at the AGM to answer
questions.
Investor roadshows, Stock Exchange
announcements and press releases;
www.corero.com.
Feedback on investor meetings held by
the Chairman.
Executive Director meetings with investors in
the UK.
In conjunction with the Company NOMAD, Corero
consulted with major shareholders and key
strategic partners during a number of investor
roadshows and also an investor online forum.
In April 2021 the Company entered into a new
borrowing facility with its existing banking partner,
the net proceeds of which will be used for working
capital purposes and its on-going investment
program to support its growth strategy.
Partner Code of Conduct define expectations
of responsible business and behaviour.
Board updates regarding partner relationships,
development and engagement.
Board engaged in quarterly review of progress of
the Corero-Juniper and Corero-GTT engagements.
Regular Board reports, including updates on
performance and key partner issues, Senior
management engaged in quarterly review
of progress of the Corero – Juniper and GTT
engagements.
The Board provides on-going consideration of key
strategic partnerships, and whether to change or
add to existing relationships.
Regular Board member engagement with senior
Juniper management.
Stakeholder: employees
Corero employees are a key resource, dedicated
to creating, selling and supporting solutions that
protect Corero’s customers from the increasing
threat of DDoS attacks.
Opportunities for personal development and
career progression, a culture of inclusion and
diversity, compensation and benefits, and the
ability to make a difference within Corero.
Various activities and forums to foster
participation in Group events, invite opinions,
questions and ideas.
Regular ‘All Hands’ meetings are held.
In pre-COVID-19 times, Non-executive Directors
have provided ‘town hall’ meetings for employees
at Corero’s key locations to participate in a
Q&A session.
New style performance appraisal and objective
setting processes rolled-out in 2021 have provided
formalised reflection, feedback and direction for
the following year. The Company has regular ‘All
Hands meetings’ via online virtual meetings.
�24
corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic report
Governance
Financial Statements
Corporate Directory
25
Principal Risks and Uncertainties
The Group has a number of
principal risks and uncertainties.
revenue growth
coViD-19 pandemic
people
Corero’s strategy outlined on page 3 depends on
delivering revenue growth to meet these ambitions.
Clearly, higher order intake and related revenue
growth provides the opportunity for Corero to
invest further in its future. Revenue growth, given
high cyber security industry salaries, is highly
important to deliver profitable growth for the
business. Conversely, lower sales growth reduces
the Company’s cash resources which could impact
the Company’s investment in sales and marketing
and product development and its other
associated goals.
To deliver this order intake and, as a subset,
revenue growth then Corero needs to identify,
meet and exceed customer needs and desires.
If Corero is not successful in identifying customer
prospects with a business need Corero can solve,
or developing go to market partner and channel
partner relationships which generate revenue, this
will compromise growth plans and success. The
Group seeks to maintain a diverse customer base
and over different revenue streams and several
target customer verticals.
To be successful Corero is:
• focussing its lead generation and sales
resources, and product development, on its
target markets;
• working closely with go to market partners to
progress sales opportunities and generate
revenue; and
• developing relationships with new go to market
partners and channel partners to expand its
routes to market.
Market awareness
Corero is an emerging player in the DDoS
prevention market and competes with much larger,
traditional, established organisations. If Corero
is not successful in connecting with the market
and raising its profile this will compromise growth
plans. To raise market awareness of Corero and
its DDoS protection solutions, the Company will
continue to invest in targeted digital marketing and
lead generation programmes, together with its
brand marketing programmes.
The global COVID-19 pandemic in 2020 and
2021 has brought tragic consequences, uncertainty,
and wider market disruption globally. Corero has,
to date, not seen short-term adverse impact on
the provision of its solutions; indeed, the global
increase in remote working and internet usage
as a result of COVID-19 restrictions have further
emphasised the on-going relevance of
Corero’s solutions.
Nevertheless, COVID-19 may have a wider, more
consequential effect on economies as a whole as
the pandemic continues and where tighter fiscal
policy follows to pay for governmental support, this
may lead to a tougher economic climate in which
to operate. The Board will continue to monitor the
situation very closely.
Operationally, remote working across the Group
continues to be fully operational worldwide, as the
health and wellbeing of Corero’s workforce is of
the utmost importance. There continues to be the
possibility of localised virus outbreaks impacting
the Company’s supply chain, and we continue
to closely monitor for any signs of this and take
action as appropriate.
Foreign exchange fluctuations
Past Corero equity fund raises have been in
GBP and its debt is denominated in GBP. To the
extent such funds are required to support US
dollar denominated funding requirements more
generally for the Group, the exchange rate value
of GBP to the value of US dollar may vary, either
impacting adversely or favourably compared
to the denominated funding requirements that
can be funded from such fund raises. The Group
mitigates this risk by utilising US denominated
funds received by the Group’s UK subsidiary
to fund the Group’s US subsidiary to the extent
such funding is required, with the GBP funding
requirements satisfied from the GBP denominated
funds generated from GBP equity and debt
where possible.
Retaining and recruiting people with the necessary skills and
experience. To grow and address the challenges resulting
from technology change and innovation in the DDoS
protection market, the Company needs to retain and recruit
the required sales, business development, and software
development skills. Corero operates in a high growth cyber
security market, and in a thriving DDoS protection sector of
that market, with new players emerging. If Corero is unable
to recruit and retain the right skills this will compromise
growth plans. Consequently, Corero targets paying salaries
in the upper quartile for comparable positions and has
share options plans to provide an attraction and retention
incentive for employees.
technology change and innovation
The DDoS mitigation market is competitive and
characterised by changes in technology, customer
requirements and frequent new product introductions
and improvements. Cybersecurity and DDoS attacks are
constantly evolving and changing as attackers develop new
methods and tools to evade defenses.
Corero is focused on its chosen markets and delivering
continuous innovation by adding new DDoS attack defenses
and new machine learning and artificial intelligence
capabilities, and striving to provide market leading solutions
to secure customers from the threat of DDoS attacks.
other non-principal risks
and uncertainties
There are a multitude of other risks and uncertainties
that face companies like Corero, these include: risks and
uncertainties associated with local legal requirements,
political and geographic risk, the enforceability of laws
and contracts, changes in tax laws, terrorist activities,
wars and invasions, natural disasters and other types
of health epidemics.
risk Management
The Company operates a risk assessment process,
which is embedded in day-to-day management and
governance processes. As part of the annual planning
and budgeting process, Corero management document
the significant risks identified, the probability of those
risks occurring, their potential impact and the plans for
managing and mitigating each of those risks.
The Board reviews the annual risk assessment including
an annual assessment of the effectiveness of the
Company’s internal control system, comprising financial,
operational and compliance controls, to ensure that
the Company’s risk management framework identifies
and addresses all relevant risks in order to execute and
deliver the Company’s strategy.
The Directors are responsible for the Company’s system
of internal control and for reviewing its effectiveness,
whilst the role of management is to implement policies
on risk management and control. The Company’s system
of internal control is designed to manage, rather than
eliminate, the risk of failure to achieve the Company’s
business objectives and can only provide reasonable,
and not absolute, assurance against material
misstatement or loss.
The Company operates a series of controls to meet
its needs. These controls include, but are not limited
to, the annual strategic planning and budgeting
process, a clearly defined organisational structure with
authorisation limits, reviews by senior management of
monthly financial and operating information including
comparisons with budgets, and forecasts to the
Board. Given the size of the Company, the Board has
concluded it is not appropriate to establish a separate,
independent internal audit function. The Board will
keep this under review.
The Audit, Risk and Compliance Committee (‘ARCC’)
reviews the effectiveness of internal controls. The ARCC
receives reports from management and observations
from the external auditors concerning the system of
internal control and any material control weaknesses.
Significant risk issues, if any, are referred to the Board for
consideration. The Corero Risk Register, auditor’s report,
assessment of the effectiveness of the internal control
system and key judgements report for the Annual Report
and Accounts are tabled and reviewed by the ARCC.
�26
corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic report
Governance
Financial Statements
Corporate Directory
27
Environmental, Social and
Governance (ESG) Report
Corero aspires to carry out its
business to the highest ethical
standards, treating customers,
partners, suppliers and
employees in a professional,
courteous and honest manner.
corero’s culture and Values
customer
First
technology
Leadership &
innovation
operational
excellence
integrity
our people
empowerment
& team Work
We seek to live our culture and values every day,
in a dynamic and professional manner.
Our defined values are:
• Customers First;
• Technology Leadership & Innovation;
• Operational Excellence;
• Integrity; and,
• Our People, Empowerment & Team Work.
In common with most intellectual property
technology businesses, we know that the expertise,
experience, and passion of our employees is
genuinely what make our products and services
market leading. For example, Corero’s Security
Operation Centre (‘SOC’) comprises a team of highly
experienced security analysts whose role it is to assist
our customers’ IT and security teams mitigate the
growing number of increasingly sophisticated DDoS
attacks. This service and customer support offering
is therefore an important competitive differentiator.
Customers tell us they value the service levels and
our team regularly receives very favourable feedback
from our customers.
corero’s approach to responsible
business in society
Corero recognises that long-term success is
underpinned by good relations with its key
stakeholders, both external (partners, suppliers,
customers, shareholders, regulators and others)
and internal (employees). As part of Corero’s
annual planning and budgeting process, the
Company identifies its stakeholders and their
respective needs, interests and expectations.
In addition, the strategy for engaging with
these stakeholder groups is formulated
and implemented.
We are committed to complying
with environmental, social and
governance requirements and
corero is dedicated to improving
the security and availability of
the internet for all.
Corero values feedback from its stakeholders and
proactively endeavours to address any matter
identified. Feedback is gathered from: customers
and partners relating to Corero’s products and
services in an on-going, continuous manner;
shareholders, for example through investor relation
roadshows; and employees, for example as part
of monthly Company updates.
employees, diversity and inclusion
and employee interaction
Our employees are one of Corero’s most
important assets and the continued and sustained
development of the Company relies on its ability to
retain and attract high calibre employees. Corero
operates an all-employee share option plan, with
awards approved by the Corero Remuneration
Committee. We are proud to have so many
experienced, and talented employees in our team.
The Corero equal opportunities policy ensures that
all job applicants and employees are treated fairly,
no matter what age, race, colour, gender, religion
or beliefs, sexual orientation, marital or partner
status, ethnic origin or community, disability, and
without favour or prejudice. We are committed
to applying this policy throughout all areas of
employment, recruitment and selection, training,
development and promotion.
The Corero equal opportunity policy sets out
the Company’s position on equal opportunity
in all aspects of employment. The policy has
been developed to maintain the following
policy objectives:
• To provide a safe and welcoming
environment, in which individuals are valued,
included and respected
• To advance equality of opportunity
• To eliminate unfair discrimination
• To foster good relations between different
groups of people
We are an increasingly international, multi-
cultural, gender diverse and diverse organisation.
For example, many of our UK-based software
engineers are drawn from local universities but
also sponsored on EU skilled-migrant visas.
Inclusion is the practice of providing everyone
with equal access to opportunities and resources.
We believe employees find an environment of
understanding and respect at Corero – where
voices and opinions are heard and carefully
considered – this is made easier by the relatively
flat hierarchy and agile nature of the business
and the values we share.
Employees are regularly informed of matters
concerning their interest and the financial factors
affecting the Company. The Company uses
company-wide forums to communicate matters
as well as team and individual meetings.
environmental sustainability
Corero has identified the following UN Sustainable
Development Goals (SDGs) most applicable to its
activities listed in the table below.
Corero is committed to promoting sustainability.
We aim to lead, follow and to promote good
sustainability practice, to carry out our operations
in a way which manages and minimises any
adverse environmental impacts from our activities.
For many years Corero has operated a flexible
remote working policy before the remote working
and lack of in-person meetings characterised
and necessitated by the COVID-19 pandemic. We
aim to mitigate unnecessary travel, impacting on
climate change, in the future.
Our products are used by thousands of businesses
throughout the world to protect against disruptions
that could have adverse economic, health,
well-being and environmental consequences for
the users and customers of those businesses
(sometimes in a mission critical way) and the
knock-on effects to populations as-a-whole.
Disruptions may emanate from individuals,
groups, corporates or state-sponsored actors.
Corero is committed to reducing our resource
consumption where possible. Furthermore
employees are encouraged to be environmentally
aware. For example, Corero encourages the reuse
or recycling of office waste, including paper,
packaging, computer supplies and redundant
equipment. Company cars are not provided.
Wherever possible we seek to ensure that waste
materials are disposed of in an environmentally
safe manner and in accordance with regulations.
We are seeking to provide materials in a
paperless, digital way.
ethical business
Corero is committed to the fundamental values of
integrity, transparency and accountability. We have
a zero-tolerance policy with regard to bribery and
corruption with reporting mechanisms in place.
Corero adopts and enacts an Ethics and Anti-
Bribery Policy to record the ethical way in which
we conduct business and to make our ethical
standards clear to everyone, including those with
whom we do business, which includes resellers,
agents and distributors as well as our customers.
Corero provides training to all its employees on
Anti-Bribery and Corruption.
Strategic report Sign-off
In accordance with Section 414D(1) of The
Companies Act 2006, The Strategic Report on
pages 16 to 27 is signed by order of the Board.
Duncan Swallow
Company Secretary
25 April 2022
UN SD goals
How corero contributes
good Health and
Well Being
Quality education
Decent Work and
economic growth
peace, Justice and
Strong institutions
Ensuring healthy lives and promoting well-being at all ages is essential to sustainable development. We are committed to
our people and their wellbeing and are proud of our supportive, collaborative culture and strong values. We also provide
DDoS protection to many businesses important for the wider workforce.
Obtaining a quality education is the foundation to improving people’s lives and sustainable development. Corero’s
DDoS protection is favoured by many research and educational network customers as a secure way to deliver and
promote their objectives.
Sustained and inclusive economic growth can drive progress, create decent jobs for all and improve living standards.
Corero’s DDoS protection protects the heightened enabled remote working environment before and during the global
COVID-19 pandemic.
Conflict, insecurity, weak institutions and limited access to justice remain a great threat to sustainable development. Corero’s
solutions provide a key cyber protection for its customers against nefarious activities from individuals, crime and terrorist
groups and state-sponsored actors. We provide threat advisory information on attacks to our customers.
�28
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
GoverNaNCe
Financial Statements
Corporate Directory
29
Board of Directors
Jens Montanana
Non-executive Chairman
appointed
richard Last
Independent
Non-executive Director*
Peter George
Independent
Non-executive Director
andrew Miller
Non-executive Director
Lionel Chmilewsky
Chief Executive Officer
Neil Pritchard
Chief Financial Officer
ashley Stephenson
Chief Technology Officer
Duncan Swallow
Company Secretary
6 August 2010
22 May 2008
3 January 2019
6 August 2010
24 April 2020
14 April 2022
6 September 2013
1 November 2007
Background & experience
Jens has spent the majority of
his over 30-year career in the
technology industry with considerable
operational and commercial
experience in the resale and
distribution of information technology
hardware and software solutions.
He is the founder and CEO of
Datatec Limited, established in 1986
which listed on the Johannesburg
Stock Exchange in 1994. Between
1989 and 1993 Jens served as
Managing Director and Vice-
President of US Robotics (UK) Limited,
a wholly owned subsidiary of US
Robotics Inc., which was acquired
by 3Com. In 1993, he co-founded US
start-up Xedia Corporation in Boston,
an early pioneer of network switching
and IP bandwidth management,
which was subsequently sold to
Lucent Corporation in 1999 for $246
million. He has previously served on
the boards and sub-committees of
various public companies.
Current appointments
CEO of Datatec Limited and
Director of various Datatec Limited
subsidiary companies.
Richard has over 20 years’ senior
experience in information technology
having worked at board level for
a number of publicly quoted and
private companies in the technology
sector. He is a Fellow of the Institute
of Chartered Accountants in England
and Wales (‘FCA’).
*
as Richard Last is a Corero shareholder
and has been a Non-executive Director
of the Company for over 10 years, his
independence has been considered by
the Board. The Board is satisfied that
Richard Last is independent.
Peter George is a US based
executive with over 30 years’
experience in the IT networking
and cybersecurity industry.
He has a successful track record
as CEO of leading IT network and
security companies and provides
sales and marketing leadership
experience to the Board.
Peter is the CEO of Evolv Technology,
a US based leader in human security
screening. Prior to that he was President
and CEO of empow cybersecurity,
a market innovator in AI, machine
learning and advanced security
analytics. Prior to empow, between
2008 to 2017, he was President and
CEO of Fidelis Cybersecurity, a leading
US-based Advanced Threat Defense
business. Before joining Fidelis, Peter
was President and CEO of Crossbeam
Systems, a market leader in Unified
Threat Management. Prior to that he
was the President of Nortel Networks’
enterprise business where he was
responsible for growing a $2 billion
and 5,000 employee voice and data
business in EMEA.
Andrew Miller (Non-executive
Director) was until 31 May 2020 the
CFO of the Company. He was until
January 2022 the CFO and COO of
C5 Capital Limited, an investment
firm investing in the secure data
ecosystem including cybersecurity,
cloud infrastructure, data analytics
and space, and CFO of the Haven
Group, a private equity backed cyber
security services provider. Prior to
joining Corero Andrew was with the
Datatec Limited group in a number
of roles between 2000 and 2009
including the Logicalis Group Limited
(‘Logicalis’) Operations Director and
Corporate Finance and Strategy
Director. Prior to this, Andrew gained
considerable corporate finance
experience in London with Standard
Bank, West Deutsche Landesbank
and Coopers & Lybrand. Andrew
trained and qualified as a chartered
accountant and has a bachelor’s
degree in commerce from the
University of Natal, South Africa.
Andrew is a Chartered Accountant
with over 20 years’ experience in
the technology industry.
Duncan is responsible for the
Company secretarial function and is
also the Group Financial Controller.
Prior to joining the Company, Duncan
was Divisional Financial Controller
for CCH, a Wolters Kluwer business,
specialising in providing books,
online information, software, CPD and
fee protection to tax and accounting
professionals. He is a fellow of the
Association of Chartered Certified
Accountants.
Lionel has 30 years of international
experience in the technology field,
in particular in the Infrastructure,
Software and Services domains.
Most recently Lionel was CEO of
Cambridge Broadband Networks
Ltd, a leader in wireless solutions
based in the UK. Before joining
CBNL, Lionel was CEO of Comverse
IP Communications and Senior Vice
President of Comverse Group. Prior
to that, he was Executive Vice-
President of Proxim Wireless, leading
the worldwide business activity and
subsidiaries. Lionel’s background also
includes General Management and
Senior Executive roles in Alcatel, JDS
Uniphase, EXFO and Fairchild in the
USA. Lionel is a French national and
earned an MBA from NEOMA
(Rouen Business School).
Lionel has a successful track record
as CEO of leading technology
companies together with sales and
managerial leadership experience.
Neil Pritchard joined Corero in May
2020, having previously been Group
Financial Director and Company
Secretary at London listed technology
business CML Microsystems PLC and,
prior to this, Finance Director of the
UK and Eire division of the DAX-listed
group Continental AG. Neil also
held senior financial positions with
quoted companies Delta PLC and
Synthomer PLC. He is a qualified
chartered accountant, holding a FCA,
having spent six years with KPMG
London in audit, treasury and forensic
transaction service roles. He holds an
Economics and Politics degree from
the University of Bath, UK.
Neil has multidisciplinary,
international listed experience with a
strong track record in driving business
transformation and growth.
Ashley Stephenson (CTO) first joined
Corero Network Security as Executive
Vice President of the Network
Security division, with responsibility
for product and solution strategy in
March 2012, and was appointed
Chief Executive Officer of Corero in
January 2013. An IT industry executive
and internet technology entrepreneur,
Ashley has operating experience in
the United States, Europe and Asia.
His previous experience includes:
CEO of Reva Systems, which was
acquired by ODIN, and CEO of Xedia
Corporation, which was acquired by
Lucent. He has provided strategic
advisory services to a number of
leading multinational IT companies
including technology vendors,
distributors and services companies.
Ashley began his career at IBM
Research & Development in the UK.
He is a graduate of Imperial College,
London with a degree in Physics and
is an Associate of the Royal College
of Science.
Ashley has deep technology and
software development skills and
experience.
Chairman of Hyve Group plc, an
international events and exhibitions
group listed on the London Stock
Exchange. Chairman of AIM listed
Gamma Communications plc, a UK
telecommunications service provider
and Tribal Group plc, a technology
company. Richard is also a director
of a number of private companies.
CEO of Evolv Technology Inc.
None.
Cambridge Broadband
Networks Limited.
The Magic Circle Foundation Ltd.
Director of Eyealike, Inc. and
StepVest LLC.
None.
Nomination Committee
Remuneration Committee
Audit, Risk and Compliance Committee
Chair of Committee
�30
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
GoverNaNCe
Financial Statements
Corporate Directory
31
Chairman’s Corporate
Governance Introduction
QCA Code Compliance
Board commitment to governance
The Board is committed to continue to uphold high standards of corporate
governance, enhancing shareholder value, and engaging in a fair and
transparent manner with all of the Group’s stakeholders.
The Board therefore supports and is committed to the principles of the QCA
Corporate Governance Code. Details of our governance processes and
procedures are set in out in the following pages.
Board leadership and effectiveness
The Board recognises that to remain effective it must ensure that it has the
right balance of skills, experience, knowledge and independence to enable
it to discharge its duties and responsibilities. The Directors believe in the
necessity for open debate in the boardroom and consider that existing Board
dynamics and processes encourage honest, constructive and open debate
with the Executive Directors. We conduct internal Board evaluation reviews to
monitor it is operating effectively.
our culture and values
We recognise the importance of our values and how we live them within our
culture. The Board undertakes informal enquiries of employees to ensure our
values are upheld and promoted to maintain a healthy corporate culture.
During the COVID-19 pandemic, with global travel restrictions, it has been
necessary to conduct virtual Board meetings. Going forward it is anticipated
that more face-to-face time should be possible, providing the Board with the
opportunity to informally interact with employees based in the UK and US
office locations.
Board composition
There were no changes to the Board composition in 2021. I am pleased to
report that Neil Pritchard, our Chief Financial Officer, joined the Board on
14 April 2022.
Stakeholder engagement
We seek to maintain an open dialogue with all stakeholders including
shareholders, customers, partners, suppliers and our employees, even in
these on-going uncertain times with the global pandemic. Details of our
stakeholders along with details of the forms of engagement undertaken by
the Board are set out on pages 22 to 23.
In this context, I would like to give my continued thanks to our institutional and
private investors for their continued support; to all wider stakeholders such as
our customers, strategic partners and suppliers; and thank you as ever to all
our employees for their determination, integrity and commitment to Corero.
Looking further ahead
Corero has delivered an excellent performance in 2021 across many
metrics, not least of which is a significant improvement in profit growth and
our pleasure in reporting our maiden profit before taxation. The expectation
of strong forecast growth in the DDoS market underpins the Board’s continued
confidence, alongside Corero’s improved sales execution, and superior and
evolving technological solution in that marketplace. To capitalise on this, we
shall be investing in additional resources in 2022 to further the growth
drivers for Corero, and long-term value for all its stakeholders.
Jens Montanana
Non-executive Chairman
25 April 2022
The expectation of strong
forecast growth in the
DDoS market underpins
the Board’s continued
confidence, alongside
Corero’s improved
sales execution, and
superior and evolving
technological solution in
that marketplace.
As an AIM-listed company, Corero adopts the principles of the Quoted Companies Alliance Corporate Governance Code (the ‘QCA Code’). The QCA Code
identifies ten principles to be followed in order for companies to deliver growth in long-term shareholder value, encompassing an efficient, effective and
dynamic management framework accompanied by good communication to promote confidence and trust. The following explains how Corero follows those
QCA Code principles:
1 establish a strategy and business
model to promote long-term value
for shareholders
2 Understand and meet shareholder
needs and expectations
3 Take into account wider stakeholder
and social responsibilities and their
implications for long-term success
✔ Corero’s strategy is focused on being the leader in real-
time, high performance DDoS protection and scaling the
business for profitability though revenue growth.
✔ The CEO and CFO communicate regularly with
shareholders, investors and analysts, including at our
half-yearly results roadshows. The full Board is available
at the AGM to communicate with shareholders.
✔ Shareholders, our customers, partners and employees
are our most important stakeholders. We engage with
these communities via regular communications in our
day-to-day activities, and via formal feedback requests.
For more information please see
pages 4 and 5.
For more information please visit:
http://www.corero.com/who-we-
are/investor-relations
For more information please see
page 22 and 23.
4 embed effective risk management,
considering both opportunities and
threats, throughout the organisation
✔ Ultimate responsibility for risk management rests with
the Board. Day-to-day management of risk is delivered
through the way we do business and our culture.
For more information please see
pages 24 and 25.
5 Maintain the Board as a well-
functioning, balanced team led by
the Chair
6 ensure that between them the Directors
have the necessary up-to-date
experience, skills and capabilities
7 evaluate Board performance based on
clear and relevant objectives, seeking
continuous improvement
✔ The Board has three established Committees: Audit, Risk
and Compliance Committee; Nomination Committee;
and Remuneration Committee. The composition and
experience of the Board is reviewed regularly, primarily
by the Nomination Committee.
✔ The Board is satisfied that its current composition
includes an appropriate balance of skills, experience
and capabilities, including experience of the cyber
security market and international markets.
✔ The Board regularly considers the effectiveness
and relevance of its contributions, any learning
and development needs and the level of scrutiny
of the senior management team. An annual Board
effectiveness review is undertaken to enable the Board
to stand back and assess its strengths and areas
for development.
8 Promote a corporate culture that is
based on ethical values and behaviours ✔ Corero recognises the importance of culture and
values and in conjunction with employees, defined the
Company’s agreed values which are reinforced via
training and performance management.
9 Maintain governance structures and
processes that are fit for purpose and
support good decision making by
the Board
✔ The Board is responsible for the Group’s overall
strategic direction and management, and for the
establishment and maintenance of a framework of
delegated authorities and controls to ensure the efficient
and effective management of the Group’s operations.
The Board is satisfied that the necessary controls and
resources exist within the Company to enable these
responsibilities to be met.
For more information please see
pages 32, 33 and 35.
For more information please see
pages 28, 29 and 34.
For more information please see
page 34.
For more information please see
pages 26 and 27.
For more information please see
pages 32 to 34
10 Communicate how the Company
is governed and is performing
by maintaining a dialogue with
shareholders and other relevant
stakeholders
✔ The investors section of our website includes our Annual
Report, results, presentations, notice of AGM and results
of the AGM and general meetings.
For more information please visit:
http://www.corero.com/who-we-
are/investor-relations
�32
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
GoverNaNCe
Financial Statements
Corporate Directory
33
Corporate Governance Report
Board composition and responsibilities
The Board sets Corero’s overall strategic direction, reviews management performance and ensures that the Company has the necessary financial and human
resource in place to meet its objectives. Operational management of the Company is delegated to the Chief Executive Officer.
The Board comprises the Non-executive Chairman, two independent Non-executive Directors, one non-independent Non-executive Director and three Executive
Directors whose Board and Committee responsibilities are set out below:
Jens Montanana
Peter George
Richard Last
Andrew Miller
Lionel Chmilewsky
Neil Pritchard
Ashley Stephenson
Non-executive /
executive Director
Non-executive
Non-executive
Non-executive
Non-executive
Executive
Executive
Executive
Board
Compliance Committee
remuneration Committee
Nomination Committee
audit, risk and
Member
Chairman
Member
Chairman
Member
Chairman
Member
Member
Chairman
Member
Member
Member
Member
Member
Member
One third of all Directors are subject to annual reappointment by shareholders, as well as any Director appointed to the Board in the period since the last
AGM, and any Non-executive Director whose tenure is more than nine years or whose independence is the subject of Board judgement. Jens Montanana,
Richard Last and Neil Pritchard will be offering themselves for (re)election at the forthcoming AGM.
The Corero Board members’ biographies and their relevant experience, capabilities and skills and are set out on pages 28 and 29.
Board balance and independence
The composition of the Board is reviewed regularly. Appropriate training, briefings, and inductions are available to all Directors on appointment and
subsequently as necessary, taking into account existing qualifications and experience.
The Board is satisfied that, between the Directors, it has an effective and appropriate balance of skills and experience, including operational, commercial and
technology expertise and experience. All members of the Board have more than 20 years’ technology experience through investing in and working for a range
of companies from start-ups to large established technology companies, with complementary financial, commercial, sales and marketing skills.
The skills and experience of the Board are summarised in the table below:
Technology
Cyber security
Sales and
marketing
People
International
Governance
Finance
Jens Montanana
Peter George
Richard Last
Andrew Miller
Lionel Chmilewsky
Neil Pritchard
Ashley Stephenson
The Board is cognisant of the lack of gender diversity and plans to address this as the Company grows through its recruitment policy.
All Directors are able to take independent legal advice in relation to their duties, if necessary at the Company’s expense. In addition, the Directors have direct
access to the advice and services of the Company Secretary. The Directors keep their skills up to date through a combination of their other roles (if applicable),
attending appropriate training courses and seminars funded by the Company if appropriate, and by reading widely.
There are no external advisers to the Board or any of its Committees, other than the Company’s broker (Canaccord Genuity) and auditor (BDO LLP).
Corero’s Chairman, Jens Montanana, is a material shareholder with an equity interest in Corero of 37.85% at 25 April 2022. His interests are strongly aligned
with all shareholders.
Richard Last is a Corero shareholder with a 0.51% equity interest in Corero at 25 April 2022 and has been a Non-executive Director of the Company for over 10
years. His independence has been considered by the Board. The Board is satisfied that Richard Last operates in an independent manner and is independent.
Corporate Governance
• Review of the management structure and senior management
responsibilities.
• With the assistance of the Remuneration Committee, approval of
remuneration policies.
• Consideration of the independence of the Non-executive Directors.
• Receiving reports and feedback from the Company’s shareholders.
The Board receives regular briefings on the Company’s performance
(including commentary and analysis), key issues and risks affecting the
Company’s business.
The Company maintains liability insurance for its Directors and Officers.
The Company has also entered into indemnity agreements with the Directors,
in terms of which the Company has indemnified its Directors, subject to the
Companies Act limitations, against any liability arising out of the exercise of
the Directors’ powers, duties and responsibilities as a Director or Officer.
In the year ended 31 December 2021, the Board met, virtually or physically,
on five scheduled occasions; further meetings and conference calls were
held as and when necessary. Details of Directors’ attendance at scheduled
meetings in the year to 31 December 2021 is shown in the table below:
Jens Montanana
Richard Last
Peter George
Andrew Miller
Lionel Chmilewsky
Ashley Stephenson
Meetings attended
5/5
5/5
5/5
5/5
5/5
5/5
Directors’ conflict of interest
The Company has effective procedures in place to monitor and deal with
conflicts of interest. The Board is aware of the other commitments and
interests of the Directors, and changes to these commitments and interests
are reported to and, where appropriate, agreed with the rest of the Board.
evolution of the Company’s governance framework
The Board will, on an on-going basis, and as the Company’s business
develops and grows, review the appropriateness of the governance
framework, including the composition of the Board and the need for an
internal audit function, to ensure the Company delivers on its strategy
and goals whilst maintaining appropriate governance structures.
Andrew Miller is a Corero shareholder with a 0.22% equity interest in Corero
at 12 April 2022 and was previously Chief Financial Officer of the Company
for over 10 years. His independence has been considered by the Board.
The Board considers him to be not independent.
employment and service agreements
The Director employment and service contracts are summarised below:
• Lionel Chmilewsky, Executive Director, has an employment agreement
which provides for the payment of six months’ base salary if the
agreement is terminated by the Company without cause.
• Neil Pritchard, Executive Director, has an employment agreement which
provides for the payment of three months’ base salary if the agreement
is terminated by the Company without cause.
• Ashley Stephenson, Executive Director, has an employment agreement
which provides for the payment of six months’ base salary if the
agreement is terminated by the Company without cause.
• The Non-executive Director’s letters of appointment are for 12-month terms
and provide that the appointment may be terminated by either party
giving to the other not less than three months’ notice.
Non-executive Directors, per their letters of appointment, have a time
commitment to the Company of not less than eight days per annum including
the attendance of Board meetings and the Company AGM. In addition,
Non-executive Directors are expected to devote appropriate preparation
time ahead of each meeting.
Board responsibilities
The Board meets, virtually or in person, on average once a quarter; additional
meetings or conference calls are held as required. Each Director is provided
with sufficient information to enable them to consider matters in good time for
meetings and enable them to discharge their duties properly.
The Board also ensures that the principal goal of the Company is to create
shareholder value, while having regard to other stakeholder interests, and
takes responsibility for setting the Company’s values and standards.
The Board has a formal schedule of matters reserved to it for consideration
and approval. These include:
• Strategy and management.
• Responsibility for the overall strategy and management of the Company.
• Approval of strategic plans and budgets and any material changes
to them.
• Approval of the acquisition or disposal of subsidiaries and major
investments, projects and contracts.
• Changes relating to the Company’s capital structure.
• Delegation of the Board’s powers and authorities.
Financial matters and internal controls
• Oversight of the Company’s operations ensuring competent and
prudent management, sound planning and maintenance of adequate
accounting and other records.
• Approval of the annual and interim financial statements and
accounting policies.
• Approval of the dividend policy.
• Ensuring an appropriate system of internal control and risk
management is in place.
�34
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
GoverNaNCe
Financial Statements
Corporate Directory
35
Board Performance and
Remuneration Policy
Introduction
An annual Board effectiveness review is undertaken to enable the Board to
stand back and assess its strengths and areas for development. This review
is conducted internally.
Share options
Share options are granted to encourage and reward delivery of the
Company’s long-term strategic objectives and provide alignment with
shareholders through the use of share-based incentives.
The Board may refresh the performance assessment process based on
external advice and if appropriate engage a third-party facilitator to assist
in the performance of such effectiveness reviews every three years.
The Remuneration Committee’s (‘RC’) remit is to measure the performance
of and determine the remuneration policy relating to Directors and senior
employees. To support this responsibility, it has access to professional and
other advice external to the Group. Taking the performance factors into
account, it then makes recommendations to the Board.
To assist the work of the RC, the views of the Chief Executive Officer and
Chief Financial Officer are also invited where appropriate. However, they do
not participate in any decision related to their own remuneration.
The Nomination Committee reviews and recommends nominees as new
Directors to the Board. Senior management appointments are required to
be approved by the RC.
The Group is committed to the governing objective of maximising shareholder
value over time. Each year the remuneration framework and the packages of
the Directors are reviewed to ensure they continue to achieve this objective.
The Group operates in the cyber security market which is a market with
significant growth potential. It is also a competitive market with a number of
companies who are significantly larger than Corero. The Group’s Executive
Director remuneration policy is designed to attract and retain Directors of the
calibre required to maintain the Group’s position in its marketplace. This is
maintained through the use of bonus and share option schemes, as follows.
Bonus
A cash bonus designed to incentivise specific short-term financial goals.
Goals and objectives are set for the Executive Directors with a significant
weight being on key financial performance metrics. The Chief Executive
Officer and Chief Technology Officer on-target bonuses are set at two-thirds of
base salary and the Chief Financial Officer is set at one half of base salary.
All share-based incentives offered to Directors have a three year vesting
schedule, with one-third vesting on the first anniversary of the grant/start date,
a further third on the second anniversary of the grant/start date and the final
third the third anniversary of the grant/start date. Shares acquired on the
exercise of options may not be sold until the second anniversary of the grant
date. Share options are granted with an exercise price set at the higher of
market price or such other price as determined by the RC.
In order to ensure that share options in issue continue to act as an effective
incentive and staff retention tool, the Company sought shareholder approval
at the AGM for the cancellation, and subsequent regrant, of certain Existing
Share Options granted to various of its directors and employees, and this
was enacted in the prior year on 16 June 2020.
Conflicts of interest
The members of the RC do not have any conflicts from cross-directorships that
relate to the business of the Committee. The members of the RC do not have
any day-to-day involvement in the running of the Group.
Board changes
Given Corero’s size, the Company does not have internal succession
candidates for the Executive Directors. In the event an Executive Director
replacement is required, the Company would seek to recruit a replacement
through a recruitment search process. The Board is satisfied that the
Company’s middle management will ensure the Company’s business is not
adversely impacted in the period between an Executive Director leaving
and a replacement being recruited.
Board Committee Reports
The Board has three established Committees:
• Audit, Risk and Compliance Committee: responsible for reviewing the
Group’s interim and year end results announcements, and the Annual
Report and Accounts; determining the application of the financial
reporting and internal control and risk management procedures and
assessing the scope, quality and results of the external audit.
• Remuneration Committee: responsible for the policy for the remuneration
of the Executive Directors and senior management; setting the
remuneration of the Executive Directors, determining the payment of
bonuses to Executive Directors; and approving the Company’s bonus
and incentive arrangements for employees.
remuneration Committee (‘rC’) report
The RC comprises Peter George, and members Jens Montanana and
Richard Last. The RC meets at least twice a year.
In the year ended 31 December 2021, the RC met on two scheduled
occasions; further meetings and conference calls were held as and when
necessary. The attendance of individual Committee members at scheduled
RC meetings in the year to 31 December 2021 is shown in the table below:
Meetings
attended
2/2
2/2
2/2
• Nomination Committee: responsible for reviewing the composition,
Peter George (Committee Chairman)
structure and size of the Board; assessing the leadership needs of the
Group; and recommending nominees as new Directors to the Board.
Richard Last
Jens Montanana
audit, risk and Compliance Committee
(‘arCC’) report
The ARCC members comprise Richard Last, who is the Committee
Chairman, and member Peter George, and meets at least twice a year.
The Company’s Chief Financial Officer and Group Financial Controller, and
the Company’s external auditors attend the meetings.
In the year ended 31 December 2021, the ARCC met on two occasions.
The attendance of individual Committee members at ARCC meetings in the
year to 31 December 2021 is shown in the table below:
The RC’s activities during the year, which are based on its terms of reference,
are set out below:
• Reviewed the performance of the Executive Directors and set the
remuneration of the Executive Directors.
• Determined the payment of bonuses to Executive Directors and approved
the Company’s bonus and incentive arrangements for employees.
• Ensured the Company’s share option schemes were operated properly
and approved the share option grants to Executive Directors and
employees.
Richard Last (Committee Chairman)
Peter George
Meetings
attended
The remuneration of the Chairman and Non-executive Directors is decided
upon by the Board.
2/2
2/2
Details of Directors’ remuneration for the year ended 31 December 2021 is
set out in note 24 of the financial statements.
The ARCC’s activities during the year, based on its terms of reference, are
set out below:
• Reviewed the scope and results of the external audit, its cost effectiveness
and the objectivity of the auditors.
• Reviewed, prior to publication, the interim financial statements, preliminary
results announcement, the annual financial statements and the other
information included in the Annual Report. Considered the regulatory,
technical and operational risks of the Company and ensured these risks
are properly assessed, monitored and reported on and the appropriate
policies and procedures are in place.
The key financial reporting judgements relating to the financial statements
for the year ended 31 December 2021 which the ARCC have considered and
discussed with the auditors, include:
Going concern basis for financial statements
Revenue recognition
Financial
Statements note
2.2
2.5
Carrying value of goodwill and intangible assets
2.12 and 9
The ARCC is satisfied with the treatment in the financial statements and the
disclosure in the notes.
Nomination Committee (‘NC’) report
The NC comprises Jens Montanana (Chairman), Richard Last and Peter
George. The NC meets as required.
In the year ended 31 December 2021, the NC met on one scheduled
occasion. The attendance of individual Committee members at NC meetings
in the year to 31 December 2021 is shown in the table below:
Jens Montanana (Committee Chairman)
Richard Last
Peter George
Meetings
attended
1/1
1/1
1/1
The NC’s activities during the year, which are based on its terms of reference,
are set out below:
• Reviewed the composition, structure, and size of the Board.
• Reviewed the leadership needs of the Group.
�36
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
GoverNaNCe
Financial Statements
Corporate Directory
37
Directors’ Report
Group results
The Group’s Income Statement on page 45 shows a profit for the year of
$1.5 million (2020: loss of $3.8 million).
Going concern
The financial position and cash flows are described in the Financial Review
on page 18. An indication of likely future developments affecting the Company
is included in the Strategic Report on pages 16 to 27.
The Directors have prepared detailed income statement, balance sheet
and cash flow projections for the period to 30 April 2023 (“going concern
assessment period”). The cash flow projections have been subjected to
sensitivity analysis at the revenue, cost and combined revenue and cost
levels under three different scenarios. The cash flow projections show that the
Group and Company will maintain a positive cash balance through the going
concern assessment period under the base case and all three sensitivity
scenarios. In addition, the projections and sensitivity analyses confirm that the
bank loan covenants will be met during the going concern assessment period.
The Directors are also not aware of any significant matters in the remainder
of calendar 2023 that occur outside the going concern period that could
reasonably possibly impact the going concern conclusion.
The Directors continue to carefully monitor the impact of the COVID-19
pandemic, and its impact on the macroeconomic environment, on the
operations of the Group and have a range of possible mitigating actions,
which could be implemented in the event of a downturn of the business.
However, with COVID-19 driving an increased requirement for workforces to
shift to home working and heightened concerns relating to digital security
and privacy the Group has benefited from favourable market tailwind.
The Directors have also considered the geo-political environment, including
rising inflation in some of our key markets and the conflict in Ukraine, and
whilst the impact on the Group is currently deemed minimal, the Directors
remain vigilant and ready to implement mitigation action in the event of a
downturn in demand or an impact on operations.
On this basis, the Directors have therefore concluded that it is appropriate
to prepare the financial statements on a going concern basis.
Dividends
The Directors have not recommended a dividend (2020: $nil).
Share capital
The issued share capital of the Company, together with details of movements
in the Company’s issued share capital during the financial period are
shown in note 22 to the financial statements. As at the date of this report,
494,852,304 ordinary shares of 1p each (‘ordinary shares’) were in issue and
fully paid with an aggregate nominal value of $6.9 million.
The market price of the ordinary shares at 31 December 2021 was 12.5p and
the shares traded in the range 9.0p to 16.0p (as at 31 December 2020 was
10.0p and the shares traded in the range 3.6p to 11.6p during the year ended
31 December 2020).
Issue of shares powers at the aGM
At the AGM held on 11 June 2021, shareholders granted authority to the
Board under the Articles and section 551 of the Companies Act 2006 (the
‘Act’) to exercise all powers of the Company to allot relevant securities up to
an aggregate nominal amount of £494,852.30.
Also at the AGM held on 11 June 2021, shareholders granted authority to the
Board under the Articles and section 570(1) of the Act to exercise all powers
of the Company to allot equity securities wholly for cash up to an aggregate
nominal amount of £494,852.30 without application of the statutory pre-emption
rights contained in section 561(1) of the Act.
Substantial shareholdings
The Company has been notified of the following holdings that are 3% or more
of the Group’s ordinary share capital as at 31 March 2022:
ordinary shares of 1 pence each
Jens Montanana*
Sabvest Capital Holdings Limited
Juniper Networks, Inc.
Herald Investment Management
Richard John Koch
Premier Miton Group PLC
InsingerGlissen
Peter Kennedy Gain**
Number
187,300,406
50,000,000
49,179,772
34,592,121
30,061,222
26,475,355
25,000,000
16,378,246
%
37.85
10.10
9.94
6.99
6.07
5.35
5.05
3.31
*
of which 33,674,846 are held in the name of JPM International Limited, which is wholly
owned by Jens Montanana, and 125,871,751 are held in the name of The New Millennium
Technology Trust of which Jens Montanana is a beneficiary
** of which 4,900,000 shares are held in the name of Draper Gain Investments Ltd
Directors’ shareholdings
Jens Montanana
Peter George
Richard Last
Andrew Miller
Lionel Chmilewsky
Neil Pritchard
Ashley Stephenson
31 March 2022
31 December 2020
31 December 2019
Number
%
Number
%
Number
187,300,406
37.85
187,300,406
37.85
187,300,406
–
2,500,000
1,091,437
–
–
–
0.51
0.22
–
–
–
2,500,000
1,091,437
–
–
–
0.51
0.22
–
–
–
2,500,000
1,091,437
–
–
38,000
0.01
38,000
0.01
38,000
%
37.85
–
0.51
0.22
–
–
0.01
Directors’ indemnities
The Company has qualifying third party indemnity provisions in place for the
benefit of its Directors. These remain in force at the date of this report.
Directors and Directors’ interests
The Directors who served in office during the year and up to the date of this
report and their interests in the Company’s shares were as above.
The biographical details of the current Directors of the Company are set out
on pages 28 and 29.
Jens Montanana, Peter George, Richard Last, Andrew Miller, Lionel
Chmilewsky, Neil Pritchard and Ashley Stephenson, hold share options,
details of which are shown in note 27 to the financial statements.
Financial risk management objectives and policies
The Group’s business activities expose it to a variety of financial risks. The
policies for managing these risks are described below:
• Liquidity risk – arises from the Group’s management of working capital
and finance charges. It is a risk that the Group will encounter difficulty in
meeting its financial obligations, including its covenants and a repayment
term bank loan drawn down by the Company in April 2021 ($2.8 million
at 31 December 2021) details of which are set out in note 18, as they fall
due. Liquidity risk is managed by the Finance function. Annual budgets
are agreed by the Board, enabling the Group’s cash flow requirements
to be anticipated.
• Credit risk – arises from cash and cash equivalents and from credit
exposures to the Group’s customers including outstanding receivables
and committed transactions. Credit risk is managed with regular reports
of exposures reviewed by management. The Group does not set
individual credit limits but seeks to ensure that customers enter into legally
enforceable contracts that include settlement terms that demonstrate the
customers’ commitment to the transaction and minimise this risk exposure.
The amounts of trade receivables presented in the Statement of Financial
Position are shown net of allowances for doubtful accounts estimated by
management based on prior experience and their assessment of the current
economic environment (note 15). The Group has no significant concentration
of credit risk, with exposure spread over a number of customers.
The credit risk on liquid funds and financial instruments is limited because
the counterparties are banks with acceptable credit ratings assigned by
international credit rating agencies.
• Cash flow interest rate risk – the Group’s policy is to as far as
possible minimise interest rate cash flow risk exposure on its financing.
The Group is exposed to interest rate increases on the term bank loan
($2.8 million at 31 December 2021) details of which are set out in note 18,
which bears interest at 3-month GBP Libor plus 6.5%. The bank loan does
not have early repayment penalties and thus the Group can if GBP interest
rates increase to punitive levels, seek to refinance the loan. The Group’s
policy is to balance the risk in relation to cash balances held by spreading
these across a number of financial institutions as opposed to maximising
interest income.
• Currency risk – there was no material impact from trading currency risk
on the Group’s profit or loss for the year from exchange rate movements,
as foreign currency transactions are entered into by Group companies
whose functional currency is aligned with the currencies in which it
transacts. Exchange rate risks do arise in relation to (i) the bank loan
which is GBP denominated and equity fund raises which are in GBP,
given the Company’s AIM listing, to the extent such funds are required
to support US dollar denominated funding requirements, and (ii) GBP
denominated obligations of the Group given the invoicing currency of the
Group is US dollar denominated. The Group has not hedged such GBP
debt and equity fund raises or GBP denominated expenses in the past as
US denominated funds received by the Group’s UK subsidiary have been
used to fund the Group’s US subsidiary to the extent such funding has
been required, with the GBP funding requirements satisfied from the GBP
denominated funds generated from GBP debt and equity fund raises.
The Group keeps this policy under review based on the expected timing
of US dollar and GBP operational funding requirements.
The global COVID-19 pandemic brings on-going uncertainty and wider market
disruption globally. The Company continues to closely monitor its supply chain
for the supply and delivery of hardware appliances to customers. There is a
continued risk of COVID-19 resulting in possible supply chain constraints in
the short-term and some IT purchasing decisions by customers being delayed
in the medium-term as the virus transmission effects continue. The Group has
undertaken financial scenario planning to identify actions that may need
to be taken in the event that delays to customers decision making impacts
revenue and cash. These actions will be implemented as required.
The principal risk which applies to the Parent Company’s financial statements
is the risk that the returns generated by the subsidiaries might not support the
carrying value of the cost of the investments in subsidiaries. The carrying value
is tested at least annually for impairment and, if necessary, impaired
as appropriate.
�38
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
GoverNaNCe
Financial Statements
Corporate Directory
39
Directors’ Report continued
Statement of Directors’
Responsibilities
Capital management
The Group monitors its available capital, which it considers to be all
components of equity against its expected requirements.
The Group’s objectives when maintaining capital are to safeguard the
entity’s ability to continue as a going concern, so that it can continue to
provide returns for shareholders and benefits for other stakeholders, and to
ensure that sufficient funds can be raised for investing activities. In order to
maintain or adjust the capital structure, the Company may return capital to
shareholders, issue new shares, or sell assets. The Group does not review
its capital requirements according to any specified targets or ratios.
annual General Meeting
Notice of the AGM together with details of the business to be considered will
be sent to shareholders in due course.
auditors
In so far as each Director is aware:
• there is no relevant audit information of which the Company’s auditors are
unaware; and
• the Directors have taken all the steps that they ought to have taken to
make themselves aware of any relevant audit information and to establish
that the Company’s auditors are aware of that information.
Treasury management
The objectives of Group treasury policies are to ensure that adequate
financial resources are available for development of the business while at
the same time managing financial risks. Financial instruments may be used
to reduce financial risk exposures arising from the Group’s business activities
and not for speculative purposes.
By order of the Board
Duncan Swallow
Company Secretary
25 April 2022
The Group’s treasury activities are managed by the Group Financial Controller
who reports to the Board on the implementation of the Group treasury policy.
environment
The Group’s activities are primarily office-based and as such the Directors
believe that there is no significant environmental impact arising from the
Group’s activities. The Group complies with local WEEE regulations. No
environmental performance indicators are therefore included within this
report. The Group’s environmental policy states: “We endeavour to recycle
appropriate materials where possible and to efficiently use natural resources
and energy supplies so as to minimise our environmental impact. We will
comply with the relevant statutes and legislation. Furthermore, employees are
encouraged to be environmentally aware. Company cars are not provided.”
research and development
The development of computer software is an integral part of the Group’s
business and the Group continues to develop its software in response to user
demand, and particularly the changing IT security threat landscape. During
the year the Group enhanced the features and functionality of its existing
products. A capital investment of $1.8 million (2020: $1.4 million) was made
during the year. Amortisation of $1.9 million (2020: $1.9 million) and costs
not capitalised of $1.5 million (2020: £1.6 million) were charged to the Group
Income Statement during the year.
employees
The quality and commitment of the Group’s employees has played a major
role in the Company’s continued progress. This has been demonstrated in
many ways, including strong customer satisfaction, the development of new
product offerings and the flexibility employees have shown in adapting to
changing business requirements. The Group operates sales commission,
incentive bonus plans and share option plans to provide incentives for
achievements which add value to the business.
The Directors are responsible for preparing the Annual Report and Financial
Statements in accordance with applicable law and regulations.
Company law requires the Directors to prepare financial statements for
each financial year. Under that law the Directors have elected to prepare
the Group financial statements in accordance with UK adopted international
accounting standards in conformity with the requirements of the Companies
Act 2006. The Directors have chosen to prepare the Company financial
statements in accordance with FRS101. Under company law the Directors
must not approve the financial statements unless they give a true and fair
view of the state of affairs of the Group and Parent Company and of the
profit or loss of the Group for that period. The Directors are also required to
prepare financial statements in accordance with the rules of the London Stock
Exchange for companies trading securities on the AIM. In preparing these
financial statements, the Directors are required to:
• select suitable accounting policies and then apply them consistently;
• make judgements and estimates that are reasonable and prudent;
• state whether they have been prepared in accordance with UK adopted
international accounting standards in conformity with the requirements of
the Companies Act 2006, subject to any material departures disclosed
and explained in the financial statements; and
• prepare the financial statements on the going concern basis unless it is
inappropriate to presume that the Group will continue in business.
The Directors are responsible for keeping adequate accounting records that
are sufficient to show and explain the Group’s transactions and disclose
with reasonable accuracy at any time the financial position of the Group
and enable them to ensure that the financial statements comply with the
Companies Act 2006. They are also responsible for safeguarding the assets
of the Group and hence for taking reasonable steps for the prevention and
detection of fraud and other irregularities.
The Directors are responsible for ensuring the Annual Report and the
financial statements are made available on a website. Financial statements
are published on the Company’s website in accordance with legislation
in the United Kingdom governing the preparation and dissemination of
financial statements, which may vary from legislation in other jurisdictions.
The maintenance and integrity of the Company’s website is the responsibility
of the Directors. The Directors’ responsibility also extends to the on-going
integrity of the financial statements contained therein.
�40
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
GoverNaNCe
Financial Statements
Corporate Directory
41
Independent Auditor’s Report
to the members of Corero Network Security plc
opinion on the financial statements
In our opinion:
• the financial statements give a true and fair view of the state of the
Group’s and of the Parent Company’s affairs as at 31 December 2021
and of the Group’s profit for the year then ended;
• the Group financial statements have been properly prepared in
accordance with UK adopted international accounting standards;
• the Parent Company financial statements have been properly prepared
in accordance with United Kingdom Generally Accepted Accounting
Practice; and
• the financial statements have been prepared in accordance with the
requirements of the Companies Act 2006.
We have audited the financial statements of Corero Network Security Plc
(the ‘Parent Company’) and its subsidiaries (the ‘Group’) for the year ended
31 December 2021 which comprise the Consolidated Income Statement, the
Consolidated Statement of Comprehensive Income, the Consolidated and
Company Statements of Financial Position, the Consolidated Statement of
Cash Flows, the Consolidated and Company Statements of Changes in Equity
and notes to the financial statements, including a summary of significant
accounting policies.
The financial reporting framework that has been applied in the preparation
of the Group financial statements is applicable law and UK adopted
international accounting standards. The financial reporting framework that has
been applied in the preparation of the Parent Company financial statements
is applicable law and United Kingdom Accounting Standards, including
Financial Reporting Standard 101 Reduced Disclosure Framework (United
Kingdom Generally Accepted Accounting Practice).
Basis for opinion
We conducted our audit in accordance with International Standards on
Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those
standards are further described in the Auditor’s responsibilities for the audit
of the financial statements section of our report. We believe that the audit
evidence we have obtained is sufficient and appropriate to provide a
basis for our opinion.
Independence
We remain independent of the Group and the Parent Company in accordance
with the ethical requirements that are relevant to our audit of the financial
statements in the UK, including the FRC’s Ethical Standard as applied to listed
entities, and we have fulfilled our other ethical responsibilities in accordance
with these requirements.
Conclusions relating to going concern
In auditing the financial statements, we have concluded that the Directors’
use of the going concern basis of accounting in the preparation of the
financial statements is appropriate.
Our evaluation of the Directors’ assessment of the Group and the Parent
Company’s ability to continue to adopt the going concern basis of accounting,
has been set out in the Key Audit Matters section of the report.
Based on the work we have performed, we have not identified any material
uncertainties relating to events or conditions that, individually or collectively,
may cast significant doubt on the Group and the Parent Company’s ability to
continue as a going concern for a period of at least twelve months from
when the financial statements are authorised for issue.
Our responsibilities and the responsibilities of the Directors with respect to
going concern are described in the relevant sections of this report.
overview
Coverage
Key audit matters
100% (2020: 100%) of Group revenue, Group profit before tax, Group total assets
Revenue recognition
Goodwill and intangible asset impairment
Going concern
Materiality
Group financial statements $418,000 based on 2% of revenue
(2020: $381,000 based on 2.26% of revenue)
2021
2020
✔
✔
✔
✔
✔
✔
an overview of the scope of our audit
Our Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of internal control, and assessing
the risks of material misstatement in the financial statements. We also addressed the risk of management override of internal controls, including assessing
whether there was evidence of bias by the Directors that may have represented a risk of material misstatement.
A full scope audit was performed for each component included in the consolidation. All audit work was undertaken by the Group audit team. Corero Group
Services Limited was considered a non-significant component, but was subject to a full scope audit for statutory purposes, contributing to the overall Group
coverage obtained.
Key audit matters
Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current
period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified, including those which had the
greatest effect on: the overall audit strategy, the allocation of resources in the audit, and directing the efforts of the engagement team. These matters were
addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion
on these matters.
Key audit matter
revenue recognition
See accounting policy
at note 2.5, the key
accounting estimate at
note 3.2 and note 4.
The Group generates revenue primarily from the
sale of software and related maintenance and
support contracts.
It does this directly through arrangements with end-
users (either through the sale of a software licence
or by selling the software as a service) as well as
through distributors. The sales of licences may be
on a perpetual or a fixed term basis.
We considered there to be a significant audit
risk arising from the allocation of the value of the
transaction price to the individual performance
obligations included in the sale as well as the
timing of revenue recognition with regard to
appropriate deferral of maintenance and
support revenues.
Goodwill and
intangible asset
impairment review
As at the year end, the group holds goodwill of
$8,991k, computer software of $4k and capitalised
development expenditure of $4,528k.
See accounting policy
at note 2.12, the key
accounting estimate at
note 3.2 and note 9.
Management performed an impairment review
over its sole cash generating unit (CGU) – Corero
Network Security (CNS) – as at 31 December 2021
using a discounted cash flow model to calculate
value in use. The impairment review necessitates
significant management judgement over the timing
and degree of certainty attaching to forecast
net cash flows and the rate at which those future
cash flows should be discounted to present value.
Certain key assumptions and data points are
required to be disclosed along with sensitivity
calculations where reasonably possible changes in
key assumptions could give rise to an impairment.
The accurate disclosure of such information formed
part of the risk we assessed as being present.
In view of the impact of the ongoing COVID-19
pandemic there is a risk, whether due to fraud or
error, that there is an application of inappropriate
assumptions supporting the assets valuations and
therefore that these assets should be impaired.
As a result of the significant estimates and
judgements involved, we considered this area to
be a key audit matter.
How the scope of our audit addressed the key audit matter
Our procedures included the following:
We gained an understanding of the Group’s methodology in
determining the fair value of the different transactions prices for
performance obligations in multiple element arrangements as required
by the applicable accounting standards. For a sample of transactions we
recalculated the Group’s determination of the fair value of the different
transactions prices for performance obligations in multiple element
arrangements as set out in note 2.5 of the financial statements, to check
that it provided a suitable basis on which to recognise revenues.
For a sample of revenue transactions throughout the period and
around the year end we corroborated to supporting documentation,
including invoice, underlying contract, subsequent receipt through the
bank statement and associated evidence of satisfaction of the obligation,
recalculating the accompanying revenue and deferred revenue
where applicable.
We assessed the basis upon which performance obligations were
recognised for each revenue stream and compared this to the
requirements of the applicable accounting standards, industry practice,
and the Group’s specific circumstances.
We also tested on a sample basis the accuracy of the deferred income
balance through corroborating to supporting documentation, including
invoice, along with testing a sample of transactions around the year-end
to supporting documentation, including invoice and proof of deliver to
verify that revenue was recognised were recorded in the correct period.
Key observations: Based on the work performed we consider that
revenue has been recognised in accordance with the Group’s
revenue policy.
Our procedures included the following:
We verified that the model was mechanically accurate and prepared in
accordance with the requirements of applicable accounting standards.
We considered and reviewed the Managements identification of the
CGU in accordance with the requirements of the applicable accounting
standards and our understanding of the Group and its operations.
We reviewed, challenged and corroborated the assumptions regarding
future cash flows and whether the rate at which they had been discounted
was appropriate to the Group’s circumstances. To further support this, we
confirmed the consistency of the forecasts used for impairment with the
forecasts used for going concern.
We used our internal valuations experts to assist with our interrogation
of the model and the appropriateness of the discount rate applied by
Management. This work also included comparison to industry data,
historic trading, and macro-economic factors.
Our audit procedures relating to the review of forecast operating cash
flows included corroboration of forecast revenue to post year-end
transactions and trading along with performing sensitivity analysis
and ‘look back’ procedures to consider the accuracy of forecasts by
comparing previous forecast to actual outcomes.
Key observations: Based on the procedures performed, we considered
that the assumptions used within the impairment model prepared by
management to be appropriate.
�42
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
GoverNaNCe
Financial Statements
Corporate Directory
43
Independent Auditor’s Report continued
to the members of Corero Network Security plc
Key audit matter
Going concern
See note 2.2.
The Group has historically been loss
making and is trading during the
ongoing backdrop of the COVID-19
pandemic and supply chain
challenges. These factors cause
disruption and economic uncertainty
globally and could impact on the
Group’s future expected cash flows
and bank covenant compliance, with
a consequent impact on the going
concern assessment.
We therefore considered going
concern to be a significant risk and
a key audit matter.
How the scope of our audit addressed the key audit matter
In assessing the directors’ conclusion on the going concern assumption within the
financial statements, we have undertaken the following audit procedures:
• Confirming the mathematical accuracy of the underlying calculations in the forecast.
• Analysing the directors’ assessment of going concern based upon the Group’s
cash flow forecasts through to 31 December 2023. This included assessing and
challenging assumptions with reference to historic experience and recent contract
wins made in relation to revenues, expenses, and the associated cash flows and
any other cash related assumptions. Further, we checked actual results for FY 2021
against budget to review the accuracy of the directors’ historic forecasts and we
compared the forecast against available post year-end trading and cash flow results.
• Reviewing the bank loan documents to understand the terms and covenants which
the Group and Parent Company are required to comply with, comparing these to the
Group’s forecasts.
• Recalculating management’s covenant compliance calculations for the going concern
assessment period with reference to the forecast and the loan documents.
• Reviewing the sensitivity analysis performed by the directors’ considering the
reasonableness of the assumptions, likelihood of the scenarios occurring and the
resulting impact on cash flows and covenant compliance headroom.
• We made inquiries of the Directors as to their knowledge of events or conditions
beyond the period of their assessment that may cast significant doubt on the entity’s
ability to continue as a going concern.
• We considered whether any post-balance sheet events had occurred, which may
impact going concern.
• We assessed the adequacy of the disclosures in the financial statements (see note
2.2) with reference to our knowledge of the business and information obtained in
performing our procedures.
Key observations: Our observations in respect of going concern are set out in the
Conclusions relating to going concern section above.
our application of materiality
We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. We consider materiality to be
the magnitude by which misstatements, including omissions, could influence the economic decisions of reasonable users that are taken on the basis of the
financial statements.
In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level, performance
materiality, to determine the extent of testing needed. Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we
also take account of the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial
statements as a whole.
Based on our professional judgement, we determined materiality for the financial statements as a whole and performance materiality as follows:
Materiality
Group financial statements
Parent company financial statements
2021
$’000
418
2020
$’000
381
2021
$’000
319
2020
$’000
190.5
Basis for determining materiality
2.0% of revenue
2.26% of revenue
rationale for the benchmark applied
We believe that
revenue remains the
most appropriate
benchmark for
materiality due to it
being a key measure
of the Group’s
performance for
users of the
financial statements.
We believe that
revenue has become
the most appropriate
benchmark for
materiality since
revenue has become
more consistent and a
better indicator of the
performance of
the business.
76% of Group
materiality
50% of Group
materiality
The materiality of the Parent Company was
capped at a percentage of Group materiality to
respond to aggregation risk.
Performance materiality
75% – $314
75% – $286
75% – $239
75% – 143
Basis for determining performance materiality
75% of materiality – this was set with reference
to the level of adjustments identified in the prior
year, planned nature of testing and the size
complexity of the Group.
75% of parent company materiality – this was
set with reference to the level of adjustments
identified in the prior year and the planned
nature of testing.
Component materiality
We set materiality for each component of the Group based on a percentage of between 25% and 95% of Group materiality dependent on the size and our
assessment of the risk of material misstatement of that component. Component materiality ranged from $105,937 to $397,000. In the audit of each component,
we further applied performance materiality levels of 75% of the component materiality to our testing to ensure that the risk of errors exceeding component
materiality was appropriately mitigated.
reporting threshold
We agreed with the Audit Committee that we would report to them all individual audit differences in excess of $20,900 (2020: $19,050). We also agreed to
report differences below this threshold that, in our view, warranted reporting on qualitative grounds.
other information
The directors are responsible for the other information. The other information comprises the information included in the Annual Report and Accounts other
than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information and, except to the
extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. Our responsibility is to read the other information
and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the course of
the audit, or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to
determine whether this gives rise to a material misstatement in the financial statements themselves. If, based on the work we have performed, we conclude
that there is a material misstatement of this other information, we are required to report that fact.
We have nothing to report in this regard.
other Companies act 2006 reporting
Based on the responsibilities described below and our work performed during the course of the audit, we are required by the Companies Act 2006 and ISAs
(UK) to report on certain opinions and matters as described below.
Strategic report and Directors’ report
In our opinion, based on the work undertaken in the course of the audit:
Matters on which we are required to report by exception
• the information given in the Strategic Report and the Directors’ Report
for the financial year for which the financial statements are prepared is
consistent with the financial statements; and
• the Strategic Report and the Directors’ Report have been prepared in
accordance with applicable legal requirements.
In the light of the knowledge and understanding of the Group and Parent
Company and its environment obtained in the course of the audit, we have not
identified material misstatements in the Strategic Report or the
Directors’ Report.
We have nothing to report in respect of the following matters in relation to
which the Companies Act 2006 requires us to report to you if, in our opinion:
• adequate accounting records have not been kept by the Parent Company,
or returns adequate for our audit have not been received from branches
not visited by us; or
• the Parent Company financial statements are not in agreement with the
accounting records and returns; or
• certain disclosures of Directors’ remuneration specified by law are not
made; or
• we have not received all the information and explanations we require
for our audit.
responsibilities of Directors
As explained more fully in the Statement of Directors’ Responsibilities, the Directors are responsible for the preparation of the financial statements and for
being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to enable the preparation of financial
statements that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Parent Company’s ability to continue as a going concern,
disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the Directors either intend to liquidate the
Group or the Parent Company or to cease operations, or have no realistic alternative but to do so.
�44
Corero Network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
FINaNCIaL STaTeMeNTS
Corporate Directory
45
Independent Auditor’s Report continued
to the members of Corero Network Security plc
Consolidated Income Statement
for the year ended 31 December 2021
auditor’s responsibilities for the audit of the
financial statements
Our objectives are to obtain reasonable assurance about whether the
financial statements as a whole are free from material misstatement, whether
due to fraud or error, and to issue an auditor’s report that includes our
opinion. Reasonable assurance is a high level of assurance, but is not a
guarantee that an audit conducted in accordance with ISAs (UK) will always
detect a material misstatement when it exists. Misstatements can arise from
fraud or error and are considered material if, individually or in the aggregate,
they could reasonably be expected to influence the economic decisions of
users taken on the basis of these financial statements.
Our audit procedures were designed to respond to risks of material
misstatement in the financial statements, recognising that the risk of not
detecting a material misstatement due to fraud is higher than the risk of
not detecting one resulting from error, as fraud may involve deliberate
concealment by, for example, forgery, misrepresentations or through collusion.
There are inherent limitations in the audit procedures performed and the
further removed non-compliance with laws and regulations is from the events
and transactions reflected in the financial statements, the less likely we are
to become aware of it.
A further description of our responsibilities is available on the Financial
Reporting Council’s website at: www.frc.org.uk/auditorsresponsibilities.
This description forms part of our auditor’s report.
Use of our report
This report is made solely to the Parent Company’s members, as a body, in
accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit
work has been undertaken so that we might state to the Parent Company’s
members those matters we are required to state to them in an auditor’s report
and for no other purpose. To the fullest extent permitted by law, we do not
accept or assume responsibility to anyone other than the Parent Company
and the Parent Company’s members as a body, for our audit work, for this
report, or for the opinions we have formed.
Leighton Thomas
(Senior Statutory Auditor)
For and on behalf of BDO LLP, Statutory Auditor
London, UK
25 April 2022
BDO LLP is a limited liability partnership registered in England and Wales
(with registered number OC305127).
extent to which the audit was capable of detecting irregularities,
including fraud
Irregularities, including fraud, are instances of non-compliance with laws
and regulations. We design procedures in line with our responsibilities,
outlined above, to detect material misstatements in respect of irregularities,
including fraud. The extent to which our procedures are capable of detecting
irregularities, including fraud is detailed below:
• We obtained an understanding of the legal and regulatory frameworks
that are applicable to the Group and its components and determined that
the most significant laws and regulations which are directly relevant to
specific assertions in the financial statements are those that relate to the
reporting framework, Companies Act 2006, the AIM rules, data privacy
and the relevant tax regulations including but not limited to, Corporate
and VAT legislation, and Employment Taxes.
• We understood how the Group and its components are complying
with those frameworks by making enquiries of management and those
responsible for legal and compliance procedures. We corroborated our
enquiries through our review of board minutes and papers provided to
the Audit Committee.
• We also reviewed the Group’s tax computations and returns and financial
statements disclosures against the requirements of the relevant tax
legislation and applicable accounting frameworks respectively.
• We assessed the susceptibility of the Group’s financial statements to
material misstatement, including how fraud might occur, by meeting
with management to understand where they considered there was a
susceptibility to fraud.
• Our audit planning identified fraud risks in relation to management
override of control and risk of fraud in revenue recognition which has been
assessed as a Key Audit Matter above.
• We obtained an understanding of the processes and controls that the
Group has established to address risks identified, or that otherwise
prevent, deter and detect fraud and how management monitors the
processes and controls.
• We communicated relevant identified laws and regulations and potential
fraud risks to all engagement team members and remained alert to
any indications of fraud or non-compliance with laws and regulations
throughout the audit.
• In response to the risk of management override of control, our procedures
included journal entry testing, with a focus on large or unusual transactions
based on our knowledge of the business which where agreed to
supporting documentation where applicable; and enquiries with Group
Management and those charged with governance regarding an instances
of known or suspected fraud during the year.
Continuing operations
revenue
Cost of sales
Gross profit
Operating expenses
Consisting of:
Operating expenses before depreciation and amortisation
Depreciation and amortisation of intangible assets
Profit/(loss) from operations
Share–based payments
operating profit/(loss)
Other income
Finance income
Finance costs
Profit/(loss) before taxation
Taxation credit
Profit/(loss) after taxation
Profit/(loss) after taxation attributable to equity owners of the parent
Basic and diluted earnings/(loss) per share
Basic earnings/(loss) per share
Diluted earnings/(loss) per share
EBITDA
Adjusted EBITDA – for DDPaaS depreciation, share based payments, unrealised foreign exchange
differences on intercompany loan and PPPL forgiveness
The notes on pages 52 to 80 form part of these financial statements.
Year ended
31 December 2021
$’000
Year ended
31 December 2020
$’000
20,895
(3,112)
17,783
(16,120)
(13,928)
(2,192)
1,663
(522)
1,141
637
1
(406)
1,373
149
1,522
1,522
Cents
0.3
0.3
3,970
4,150
16,877
(3,832)
13,045
(16,431)
(14,114)
(2,317)
(3,386)
(359)
(3,745)
–
16
(301)
(4,030)
246
(3,784)
(3,784)
Cents
(0.8)
(0.8)
(1,428)
(551)
Note
4
10,11,12
27
5
18
5
6
7
7
8
8
�46
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
47
Consolidated Statement of Comprehensive Income
for the year ended 31 December 2021
Consolidated Statement of Financial Position
as at 31 December 2021
Profit/(loss) for the year
Other comprehensive (expense)/income:
Items reclassified subsequently to profit or loss upon derecognition:
Foreign exchange differences
Other comprehensive (expense)/income for the year net of taxation attributable
to the equity owners of the parent
total comprehensive income/(expense) for the year attributable to the equity owners of the parent
Year ended
31 December 2021
$’000
Year ended
31 December 2020
$’000
1,522
(3,784)
(122)
(122)
1,400
216
216
(3,568)
assets
non–current assets
Goodwill
Acquired intangible assets
Capitalised development expenditure
Property, plant and equipment – owned assets
Leased right of use assets
Trade and other receivables
current assets
Inventories
Trade and other receivables
Cash and cash equivalents
total assets
liabilities
current liabilities
Trade and other payables
Lease liabilities
Deferred income
Borrowings
net current assets
non–current liabilities
Trade and other payables
Lease liabilities
Deferred income
Borrowings
net assets
capital and reserves attributable to the equity owners of the parent
Share capital
Share premium
Capital redemption reserve
Share options reserve
Foreign exchange translation reserve
Accumulated profit and loss reserve
total shareholders’ equity
These financial statements were approved by the Board of Directors on 25 April 2022 and signed on their behalf.
lionel chmilewsky
Director
The notes on pages 52 to 80 form part of these financial statements.
as at
31 December 2021
$’000
as at
31 December 2020
$’000
note
9
10
11
12
12
15
14
15
16
17
20
18
16
17
20
18
22
23
8,991
4
4,528
796
145
859
15,323
57
3,206
11,201
14,464
29,787
(4,068)
(94)
(4,677)
(1,421)
(10,260)
4,204
(143)
(78)
(2,147)
(1,356)
(3,724)
15,803
6,914
82,122
7,051
1,490
(1,506)
(80,268)
15,803
8,991
9
4,646
1,099
237
694
15,676
98
3,714
10,140
13,952
29,628
(6,461)
(86)
(3,444)
(2,073)
(12,064)
1,888
(402)
(171)
(2,705)
(405)
(3,683)
13,881
6,914
82,122
7,051
968
(1,384)
(81,790)
13,881
�48
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
49
Company Statement of Financial Position
as at 31 December 2021
Consolidated Statement of Cash Flows
for the year ended 31 December 2021
assets
non–current assets
Investments in subsidiaries
Trade and other receivables
current assets
Trade and other receivables
Cash and cash equivalents
liabilities
current liabilities
Trade and other payables
Borrowings
net current (liabilities) / assets
non–current liabilities
Trade and other payables
Borrowings
net assets
total equity attributable to owners of the Parent
Share capital
Share premium
Capital redemption reserve
Share options reserve
Foreign exchange translation reserve
Accumulated profit and loss reserve
total equity
as at
31 December 2021
$’000
as at
31 December 2020
$’000
note
13
15
15
16
18
16
18
22
23
76,071
97
76,168
17
10,132
10,149
(8,936)
(1,421)
(10,357)
(208)
(112)
(1,356)
(1,468)
74,492
6,914
82,122
7,051
1,490
(10,532)
(12,553)
74,492
60,921
77
60,998
–
9,875
9,875
(5,845)
(1,436)
(7,281)
2,594
(143)
(405)
(548)
63,044
6,914
82,122
7,051
968
(9,947)
(24,064)
63,044
The Company financial statements were prepared in accordance with Financial Reporting Standard 101 Reduced Disclosure Framework. The Company has
taken advantage of the following disclosure exemptions:
The requirements of IAS 7 Statement of Cash Flows, IFRS 7 Financial Instruments: Disclosures and IAS 24 Related Party Disclosures.
The Company has taken advantage of section 408 of the Companies Act 2006 and has not included an income statement in these financial statements.
The Parent Company’s profit for the year was $11.5 million (2020: $36.5 million).
These financial statements were approved by the Board of Directors on 25 April 2022 and signed on their behalf.
lionel chmilewsky
Director
The notes on pages 52 to 80 form part of these financial statements.
Operating activities
Profit/loss before taxation for the year
Adjustments for movements:
Amortisation of acquired intangible assets
Amortisation of capitalised development expenditure
Depreciation – owned assets
Depreciation – leased assets
Finance income
Finance expense
Finance lease interest costs
Share based payments expense
PPPL forgiveness
cash generated from/(used in) operating activities before movement in working capital
Movement in working capital:
Decrease in inventories and sales evaluation assets
(Increase)/decrease in trade and other receivables
(Decrease)/increase in trade and other payables
net movement in working capital
cash generated from operating activities
Taxation received
net cash generated from operating activities
cash flows from investing activities
Purchase of intangible assets
Investment in development expenditure
Purchase of property, plant and equipment
net cash used in investing activities
cash flows from financing activities
Proceeds from borrowings
Finance income
Lease liability payments
Finance expense
Repayments of borrowings
net cash generated from/(used in) financing activities
increase in cash and cash equivalents
Effects of exchange rates on cash and cash equivalents
Cash and cash equivalents at 1 January
cash and cash equivalents at 31 December
The notes on pages 52 to 80 form part of these financial statements.
Year ended
31 December 2021
$’000
Year ended
31 December 2020
$’000
1,373
(4,030)
5
1,872
604
93
(1)
388
18
522
(637)
4,237
175
223
(1,999)
(1,601)
2,636
149
2,785
–
(1,754)
(421)
(2,175)
2,683
1
(103)
(238)
(1,738)
605
1,215
(154)
10,140
11,201
6
1,933
514
119
(16)
274
27
359
–
(814)
45
(1,187)
6,852
5,710
4,896
246
5,142
(8)
(1,410)
(1,015)
(2,433)
637
16
(136)
(206)
(1,187)
(876)
1,833
(14)
8,321
10,140
�50
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
51
Consolidated Statement of Changes in Equity
for the year ended 31 December 2021
Company Statement of Changes in Equity
for the year ended 31 December 2021
1 January 2020
Loss for the year
Other comprehensive income
total comprehensive expense for the year
contributions by and distributions to owners
Share based payments
total contributions by and distributions to owners
Share
capital
$’000
6,914
Share
premium
account
$’000
82,122
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
31 December 2020 and 1 January 2021
6,914
82,122
7,051
Profit for the year
Other comprehensive expense
total comprehensive income for the year
contributions by and distributions to owners
Share based payments
total contributions by and distributions to owners
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
capital
redemption
reserve
$’000
Share options
reserve
$’000
Foreign
exchange
translation
reserve
$’000
accumulated
profit and loss
reserve
$’000
total
attributable to
equity owners
of the parent
$’000
7,051
609
(1,600)
(78,006)
–
–
–
359
359
968
–
–
–
522
522
–
216
216
–
–
(3,784)
–
–
–
(1,384)
(81,790)
–
(122)
(122)
–
–
1,522
–
1,522
–
–
359
359
13,881
1,522
(122)
1,400
522
522
Share
capital
$’000
6,914
Share
premium
account
$’000
82,122
capital
redemption
reserve
$’000
Share options
reserve
$’000
Foreign
exchange
translation
reserve
$’000
accumulated
profit and loss
reserve
$’000
total
attributable to
equity owners
of the parent
$’000
7,051
609
(10,724)
(60,563)
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
contributions by and distributions to owners
Share based payments
total contributions by and distributions to owners
31 December 2020 and 1 January 2021
6,914
82,122
7,051
Profit for the year
Other comprehensive expense
total comprehensive expense for the year
contributions by and distributions to owners
Share based payments
total contributions by and distributions to owners
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
25,409
36,499
777
37,276
359
359
63,044
11,511
(585)
–
777
777
–
–
36,499
–
36,499
–
–
(9,947)
(24,064)
–
(585)
(585)
–
–
11,511
–
11,511
10,926
–
–
522
522
–
–
–
359
359
968
–
–
–
522
522
17,090
(3,784)
216
1 January 2020
Profit for the year
Other comprehensive income
(3,784)
(3,568)
total comprehensive income for the year
31 December 2021
6,914
82,122
7,051
1,490
(1,506)
(80,268)
15,803
31 December 2021
6,914
82,122
7,051
1,490
(10,532)
(12,553)
74,492
The share capital comprises the nominal values of all shares issued.
The share premium account comprises the amounts subscribed for share capital in excess of the nominal value, net of issuance costs.
The capital redemption reserve comprises the amount transferred from deferred shares on redemption of the deferred shares.
The share options reserve represents the cost to the Group of share options.
The foreign exchange translation reserve arises on retranslating the net assets of UK operations into US dollars.
The retained earnings are all other net gains and losses and transactions with owners not recognised elsewhere.
The notes on pages 52 to 80 form part of these financial statements.
�52
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
53
Notes to the Financial Statements
1. General information
Presentation currency
These consolidated financial statements are presented in US dollars (‘$’) rounded to the nearest $’000 unless otherwise stated which represents the
presentational currency of the Group.
The average $–GBP sterling (‘GBP’) exchange rate used for the conversion of the Consolidated Income Statement for the 12 months ended 31 December
2021 was 1.38 (2020: 1.28). The closing $–GBP exchange rate used for the conversion of the Group’s assets and liabilities at 31 December 2021 was 1.35
(2020: 1.37).
2.5 Revenue
The Group’s revenue is derived from the following products and services:
• appliance and perpetual software licenses;
• support services for a defined term;
• installation and training services;
• DDoS Protection as–a–Service (‘DDPaaS’) for a defined term;
• SecureWatch Managed Service (enhanced security monitoring services) for a defined term; and
• software subscription licenses for a defined term.
Corero Network Security plc is a public limited company incorporated in the United Kingdom under the Companies Act 2006 and registered in England and
Wales. The functional currency of the Company entity is GBP.
The element of DDPaaS revenues pertaining to as–a–service assets is included in reported revenues and is recognised on a straight–line basis over the term
of the contract.
2. Significant accounting policies
2.1 Basis of preparation
The Group financial statements have been prepared in accordance with UK adopted international accounting standards and in conformity with the
requirements of the Companies Act 2006. The Parent Company financial statements have been prepared in accordance with Financial Reporting Standard
101 (‘FRS 101’) ‘Reduced Disclosure Framework’.
2.2 Going concern
The financial statements have been prepared on a going concern basis.
Performance obligations, timing of revenue recognition and revenue recognition
Revenue is recognised when control of the goods (appliances and software) transfer to the customer and services are delivered. Goods are shipped free on
board (‘FOB’) from Corero, or Corero’s contract manufacturer, to the customer. The point of transfer of control for appliances is at the point of FOB shipment
to the customer and for software at the point of electronic transfer to the customer.
Revenue recognised on transfer of control
of appliance and software products
Appliance, perpetual software licenses and software
subscription licenses
Revenue recognised over–time (over the term of the contract)
Support, DDPaaS and SecureWatch Managed services
Revenue recognised once the service has been delivered
Installation and training services
The Directors have prepared detailed income statement, balance sheet and cash flow projections for the period to 30 April 2023 (“going concern assessment
period”). The cash flow projections have been subjected to sensitivity analysis at the revenue, cost and combined revenue and cost levels under three different
scenarios. The cash flow projections show that the Group and Company will maintain a positive cash balance through the going concern assessment period
under the base case and all three sensitivity scenarios. In addition, the projections and sensitivity analyses confirm that the bank loan covenants will be met
during the going concern assessment period.
Determining the transaction price
The contract price is determined by reference to the Corero Sales Quotation or DDPaaS Agreement and is a fixed price. Certain DDPaaS contracts have an
element of the transaction value or all of the transaction value determined by reference to a share of the customers’ revenue generated from the Corero
solution (‘Revenue Share’). This Revenue Share revenue is recognised when the Revenue Share is determined.
The Directors are also not aware of any significant matters in the remainder of calendar 2023 that occur outside the going concern period that could
reasonably possibly impact the going concern conclusion.
Corero does not have any other variable consideration payable by the customer and does not pay any consideration to the customer. There is no provision
for purchase price adjustments, right of return or price concessions.
The Directors continue to carefully monitor the impact of the COVID-19 pandemic, and its impact on the macroeconomic environment, on the operations of
the Group and have a range of possible mitigating actions, which could be implemented in the event of a downturn of the business. However, with COVID-19
driving an increased requirement for workforces to shift to home working and heightened concerns relating to digital security and privacy the Group has
benefited from favourable market tailwind.
The Directors have also considered the geo-political environment, including rising inflation in some of our key markets and the conflict in Ukraine, and whilst the
impact on the Group is currently deemed minimal, the Directors remain vigilant and ready to implement mitigation action in the event of a downturn in demand
or an impact on operations.
On this basis, the Directors have therefore concluded that it is appropriate to prepare the financial statements on a going concern basis.
2.3 Basis of consolidation
The consolidated financial statements incorporate the results, assets, liabilities, and cash flows of the Company and each of its subsidiaries for the financial
year ended 31 December 2021.
Subsidiaries are entities controlled by the Group. Control is deemed to exist when the Group has all of the following elements: a) power over the subsidiary,
b) exposure or rights to variable returns from that subsidiary, and c) ability to use its power to affect the amount of the return from the subsidiary. The results,
assets, liabilities and cash flows of subsidiaries are included in the consolidated financial statements from the date control commences until the date that
control ceases.
Where necessary, adjustments are made to the financial statements of subsidiaries to bring the accounting policies used into line with those used by the Group.
Intra–group balances and transactions are eliminated on consolidation.
2.4 Business combinations
The acquisition method is used to account for all acquisitions. The cost of an acquisition is measured at the fair values, on the date of acquisition, of assets
given, liabilities incurred or assumed, and equity instruments issued.
At the date of acquisition, the identifiable assets and liabilities and contingent liabilities of a subsidiary are measured at their fair values. Any excess of the
cost of acquisition over the fair values of the identifiable net assets acquired is recognised as goodwill.
allocating amounts to performance obligations
For contracts containing only a single performance obligation (annual support services, ‘DDPaaS’ and SecureWatch Managed Service) there is no requirement
to make an allocation of the contract price.
For contracts containing multiple products, the transaction price is allocated to the separate performance obligations based on relative stand–alone selling
prices (‘SSP’). The SSP is determined using defined price lists and historic customer discount rates.
incremental costs of obtaining a contract
Sales commission paid to Corero sales employees is an incremental cost of obtaining a contract and is recorded under Trade and other receivables in the
Consolidated Statement of Financial Position.
Sales commission relating to the support revenue from a new sales contract is recorded in prepayments and amortised over five years. Corero follows the
requirements of the IFRS 15 standard with regards to the amortisation period which requires amortisation on a systematic basis that is consistent with the
transfer to the customer of the goods or services to which the asset relates. The expectation, supported by historic evidence, is that customers will generally
renew their support contracts for more than three years with the additional expectation of follow–on hardware and software (and associated services) business
from a significant number of existing customers. Based on this, and consistent with previous treatment, Corero has assessed that a reasonable period for
capitalised sales commission to be amortised is five years. Periodic customer reviews will be undertaken to ascertain if there is any evidence that the value of
the customer relationship has been negatively impacted, in which case the prepayment will be appropriately written down. Applying the practical expedient,
Corero recognises the incremental costs of obtaining contracts as an expense when incurred if the amortisation period of the prepayment that Corero
otherwise would have recognised is one year or less.
Fulfilment costs
Corero’s principal fulfilment costs relate to the costs of the Corero customer support team which delivers the customer support services, DDPaaS services and
the SecureWatch Managed services. These costs are not separately allocated or identifiable against specific customers. Therefore, these costs are recognised
in the period in which they are incurred in the Consolidated Income Statement.
contract assets and liabilities
Contract assets arise when goods and services have been delivered and invoiced but payment is not yet due. Contract liabilities arise for future delivery of
services which have been invoiced and payment is due. Contract liabilities are shown as deferred income in the Statement of Financial Position.
�54
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
55
Notes to the Financial Statements continued
2. Significant accounting policies continued
2.6 Government grants
Government grants are recognised at fair value when there is reasonable assurance that the Group will comply with the conditions attaching to them and the
grant will be received. Grants related to purchase of assets are treated as deferred income and allocated to the Consolidated Income Statement over the
useful lives of the related assets while grants related to expenses are netted off against the related item of expenditure in the Consolidated Income Statement.
2.7 cost of sales
Cost of sales includes all direct costs associated with revenue generation, including goods directly related to revenue, services delivery, operation costs, DDoS
as–a–service depreciation and amounts charged by external third parties for services. Examples of such costs would include third–party appliance costs and
third–party software license costs.
2.8 Foreign currencies
Transactions in foreign currencies are translated at the exchange rate ruling at the date of each transaction. Foreign currency monetary assets and liabilities
are retranslated using the exchange rates at the reporting date. Gains and losses arising from changes in exchange rates after the date of the transaction are
recognised in profit or loss in the Consolidated Income Statement.
Non–monetary assets and liabilities that are measured in terms of historical cost in a foreign currency are translated at the exchange rate at the date of the
original transaction.
In the consolidated financial statements, the net assets of the Group’s UK operations are translated from GBP into US dollars at the exchange rate at the
reporting date. Income and expense items are translated into US dollars at the average exchange rates for the period. The resulting exchange differences
are recognised in the foreign exchange translation reserve.
2.9 intangible assets
internally generated intangible assets
The Group’s internally generated intangible asset relates to its development expenditure.
Development expenditure is capitalised only when it is probable that future economic benefit will result from the project and the following criteria are met:
• the technical feasibility of the product has been ascertained;
• adequate technical, financial and other resources are available to complete and sell or use the intangible asset;
• the Group can demonstrate how the intangible asset will generate future economic benefits and the ability to use or sell the intangible asset can
be demonstrated;
• it is the intention of management to complete the intangible asset and use it or sell it; and
• the development costs can be measured reliably.
Expenditure not meeting these criteria is expensed in the Consolidated Income Statement.
2.10 Property, plant and equipment
Depreciation commences when an asset is available for use. Depreciation is calculated so as to write off the cost or value of an asset, net of anticipated
disposal proceeds, over the useful life of that asset as follows:
• Leasehold improvements – period of the lease (straight–line basis).
• Right–of–use assets – period of the lease (straight–line basis).
• Computer equipment, evaluation assets and DDoS Protection as–a–Service assets – three years (straight–line basis).
• Fixtures and fittings – five years (straight–line basis).
Property, plant and equipment is stated at cost less accumulated depreciation and any impairment losses. Cost comprises the purchase cost of property, plant
and equipment together with any directly attributable costs. Evaluation assets are used by customers during proof–of–concept trials. Evaluation assets are
stated at cost less accumulated depreciation. When an evaluation asset is retained by a customer as part of a sale, the net book value of the evaluation asset
is charged to cost of sales. Depreciation of DDoS Protection as–a–Service assets is charged to cost of sales.
Subsequent costs are included in an asset carrying value or are recognised as a separate asset when it is probable that future economic benefits associated
with the additional expenditure will flow to the Group and the cost of the item can be measured reliably. All other costs are charged to the Consolidated
Income Statement as incurred.
Methods of depreciation, residual values and useful lives are reviewed, and if necessary adjusted, at each balance sheet date.
The gain or loss arising from the disposal or retirement of an item of property, plant and equipment is determined as the difference between the net disposal
proceeds and the carrying amount of the item and included in the Consolidated Income Statement.
2.11 inventory
Inventory is stated at the lower of cost or net realisable value. Cost is computed using standard cost, which approximates to actual cost, on a first–in, first–out
basis. Rapid technological change and new product introductions and enhancements could result in excess or obsolete inventory, the value of which may not
be recoverable.
To minimise this risk, the Group evaluates inventory levels and expected usage on a periodic basis and records valuation allowances as required.
2.12 impairment
At each reporting date, the Group assesses whether there is any indication that its assets have been impaired. If any such indication exists, the recoverable
amount of the asset is estimated in order to determine the extent of any impairment. If it is not possible to estimate the recoverable amount of the individual
asset, the recoverable amount of the cash–generating unit (‘CGU’) to which the asset belongs is determined.
The recoverable amount of an asset or a CGU is the higher of its fair value less costs to sell and its value in use. The recoverable amount is calculated using
the present value of the future cash flows expected to be derived from an asset or CGU. This present value is derived using a cost of capital rate that reflects
current market assessments of the time value of money and of the risks specific to the asset for which future cash flow estimates have not been adjusted. If the
recoverable amount of an asset is less than its carrying amount, the carrying amount of the asset or CGU is reduced to its recoverable amount. That reduction
is recognised as an impairment loss.
After initial recognition, internally–generated intangible assets are carried at cost less accumulated amortisation and any impairment losses. Amortisation is
charged once the asset is capable of generating economic benefits.
An impairment loss relating to assets carried at cost less any accumulated depreciation or amortisation is recognised immediately in the Consolidated
Income Statement.
acquired intangible assets
Identifiable intangible assets acquired as part of a business combination are initially recognised separately from goodwill, irrespective of whether the assets
have been recognised by the acquiree before the business combination. An intangible asset is considered identifiable only if it is separable or if it arises from
contractual or other legal rights, regardless of whether those rights are transferable or separable from the entity or from other rights and obligations.
Intangible assets acquired as part of a business combination and recognised by the Group are computer software and customer relationships.
Purchased computer software is carried at cost less accumulated amortisation and any impairment losses.
Customer contracts and the related customer relationships are carried at cost less accumulated amortisation and any impairment losses.
amortisation
Intangible assets are amortised on a straight–line basis to reduce their carrying value to zero over their estimated useful lives. The following useful lives were
applied during the year:
• Computer software acquired – three years straight line.
• Capitalised development expenditure – five years straight line.
Amortisation costs are included within operating expenses in the Consolidated Income Statement. Methods of amortisation and useful lives are reviewed,
and if necessary adjusted, at each reporting date.
Goodwill acquired in a business combination is, from the acquisition date, allocated to each of the CGU’s or groups of CGU’s that are expected to benefit from
the synergies of the combination.
Goodwill is tested for impairment at least annually, and whenever there is an indication that the asset may be impaired.
An impairment loss is recognised for CGU’s if the recoverable amount of the CGU is less than the carrying amount of the CGU. The impairment loss is
allocated to reduce the carrying amount of the assets of the CGU by first reducing the carrying amount of any goodwill allocated to the CGU, and then
reducing the carrying amounts of the other assets of the CGU pro rata.
If an impairment loss subsequently reverses, the carrying amount of the asset or CGU is increased to the revised estimate of its recoverable amount but limited
to the carrying amount that would have been determined had no impairment loss been recognised in prior years.
A reversal of an impairment loss is recognised in the Consolidated Income Statement. Impairment losses on goodwill are not subsequently reversed.
�56
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
57
Notes to the Financial Statements continued
2. Significant accounting policies continued
2.13 leases
All leases are accounted for by recognising a right–of–use asset and a lease liability except for:
• leases with a duration of 12 months or less; and
• leases of low value assets.
Lease liabilities are measured at the present value of the contractual payments due to the lessor over the lease term, with the discount rate determined by
reference to the rate inherent in the lease unless this is not readily determinable, in which case the Group’s incremental borrowing rate on commencement of
the lease is used.
On initial recognition, the carrying value of the lease liability also includes:
• amounts expected to be payable under any residual value guarantee;
• the exercise price of any purchase option granted in favour of the Group if it is reasonably certain to assess that option; and
• any penalties payable for terminating the lease, if the term of the lease has been estimated on the basis of termination option being exercised.
Right–of–use assets are initially measured at the amount of the lease liability, reduced for any lease incentives received, and increased for:
• lease payments made at or before commencement of the lease;
• initial direct costs incurred; and
• the amount of any provision recognised where the Group is contractually required to dismantle, remove or restore the lease.
Subsequent to initial measurement, lease liabilities increase as a result of interest charged at a constant rate on the balance outstanding and are reduced for
lease payments made. Lease payments are analysed between capital and interest. The interest element is charged to the Consolidated Income Statement
over the period of the lease. The capital element reduces the balance owed to the lessor.
Right–of–use assets are amortised on a straight–line basis over the remaining term of the lease or over the remaining economic life of the asset.
The total rentals payable under leases which are not recognised as a right–of–use asset and a lease liability (an ‘operating lease’) are charged to the
Consolidated Income Statement on a straight–line basis over the lease term.
2.14 investments in subsidiaries
In the Company’s separate financial statements, investments in subsidiaries are carried at cost less any impairment provisions.
2.15 taxation
The tax expense represents the sum of current tax and deferred tax.
current tax
Current tax is based on taxable profit for the year and is calculated using tax rates enacted or substantively enacted at the reporting date. Taxable profit
differs from accounting profit either because items are taxable or deductible in periods different to those in which they are recognised in the financial
statements (temporary differences), or because they are never taxable or deductible (permanent differences).
Deferred tax
Deferred tax on temporary differences at the reporting date between the tax bases of assets and liabilities and their carrying amounts for financial reporting
purposes is accounted for using the balance sheet liability method.
Using the balance sheet liability method, deferred tax liabilities are recognised in full for all taxable temporary differences and deferred tax assets are
recognised to the extent that it is probable that taxable profits will be available against which deductible temporary differences can be utilised. However, if
the temporary difference arises from the initial recognition of goodwill or the initial recognition of an asset or liability in a transaction other than a business
combination, that at the time of the transaction affects neither accounting nor taxable profit, it is not recognised as deferred tax asset or liability.
Deferred taxation is measured at the tax rates that are expected to apply when the asset is realised, or the liability settled, based on tax rates and laws
enacted or substantively enacted at the reporting date.
2.16 Post–retirement benefits
The Group makes contributions in respect of certain employees to defined contribution pension plans under which it is required to pay fixed contributions to
group and personal pension funds.
Contributions to the schemes are based on a proportion of the employees’ earnings and are charged to the Consolidated Income Statement. The Group has
no obligation beyond these contributions.
2.17 Financial instruments
The Group classifies financial instruments, or their component parts, on initial recognition as a financial asset, a financial liability or an equity instrument in
accordance with the substance of the contractual arrangement.
Financial assets and financial liabilities are recognised in the Group’s Statement of Financial Position when the Group becomes party to the contractual
provisions of the instrument.
The particular recognition and measurement methods adopted for the Group’s financial instruments are disclosed below:
trade and other receivables
Trade and other receivables are stated at their fair value at time of initial recognition, reflecting, where material, the time value of money. A provision for
impairment of trade receivables is established when there is evidence that the Group will not be able to collect all amounts due. The simplified approach is
used for assessing the expected credit loss on trade receivables, requiring the lifetime expected credit loss to be recorded as the provision for impairment.
An impairment provision is recorded against the intercompany loan note instrument between the Company and Corero Network Security, Inc. based on
calculating the risk adjusted carrying value of the loan to take account of the credit loss which is expected to arise over the period until the cash is realised.
The amount of the provision is based on whether there has been a significant increase in credit risk since the initial recognition of the loan. In situations where
the credit risk has not increased significantly and the loan amount is expected to be recovered, the expected credit loss is limited to the effect of discounting
the intercompany loan over the period until repayment is realised at the effective interest rate.
cash and cash equivalents
Cash and cash equivalents include cash in hand and deposits on call with banks.
trade and other payables
Trade and other payables are not interest bearing and are stated at their fair value at time of initial recognition. Thereafter they are accounted for at
amortised cost.
Debt obligations
Debt obligations include interest bearing bank borrowings which are stated at their fair value less transaction costs at time of initial recognition. Debt
obligations are subsequently measured at amortised cost.
2.18 equity instruments
An equity instrument is any contract that evidences a residual interest in the assets of the Company after deducting all its liabilities. Equity instruments issued by
the Company are recorded at the proceeds received, net of directly attributable issue costs.
2.19 employee share option schemes
The Group operates an equity–settled share–based compensation plan. The fair value of the employees’ services received in exchange for the grant of share
options is measured at grant date and recognised as an expense on a straight–line basis over the vesting period, based on the Group’s estimate of shares
that will eventually vest. Fair value is determined by reference to the Black–Scholes option pricing model. If a granted option is cancelled and regranted the
increase in fair value of the granted option measured immediately before and after the cancellation and regrant is added to the value of the employee’s
service received in exchange for the grant. If an option grant is cancelled the previously recorded expense is credited to the Consolidated Income Statement.
At each reporting date, the Group revises its estimate of the number of options that are expected to become exercisable.
When share options are exercised, the proceeds received, net of any transaction costs, are credited to share capital (nominal value) and share premium.
2.20 Standards and interpretations not yet effective
There are a number of standards, amendments to standards, and interpretations which have been issued that are effective in future accounting periods that the
Group has decided not to adopt early as they will not have a significant impact on the presentation of the Group financial statements.
�58
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
59
Notes to the Financial Statements continued
3. critical accounting judgements and key sources of estimation uncertainty
Revenues from external customers are identified on the basis of invoicing systems and adjusted to take into account the difference between invoiced amounts
and deferred revenue adjustments as required by IFRS.
3.1 critical judgements in applying the Group’s accounting policies
In the process of applying the Group accounting policies, the following judgements have had a significant effect on the amounts recognised in the
financial statements:
An international SaaS customer, the Group’s largest customer, accounted for 22% of 2021 revenue (2020: 19%).
The revenue is analysed as follows for each revenue category:
internally generated research and development costs
Management monitors progress of internal research and development projects. Judgement is required in distinguishing the research phase from the
development phase. Development costs are recognised as an asset when all criteria are met and a project has passed the feasibility phase, whereas research
costs are expensed as incurred. Management monitors whether the recognition requirements for development costs continue to be met. This is necessary as
the economic success of any product development is uncertain.
Going concern
The Directors have reviewed the future profit and cash flow projections in conjunction with the current economic climate in order to express an opinion on the
adequacy of working capital and the ability to continue as a going concern for the foreseeable future. The methodology contained in the projections is detailed
in the note 2.2.
3.2 Key accounting estimates and assumptions
Key assumptions concerning the future and other key sources of estimation uncertainty that have a significant risk of causing a material adjustment to the
carrying amounts of assets and liabilities within the next financial year are as follows:
impairment of intangible assets and property, plant and equipment
The Group tests goodwill at least annually for impairment, and whenever there is an indication that the asset may be impaired. All other intangible assets
and property, plant and equipment are tested for impairment when indicators of impairment exist. Impairment is determined with reference to the higher of
fair value less costs to sell and value in use. Fair value less costs to sell is estimated using discounted future cash flows. Significant assumptions are made
in estimating future cash flows about future events including future market conditions, future growth rates and appropriate discount rates. Changes in these
assumptions could affect the outcome of impairment reviews. Details of the main assumptions used in the assessment of the carrying value of the Group’s CGU
are set out in note 9.
impairment of investments (applies to the company financial statements only)
The Directors have reviewed the cost of investments in subsidiaries of the Company with reference to current and future trading conditions. The investment in
subsidiaries has been reviewed with reference to a valuation based on a discounted free cash flow, in conjunction with the goodwill impairment review, which
the Directors consider to be an appropriate valuation methodology.
Standalone Selling Price – Revenue recognition
On a quarterly basis the Group analyses the selling prices for each deal compared to the current Standalone Selling Price (‘SSP’). This analysis includes
grouping similar deals based on qualitative factors such as customer profile, size, and region, together with a quantitative comparison to the then current SSP.
SSP fair value prices are adjusted for future quarters if management identifies a pattern of variances of greater than 10% between actual selling prices and the
then current SSP.
4. Segment reporting
Business segments
The Group is managed according to one business unit, Corero Network Security, which makes up the Group’s reportable operating segment. This business unit
forms the basis on which the Group reports its primary segment information to the Board, which management consider to be the Chief Operating Decision
maker for the purposes of IFRS 8 Operating Segments.
The Group’s revenues from external customers are divided into the following geographies:
The Americas
EMEA
APAC
ROW
total
2021
$’000
2020
$’000
16,042
10,988
2,778
2,075
–
4,323
1,278
288
20,895
16,877
Software license and appliance revenue
DDoS Protection as–a–Service revenue
Maintenance and support services revenue
total
The revenue is analysed by timing of delivery of goods or services as:
Point in time delivery
Over time
total
2021
$’000
10,337
4,025
6,533
20,895
2021
$’000
10,337
10,558
20,895
2020
$’000
8,446
2,876
5,555
16,877
2020
$’000
8,446
8,431
16,877
No unsatisfied performance obligations arise except from those revenues which are recognised over time. See note 20 for further details.
contract balances
At 1 January
Transfers in the period to/from trade receivables from/to contract assets
Amounts included in contract liabilities that were recognised as revenue in the period from
the opening balance
Amounts included in contract liabilities that were recognised as revenue from amounts
invoiced in the period
Amounts invoiced in the period and not recognised as revenue in the period
At 31 December
company
The Company has no contract assets or liabilities (2020: $nil).
contract assets
contract liabilities
2021
$’000
2,429
(1,153)
–
–
–
2020
$’000
1,326
1,103
–
–
–
1,276
2,429
2021
$’000
6,149
–
2020
$’000
3,896
–
(3,442)
(3,211)
(5,889)
10,006
6,824
(5,219)
10,683
6,149
�60
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
61
Notes to the Financial Statements continued
5. Profit for the year
The following items have been included in arriving at the Group’s profit/(loss) for the year before taxation:
Unrealised (gain)/loss on intercompany loan
Finance expense – Clydesdale loan interest and fees
Finance expense – lease liability
Research and development expenditure not capitalised
Amortisation of acquired intangible assets (note 10)
Amortisation of capitalised development expenditure (note 11)
Depreciation of property, plant and equipment (note 12)
DDoS Protection as–a–Service asset depreciation (note 12)
Other income – PPPL forgiveness (note 18)
auditor’s remuneration
Remuneration received by the Company’s auditor for the audit of these Financial Statements
The audit of the financial statements of other Group companies
Fees payable to the Company’s auditor for taxation compliance services
Fees payable to the Company’s auditor for taxation advisory services
6. tax on profit/(loss) on ordinary activities
Current tax credit
Total
2021
$’000
(87)
388
18
1,546
5
1,872
315
382
(637)
2021
$’000
105
42
35
9
191
2021
$’000
149
149
2020
$’000
263
274
27
1,562
6
1,933
378
255
–
2020
$’000
105
41
33
17
196
2020
$’000
246
246
The tax assessed on the profit on ordinary activities for the year differs from the weighted average UK corporate rate of tax of 19% per the 2021 and 2022
governmental budgets (2020: 19.0%). The differences are reconciled below:
Total tax reconciliation
Profit before taxation
Theoretical tax credit at UK Corporation tax rate 19% (2020: 19.0%)
Effect of:
– expenditure that is not tax deductible
– R&D tax credits
– accelerated capital allowances
– losses not utilised / utilised
actual taxation credit
2021
$’000
2020
$’000
1,373
261
125
149
(43)
(343)
149
(4,030)
(766)
168
246
(58)
656
246
Factors affecting future tax charges
As at 31 December 2021, the Group’s cumulative fixed asset timing differences were $23,000 (2020: $76,000) and no deferred tax asset has been recognised
in respect of these items.
In addition, the tax losses at that date amounted to $89.3 million (2020: $94.2 million). This comprised UK tax losses of $13.8 million and US tax losses of
$75.5 million. $6.4 million of the tax losses relate to pre–acquisition US tax losses which can be offset against taxable profits over 10 years (there is a limit on
the utilisation of pre–acquisition tax losses of $0.7 million per annum and any unused loss may be carried forward to subsequent periods). All other US tax
losses expire 20 years from the end of the accounting period in which the loss arose.
UK tax losses arising in the period prior to 1 April 2017 can only used against taxable profits of the same trade, after 1 April 2017 the losses can be used
against total company profits.
Deferred tax assets of $3.4 million (2020: $2.5 million) relating to the UK tax losses (applying a tax rate of 25.0% to tax losses expected to unwind after
1 April 2023, the rate substantively enacted on 10 June 2021) and the deferred tax assets of $15.9 million (2020: $17.0 million) relating to the US tax losses
and taxable temporary fixed asset differences (applying a tax rate of 21.0%) have not been recognised due to uncertainties as to the extent and timing of
their future recovery.
7. earnings/(loss) per share
Earnings/(loss) per share is calculated by dividing the earnings attributable to ordinary shareholders of the Company by the weighted average number
of ordinary shares in issue during the year. The effects of anti–dilutive ordinary shares resulting from the exercise of share options are excluded from the
calculation of the loss per share. Therefore, the diluted loss per share is equal to the loss per share.
Basic earnings per share
From profit/(loss) for the year
Diluted earnings per share
From profit/(loss) for the year
Basic earnings/(loss) per share
From profit/(loss) for the year
Diluted earnings/(loss) per share
Basic earnings/(loss) per share
Dilutive effect of share options
Diluted earnings/(loss) per share
2021
cents
0.3
0.3
2020
cents
(0.8)
(0.8)
2021
Weighted
average number
of 1p shares
thousand
494,852
494,852
18,914
513,766
Profit
$’000
1,522
1,522
–
1,522
Profit
per share
cents
0.3
0.3
–
0.3
2020
Weighted
average number
of 1p shares
thousand
loss
$’000
loss
per share
cents
(3,784)
494,852
(0.8)
(3,784)
494,852
–
–
(3,784)
494,852
(0.8)
–
(0.8)
�62
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
63
Notes to the Financial Statements continued
8. Key performance measures
eBitDa and adjusted eBitDa
Earnings before interest, tax, depreciation, and amortisation (‘EBITDA’) is defined as earnings from operations before interest, tax, depreciation, and
amortisation charges. The following is a reconciliation of EBITDA and Adjusted EBITDA for the periods presented:
The recoverable amount for the CNS CGU was determined based on a discounted cash flow calculation to calculate fair values less costs to sell using
cash flow projections over a 10 year period (2020: 10 year period). The discounted cash flow approach is a level 3 fair value calculation in the IFRS 13 fair
value hierarchy.
The key assumptions for the discounted cash flow calculation are those regarding revenue growth and discount rates as summarised in the table below and
commented on below:
Profit/(loss) before taxation
Adjustments for:
Finance income
Finance expense
Finance lease interest costs
Depreciation – owned assets
Depreciation – lease liabilities
Amortisation of acquired intangible assets
Amortisation of capitalised development expenditure
eBitDa
Depreciation of DDoS Protection–as–a–Service assets charged to cost of sales
Share based payments
Unrealised foreign exchange differences on intercompany loan
Other income – PPPL forgiveness
Year ended
31 December
2021
$’000
Year ended
31 December
2020
$’000
1,373
(4,030)
(1)
388
18
222
93
5
1,872
3,970
382
522
(87)
(637)
(16)
274
27
259
119
6
1,933
(1,428)
255
359
263
–
adjusted eBitDa – for DDPaaS depreciation, share based payments, unrealised
foreign exchange differences on intercompany loan and PPPl forgiveness
4,150
(551)
9. Goodwill
Group
cost
At 1 January 2020
At 31 December 2020
at 31 December 2021
impairment
At 1 January 2020
At 31 December 2020
at 31 December 2021
carrying amount
at 31 December 2021
At 31 December 2020
At 1 January 2020
Goodwill is tested at least annually for impairment and when there are indications that goodwill might be impaired.
Goodwill is allocated to the Group’s single CGU, Corero Network Security (‘CNS’).
$’000
17,983
17,983
17,983
(8,992)
(8,992)
(8,992)
8,991
8,991
8,991
Forecast cash flow period
Extrapolated cash flow period
Cumulative annual growth rate (‘CAGR’) for revenue used for the forecast/extrapolated periods
Growth rates (‘CAGR’) used for the forecast/extrapolated periods:
Year 1–2 (forecast period)
Years 3–5 (extrapolated period)
Years 6–10 (extrapolated period)
Revenue growth rate used beyond the extrapolated period
Discount rate
2021
2020
Years 1–2
Years 1–2
Years 3–10
Years 3–10
12.2%
13.1%
23.5%
15.0%
6.5%
2.5%
12.3%
29.8%
14.0%
6.5%
2.5%
12.2%
The pre–tax cash flows for the forecast period are derived from the most recent financial budget for the year ending 31 December 2022 (‘2022 Budget’) and
the plan for the year ending 31 December 2023 (‘2023 Plan’) approved by the Board, with a sensitivity reflecting prior year experience and progress made in
2021 (10% applied to the 2022 Budget revenue and 15% to the 2023 Plan revenue). The extrapolation for the period 2024 to 2031 is based on management
estimates (with the key assumptions set out below).
The future pre–tax cash flows are discounted by a WACC of 12.3% (2020: 12.2%).
The key assumptions underlying the cash flow projections and which the recoverable amount is most sensitive to are (i) the revenue growth rates forecast and
extrapolated for the period 2022 to 2026 (ii) and the discount rate.
The cash flow forecasts assume a CAGR revenue growth of 18.3% in the period 2022 to 2026 (20.1% for the period 2021 to 2025) and 6.5% for the period
2026 to 2031 (a ‘CAGR’ of 12.2% for 10–year forecast period; 2020: 13.1%). The cashflow forecasts reflect a sensitivity of 10% applied to the CNS 2022 Budget
revenues and a sensitivity of 15% applied to the 2023 Plan revenues (and a sensitivity of 5% to 2022 operating costs and capital expenditure, and a sensitivity
of 7.5% to 2023 operating costs and capital expenditure) reflecting prior year experience. The management of the Group believe these growth rates are
appropriate for the forecasts given the significant progress the business made in 2020 and 2021, the strategy for 2022 which is focused on scaling the business
for profitability through leveraging the Group’s expanded routes to market and the on–going investment in sales and marketing. This strategy is expected to
deliver further increases in revenue in the forecast period.
The global COVID–19 pandemic continues to bring uncertainty and wider market disruption globally. Whilst Corero has to date not seen any significant
short–term impact on the provision of its products and services, and the sector within which the Company operates, and indeed to some extent benefits from
acceleration in, for example, increased network usage deriving from increased ‘Working From Home’ initiatives, there have been disruptive impacts on the
wider economy and large indebtedness of some public finances and this might impact some of its customer base. This impact continues to be a factor in the
on–going assessment on the carrying value of goodwill at future reporting dates.
The assumed growth rates are supported by the fact that the IT security market is forecast to grow strongly for the foreseeable future. The DDoS market is
expected to reach $6.7 billion by 2026 (Source: MarketsandMarkets DDoS Protection and Mitigation market – Global Forecast to 2026, June 2019) – a CAGR
of 15.1% in the period 2021 to 2026.
The above market growth rates used in the future cash flow assumptions reflect that CNS is in the relatively early stages of the commercial exploitation of its
intellectual property. In addition, the business’s strategy, aside from greater sales growth penetration, is to continue to develop its product and solution offerings to
remain its market leadership technological credentials in its chosen markets thereby providing the opportunity to generate above market average growth rates.
The growth rate assumed in the period beyond the 10–year extrapolation period of 2.5% is considered reasonable as historically IT spend has exceeded
GDP growth.
The discount rate is based on a cost of equity using the Capital Asset Pricing Model with the key inputs being a risk–free interest rate estimate of 1.52% (based
on 10–year US government bonds) (2020: 0.93%), comparable company betas, an equity risk premium of 6.2% (2020: 6.2%), and small company risk premium of
4.5% (2020: 4.5%). The WACC has been assessed based on that fact that the Group had debt at 31 December 2021 of $2.8 million (debt at 31 December 2020:
$1.8 million). The WACC used in the valuation reflects current market assessments of the time value of money and the risks specific to CNS.
As stated above, the valuation to support the value in use of the CNS CGU is sensitive to changes in the cash flow forecasts and the discount rate assumptions,
and there is no absolute guarantee that the expected growth will be achieved. If the discount rate is increased from 12.3% to 101.6%, this would mathematically
result in an impairment of the carrying value of goodwill of $9.0 million meaning the goodwill would be fully impaired. If the sensitivity of 10% applied to the
CNS 2022 Budget and 15% to the 2023 Plan revenues (and sensitivity of 5% to CNS 2022 Budget operating costs and capital expenditure, and 7.5% to the 2023
Plan operating costs and capital expenditure) was increased to 39.0% for the CNS 2022 Budget and 58.6% to the 2023 Plan revenues (and sensitivity of 19.5%
to CNS 2022 Budget operating costs and capital expenditure, and 29.3% to the 2023 Plan operating costs and capital expenditure), this would mathematically
result in an impairment of the carrying value of goodwill of $9.0 million meaning the goodwill would be fully impaired.
Apart from the considerations in determining the value in use of the CNS CGU extensively described above, the management of the Group is not currently
aware of any other reasonably possible changes that would necessitate changes in its key estimates.
�64
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
65
Notes to the Financial Statements continued
10. acquired intangible assets
11. capitalised development expenditure
Group
cost
At 1 January 2020
Additions
At 31 December 2020 and at 1 January 2021
Additions
at 31 December 2021
amortisation
At 1 January 2020
Charge for year
At 31 December 2020 and at 1 January 2021
Charge for year
at 31 December 2021
net book value
at 31 December 2021
At 31 December 2020
At 1 January 2020
company
The Company has no intangible fixed assets (2020: $nil).
computer
software
$’000
customer
relationships
$’000
6,009
8
6,017
–
6,017
(6,002)
(6)
(6,008)
(5)
(6,013)
4
9
7
197
–
197
–
197
(197)
–
(197)
–
(197)
–
–
–
total
$’000
6,206
8
6,214
–
6,214
(6,199)
(6)
(6,205)
(5)
(6,210)
4
9
7
Group
cost
At 1 January 2020
Additions
At 31 December 2020 and at 1 January 2021
Additions
at 31 December 2021
amortisation
At 1 January 2020
Charge for year
At 31 December 2020 and at 1 January 2021
Charge for year
at 31 December 2021
net book value
at 31 December 2021
At 31 December 2020
At 1 January 2020
company
The Company has no capitalised development expenditure (2020: $nil).
total
$’000
20,900
1,410
22,310
1,754
24,064
(15,731)
(1,933)
(17,664)
(1,872)
19,536
4,528
4,646
5,169
�66
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
67
Notes to the Financial Statements continued
12. Property, plant and equipment
Group
computer
equipment
$’000
Sales
evaluation
assets
$’000
DDoS protection
as–a–service
assets
$’000
Fixtures and
Fittings
$’000
leasehold
improvements
$’000
Right–of–use
assets
$’000
cost
1 January 2020
Additions
Transfers
Disposals
Foreign currency translation
at 31 December 2020
and 1 January 2021
Additions
Transfers
Disposals
Foreign currency translation
at 31 December 2021
Depreciation
at 1 January 2020
Charge for year
Transfers
Disposals
Foreign currency translation
at 31 December 2020
and at 1 January 2021
Charge for year
Transfers
Disposals
Foreign currency translation
at 31 December 2021
net book value
at 31 December 2021
At 31 December 2020
At 1 January 2020
2,632
160
–
(1,755)
5
1,042
17
–
(59)
(3)
997
(2,429)
(154)
–
1,755
(6)
(834)
(129)
–
21
3
(939)
58
208
203
511
196
(83)
(405)
(3)
216
136
(67)
(99)
–
186
(379)
(68)
16
337
3
(91)
(59)
16
50
–
(84)
102
125
132
DDoS Protection as–a–Service assets’ depreciation is charged to cost of sales.
company
The Company has no property, plant and equipment (2020: $nil).
621
646
83
–
27
104
–
–
–
–
93
13
–
–
–
1,377
104
106
268
67
(57)
(7)
–
–
–
–
–
–
–
–
1,648
104
106
(413)
(255)
(16)
–
(11)
(695)
(382)
(16)
27
4
(58)
(15)
–
–
(1)
(74)
(13)
–
–
–
(30)
(22)
–
–
–
(52)
(21)
–
–
–
423
–
–
–
3
426
–
–
(83)
1
344
(66)
(119)
–
–
(4)
(189)
(93)
–
83
–
total
$’000
4,384
1,015
–
(2,160)
32
3,271
421
–
(298)
(9)
3,385
(3,375)
(633)
–
2,092
(19)
(1,935)
(697)
–
181
7
(1,062)
(87)
(73)
(199)
(2,444)
586
682
208
17
30
46
33
54
63
145
237
357
941
1,336
1,009
13. investment in subsidiaries
company
cost
At 1 January 2020
Capitalisation of intercompany balances
Additions
Foreign currency translation
at 31 December 2020 and at 1 January 2021
Capitalisation of intercompany balances
Additions
Foreign currency translation
at 31 December 2021
impairment
At 1 January 2020
Impairment credit/(charge)
Foreign currency translation
at 31 December 2020 and at 1 January 2021
Impairment credit/(charge)
Foreign currency translation
at 31 December 2021
net book value
at 31 December 2021
At 31 December 2020
At 1 January 20120
investment in corero
network Security, inc. and
corero network Security
(UK) limited
$’000
investment in
corero Group Services
limited
$’000
67,445
849
–
2,008
70,302
3,416
–
(653)
73,065
(57,152)
36,588
(1,704)
(22,268)
10,326
207
(11,735)
61,330
48,035
10,293
9,068
1,540
–
270
10,878
–
–
(101)
10,777
(4,331)
(469)
(128)
(4,928)
(138)
46
(5,020)
5,757
5,950
4,737
loan
note
$’000
7,970
–
394
263
8,627
–
444
(87)
8,984
(2,228)
604
(67)
(1,691)
1,675
16
–
8,984
6,936
5,742
total
$’000
84,483
2,389
394
2,541
89,807
3,416
444
(841)
92,826
(63,711)
36,723
(1,899)
(28,887)
11,863
269
(16,755)
76,071
60,921
20,772
The Directors have reviewed the carrying value of the cost of investments in subsidiaries of the Company with reference to current and future trading conditions
and on a discounted free cash flow valuation which the Directors consider to be an appropriate valuation methodology. As at 31 December 2021 the provision
against the investment in subsidiaries was $16.8 million (at 31 December 2020: $27.2 million), comprising a provision against the investment in Corero Network
Security, Inc. and Corero Network Security (UK) Limited (together ‘CNS’) of $11.7 million and a provision against the investment in Corero Group Services
Limited of $5.0 million. As noted in note 9, the discounted cash flow valuation for CNS is sensitive to changes in the cash flow forecast and the discount rate
assumptions. If the sensitivity applied to the CNS 2022 Budget and 2023 Plan revenues (and the CNS 2022 Budget operating costs and capital expenditure,
and 2023 Plan operating costs and capital expenditure) was increased to 28.0% for the CNS 2022 Budget and 32.7% to the 2023 Plan revenues (and sensitivity
of 14% to CNS 2022 Budget operating costs and capital expenditure, and 16.4% to the 2023 Plan operating costs and capital expenditure), this would
mathematically result in the net book value of the investment in CNS at 31 December 2021 being nil (fully impaired). If the discount rate is increased from 12.9%
to 15.5%, this would mathematically result in the net book value of the investment in CNS at 31 December 2021 being nil (fully impaired).
The Company’s investment in Corero Network Security, Inc. includes a loan note instrument. These loan notes bear interest at 5.0% per annum which at the
election of Corero Network Security, Inc. is payable quarterly or added to the principal amount which is due on 31 October 2026. As at 31 December 2021 the
expected credit loss provision was $nil million (2020: $1.7 million).
The Company owns:
• 100% of the issued share capital of Corero Network Security, Inc. a company incorporated in Delaware, USA. The company’s business address is 293 Boston
Post Road, Marlborough, MA 01752, USA. The principal business of the company consists of the development and sale of appliance and software security
products and solutions.
• 100% of the issued share capital of Corero Group Services Limited, a company incorporated and registered in England and Wales. The company’s business
address is St Mary’s Court, The Broadway, Amersham, Buckinghamshire, HP7 0UT, England, United Kingdom. The principal business of the company consists
of providing administration services to the Group.
• 100% of the issued share capital of Corero Network Security (UK) Limited, a company incorporated and registered in England and Wales. The
company’s business address is 3rd Floor, 53 Hanover Street, Edinburgh, EH2 2PJ and registered address is St Mary’s Court, The Broadway, Amersham,
Buckinghamshire, HP7 0UT, England, United Kingdom. The principal business of the company consists of sale of appliances and software security products
and solutions, providing development and marketing services on behalf of Corero Network Security, Inc.
�68
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
69
Notes to the Financial Statements continued
14. inventories
Gross inventory
Less: provision for impairment
Net inventory
The analysis of trade and other receivables by foreign currency is set out in the table below:
Group
2021
$’000
139
(82)
57
Group
2020
$’000
148
(50)
98
US dollars
UK pound
Group
company
2021
$’000
3,163
902
4,065
2020
$’000
3,818
590
4,408
2021
$’000
–
114
114
2020
$’000
–
77
77
Net inventory comprises finished goods and raw materials. The value of inventory recognised as an expense in cost of sales was $1.9 million (2020: $2.7 million).
company
The Company holds no inventory (2020: $nil).
15. trade and other receivables
Trade receivables
Contract assets (note 4)
Less: provision for impairment of trade receivables
Net trade receivables
Other debtors
Prepayments
Group
2021
$’000
740
1,276
(24)
1,992
180
1,893
4,065
2020
$’000
278
2,429
–
2,707
124
1,577
4,408
company
2021
$’000
2020
$’000
–
–
–
–
76
38
114
–
–
–
–
77
–
77
The Group’s foreign currency receivables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the result for
the year from exchange rate movements on such financial instruments.
16. trade and other payables
Trade payables
Amounts due to subsidiaries
Other payables
Accruals
Group
company
2021
$’000
1,567
–
36
2,608
4,211
2020
$’000
3,977
–
348
2,538
6,863
2021
$’000
–
8,794
–
254
9,048
2020
$’000
–
5,845
–
143
5,988
None of the Group or Company’s trade and other payables are secured by collateral or credit enhancements.
The Directors consider that the carrying amount of trade and other payables approximates their fair value. 66% (2020: 74%) of the trade and other payables
are due in less than three months.
None of the Company’s trade and other receivables are secured by collateral or credit enhancements (2020: None).
The amounts due to subsidiaries are repayable on demand.
The Group applies the simplified approach to measuring expected credit losses using a lifetime expected credit loss for trade receivables and contract assets.
To measure expected credit losses on a collective basis, trade receivables and contract assets are grouped based on a similar credit risk and aging. The
expected loss rates are based on the Group’s historical credit losses experienced over a two year period prior to the period end. The historical loss rates are
then adjusted for current and forward–looking information on macroeconomic factors affecting the Group’s customers. The Group has identified gross domestic
product growth rates, unemployment rates and inflation rates as the key macroeconomic factors in the countries in which the Group operates. The Directors
consider that the carrying amount of trade and other receivables approximates their fair value.
The maturity profile of trade and other receivables is set out in the table below:
In one year or less, or on demand
In more than one year, but not more than five years
Group
company
2021
$’000
3,206
859
4,065
2020
$’000
3,714
694
4,408
2021
$’000
17
97
114
2020
$’000
–
77
77
Balances due in more than one year, but not more than five years, are presented as non–current in the Statement of Financial Position.
The analysis of trade and other payables by foreign currency is set out in the table below:
US dollars
UK pound
Group
company
2021
$’000
1,977
2,234
4,211
2020
$’000
4,383
2,480
6,863
2021
$’000
–
9,048
9,048
2020
$’000
–
5,988
5,988
The Group’s foreign currency payables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the result for
the year from exchange rate movements on such financial instruments.
17. lease liabilities
At 1 January
Payments
Interest cost
At 31 December
The Directors consider that the carrying amount of lease liabilities approximates to their fair value.
Group
2021
$’000
257
(103)
18
172
Group
2020
$’000
369
(139)
27
257
�70
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
71
Notes to the Financial Statements continued
17. lease liabilities continued
The analysis of lease liabilities by foreign currency is set out in the table below:
The contractual future cash flows, including undiscounted interest based on the interest rate at 31 December 2021 of 7.582% and 6.750% (at 31 December 2020:
7.561%) for the bank loans, are:
US dollars
UK pound
company
The Company has no lease liabilities (2020: $nil).
18. Borrowings
The Group borrowings:
Bank loans
The Company borrowings:
Bank loan
Group
2021
$’000
172
–
172
Group
2020
$’000
254
3
257
2021
$’000
2,777
2021
$’000
2,777
2020
$’000
2,478
2020
$’000
1,841
The Company’s borrowings as at 31 December 2021 comprised two bank loan elements: an ’older loan’ and ‘new borrowing facility’.
The older loan was an initial four–year term GBP sterling bank loan of £3.0 million, drawn down in May 2018, with quarterly repayments that commenced
on 31 March 2019. These quarterly repayments increased from £150,000 on 31 March 2019 to £310,000 on 31 March 2022 such that the loan was repaid in
full on 31 March 2022. The loan costs were $286,000, $143,000 of which was payable on 31 March 2022. The bank loan has no early repayment penalties
or redemption premium. The bank loan terms include the payment of a fee equal to 1.0% of the disposal proceeds on a sale or a change of control of the
Company above a threshold amount of £100.0 million if such disposal or change of control occurs before April 2025.
With regards to the newer borrowing facility, the Company announced in April 2021 it had entered into this new borrowing facility for up to £3.0 million
(c$4.2 million) with its existing banking partner, the net proceeds of which will be used for working capital purposes and its on–going investment programme to
support its growth strategy.
The new borrowings facility comprises a drawn £2.0 million term loan facility and an undrawn £1.0 million Revolving Credit Facility (‘RCF’) for a three–year
term. The facility terms include: no early repayment penalties or redemption premium; a reduced interest rate (payable quarterly) at 6.5% per annum over the
Bank of England base rate (before any potential downward EBITDA margin ratchet adjustment); 2.6% interest per annum on the RCF; arrangement fee of 3.75%;
and standard security and loan covenants in line with the existing lending arrangements including the payment of a fee equal to 1.0% of the disposal proceeds
on a sale or a change of control of the Company above a threshold amount of £100.0 million if such disposal or change of control occurs before April 2025.
See also note 26.
Interest is payable quarterly in arrears based on 3–month GBP Libor plus 7.5% on the older loan and 3–month GBP UK base rate plus 6.5% on the newer loan.
The loan principal repayment schedule by year for the bank loans is:
Year
2022
2023
$’000
1,491
1,410
2,901
Year
2022
2023
$’000
1,783
1,556
3,339
The bank loan is secured by debentures over the business assets of all Group companies and by Group company guarantees including a guarantee from the
Company. The bank loan terms include typical covenants for such a loan, as well as revenue and cash consumption covenants, which are tested quarterly and
monthly respectively. These covenants were met for each covenant reporting period in the reporting period ended 31 December 2021.
At 31 December 2021, the Group’s liabilities have contractual maturities which are summarised below. These contractual maturities reflect the payment
obligations which may differ from the carrying values of the liabilities at the balance sheet date.
Group
Trade and other payables
Lease liabilities
Total
company
Trade and other payables
Total
in one year or less, or on demand
Between two and five years
2021
$’000
4,068
94
4,162
2020
$’000
6,461
86
6,547
2021
$’000
143
78
221
2020
$’000
402
171
573
in one year or less, or on demand
Between two and five years
2021
$’000
8,936
8,936
2020
$’000
5,845
5,845
2021
$’000
112
112
2020
$’000
143
143
analysis of changes in net cash (cash and cash equivalents, and borrowings)
Cash and cash equivalents
Bank borrowings
Paycheck Protection Program Loan (see below)
total net cash
as at
1 Jan 2020
$’000
movement in
period
$’000
as at
1 Jan 2021
$’000
movement in
period
$’000
8,321
(2,937)
–
5,384
1,819
1,096
(637)
2,278
10,140
(1,841)
(637)
7,662
1,061
(936)
637
762
as at
31 December
2021
$’000
11,201
(2,777)
–
8,424
The movement in the period is a combination of the actual cashflow (from operating, financing and investing activities) and the exchange rate movement.
Paycheck Protection Program Loan (‘PPPL’)
In the prior year, the Company’s US trading subsidiary, Corero Network Security, Inc was advanced, via its US bank, Pacific Western Bank, a Paycheck
Protection Program Loan for $637,000 on 11 May 2020. The PPPL was a component of the US federal stimulus package known as the Coronavirus Aid, Relief
and Economic Security Act, which offers help to businesses in the US during the COVID–19 crisis. The loan, approved under waiver from the Group’s borrowing
providers represents allowable US payroll costs, together with a smaller element of associated rent and utility costs.
The terms of the PPPL were 1% interest, 2–year term, no early repayment penalties, no collateral/guarantees and no fees. Loan repayments were deferred for
6 months but interest continued to accrue. As at 31 December 2020, loan forgiveness had been applied for but not granted. The Board did not have
reasonable assurance that the loan would be forgiven.
Notification of the PPP loan forgiveness in full was subsequently received from Pacific Western Bank on 28th January 2021. The forgiveness of the PPP loan is
a non–cash movement and is shown as ‘other income’ in the Group Income Statement.
�72
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
73
Notes to the Financial Statements continued
19. Financial instruments
The Group’s financial instruments are categorised as shown below:
Group
Financial assets
Trade and other receivables
Cash
Group
Financial liabilities
Trade and other payables
Borrowings
Book Value
2021
$’000
Book Value
2020
$’000
2,158
11,201
13,359
2,815
10,140
12,955
Book Value
2021
$’000
Book Value
2020
$’000
4,383
2,901
7,284
7,120
2,568
9,688
The Group manages liquidity and credit risk in line with the financial risk management objectives and policies as set out on page 25.
At the present time the Group does not have significant exposure to foreign exchange or interest rate risk. There are no differences between the fair values and
book values held by the Group.
20. Deferred income
Group
Current
More than one year but less than five years
2021
$’000
4,677
2,147
6,824
2020
$’000
3,444
2,705
6,149
The Group’s deferred income balance will be recognised as revenue evenly over the remaining term of the service and support agreements in place. The
service and support agreements expire at various times throughout the year with no particular seasonality.
company
The Company has no deferred income (2020: $nil).
21. Pensions
The Group’s pension arrangements are operated through defined contribution schemes.
Defined contribution schemes
Defined contribution pension costs
2021
$’000
153
2020
$’000
153
22. Share capital
authorised share capital
The authorised share capital comprises 745,821,970 (2020: 745,821,970) ordinary shares of 1 penny (‘p’) (1.4 cents (‘c’)) each.
issued ordinary share capital
1 January 2020, 31 December 2020, and 31 December 2021
494,852,304 ordinary shares of 1p each
There have been no share issues in 2021 or 2020.
23. Share premium
1 January 2020, 31 December 2020, and 31 December 2021
$’000
6,914
$’000
82,122
There have been no share issues in 2020 and 2021. Consideration received in excess of the nominal value is included in share premium, less registration,
commission and professional fees.
24. employees and Directors
employee expenses, including Directors, during the period
Group
Wages and salaries
Social security costs
Other pension costs
average monthly numbers of employees (including Directors) employed
Sales and marketing
Technical, support and services
Management, operations and administration
company
The Company has no employees (2020: nil).
total
2021
$’000
9,130
1,027
153
total
2020
$’000
9,581
1,166
153
10,310
10,900
2021
number
2020
number
19
35
6
60
18
34
7
59
�74
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
75
Notes to the Financial Statements continued
24. employees and Directors continued
Directors, being the Key management personnel
Directors1
Ashley Stephenson
Andrew Miller
Jens Montanana
Lionel Chmilewsky
Peter George
Richard Last
Salary
& fees
$’000
326
25
44
374
36
38
843
Bonus
$’000
Benefits
$’000
Pension
$’000
Subtotal
$’000
Options
$’000
163
–
–
189
–
–
352
20
2
–
12
–
–
34
–
–
64
–
–
64
509
27
44
639
36
38
36
–
36
57
36
36
1,293
201
company
national
insurance
contributions
$’000
9
2
–
123
–
4
138
total
2021
$’000
554
29
80
819
72
78
total
2020
$’000
620
219
41
740
36
38
1,632
1,694
1 Neil Pritchard was appointed to the Board after the year to 31 December 2021.
Bonus payments of $352,000 were awarded to Directors in respect of the year to 31 December 2021 (2020: $334,000).
Lionel Chmilewsky has an employment agreement with a wholly owned subsidiary of the Company which provides for the payment of six months’ base salary
if the agreement is terminated by the Company without cause.
Ashley Stephenson has an employment agreement with a wholly owned subsidiary of the Company which provides for the payment of six months’ base salary
if the agreement is terminated by the Company without cause.
Andrew Miller resigned as an Executive Director on 31st May 2020 and took up a new role on the Board as a Non–executive Director on 1st June 2020.
Andrew Miller has a Director’s Loan of $76,000 which is repayable in August 2030.
25. lease commitments
The Group has total future minimum lease payments under non–cancellable leases totalling $7,000 (2020: $3,000) analysed by year of expiry as follows:
Land and building agreements expiring:
Within one year
company
The Company has no lease commitments (2020: $nil).
2021
$’000
2020
$’000
7
7
3
3
26. contingent liabilities
Corero Network Security (UK) Limited was in December 2015 awarded a grant of £600,000 for a development project over three years from Scottish Enterprise.
Any monies becoming repayable by Corero Network Security (UK) Limited under the grant terms for breaches of the grant conditions are guaranteed by
the Company. These conditions which are typical for a grant of this nature, and which apply for a period of five years from the final grant payment date
(being 14 March 2019), include maintaining minimum headcount in Scotland and no change of control.
27. Share options
The Company has the following share option schemes:
• Enterprise Management Incentive Scheme for its employees, which has been approved by HMRC.
• Executive Enterprise Management Incentive Scheme, which has been approved by HMRC.
• Unapproved Share Option Scheme.
• Deferred Payment Share Plan.
Options granted have a three–year vesting period, vesting one third on the first anniversary of grant, one third on the second anniversary of grant and one
third on the third anniversary of grant. Shares acquired on the exercise of an option may not be sold until the expiry of the second anniversary following the
date of option grant. With the exception of options granted in April 2017 to Directors which include a revenue growth performance vesting condition, there are
no vesting conditions for options granted.
If an option holder ceases to be in employment or hold office within the Group, options granted shall immediately lapse unless such cessation is because
of the option holder’s death; the option holder’s ill health or disability; the company that employs the option holder ceasing to be under the control of the
Company or such company ceasing to be within the Group; the transfer of sale of the undertaking or part–undertaking in which the option holder is employed
to a person who is neither under the control of the Company nor within the Group; or any other reason that the Board in its absolute discretion shall determine.
On a cessation of employment or office as set out above, options shall be exercisable to the extent they have vested according to the terms of the option
agreement and the provisions of the relevant share option scheme and must be exercised within 30 days following such cessation unless otherwise determined
by the Board or if such cessation is by reason of death in which case the option holder’s personal representatives must exercise the option within 12 months
following the date of the option holder’s death.
For option agreements granted post June 2020 and subject to the approval of the Board, where an option holder has, as at the date of the grant, been
employed by a Group company for a period of at least three years and whose employment is terminated either: (a) by the company other than for cause; or
(b) by resignation on the part of the option holder, such option holder shall be entitled to retain the options granted under the option agreement following the
effective date of the termination and such retained options shall continue to vest and be exercisable by the option holder in accordance with the vesting terms
set out in the agreement.
In the year ended 31 December 2020, to continue to attract and retain the Company’s employees, and with the approval of the Company’s significant
shareholders, a share option re–pricing, cancellation and re–grant of 25,446,000 options were made on 16 June 2020. A summary of the share option re–
pricing, cancellation and re–grant is as follows:
• One–for–one basis for ‘out of the money’ options
• Share option price of 5.25p (7c): determined from higher of the 90–day volume weighted average share price (VWAP) and the mid–market closing share
price on Monday 15 June
• 14,403,000 new options were also granted
• No performance conditions attached other than: vest one third on the first anniversary, one third on the second anniversary and one third on the third
anniversary of the date of grant
• Any ordinary shares which are issued following exercise of the first tranche may not be sold or transferred by an option holder prior to the
second anniversary
• With shareholder approval, the overall limit on share options was increased from the previous limit of 10% of the Company’s issued share capital to the
greater of (i) a maximum of 61,856,538 share options (equivalent to 12.5% of the Company’s current issued share capital) or (ii) 10% of the Company’s
issued share capital.
On 19 July 2021, the Board approved minor wording changes to the Unapproved Share Option Plan, the Executive EMI Share Option Plan and the EMI Share
Option Plan in line with recent legislative changes only.
�76
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
77
Notes to the Financial Statements continued
exercise price
– pence
(cents)
at 1 January
2021
Granted
exercised
Forfeit/
cancelled
at 31
December
2021
Option holders
Date granted
expiry date
Unapproved Share Option Scheme continued
exercise price
– pence
(cents)
at
1 January
2021
Granted
exercised
Forfeit/
cancelled
at
31 December
2021
Share options granted at 31 December 2021 were as follows:
–
–
–
–
–
–
27. Share options continued
Share options granted at 31 December 2021 were as follows:
Option holders
Date granted
expiry date
enterprise management incentive Scheme
Other Holders
April 2019
April 2029
8.4p (11c)
September 2019
September 2029
2.5p (3c)
10,000
5,000
April 2020
June 2020
April 2030
4.2p (5c)
465,000
June 2030
5.3p (7c)
8,985,500
September 2020
September 2030
7.8p (10c)
October 2020
October 2030
9.0p (12c)
January 2021
January 2031
13.0p (18c)
November 2021
November 2031
9.25p (12c)
10,000
12,500
–
–
685,000
27,500
executive enterprise management incentive Scheme
Andrew Lloyd
April 2017
April 2027
8p (10c)
2,083,333
Unapproved French Share Option Scheme
Lionel Chmilewsky
June 2020
June 2030
5.3p (7c)
7,000,000
–
–
January 2021
January 2031
13.0p (18c)
–
500,000
Unapproved Share Option Scheme
Jens Montanana
Richard Last
Andrew Lloyd
Ashley Stephenson
April 2017
May 2018
April 2027
8p (10c)
994,000
May 2028
13.6p (18c)
425,000
October 2018
October 2028
11.0p (14c)
400,000
–
–
–
January 2021
January 2031
13.0p (18c)
–
350,000
April 2017
June 2017
April 2027
8p (10c)
450,000
June 2027
13.6 (18c)
180,000
October 2018
October 2028
11.0p (14c)
200,000
–
–
–
January 2021
January 2031
13.0p (18c)
–
350,000
April 2017
June 2017
June 2020
April 2027
8p (10c)
580,001
June 2027
13.6 (18c)
200,000
June 2030
5.3p (7c)
7,919,000
–
–
–
January 2021
January 2031
13.0p (18c)
–
350,000
Andrew Miller
Peter George
June 2020
June 2030
5.3p (7c)
5,775,000
January 2019
January 2029
11.3p (15c)
750,000
–
–
January 2021
January 2031
13.0p (18c)
–
350,000
Other holders
March 2011
March 2021
40p (65c)
290,000
September 2011
September 2021
37.5p (61c)
40,000
March 2012
March 2022
54.5p (89c)
140,000
April 2013
May 2014
April 2023
25p (38c)
100,000
May 2024
25p (42c)
670,666
September 2016
September 2026
22.5p (33c)
October 2018
October 2028
11.0p (14c)
5,000
50,000
September 2019
September 2029
2.5p (3)
4,430,000
April 2020
April 2020
June 2020
April 2030
4.2p (5c)
605,000
April 2030
4.2p (5c)
50,000
June 2030
5.3p (7c)
4,603,500
September 2020
September 2030
7.8p (10c)
300,000
–
–
–
–
–
–
–
–
–
–
–
–
January 2021
January 2031
13.0p (18c)
November 2021
November 2031
9.25p (12c)
–
–
960,000
25,000
47,728,500
3,597,500
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
5,775,000
750,000
350,000
(290,000)
–
–
–
–
–
–
–
40,000
140,000
100,000
670,666
5,000
50,000
(898,333)
3,531,667
(150,000)
455,000
–
–
–
50,000
4,603,500
300,000
(350,000)
610,000
–
25,000
(1,805,833)
49,520,167
The closing mid–market price for the Company’s shares at 31 December 2021 was 12.5p (16.9c) and the high and low for the year was 16.0p (21.9c) and
9.0p (12.0c).
In the 12 months to 31 December 2021, no options were exercised (2020: nil) and 1,805,833,000 options were forfeited (2020: 1,192,000).
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
10,000
5,000
(107,500)
357,500
(10,000)
8,975,500
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
10,000
12,500
685,000
27,500
2,083,333
7,000,000
500,000
994,000
425,000
400,000
350,000
450,000
180,000
200,000
350,000
580,001
200,000
7,919,000
350,000
�78
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial StatementS
Corporate Directory
79
Notes to the Financial Statements continued
27. Share options continued
Share options granted at 31 December 2020 were as follows:
Option holders
Date granted
expiry date
enterprise management incentive Scheme
exercise
price –
pence (cents)
at
1 January
2020
Granted
exercised
Forfeit/
cancelled
at
31 December
2020
Other Holders
April 2015
April 2017
June 2017
April 2025
15p (23c)
500,000
April 2027
8p (10c)
1,586,569
June 2027
13.6 (18c)
1,698,305
September 2017
September 2027
9.1p (12c)
5,000
October 2018
October 2028
11.0p (14c)
2,569,932
April 2019
April 2029
8.4p (11c)
237,500
September 2019
September 2029
2.5p (3c)
5,000
–
–
–
–
–
–
–
April 2020
June 2020
April 2030
4.2p (5c)
June 2030
5.3p (7c)
September 2020
September 2030
7.8p (10c)
October 2020
October 2030
9.0p (12c)
–
–
–
–
565,000
9,040,500
10,000
12,500
executive enterprise management incentive Scheme
Andrew Miller
May 2018
May 2028
13.6p (18c)
2,356,000
Andrew Lloyd
April 2017
April 2027
8p (10c)
2,083,333
October 2018
October 2028
11.0p (14c)
599,479
–
–
–
Unapproved French Share Option Scheme
Lionel Chmilewsky
June 2020
June 2030
5.3p (7c)
–
7,000,000
Unapproved Share Option Scheme
Jens Montanana
Richard Last
Andrew Lloyd
Ashley Stephenson
April 2017
May 2018
April 2027
8p (10c)
994,000
May 2028
13.6p (18c)
425,000
October 2018
October 2028
11.0p (14c)
400,000
April 2017
June 2017
April 2027
8p (10c)
450,000
June 2027
13.6 (18c)
180,000
October 2018
October 2028
11.0p (14c)
200,000
April 2017
June 2017
April 2017
June 2017
April 2027
8p (10c)
580,001
June 2027
13.6 (18c)
200,000
April 2027
8p (10c)
2,319,000
June 2027
13.6 (18c)
3,200,000
October 2018
October 2028
11.0p (14c)
2,400,000
–
–
–
–
–
–
–
–
–
–
–
June 2020
June 2030
5.3p (7c)
–
7,919,000
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
(500,000)
(1,586,569)
(1,698,305)
(5,000)
(2,569,932)
(227,500)
–
–
–
–
–
–
10,000
5,000
(100,000)
465,000
(55,000)
8,985,500
–
–
10,000
12,500
(2,356,000)
(599,479)
–
–
–
–
–
–
–
–
–
–
(2,319,000)
(3,200,000)
(2,400,000)
–
–
2,083,333
7,000,000
994,000
425,000
400,000
450,000
180,000
200,000
580,001
200,000
–
–
–
–
7,919,000
Option holders
Date granted
expiry date
Unapproved Share Option Scheme continued
exercise
price –
pence (cents)
at
1 January
2020
Granted
exercised
Forfeit/
cancelled
at
31 December
2020
Andrew Miller
April 2017
April 2027
8p (10c)
1,919,000
October 2018
October 2028
11.0p (14c)
900,521
–
–
June 2020
June 2030
5.3p (7c)
–
5,775,000
Peter George
Other holders
January 2019
January 2029
11.3p (15c)
750,000
August 2010
August 2020
31p (50c)
308,000
March 2011
March 2021
40p (65c)
290,000
September 2011
September 2021
37.5p (61c)
40,000
March 2012
March 2022
54.5p (89c)
140,000
April 2013
May 2014
April 2015
April 2023
25p (38c)
100,000
May 2024
25p (42c)
670,666
April 2025
15p (23c)
53,000
October 2015
September 2025
15p (23c)
105,000
May 2016
May 2026
20p (29c)
20,000
September 2016
September 2026
22.5p (33c)
455,000
April 2017
June 2017
April 2027
8p (10c)
623,626
June 2027
13.6 (18c)
665,500
September 2017
September 2027
9.1p (12c)
500,000
October 2018
October 2028
11.0p (14c)
3,268,568
April 2019
April 2029
8.4p (11c)
50,000
September 2019
September 2029
2.5p (3)
4,430,000
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
April 2020
April 2020
June 2020
April 2030
4.2p (5c)
April 2030
4.2p (5c)
June 2030
5.3p (7c)
September 2020
September 2030
7.8p (10c)
–
–
–
–
705,000
50,000
4,711,500
300,000
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
(1,919,000)
(900,521)
–
–
(308,000)
–
–
–
–
–
(53,000)
(105,000)
(20,000)
(450,000)
(623,626)
(665,500)
(500,000)
–
–
5,775,000
750,000
–
290,000
40,000
140,000
100,000
670,666
–
–
–
5,000
–
–
–
(3,218,568)
50,000
(50,000)
–
–
4,430,000
(100,000)
–
605,000
50,000
(108,000)
4,603,500
–
300,000
38,278,000
36,088,500
– (26,638,000)
47,728,500
�80
corero network Security plc – Annual Report and Accounts 2021
Overview
Strategic Report
Governance
Financial Statements
cORPORate DiRectORY
81
Notes to the Financial Statements continued
Glossary
27. Share options continued
total number of options granted to Directors
31 December 2021
Options granted
31 December 2020
Options granted
Relevant Share Option scheme
Ashley Stephenson
Andrew Lloyd
Andrew Miller
Jens Montanana
Lionel Chmilewsky
Peter George
Richard Last
8,269,000
2,863,334
5,915,000
2,169,000
7,500,000
1,100,000
1,180,000
7,919,000 Unapproved Share Option Scheme
2,863,334
Executive Enterprise Management Scheme and Unapproved Share Option Scheme
5,915,000
Executive Enterprise Management Scheme and Unapproved Share Option Scheme
1,819,000 Unapproved Share Option Scheme
7,000,000 Unapproved Share Option Scheme
750,000 Unapproved Share Option Scheme
830,000 Unapproved Share Option Scheme
28,996,334
27,096,334
None of the Directors holding office at the balance sheet date exercised options during the year (2020: none).
Andrew Miller has a contractual right (granted in March 2011) to purchase 140,000 ordinary shares in the Company from the Employee Share Ownership Trust
at 40p per share pursuant to a grant made to him under the Deferred Payment Share Plan.
Share–based payments
The Remuneration Committee (‘RC’) approves the grant of share options to employees of the Group under the Group’s share option schemes.
Share options are granted with a fixed exercise price which is equal to the market price at the date of the grant or higher price determined by the RC. The
share options granted are required to be exercised within 10 years from the date of grant.
Share options are valued using the Black–Scholes option–pricing model.
The weighted average fair value of the options granted in the year was 8.1p (11.2c). The value of share options granted during the year was calculated using
the Black–Scholes option pricing model. The following variables and ranges were used:
Share price at date of grants
Exercise price
Expected volatility
Estimated years to exercise
Risk free interest rate
The table below provides information on all options outstanding at the end of the year:
2021
2020
9.25p–13.0p (12c–18c)
4.2p–9.0p (5c–12c)
9.25p–13.0p (12c–18c)
4.2p–9.0p (5c–12c)
70.6%–76.5%
62.3%–75.6%
4.1–4.9
0%–0.01%
4.25–4.8
–0.08%–0.2%
Weighted average remaining contractual life
Average remaining contractual life
Options exercisable
Exercise price range
Weighted average share price
Weighted average exercise price
Expected volatility
Risk free rate – 5 year gilt rate
Expected dividend yield
8 years
6.6 years
2.5p–55p (3c–73c)
6.3p (8.6c)
6.5p (8.8c)
0.2%–76.5%
–0.08%–2.5%
Nil
Volatility is calculated as the standard deviation of the closing daily share price over a period of 24 months prior to the grant date.
Operating expenses in the Group Income Statement included a charge of $522,000 (2020: $359,000) relating to employee share–based payments.
28. Related parties and transactions
There have been no equity placings or offers in the year ended 31 December 2021 or 2020.
The Directors consider the Group’s key management personnel to be the Board of Directors of the Company whose compensation is detailed in note 24.
Company key management compensation was $nil (2020: $nil) as the key management are employed by subsidiaries.
5G
ai
aim
aRR
caGR
cGU
cnS
cPU
cSPs
DDoS
Fifth Generation Cellular Network Technology
Artificial Intelligence
Alternative Investment Market
Annualised Recurring Revenues
Compound Annual Growth Rate
Cash–Generating Unit
Corero Network Security
Central Processing Unit
Communication Service Providers
Distributed Denial of Service
DDPaaS
DDoS Protection as–a–Service
DPDK
DPi
DtR
eBitDa
eU
Fca
FRc
FRS
iaS
iaSB
iFRic
iFRS
iot
iP
Data Plane Development Kit
Deep Packet Inspection
Disclosure and Transparency Rules
Earnings Before Interest, Tax, Depreciation, and Amortisation
European Union
Financial Conduct Authority
Financial Reporting Council
Financial Reporting Standard
International Accounting Standards
International Accounting Standards Board
International Financial Reporting Interpretations Committee
International Financial Reporting Standards
Internet of Things
Internet Protocol
iPS/aPt
Intrusion Prevention System/Advances Persistent Threat
iSa
mSP
mSSP
nics
POPs
PPPl
RcF
R&D
ROi
International Standard on Auditing
Managed Service Provider
Managed Security Service Provider
Network Interface Cards
Points of Presence
Paycheck Protection Program Loan
Revolving Credit Facility
Research and Development
Return On Investment
SlB/aDc
Server Load Balancer/Application Delivery Controller
SOc
SSDP
SSP
tcO
tDc
tDD
tDS
UPnP
VWaP
WaF
Security Operations Center
Simple Service Discovery Protocol
Stand–alone Selling Prices
Total Cost of Ownership
SmartWall® Threat Defense Cloud
SmartWall® Threat Defense Director
SmartWall® Threat Defense System
Universal Plug and Play
Volume Weighted Average share Price
Web Application Firewall
�82
corero network Security plc – Annual Report and Accounts 2021
Corporate Directory
Directors
Jens Montanana (Non–executive Chairman)
Richard Last (Non–executive Director)
Peter George (Non–executive Director)
Andrew Miller (Non–executive Director)
Lionel Chmilewsky (Chief Executive Officer)
Neil Pritchard (Chief Financial Officer)
Ashley Stephenson (Chief Technology Officer)
Secretary and Registered Office
Duncan Swallow
St Mary’s Court
The Broadway
Amersham
Buckinghamshire
HP7 0UT
nominated adviser and Broker
Canaccord Genuity Ltd
88 Wood Street
London
EC2V 7QR
Financial Public Relations
Vigo Communications
Sackville House
40 Piccadilly
London
W1J 0DR
auditor
BDO LLP
55 Baker Street
London
W1U 7EU
Solicitors
Dorsey and Whitney LLP
199 Bishopsgate
London
EC2M 3UT
Bankers
Santander
2 The Forbury
Reading
RG1 3EU
Pacific Western Bank
406 Blackwell Street
Suite 240
Durham
North Carolina
27701
USA
Registrars
Link Group
10th Floor
Central Square
29 Wellington Street
Leeds
LS1 4DL
Website address
www.corero.com
�C
o
r
e
r
o
N
e
t
w
o
r
k
S
e
c
u
r
i
t
y
p
l
c
A
n
n
u
a
l
R
e
p
o
r
t
a
n
d
A
c
c
o
u
n
t
s
2
0
2
1
Registered Office
St Mary’s Court
The Broadway
Amersham
Buckinghamshire
HP7 0UT
UK
�