THE DDOS
PROTECTION
SPECIALISTS
ANNuAL REPORT AND ACCOuNTS 2022
Corero Network Security plc
�Corero is dedicated
to improving
the security and
availability of the
internet through
the deployment of
innovative Distributed
Denial of Service
(DDoS) protection
solutions.
DDOS
PrOTeCTiON
wiTHOUT THe
DOwNTiMe.
We are specialists in automatic detection
and mitigation solutions, that include
network visibility, analytics, and reporting
tools. Corero’s technology provides
scalable protection capabilities against both
external DDoS attackers and internal DDoS
threats, in even the most complex edge and
subscriber environments, ensuring internet
service availability and uptime.
We protect thousands of organisations worldwide,
across many verticals. Our customers are primarily
internet service providers, hosting providers, cloud
providers and SaaS providers.
We are deployed internationally and, through our
own teams and strategic partners, we continue to
expand our footprint.
CONTENTS
Overview
01 2022 Highlights
02 At a glance
04 Business Model
06 Case study: Dakota Carrier
Network
08 Market overview
09 2022 Corero DDos Threat
Intelligence Report
10 Corero Explained
14 Customer proposition
15 Investor proposition
Strategic Report
16 Executive Chairman’s Review
18 Financial Review
20 Key Performance Indicators
22 Key Stakeholders
22 Section 172 Statement
24 Principal Risks and Uncertainties
26 Environmental, Social and
Financial Statements and
associated notes
Governance Report
Governance
28 Board of Directors
30 Executive Chairman’s Corporate
Governance Introduction
31 QCA Code Compliance
32 Corporate Governance Report
34 Board Performance and
Remuneration Policy
35 Board Committee Reports
36 Directors’ Report
39 Statement of Directors’
Responsibilities
40 Independent Auditor’s Report
46 Consolidated Income Statement
47 Consolidated Statement of
Comprehensive Income
48 Consolidated Statement of
Financial Position
49 Company Statement of Financial
Position
50 Consolidated Statement of Cash
Flows
51 Consolidated Statement of
Changes in Equity
52 Company Statement of Changes
in Equity
53 Notes to the Financial
Statements
Corporate Directory
82 Glossary
83 Corporate Directory
FOr MOre
iNFOrMATiON viSiT
corero.com
Overview
Strategic Report
Governance
Financial Statements
Corporate Directory
2022 HiGHLiGHTS
REVENuE
ARR1
$20.1m
$14.4m
$20.9m
$20.1m
$16.9m
$10.0m
$9.7m
$14.4m
$12.8m
$9.8m
$7.2m
$5.8m
2018
2019
2020
2021
2022
2018
2019
2020
2021
2022
GROSS MARGIN
NET CASH
87.2%
$4.4m
87.2%
85.1%
81.0%
77.3%
78.4%
$8.4m
$7.6m
$5.4m
$4.4m
$4.4m
2018
2019
2020
2021
2022
2018
2019
2020
2021
2022
EBITDA2
$2.6m
PROFIT/(LOSS)
BEFORE TAXATION
$0.4m
$4.0m
$2.6m
$1.4m
$0.4m
-$1.7m
-$1.4m
-$3.2m
-$4.0m
-$5.2m
-$6.6m
2018
2019
2020
2021
2022
2018
2019
2020
2021
2022
OPerATiONAL HiGHLiGHTS
• Secured 32 new customers in the year
• Customer support contract renewal
rate of 98% (2021: 96%) demonstrating
both the quality of Corero solutions and
customer service
• Annualised Recurring Revenues1 (“ARR”)
increased to $14.4 million (2021: $12.8
million), underpinning future revenues and
reinforcing the importance of Corero’s
solutions for our customers
• The Group remains committed to ongoing
investment across its technology platform
and resource expansion to strengthen its
market-leading position
FiNANCiAL HiGHLiGHTS
•
Order intake increased by 13% to
$23.9 million from $21.2 million in 2021
• Total revenue of $20.1 million (2021: $20.9
million)
• ARR up 13% to $14.4 million as at 1 January
2023 (1 January 2022: $12.8 million)
• Revenue from DDoS Protection as a Service
(DDPaaS) contracts increased to $4.9 million
(2021: $4.0 million)
• Gross margins of 87% (2021: 85%)
• EBITDA2 of $2.6 million (2021: EBITDA
of $4.0 million)
• Adjusted EBITDA3 of $1.7 million
(2021: $3.2 million)
• Profit before taxation of $0.4 million
(2021: $1.4 million)
• Earnings and diluted earnings per share
of 0.1 cents (2021: 0.3 cents)
• Net cash at 31 December 2022 of
$4.4 million (2021: $8.4 million)
1 ARR is defined as the normalised annualised recurring
revenues and includes recurring revenues from contract
values of annual support, software subscription and
from DDoS Protection-as-a-Service (DDPaaS) contracts
2 EBITDA is defined as Earnings before Interest, Taxation,
Depreciation and Amortisation. The Directors consider
EBITDA to be a better measure of profitability as it
excludes non-cash items
3 Adjusted EBITDA is defined as Earnings before interest,
tax, depreciation, and amortisation excluding unrealised
gains/(losses) on an intercompany loan and PPPL
forgiveness
Corero Network Security plc Annual Report and Accounts 2022
01
�AT A GLANCe
we Are…
DYNAMiC AND
FAST-MOviNG.
Overview
Strategic Report
Governance
Financial Statements
Corporate Directory
OUr viSiON
In an internet connected world, every business,
application and individual is protected from
DDoS attacks.
OUr vALUeS
Values and beliefs underpin the strategy. These are
lived to become the culture:
Customers First; Technology Leadership &
Innovation; Operational Excellence; Integrity;
Our People, Empowerment & Teamwork
ACHieveD THrOUGH
DeLivereD BY
wHAT we DO
• Prevent downtime in the event of a DDoS attack
• Eliminate the need for operator intervention by
automatically mitigating over 98% attacks
• Enable service providers to deliver added value to
their customers by offering DDoS protection services
Corero is dedicated to improving
the security and availability
of the internet through the
deployment of innovative
DDoS protection solutions.
OUr PUrPOSe
To best protect customers from the damaging
impact of DDoS cyber security attacks.
OUr FOCUS
Maintain our superior technological performance
while delivering sustainable, long-term value to
our stakeholders.
OUr MiSSiON
Corero’s mission is to be our
customer’s trusted partner on
their journey to implement
effective DDOS protection
matched to their needs.
wHY we DO iT
• To make the internet a
safer place by protecting
organisations from
damaging DDoS attacks
and the downtime that
comes with it.
• Corero customers
benefit from rapid
attack discovery, rapid
mitigation, and a dynamic,
flexible solution.
HOw we DO iT
•
Intelligently automated
solution that protects from
DDoS attacks in under
a second.
• Most flexible and highly
scalable deployment
options to meet the
needs of any business.
• Comprehensive
visibility with reporting
and alerting for clear,
actionable intelligence on
the DDoS attack activity.
reSPONSiBLe
BUSiNeSS
Corero aspires to carry out its
business to the highest ethical
standards, treating customers,
partners, suppliers, and
employees in a professional,
courteous and honest manner.
Corero is committed to promoting
sustainability. We aim to promote
good sustainability practice, to
carry out our operations in a way
which manages and minimises any
adverse environmental impacts.
Our products are used by
thousands of businesses
throughout the world to protect
against disruptions that could
have adverse economic, health,
well-being and environmental
consequences for the users and
customers of those businesses
(often in a mission critical way)
and the knock-on effects to
populations as-a-whole.
OUr STrATeGiC GOALS
1. Grow our pipeline and corresponding revenue
2.
3.
4.
Leverage our existing reseller and strategic
partnerships and develop new ones
Target and expand our Ideal Customer Profile
(‘ICP’) relationships
Better monetise our existing services and
introduce new services
5.
Amplify our demand generation programs
6.
Continue to enhance our technological
innovation leadership
eNABLeD BY
OUr BUSiNeSS MODeL
Please see our business model on pages 4 to 5.
SUPPOrTeD BY
OUr SUPPOrTerS
Our supporters are our customers; our partners
including strategic alliance partners; our suppliers,
our investors and our employees.
02
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
03
�Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
BUSiNeSS MODeL
Corero’s technology provides scalable protection
capabilities against both external DDoS attackers and
internal DDoS threats, in even the most complex edge
and subscriber environments, ensuring internet service
availability and uptime.
A CUSTOMER DRIVEN BUSINESS MODEL:
iNPUTS
KeY SOLUTiONS
TDC
SALeS CHANNeLS
CUSTOMer SeGMeNTS
SOUrCe OF reveNUe
OUTPUTS
OUr CULTUre
& vALUeS
See page 26
MArKeT Overview
See page 10
SeCUrewATCH
Support, updates,
maintenance,
monitoring
THreAT DeFeNCe
SYSTeM
Available in physical and
software for 10G, 100G
and cloud
eDGe THreAT DeFeNCe
Offers surgical protection
using network routing at
the edge to redirect or
scrub malicious traffic
THreAT DeFeNCe
DireCTOr
Delivers software edge
protection for even the
largest networks
THreAT DeFeNCe
CLOUD
Protects against attacks in
the Cloud
STrATeGiC ALLiANCeS
Juniper and GTT
SAAS PrOviDerS
DDOS PrOTeCTiON
AS-A-ServiCe
iNDireCT SALeS PArTNerS
Value-added resellers and
distributors
eDGe PrOviDerS
reveNUe SHAre
CASH FOr
reiNveSTMeNT
See page 20
FiNANCiAL reTUrNS
FOr iNveSTOrS
See page 20
DireCT SALeS
Corero sales team
HOSTiNG AND CLOUD
PrOviDerS
TerM LiCeNCe
eSG
See page 26
iNTerNeT ServiCe
PrOviDerS
SUPPOrT AND ServiCeS
APPLiANCe & PerPeTUAL
SOFTwAre LiCeNCe
04
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
05
�CASe STUDY: DAKOTA CArrier NeTwOrK
OUr STrATeGY
iN PrACTiCe.
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
vALUe-ADDeD OFFeriNG
1. An immediate solution at their fingertips
DCN were interested in an immediate solution: “Whereas other vendors were still talking about their
roadmaps and what they would do in the future, Corero could do everything immediately, and didn’t
need to talk about their roadmap,” said Heck. “We don’t want to see a roadmap, we want to see
what you can do today, because we need this right away.”
Corero also supported DCN’s strategic goals for ROI on their DDoS protection investments, helping
to meet their objectives to sell DDoS as a service to their downstream customers.
“ We’ll be introducing DDoS protection to a lot of our internet customers that don’t have it today.
It’s a base service that they all should have from just a good cybersecurity posture.”
Jesse Heck, Sr. Director of Operations at Dakota Carrier Network
The team at DCN was clear with Corero at the outset, that they prefer to do business by finding
partners, not vendors, and Corero have exemplified that they fit this model well.
2. Faster time to mitigation
Corero stood out from the competition because it was the only vendor to offer sample packet
mirroring functionality, which allows DCN to ingest traffic with faster time to mitigation. This enables
DCN to analyse the malicious traffic in real-time and take relevant action against it.
3. Excellent customer support
“Corero separated themselves from the pack early on, just by being responsive at every step along
the way,” said Heck. “They had a team of people who could answer our questions immediately, so we
never had to chase them down for information as we did some of the other vendors.”
COrerO SMArTwALL
AT A GLANCe
Surgically removes DDoS attack
traffic automatically, before it
reaches critical systems, ensuring
optimal performance and
maximum availability
• Delivers line-rate, in-line
DDoS attack protection, from
1 Gbps to 100 Gbps per rack
unit, in a solution that scales
to terabits per second of
protected throughput
• Flexible deployment models
to reduce attack surface for
volumetric floods and state
exhaustion attacks at Layers 3
through 7
• Delivers comprehensive
visibility for analysis and
forensics - before, during
and after attacks
Dakota Carrier Network
improves Customer
Security and drives
rOi with Corero DDoS
Protection
OVERVIEW:
Dakota Carrier Network (DCN) is
a consortium of 13 independent
broadband companies located
in North Dakota. The consortium
has a fiber footprint stemming
60,000 miles in the state of
North Dakota, and represents
all the major local independent
broadband service providers
and serve customers in 379
communities. This adds up
to over 85 percent of all the
exchanges in the state. DCN
provides critical network services
to state and local governments
along with commercial
businesses, including banks
and energy companies.
CHALLENGE:
Like most other broadband
service providers, DCN has been
targeted by cyber attackers
with frequent and sophisticated
DDoS attacks designed to create
service latency and downtime for
its network and their customers.
DCN needed a DDoS protection
solution that works fast, is
automated, and could protect at
scale. Prior to evaluating Corero
solutions, the organisation
had a dual-vendor DDoS
mitigation solution involving
one vendor that analysed
traffic to detect DDoS traffic,
and another that provided the
hardware scrubbing.
However this split-vendor
solution was unable to provide
the DDoS Protection service
DCN required. In addition, DCN
wanted a single-sourced, multi-
tenant portal to provide their
customers with a dashboard
to show their network traffic,
enable them to apply or remove
attack mitigation policies and
manage reporting.
SOLUTION:
DCN has a multi-edge, multi-
terabit detect and redirect DDoS
protection solution that analyses
traffic as it comes in, with sample
packet mirror. Malicious or
attack traffic is automatically
sent using BGP protocols to the
Corero Threat Defence System
which acts as a scrubber to filter
the attack traffic, with the clean
traffic then being returned.
DCN is introducing DDoS
protection as a service to their
customer base. “Now that we
have a solid DDoS mitigation
product, with a single-source
portal, we are introducing it
to a lot of our customers that
don’t have DDoS protection”
said Heck, commenting that
the process of adding their
customers to the mitigation
service was completely
“seamless” with no disruption.
RESULTS:
Many DDoS solutions are
merely reactive and only start
working once the DDoS attack
has already hit its victim. With
Corero’s SmartWall solution,
DCN benefits from automatic
protection using analytics to
aggregate historical records
of DDoS traffic. By detecting
anomalous traffic at the
network edge, attacks are
mitigated before they can cause
any harm to the network or
downstream customers.
“
Thanks to the
Corero solution,
our customers
can access the
DDoS portal
for history and
details regarding
mitigation events
including source
and destination
iPs, source and
destination TCP/
UDP ports, and
attack volume.”
Jesse Heck,
Sr. DireCTOr OF
OPerATiONS AT DAKOTA
CArrier NeTwOrK
06
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
07
�MArKeT Overview
CHANGeS iN THe GLOBAL
DDOS ATTACK LANDSCAPe
BriNG ABOUT A SUrGe iN
vOLUMe OF ATTACKS AND
vArieTY OF DePLOYMeNTS.
CYBER THREATS AND
DDOS ATTACKS
A wide range of critical cybersecurity
issues face every internet connected
organisation. These threats include
DDoS, hacking, breach, phishing,
fraud, ransom, data theft and
exfiltration. These cyber threats
present themselves via the internet
connections that are essential to
support online business.
Traditionally, internet service providers
sell raw internet transit connectivity.
This unprotected connectivity,
usually sold via 1Gbps, 10Gbps and
increasingly 100Gbps links, carries
good customer traffic and malicious
bad traffic without discrimination. If
an enterprise, data centre, or hosting
facility connects to these raw transit
providers they will be exposed to
internet-borne cyber threats and their
information security posture must be
prepared to detect and protect against
any associated malicious intent.
Corero focuses on one specific
category of these cybersecurity
threats known as Distributed Denial
of Service (DDoS) and has developed
an innovative, flexible, solution that
delivers automatic detection and
protection against these attacks.
The broad range of motives for
executing DDoS attacks, coupled with
the relative ease with which they can
be launched, means a variety of actors,
including; criminal gangs, activists,
terrorist groups and even nation states
use them. Aside from those who are
focused purely on disrupting services,
some of those who carry out DDoS
attacks do so for extortion, via ransom
DDoS, or as a smokescreen for other
cyberattacks designed to steal data.
DDoS attacks continue to grow in
sophistication, scale and frequency.
Businesses and public-sector
organisations are equally vulnerable
to DDoS attacks and recent years have
seen some of the world’s best-known
companies fall victim to these attacks,
with a significant impact for their
customers and bottom line.
The DDoS protection market is driven
by the growing need for business
continuity. Increasingly, always-on
protection is the only answer to defend
against the short, sharp, attacks which
dominate. This is driving an increasing
value-add service revenue opportunity
for service providers.
THE DDOS PROTECTION
MARKET
$3.9bn in 2022
Global DDoS Protection Market
expected to reach $7.3bn by 2027
at 13% CAGR*
$7,300
$6,771
$5,224
$3,916
$2,866
2020
2022
2024
2026
2027
GLOBAL DDOS PROTECTION
MARKET
>33,000
Daily Attacks
Daily DDoS attacks recorded during
the first half of 2022, a 12% increase
from 2021**
*
MarketsandMarkets DDoS protection Global forecast
to 2027
** NetScout H1 2022 Report
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
COrerO DDOS THreAT iNTeLLiGeNCe
rePOrT ON 2022 ACTiviTY
75%
DDOS ATTACKS
LAST LESS THAN
10 MINUTES
25%
INCREASE IN HIGH
PACKET RATE
DDOS ATTACKS
300%
INCREASE IN
CARPET BOMB
DDOS ATTACKS
60%
INCREASE IN DDOS
ATTACKS LASTING
OVER 60 MINUTES
39%
INCREASE IN
MULTI-VECTOR
DDOS ATTACKS
27%
LIKELIHOOD OF A
REPEAT ATTACK IN
SAME WEEK
98%
DDOS ATTACKS
LESS THAN 10 GBPS
every half and full year, Corero looks at
the latest trends in the DDoS market. The
observations below are from our 2022 DDoS
Threat intelligence report.
In 2022, we witnessed significant changes in the global
DDoS attack landscape. Corero has detected a surge in the
overall volume of attacks, as well as variations in their nature,
with attackers employing increasingly frequent, potent, and
intricate tactics.
DDoS attacks aim to incapacitate online services by inundating
them with traffic from multiple sources, typically through botnets
and other means, to surpass the available bandwidth and
paralyse the internet traffic flow. These attacks target service and
network availability, negatively impacting business continuity and
uptime, leading to downtime, internet disruption, loss of revenue,
customer loyalty, and brand trust.
While traditional DDoS attacks typically deploy fewer packets
of larger sizes, our observations indicate that recent attacks
are employing larger numbers of smaller-sized packets,
aiming to overwhelm a target’s transactional processing. This
highlights the criticality of robust DDoS protection for the
service and hosting providers responsible for maintaining
customers’ internet availability.
One of the most significant developments in DDoS attacks
in 2022 was the rise of ‘carpet bomb’ attacks, posing a
significant threat. These circumvent legacy detect-and-redirect
DDoS protection systems by launching multiple small attacks.
You can learn more about these emerging DDoS threats in
the report which can be downloaded from www.corero.com/
about/newsroom.
In conclusion, our key takeaway is that awareness and
protocols alone are insufficient countermeasures against
today’s DDoS threat. Fast-acting, real-time automatic
detection and mitigation continues to be the best line
of defence against these attacks.
Source: 2022 Corero DDoS Threat Intelligence Report
wHAT Are THe KeY DDOS MArKeT
DriverS?
A significant rise in the use of multiple vectors, increasing
exploitation of the Internet of Things (‘IoT’) ecosystem, the
growing need to protect the 5G ecosystem, and high demand
of cloud-based and hybrid DDoS defence solutions1.
•
IoT devices, which are the source of high-intensity
DDoS attacks, forecast to grow 18% to 14.4 billion
during 2023.2
• The increased bandwidth of 5G networks opens
avenues for DDoS attackers to induce large DDoS
attacks leveraging millions of mobile or IoT devices.1
• Communication service providers (‘CSPs’) are
increasingly targets, with limited capability to defend
against any such attacks. The increase in IoT devices due
to the growth of 5G further increases the risk to CSPs.
1 Markets and Markets DDoS Global Forecast Report, Forecast to
2027, December 2022
2 Techtarget.com, January 2023
08
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
09
�COrerO eXPLAiNeD
YOUr QUeSTiONS
ANSwereD.
wHAT iS OUr MiSSiON?
To be the customer’s trusted partner on their journey to implement effective DDoS
protection matched to their needs.
WHAT IS A DDOS ATTACK?
A DDoS attack is a cyber threat, in which
multiple computer systems or devices
attack a target, such as a server, website
or network, and impact the users of the
targeted resources.
The flood of incoming messages, connection
requests, or malformed packets sent to the
target causes it to slow or shut down or
congests the host network thereby denying
service to legitimate users.
DDoS attacks are a threat to service
availability, network security, brand reputation
and ultimately lead to lost revenues.
Attackers are continuing to leverage DDoS
attacks as part of their cyber threat arsenal
to either disrupt business operations or
provide a smokescreen while they attempt
to access sensitive corporate information.
Attackers are increasingly leveraging creative
ways to circumvent traditional security
solutions or reduce the effectiveness of
DDoS scrubbing solutions. DDoS attacks
can be found in a multitude of sizes and
are launched for a variety of motivations.
They may also be used to extort payments
via Ransom DDoS. Today’s cyber criminals
do not even have to construct the attacks
themselves. They can simply download
ready made DDoS tools or use DDoS for
hire services on the darkweb to accomplish
their goals.
STEPS IN A TYPICAL DDOS
BOTNET ATTACK
Step 1
Botmaster sends command and control
signals to a botnet of infected devices or
hosts identifying victim and desired type
of attack.
Step 2
Botnet receives instruction and begins
to attack designated victim by sending a
variety of malicious DDoS traffic across
the internet.
Step 3
Traffic from attacking bots, distributed across
the internet, converges on the victim at the
same time resulting in congestion, overload
and denial of service for legitimate users.
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
WHAT DAMAGE CAN A DDOS
ATTACK DO?
High availability of Cloud services and online
applications are critical for modern businesses
and institutions. Any downtime brings risk,
including:
•
•
Lost revenue.
Loss of control.
• Operational costs to mitigate or recover
from attacks.
•
Increased costs to retain unhappy
customers and attract new customers.
• Brand and reputation damage leading
to competitive disadvantage or loss of
confidence.
• Regulatory fines, legal action,
resignations.
WHAT SOLUTIONS DO
WE HAVE?
Corero’s SmartWall DDoS protection
solutions are designed to protect business
continuity, service availability, revenues
and brand reputations from harmful DDoS
attacks. We do this for internet service
providers, hosting and data centre providers
and SaaS enterprises.
The SmartWall family of solutions utilise
innovative, patented, technology to
automatically and surgically remove
DDoS attack traffic, while allowing good
traffic to flow uninterrupted. They are
amongst the highest performing in the
industry, while providing the most flexible
deployment options for any network for
automated and accurate DDoS protection,
at unprecedented scale, with the lowest
total cost of ownership to the customer. We
protect against DDoS attacks in seconds,
or less, rather than the minutes or tens of
minutes taken by legacy solutions.
Corero’s market leading DDoS solution
portfolio is endorsed by over 160 direct
customers, many of whom are providers
using Corero’s solution to protect hundreds,
or thousands, of their customers.
Our SmartWall solution delivers the
industry’s broadest on-premises deployment
options. From inline and in-datapath
appliances, to out-of-band detection with
edge and/or scrubbing protection for the
largest provider networks. Corero’s edge
solution includes integration that directly
powers the silicon filtering capabilities
increasingly built into modern edge
routers, scaling to tens-of-terabits per
second of protection, without the need to
deploy additional appliances at the edge
or needing to back-haul large volumes of
attack traffic to scrubbing centres.
WHAT CUSTOMER PROFILES
DO WE TARGET?
Corero’s Ideal Customer Profile (‘ICP’) is
broken down into 3 distinct groups. The
first being Tier 2 or Tier 3 internet service
providers whose commercial customers
would be potential customers for a DDoS
Protection Service. The second group
consists of hosting and cloud providers that
provide critical services and infrastructure
to business customers. The third group
comprises SaaS providers that have their own
infrastructure which requires protection to
ensure service availability for their customers.
eXAMPLe OF A DDOS BOTNeT ATTACK
1
2
3
Botmaster sends “LAUNCH” command.
Bots send attack traffic to victim.
Attack traffic overwhelms the victim
server or network.
BOTMASTER
COMMAND AND
CONTROL SERVER
BOTNET OF HUNDREDS,
THOUSANDS OF
INFECTED DEVICES OR
HOSTS
VICTIM SERVER
USERS
20+ YeArS OF evOLviNG DDOS ATTACKS
MafiaBoy DDoS:
Yahoo!, Amazon, Dell,
CNN, eBay, E*TRADE
Organized Crime:
Extortion
Coordinated uS
Bank attacks:
Grew to 200 Gbps,
and continue today
Mirai Code:
The Tbps era of
attacks, OVH
Memcached blows away
the attack size record:
1.3Tbps GitHub
1.7Tbps US ISP
754M PPS
Multivector
Attack
Spammers
Discover Botnets
Estonia:
Parliament, Banks,
Media, Estonia,
Reform Party
500 Gbps
Hong Kong Attack:
France swarmed after
terror attack PlayStation
& Xbox hit at Christmas
Massive Attack
Launched Against DYN
500M PPS
SYN Flood
Carpet bombing /
Spread spectrum
Rio Olympics:
540 Gbps
Spamhaus Attack:
Reported to reach
310 Gbps
AWS Attack
2.3 Tbps
Anon hits Church
of Scientology
ProtonMail
Attack
10
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
11
1993
2001
2003
2005
2007
2009
2011
2013
2016
2017
2018
2019
2020
2021
2022
�COrerO eXPLAiNeD CONTINUED
WHAT STRATEGIC ALLIANCES
DO WE HAVE?
Juniper Networks
Juniper Networks, Inc. (NYSE: JNPR)
(‘Juniper’) is one of the world’s largest
networking product, solutions and services
companies, with revenues of over $5.3bn
in 2022. Corero has a global partnership
agreement with Juniper enabling Juniper
to sell Corero’s SmartWall Threat Defence
Director (‘TDD’) software product in
conjunction with its own MX and PTX Series
routers. Juniper and Corero have developed
this fully integrated solution for large-scale
network-edge DDoS defence that leverages
powerful filtering capabilities in the latest
generation of Juniper’s MX and PTX
Series routers.
GTT Communications
GTT Communications, Inc. (NYSE: GTT)
(‘GTT’) is a leading global cloud networking
provider to multinational clients, with
over 600 points of presence (‘POPs’), with
revenues of $1.7bn in 2022. GTT operates a
global Tier 1 internet network and provides
a comprehensive suite of cloud networking
services. GTT customers can purchase IP
transit with DDoS protection powered by
Corero’s SmartWall Solutions which are
deployed in the GTT network.
Neustar
Neustar, Inc. (‘Neustar’), through Neustar
Security Services, is an American
technology company that provides real-time
information and analytics for the Internet,
risk, digital performance and defence,
telecommunications, entertainment, and
marketing industries, and also provides
clearinghouse and directory services to
the global communications and Internet
industries. Corero’s hybrid DDoS protection
solution combines the Corero on-premises
SmartWall TDS with the SmartWall Threat
Defence Cloud (‘TDC’) service, powered by
Neustar, which provides protection against
the largest attacks which can saturate an
organisation’s internet connections and
overwhelm legitimate traffic.
WHERE ARE WE LOCATED?
Corero’s key operational centres are in
Marlborough, Massachusetts in the USA
and Edinburgh in Scotland, UK, with the
Company’s registered office at Salisbury
House, 29 Finsbury Circus, London, EC2M
5QQ, UK.
HOw DOeS THe
TeCHNOLOGY wOrK?
HOw DO we COMBAT
DDOS ATTACKS?.
To meet the needs of these customers,
Corero offers the Smartwall TDS, TDD
and ETD product lines featuring Deep
Packet Inspection (‘DPI’), rather than flow
monitoring, processing packets in real-time,
in the data path or at the network edge, with
a high level of automation based on exact
match and behavioural heuristics-based
rules. These products deliver highly scalable
real-time DDoS protection up to tens of
terabits per second, which makes our cost-
performance ratio superior in the industry.
DDoS mitigation providers typically rely on
NetFlow monitoring, to identify internet
traffic anomalies and then re-direct that
traffic to specialist scrubbing centres (which
may be on-premises, or in the cloud) where
the internet traffic can be scrubbed with a
mix of automatic and manual interventions,
before the remaining clean traffic is returned
to its original destination. Corero supports
this detect-and-redirect model with the
Smartwall ETD product line.
Detect and redirect can be ineffective if
the length of the DDoS attack is short in
duration. Continued uptime is critical for
modern businesses impacting, amongst
other areas, the continuity of their services
and therefore is fundamental to the
businesses’ success.
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
SMARTWALL
Corero’s SmartWall solution is highly
automated, detecting and mitigating attacks
surgically without the expensive intervention
of security analysts or network operators,
who may not even know the network is
under attack before SmartWall provides
an alert to them that it is already blocking
what would otherwise have been a business
damaging attack.
With varied deployment topologies
(in-line, datapath, scrubbing or edge)
Corero’s SmartWall family of solutions
utilise innovative, patented technology to
automatically and surgically remove the
DDoS attack traffic, leaving good traffic to
flow unimpeded.
Protection is available in cost-effective
scaling increments, from tens-of-gigabits
to tens-of-terabits, supporting the
full spectrum of customer bandwidth
protection requirements.
We have combined advances in Intel x86
multicore CPU technology, Data Plane
Development Kit (‘DPDK’) software for
packet processing acceleration, and
high-performance network interface cards
(‘NICs’), together with an innovative,
patented, and highly efficient software
architecture, to develop a new generation
of physical and virtual appliances providing
breakthrough price/performance for
DDoS defence.
SmartWall appliances perform sampled DPI
to generate security metadata from traffic
flows. The internal rules-engines examine
this metadata to flag offending packet flows
in real-time and block attacks. At the same
time, the security metadata is streamed to
the Corero SecureWatch® Analytics platform,
where further analysis, involving correlation
with other performance metrics and event
data, enables rapid identification of new
attack vectors. SecureWatch Analytics can
formulate new mitigation rules for these
vectors that are distributed out to each
SmartWall instance.
SECUREWATCH
The Corero SecureWatch service is a
tiered offering comprised of configuration
optimisation, monitoring and mitigation
response services.
Corero’s SecureWatch Analytics application
leverages Splunk’s analytics engine and
provides detailed reporting to transform
Smartwall’s sophisticated DDoS event
data into easily consumable dashboards
accessed via a multi-user web GUI. This
enables customer security analysts to
monitor and manage incident responses,
with the ability to conduct sophisticated
forensic analysis.
The Corero multi-tenant SmartWall Service
Portal enables a service provider’s customers
(or ‘tenants’) to gain visibility into attacks
via per-tenant dashboards. Service provider
customers can assign tenant service levels
and automatically distribute reports which
showcase the value of the protection their
customers are receiving.
SOLUTiONS THAT FiT ANY iNFrASTrUCTUre
INLINE
• Deployed directly on
Internet links, in front of
edge routers
• Inspects all traffic to deliver
fast and accurate protection
DATAPATH
• Deployed locally, adjacent to
EDGE
• Deployed centrally, remote
SCRUBBING
• Deployed centrally, remote
edge routers
from edge routers
from edge routers
• Inspects all, or selected,
traffic to deliver fast and
accurate protection
• Inspects edge traffic samples
and instructs routers to
protect locally at the edge
• Inspects edge traffic samples
and redirects attack traffic to
scrubbing protection devices
ANALYTiCS
ServiCeS
• Traffic & Attack Analysis
• World-Class SOC Service
POrTAL
• Multi-Tenant Protection SaaS
CLOUD
• Saturation Protection
• Trend, Alerting, Reporting
• 24x7x365 MSSP/Support
• Detailed Reports & Visibility
• Business Continuity
SUPPOrTeD BY
12
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
13
�CUSTOMer PrOPOSiTiON
iNveSTOr PrOPOSiTiON
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
SPeeD
SiMPLiCiTY
FLeXiBiLiTY
Attacks mitigated in seconds versus
minutes or tens of minutes for
competing technologies with zero
downtime
Automatic software, plug and play
appliances for lowest TCO
Multiple deployment options: on-
premises, hybrid and cloud protection
SCALABiLiTY
viSiBiLiTY
SUPPOrT
Modular and distributed, pay-as-you-
grow protection
Accurate, forensic-level attack and
traffic visibility with SecureWatch
Analytics
World-Class 24x7x365 SOC support
with SecureWatch Managed Services
MATUriTY JOUrNeY
SeLLiNG DDOS AS A ServiCe
• Per-Tenant visibility into DDoS attacks
• Tenant Portal for Alerting & Reporting
• Subscribe/Upsell/Retain Tenants
DDOS PrOTeCTiON
• Full visibility into DDoS attacks
• Victim Tenant(s) not impacted
• Other Tenants unaffected
DDOS MiTiGATiON
• Basic visibility into DDoS attacks
• Victim Tenant(s) impacted/sacrificed
• Other Tenants may be impacted
NO PrOTeCTiON
• No visibility of DDoS
• Victim Tenant(s) offline
• Other Tenants impacted
• Am I being attacked?
The maturity journey depicts a typical
Corero customers’ DDoS journey and
Corero’s ability to support customers at
all stages of their DDoS growth needs.
SUPeriOr PerFOrMANCe
CUSTOMer reLATiONSHiPS
High performance, best-in class solutions:
automatic DDoS protection without
disrupting or delaying legitimate network
traffic. Corero automatically mitigates
DDoS attacks in seconds, faster than any
other solutions in the market.
We enjoy high levels of trust with our
customers which translates into high
retention rates and long-term relationships.
High annualised recurring revenues
demonstrate such enduring relationships.
Corero solutions provide continuity
of service and allow our customers to
generate incremental revenue.
Our 98% customer support contract renewal
rate demonstrates the quality of both our
solutions and customer service.
CUSTOMer SUPPOrT AND
ServiCe
We provide high levels of customer
support and service through our
solutions engineers, SOC and
Operations teams- worldwide,
24x7x365.
We provide high levels of
compatibility with customer
indigenous equipment and systems.
HiGH GrOwTH MArKeTS
The increasingly interconnected world
grows faster and more complex with
higher speed connections; higher
capacities and meshed networks; the
proliferation of IoT and 5G devices; and
the continued growth of cloud services.
PrOPrieTArY iNTeLLeCTUAL
PrOPerTY
In-house expertise and proprietary
knowledge means we can innovate without
significant outsourcing dependencies or
royalty costs.
Over 20 years of DDoS protection software
development expertise leveraged to
expand feature set and pipeline.
ATTrACTive BUSiNeSS
MODeL, PerFOrMANCe AND
wOrLD CLASS TeAM
We have high gross margins,
recurring and repeat business.
Our world class, highly skilled team
have decades of experience in the
market we operate in.
TiMe TO MArKeT
Superior solution already developed and
field proven.
No development cycle with customers.
Very quick and simple deployment
cycles with high software content.
On-going R&D investment in our
solutions and product enhancements.
SCALABiLiTY – OrGANiC AND
PArTNerS
We are establishing additional routes to market
through our own direct sales force, resellers,
distributors, and strategic partnerships.
Where customers select appliance based
deployment, manufacturing is outsourced,
mitigating any in-house supply constraints.
14
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
15
�eXeCUTive CHAirMAN’S review
THe COMPANY
DeLivereD A CreDiBLe
PerFOrMANCe
ACrOSS FY 2022
Jens Montanana
EXECUTIVE CHAIRMAN
ORDER INTAKE
ARR
13%
increase
13%
increase
Annualised Recurring Revenues
(“ARR”) increased 13% to $14.4 million
as at 1 January 2023 (ARR at 1 January
2022: $12.8 million), driven by strong
demand for Corero’s subscription-
based and DDoS Protection as-a-
service (“DDPaaS”) products, which
increase revenue visibility for the
Company going forward.
During the final quarter of the year,
Corero secured several important
customer wins for its SmartWall®
DDoS protection solutions including
additional purchases from existing
customers and a significant multi-
year support renewal for an existing
customer. These wins will benefit
revenues across FY 2023 and
subsequent years.
iNTrODUCTiON
The Company delivered a credible
performance across FY 2022. The
financial performance was adversely
impacted by broader macro-economic
factors and as a consequence, the
Company saw sales cycles across the
business lengthen in the second half
of the year which impacted revenues.
Nevertheless, the Company delivered
growth in order intake, and ARR and
reported another year of EBITDA profit.
The underlying health of the business
remains robust with order intake, which
reflects revenues recognised over
the lifetime of each of the contracts,
up 13% year-on-year to $23.9 million
(2021: $21.2 million). Encouragingly,
new customer order intake increased
38% over the prior year. This, coupled
with an exceptional customer support
contract renewal rate of 98% (2021:
96%), demonstrates the strength and
quality of Corero’s market-leading
solutions, supported by continued
investment in product development.
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
OUTLOOK
The demand for DDoS protection is
expected to remain strong through
2023, with attacks becoming increasingly
sophisticated while at the same time the
DDoS attack surface is expanding. With
the number of recorded attacks on the rise
and shifts in attackers’ motives and goals,
organisations will need to ensure they have
robust DDoS defences in place.
The key focus for Corero in 2023 is to
grow our sales pipeline and revenue.
The Board is confident that with the
operational management team in place,
our market-leading SmartWall® solutions
and SecureWatch® services, the investment
in 2022 in sales and marketing initiatives to
build a stronger go-to-market organisation
and demand generation targeted to our
defined Ideal Customer Profile (“ICP”), the
Company is now well placed to expand
its market coverage and increase sales of
SmartWall solutions to new customers. As
announced by the Company on 13 April 2023,
Q1 2023 has already seen significant orders
from both new and existing customers.
The Board remains encouraged by the
2022 increase in new order intake, existing
customer expansion and increase in ARR,
all achieved against a challenging macro-
economic backdrop in the second half
of 2022.
Jens Montanana
EXECUTIVE CHAIRMAN
24 April 2022
The Board of Directors believes that Corero
has a built a strong operational team and
platform, alongside a sales and marketing
strategy capable of generating sustainable
growth in the medium term, underpinned by:
DDOS MARKET DYNAMICS
DDoS attacks continue to be prevalent as
a means of cyber-attack, as camouflage for
ransomware attacks and even with Ransom
driven attacks.
The global DDoS protection market was
worth c.$3.9 billion in 2022 and is expected
to reach $7.3 billion by 2027 at a CAGR of
13.2%. Corero operates within a significant
segment of this overall market and estimates
that the total addressable market exceeds
$2.0bn for its SmartWall solutions.
The DDoS mitigation marketplace
continues to grow apace as a result of the
global acceleration of digitisation and
the growing need for Service Providers to
deliver uncompromised network access for
enterprises to ensure business continuity.
This is set to continue with the ongoing
proliferation of IoT devices, the roll-out of 5G
networks and the increase in cloud services.
BOARD CHANGES
Neil Pritchard, the former CFO resigned
from the Board and the Company with effect
from 30 September 2022. Subsequent to the
year-end, Lionel Chmilewsky resigned from
the Board on 28 February 2023. I assumed
the role of Executive Chairman with effect
from 15 February 2023, and Andrew Miller
was appointed Interim Chief Operating
Officer with effect from 1 March 2023.
•
Large and high growth addressable
market;
• Market leading proprietary technology
with global customer service capability;
• Better alignment of the product offering
to Corero’s Ideal Customer Profile
(“ICP”);
• Continued investment in sales and
channel resources;
• Scalable and recurring revenue model
with strong gross margins; and
• Strong base of existing customers and
strategic partnerships.
STRATEGIC PROGRESS
The Company made operational advances
in 2022 with product development and, sales
and marketing activities driven by a customer
centric approach. We continued to make
strategic progress in key areas including:
•
Increasing our customer base: during
2022 we added 32 new customers.
• Growing strategic alliances: extended
the Juniper partnership to include the
PTX router product line and expanded
our reach and business with GTT.
• Better monetising our existing services
and introducing new services: we
continue to enhance the protection
and network security visibility for our
customers.
• Amplifying our demand generation
programmes: increased on-line
advertising and marketing campaigns
including webinars and thought
leadership speaking opportunities.
• Continuing to increase our technological
innovation leadership: We have invested
$35 million over 10 years in our market
leading SmartWall solutions enabling our
customers to have the most advanced
DDoS protection, including $1.7 million
in 2022 to continue to enhance our
product and competitiveness.
16
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
17
�Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
FiNANCiAL review
i AM PLeASeD TO rePOrT
THAT FOr THe SeCOND
CONSeCUTive YeAr
THe COMPANY HAS
ACHieveD A POSiTive
eBiTDA
of $2.6 million (2021: $4.0 million), demonstrating the robustness of
the Company’s business model.
REVENUE AND GROSS MARGINS
Revenue in the year ended 31 December
2022 reduced slightly year on year from
$20.9 million in 2021 to $20.1 million in 2022
due primarily to the timing of order receipts.
The Company’s overall gross margin
improved in the full year with a margin of
87.2% (2021: gross margin of 85.1%) driven
by the difference in revenue mix between
2022 and 2021.
Annualised recurring revenues increased
in the year with ARR of $14.4 million as at
1 January 2023, driven by growth in DDPaaS
and software subscription orders (ARR at
1 January 2022: $12.8 million).
Software license and appliance revenues
in particular saw better margin capture
while other revenue streams recorded
similar margins to prior periods.
OPERATING EXPENSES
AND R&D INVESTMENT
After adjusting for $0.6 million PPPL loan
forgiveness received in 2021, operating
expenses decreased marginally by
$0.2 million from $16.7 million to
$16.5 million. Underlying operating
expenses, when taking into account the
debt forgiveness, were level year on year.
eBiTDA
$2.6m
-35%
$4.0m
$2.6m
PrOFiT/(LOSS)
BeFOre TAXATiON
$0.4m
-71%
$1.4m
$0.4m
Phil richards
CHieF FiNANCiAL
OFFiCer
-$1.7m
-$1.4m
-$3.2m
-$4.0m
-$5.2m
-$6.6m
2018
2019
2020
2021
2022
2018
2019
2020
2021
2022
OPERATING CASH AND CASH
EQUIVALENTS
Overall, net cash used in operating
activities amounted to $1.7 million in the
year (2021: generation of $2.8 million).
Cash and cash equivalents excluding the
impact of exchange rates decreased by
$5.2 million (2021: increase of $1.2 million).
This decrease in cash being primarily due
to the aforementioned repayment of the
Company’s term debt facility, alongside
increased working capital investment, due
to the timing of customer payment cycles,
which has unwound since the year-end.
Net cash, defined as cash at bank less total
borrowings, at 31 December 2022 was
$4.4 million (2021: $8.4 million). Gross cash
at bank at 31 December 2022 was
$5.6 million (2021: $11.2 million).
Borrowings were $1.2 million (2021: $2.8 million),
comprising a drawn term bank loan facility
due to be repaid in full by 31 March 2024.
Phil Richards
CHIEF FINANCIAL OFFICER
24 April 2023
Underlying operating expenses included a
lower depreciation charge of $0.6 million
(2021: $0.7 million) and lower amortisation
charge for research and development
(‘R&D’) of $1.7 million (2021: $1.9 million).
During the year, the Group enhanced its
product offerings with new features and
functionality, with R&D investment of
$1.7 million (2021: $1.8 million).
Capital expenditures in property plant
and equipment were level year-on-year
at $0.4 million (2021: $0.4 million).
Share based payments amounted to
$0.4 million in 2022 (2021: $0.5 million).
Financing costs were lower in the year
at $0.3 million (2021: $0.4 million) due
to the repayment of $1.6 million of the
Company’s debt facility during the year and
corresponding decrease in interest costs.
PROFITABILITY
Building on our maiden EBITDA profit in
2021, I am pleased to report a positive
EBITDA for the business of $2.6 million in
2022. Adjusted EBITDA for the year was
$1.7 million (2021: $3.2 million). Further
details on these measures are provided in
the Key Performance Indicators section on
pages 20 to 21.
Profit after taxation was $0.6 million
(2021: $1.5 million). Basic and diluted
profit per share was 0.1 cents per share
(2021: 0.3 cents per share).
GrOSS MArGiN
87.2%
+2.1%
NeT CASH
$4.4m
87.2%
-48%
85.1%
$8.4m
$7.6m
81.0%
77.3%
78.4%
$5.4m
$4.4m
$4.4m
2018
2019
2020
2021
2022
2018
2019
2020
2021
2022
18
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
19
�KeY PerFOrMANCe iNDiCATOrS
reveNUe
$20.1m
-4%
$16.9m
$20.9m
$20.1m
$10.0m
$9.7m
Represents revenue from the sale of
Corero solutions.
PERFORMANCE
Revenue for the year ended 31 December
2022 decreased slightly to $20.1 million
(2021: $20.9 million).
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
eBiTDA
$2.6m
-35%
$4.0m
$2.6m
Represents operating profit less
depreciation, amortisation and
impairment of goodwill. The Board
considers EBITDA to be a useful measure
of profitability as it excludes typical non-
cash items. For further details please see
note 8.
PERFORMANCE
EBITDA of $2.6 million was positive for the
second consecutive year (2021: $4.0 million).
$(1.7)m
$(3.2)m
$(1.4)m
2018
2019
2020
2021
2022
PrOFiT BeFOre TAXATiON
$0.4m
$1.4m
-71%
$(5.2)m
$(6.6)m
$(4.0)m
$0.4m
Represents the Company’s profit arising
from operations, after depreciation,
amortisation and any finance income or
expenditure before any taxation charges
or credits.
PERFORMANCE
For the second consecutive year, Corero
delivered a profit before taxation of
$0.4 million (2021: profit before taxation
of $1.4 million).
2018
2019
2020
2021
2022
2018
2019
2020
2021
2022
Arr (ANNUALiSeD
reCUrriNG reveNUeS)
$14.4m
+13%
$14.4m
$12.8m
Represents the normalised annualised
recurring revenues and includes recurring
revenues from contract values of annual
support, software subscription and
from DDoS Protection-as-a-Service
(DDPaaS) contracts.
PERFORMANCE
Annualised recurring revenues increased
in the year with ARR of $14.4 million as at
1 January 2023, driven by growth in DDPaaS
and software subscription orders (ARR at
1 January 2022: $12.8 million).
$9.8m
$7.2m
$5.8m
ADJUSTeD eBiTDA
$1.7m
-47%
$3.2m
$1.7m
$(2.1)m
$(2.9)m
$(1.1)m
Represents the operating profit less
unrealised foreign exchange differences
on an intercompany loan, PPPL
forgiveness, depreciation, amortisation
and any impairment of goodwill. The
Board considers the Adjusted EBITDA to
be a further useful measure of profitability
as it excludes other significant non-cash
items in addition to classic typical EBITDA
non-cash items. For further details please
see note 8.
PERFORMANCE
Adjusted EBITDA, was positive for the
second consecutive year for Corero in the
year ended 31 December 2022 at $1.7million
(2021: $3.2 million).
2018
2019
2020
2021
2022
2018
2019
2020
2021
2022
GrOSS MArGiN %
87.2%
+210 basis points
78.4%
81.0%
77.3%
85.1%
87.2%
Represents gross profit divided by
revenue. It measures the Group’s
profitability before overheads.
PERFORMANCE
Corero’s gross margin of 87% slightly
increased from 2021 of 85%.
Represents cash at bank less
total borrowings.
NeT CASH
$4.4m
-48%
$8.4m
$7.6m
$5.4m
$4.4m
$4.4m
PERFORMANCE
Net cash as at 31 December 2022 was
$4.4 million (2021: $8.4 million). Net cash
is derived from gross cash (cash at bank
and in hand) less borrowings.
Gross cash at bank as at 31 December 2022
was $5.6 million (2021: $11.2 million).
Borrowings were $1.2 million
(2021: $2.8 million).
2018
2019
2020
2021
2022
2018
2019
2020
2021
2022
20
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
21
�KeY STAKeHOLDerS
SeCTiON 172 STATeMeNT
The Directors are aware of their duty under Section 172 of the Companies Act 2006 to act in the way which they consider, in good faith,
would be most likely to promote the success of the Company for the benefit of its members as a whole and, in doing so, to have regard
(amongst other matters) to the: likely consequences of any decisions in the long-term; interests of the Company’s employees; need to foster
the Company’s business relationships with suppliers, customers and others; impact of the Company’s operations on the community and
environment; Company’s reputation for high standards of business conduct; and need to act fairly as between members of the Company.
The Board reviewed and re-confirmed the Company’s key stakeholder groups during the year. These are set out below along with details
of the forms of engagement undertaken by the Board:
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
“
every day Corero is interacting with
customers and prospective customers
– including in tenders, in technical
presentations, in quoting, in invoicing, in
deployment, and in after-sales and on-
going customer support roles.”
WHY THEY MATTER
WHAT MATTERS TO THEM
CORERO’S ENGAGEMENT
THE BOARD’S ENGAGEMENT
KEY EVENTS IN THE YEAR
CUSTOMerS
Customers are the lifeblood of a successful
growing business.
Corero customers are concerned with having products and services
that protect their online presence and operations from the increasing
threat of DDoS attacks. High availability of cloud services and
applications are critical for modern businesses and institutions, their
revenue streams rely on having internet connectivity protected from
the threat of DDoS attacks.
Executive Directors meet with customers
throughout the year and feedback issues
to the Board.
The Board reviews strategy and monitors
performance during the year with the aim of
meeting customers’ needs more effectively.
Receives regular competitor updates
to understand Corero’s competitive
performance and its strengths and
weaknesses as regards meeting
customer needs.
Corero employees interact with customers
every day– including in tenders, in technical
presentations, in quoting, in invoicing, in
deployment, and in after-sales and on-going
customer support roles.
SHAreHOLDerS
Shareholders own the business. They are the
providers of capital to grow and invest for
future success.
Concerned with a broad range of issues including, but not limited to,
Corero’s financial and operational performance, strategic execution,
investment plans and governance.
Communications such as annual reports,
interim reports and notices of general
meetings.
Investor roadshows, Stock Exchange
announcements and press releases;
www.corero.com.
Board attendance at the AGM to answer
questions.
Feedback on investor meetings held by the
Chairman.
Executive Director meetings with investors.
Corero consulted with major shareholders and
key strategic partners during investor roadshows
and forums.
PArTNerS
Partners are an extension of Corero, representing
the Corero brand in the market, providing an
additional route to market to scale the business.
Corero’s partners harness Corero’s innovative technology to deliver
customer success through creation of unique joint value propositions.
They share insights into what current and future customers want,
ultimately impacting product strategy and roadmaps and accelerating
business growth through sales and marketing programmes, as well
as technical training, often with a greater, and more geographically
dispersed sales force.
Partner Code of Conduct define
expectations of responsible business
and behaviour.
Board updates regarding partner
relationships, development and
engagement.
Regular Board reports, including updates
on performance and key partner issues.
Senior management engaged in quarterly
review of progress of strategic partner
relationships.
The Board provides on-going
consideration of key strategic
partnerships, and whether to change or
add to existing relationships.
Board engaged in review of progress of strategic
partner relationships.
Board member engagement with Juniper
management.
eMPLOYeeS
Corero employees are a key resource, dedicated
to creating, selling and supporting solutions that
protect Corero’s customers from the increasing
threat of DDoS attacks.
Opportunities for personal development and career progression, a culture
of inclusion and diversity, compensation and benefits, and the ability to
make a difference within Corero.
Various activities and forums to foster
participation in Group events, invite
opinions, questions and ideas.
Regular ‘All Hands’ meetings are held.
Board members attend the employee
‘All Hands’ meetings where appropriate.
Performance appraisal and objective setting
processes implemented in 2022 have provided
formalised reflection, feedback and direction
for 2023.
r
e
D
L
O
H
e
K
A
T
S
r
e
D
L
O
H
e
K
A
T
S
r
e
D
L
O
H
e
K
A
T
S
r
e
D
L
O
H
e
K
A
T
S
22
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
23
�Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
PriNCiPAL riSKS AND UNCerTAiNTieS
THe GrOUP HAS A
NUMBer OF PriNCiPAL
riSKS AND UNCerTAiNTieS.
reveNUe GrOwTH
FOreiGN eXCHANGe FLUCTUATiONS
PeOPLe
To grow and address the challenges resulting from technology
change and innovation in the DDoS protection market, the
Company needs to retain and recruit the required sales,
business development, and software development skills.
Corero operates in a high growth cyber security market and
if Corero is unable to recruit and retain the right skills this
will compromise growth plans. Consequently, Corero targets
paying salaries in the upper quartile for comparable positions.
Corero’s strategy outlined on page 3 depends on delivering
revenue growth to meet these ambitions. Clearly, higher order
intake and related revenue growth provides the opportunity
for Corero to invest further in its future. Revenue growth is
highly important to deliver profitable growth for the business.
Conversely, lower sales growth reduces the Company’s cash
resources which could impact the Company’s investment in
sales and marketing and product development and its other
associated goals.
To deliver this order intake and, as a subset revenue growth,
Corero needs to identify, meet and exceed customer needs. If
Corero is not successful in identifying customer prospects with
a business need Corero can solve, or developing go-to-market
partner and channel partner relationships which generate revenue,
this will compromise growth plans and success.
To be successful Corero is:
•
•
targeting its Ideal Customer Profile (ICP);
focussing its lead generation and sales resources, and
product development, on its ICP;
• working closely with go-to-market partners to grow its sales
opportunity pipeline, progress sales opportunities and
generate revenue and cash; and
• developing relationships with new go-to-market partners
and channel partners to expand its routes to market.
Past Corero equity fund raises have been in GBP and its debt
is denominated in GBP. To the extent such funds are required
to support US dollar denominated funding requirements more
generally for the Group, the exchange rate value of GBP to
the value of US dollar may vary, either impacting adversely
or favourably compared to the denominated funding
requirements that can be funded from such fund raises. The
Group mitigates this risk by utilising US denominated funds
received by the Group’s UK subsidiary to fund the Group’s US
subsidiary to the extent such funding is required, with the GBP
funding requirements satisfied from the GBP denominated
funds generated from GBP equity and debt where possible.
OTHer NON-PriNCiPAL riSKS AND UNCerTAiNTieS
There are a multitude of other risks and uncertainties that face
companies like Corero, these include: risks and uncertainties
associated with local legal requirements, political and
geographic risk, the enforceability of laws and contracts,
changes in tax laws, terrorist activities, wars and invasions,
natural disasters and other types of health epidemics.
TeCHNOLOGY CHANGe AND iNNOvATiON
The DDoS mitigation market is competitive and characterised
by changes in technology, customer requirements and
frequent new product introductions and improvements.
Cybersecurity and DDoS attacks are constantly evolving and
changing as attackers develop new methods and tools to
evade defences.
Corero is focused on its chosen markets and delivering
continuous innovation by adding new DDoS attack defences
and new machine learning and artificial intelligence
capabilities, and striving to provide market leading solutions
to secure customers from the threat of DDoS attacks.
MArKeT AwAreNeSS
Corero is an emerging player in the DDoS prevention market
and competes with much larger established organisations. If
Corero is not successful in connecting with the market and
raising its profile this will compromise growth plans. To raise
market awareness of Corero and its DDoS protection solutions,
the Company will continue to invest in targeted digital
marketing and lead generation programmes, together with its
brand awareness programmes.
riSK MANAGeMeNT
The Company operates a risk assessment process, which
is embedded in day-to-day management and governance
processes. As part of the annual planning and budgeting
process, Corero management document the significant
risks identified, the probability of those risks occurring, their
potential impact and the plans for managing and mitigating
each of those risks.
The Board reviews the annual risk assessment including an
annual assessment of the effectiveness of the Company’s
internal control system, comprising financial, operational
and compliance controls, to ensure that the Company’s risk
management framework identifies and addresses all relevant
risks in order to execute and deliver the Company’s strategy.
The Directors are responsible for the Company’s system of
internal control and for reviewing its effectiveness, whilst
the role of management is to implement policies on risk
management and control. The Company’s system of internal
control is designed to manage, rather than eliminate, the risk
of failure to achieve the Company’s business objectives and
can only provide reasonable, and not absolute, assurance
against material misstatement or loss.
The Company operates a series of controls to meet its
needs. These controls include, but are not limited to, the
annual strategic planning and budgeting process, a clearly
defined organisational structure with authorisation limits,
reviews by senior management of monthly financial and
operating information including comparisons with budgets,
and forecasts to the Board. Given the size of the Company,
the Board has concluded it is not appropriate to establish a
separate, independent internal audit function. The Board will
keep this under review.
The Audit, Risk and Compliance Committee (‘ARCC’)
reviews the effectiveness of internal controls. The ARCC
receives reports from management and observations from
the external auditors concerning the system of internal
control and any material control weaknesses. Significant risk
issues, if any, are referred to the Board for consideration.
The Corero Risk Register, Auditor’s report, assessment of
the effectiveness of the internal control system and key
judgements report for the Annual Report and Accounts are
tabled and reviewed by the ARCC.
24
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
25
�eNvirONMeNTAL, SOCiAL
AND GOverNANCe (eSG) rePOrT
COrerO ASPireS TO CArrY
OUT iTS BUSiNeSS TO THe
HiGHeST eTHiCAL STANDArDS
We treat customers, partners, suppliers and employees in a professional,
courteous and honest manner.
We are committed to complying with environmental, social and governance
requirements and Corero is dedicated to improving the security and availability
of the Internet for all.
CORERO’S CULTURE AND
VALUES
We seek to live our culture and values every
day, in a dynamic and professional manner.
Our defined values are:
Customers First;
Technology Leadership
& Innovation;
Operational Excellence;
Integrity; and,
Our People, Empowerment
& Team Work.
In common with most intellectual property
technology businesses, we know that the
expertise, experience, and passion of our
employees is genuinely what make our
products and services market leading.
For example, Corero’s Security Operation
Centre (‘SOC’) comprises a team of highly
experienced security analysts whose role it
is to assist our customers’ IT and security
teams mitigate the growing number of
increasingly sophisticated DDoS attacks.
This service and customer support offering
is therefore an important competitive
differentiator. Customers tell us they value
the service levels and our team regularly
receives very favourable feedback from
our customers.
CORERO’S APPROACH TO
RESPONSIBLE BUSINESS IN
SOCIETY
EMPLOYEES, DIVERSITY AND
INCLUSION AND EMPLOYEE
INTERACTION
Corero recognises that long-term success
is underpinned by good relations with its
key stakeholders, both external (partners,
suppliers, customers, shareholders,
regulators and others) and internal
(employees). As part of Corero’s annual
planning and budgeting process, the
Company identifies its stakeholders and
their respective needs, interests and
expectations. In addition, the strategy for
engaging with these stakeholder groups is
formulated and implemented.
Corero values feedback from its
stakeholders and proactively endeavours
to address any matter identified. Feedback
is gathered from: customers and partners
relating to Corero’s products and services
in an on-going, continuous manner;
shareholders, through investor relations
roadshows; and employees as a part of
regular Company ‘All Hands’ meetings.
Our employees are Corero’s most important
asset and the continued and sustained
development of the Company relies on
its ability to retain and attract high calibre
employees and we are proud to have so
many experienced, and talented employees
in our team. Corero operates an employee
share option plan, with awards approved by
the Corero Remuneration Committee.
The Corero equal opportunities policy
ensures that all job applicants and
employees are treated fairly, no matter
what age, race, colour, gender, religion
or beliefs, sexual orientation, marital or
partner status, ethnic origin or community,
disability, and without favour or prejudice.
We are committed to applying this policy
throughout all aspects of employment,
recruitment and selection, training,
development and promotion.
The Corero equal opportunity policy has
been developed to maintain the following
policy objectives:
• To provide a safe and welcoming
environment, in which individuals are
valued, included and respected
• To advance equality of opportunity
• To eliminate unfair discrimination
• To foster good relations between
different groups of people
Overview
STrATeGiC rePOrT
Governance
Financial Statements
Corporate Directory
We are an increasingly international,
multi-cultural, gender diverse and diverse
organisation. For example, many of our
UK-based software engineers are drawn
from local universities but also sponsored
on EU skilled-migrant visas. Inclusion is the
practice of providing everyone with equal
access to opportunities and resources. We
believe employees find an environment
of understanding and respect at Corero -
where voices and opinions are heard and
carefully considered - this is made easier by
the relatively flat hierarchy and agile nature
of the business and the values we share.
Employees are regularly informed of
matters concerning their interest and the
financial factors affecting the Company. The
Company uses company-wide forums to
communicate matters as well as team and
individual meetings.
ENVIRONMENTAL
SUSTAINABILITY
Corero has identified the following UN
Sustainable Development Goals (SDGs)
most applicable to its activities listed in the
table below.
Corero is committed to promoting
sustainability. We aim to lead, follow and
to promote good sustainability practice,
to carry out our operations in a way which
manages and minimises any adverse
environmental impacts from our activities.
For many years Corero has operated a
flexible remote working policy before
remote working was necessitated by the
COVID-19 pandemic. We aim to mitigate
unnecessary travel and the impact on
climate change.
Our products are used by thousands
of businesses throughout the world to
protect against disruptions that could
have adverse economic, health, well-being
and environmental consequences for the
users and customers of those businesses
(sometimes in a mission critical way) and the
knock-on effects to populations as-a-whole.
Disruptions may emanate from individuals,
groups, corporates or state-sponsored actors.
Corero is committed to reducing our
resource consumption where possible.
Furthermore employees are encouraged
to be environmentally aware. For example,
Corero encourages the reuse or recycling
of office waste, including paper, packaging,
computer supplies and redundant
equipment. Company cars are not provided.
Wherever possible we seek to ensure
that waste materials are disposed of in
an environmentally safe manner and in
accordance with regulations. We aim
to provide materials such as marketing
collateral in a paperless, digital way.
ETHICAL BUSINESS
Corero is committed to the fundamental
values of integrity, transparency and
accountability. We have a zero-tolerance
policy with regard to bribery and corruption
with reporting mechanisms in place.
Corero adopts and enacts an Ethics and
Anti-Bribery Policy to record the ethical
way in which we conduct business and
to make our ethical standards clear to
everyone, including those with whom we do
business, which includes resellers, agents
and distributors as well as our customers.
Corero provides training to all its employees
on Anti-Bribery and Corruption.
STRATEGIC REPORT SIGN-OFF
In accordance with Section 414D(1) of The
Companies Act 2006, The Strategic Report
on pages 16 to 27 is signed by order of
the Board.
Duncan Swallow
COMPANY SECRETARY
24 April 2023
UN SD Goals
Good Health and
Well Being
Quality Education
Decent Work and
Economic Growth
Peace, Justice and
Strong Institutions
How Corero contributes
Ensuring healthy lives and promoting well-being at all ages is essential to sustainable
development. We are committed to our people and their wellbeing and are proud of our
supportive, collaborative culture and strong values.
Obtaining a quality education is the foundation to improving people’s lives and sustainable
development. Corero’s DDoS protection is favoured by many research and educational
network customers as a secure way to deliver and promote their objectives.
Sustained and inclusive economic growth can drive progress, create decent jobs for all and
improve living standards. Corero’s DDoS protection protects the remote working practices,
being a key feature of post-COVID-19 pandemic ways of working for most employers.
Conflict, insecurity, weak institutions and limited access to justice remain a great threat to
sustainable development. Corero’s solutions provide cyber protection against nefarious
activities from individuals, crime and state-sponsored terrorist groups. Corero’s vision is an
Internet connect world where every business, application and individual is protected from
DDoS attacks.
26
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
27
�Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
BOArD OF DireCTOrS
Jens Montanana
EXECuTIVE CHAIRMAN
Richard Last
INDEPENDENT
NON-EXECuTIVE DIRECTOR*
Peter George
INDEPENDENT
NON-EXECuTIVE DIRECTOR
Andrew Miller
INTERIM COO
Ashley Stephenson
CHIEF TECHNOLOGY
OFFICER
Duncan Swallow
COMPANY SECRETARY
Nomination Committee
Remuneration Committee
Audit, Risk and
Compliance Committee
Chair of Committee
APPOiNTeD
6 August 2010
22 May 2008
3 January 2019
6 August 2010
6 September 2013
1 November 2007
BACKGrOUND & eXPerieNCe
Jens has spent the majority
of his over 30-year career in
the technology industry with
considerable operational and
commercial experience in
the resale and distribution of
information technology hardware
and software solutions. He is the
founder and CEO of Datatec
Limited, established in 1986 which
listed on the Johannesburg Stock
Exchange in 1994. Between 1989
and 1993 Jens served as Managing
Director and Vice-President of US
Robotics (UK) Limited, a wholly
owned subsidiary of US Robotics
Inc., which was acquired by 3Com.
In 1993, he co-founded US start-up
Xedia Corporation in Boston, an
early pioneer of network switching
and IP bandwidth management,
which was subsequently sold to
Lucent Corporation in 1999 for
$246 million. He has previously
served on the boards and sub-
committees of various public
companies.
CUrreNT APPOiNTMeNTS
CEO of Datatec Limited and
Director of various Datatec Limited
subsidiary companies.
Richard has over 20 years’
senior experience in information
technology having worked at
board level for a number of
publicly quoted and private
companies in the technology
sector. He is a Fellow of the
Institute of Chartered Accountants
in England and Wales (‘FCA’).
*
Richard Last is a Corero shareholder
and has been a Non-executive
Director of the Company for over
10 years, his independence has
been considered by the Board. The
Board is satisfied that Richard Last
operates in an independent manner
is independent.
Peter George is a US based
executive with over 30 years’
experience in the IT networking
and cybersecurity industry.
He has a successful track record
as CEO of leading IT network and
security companies and provides
sales and marketing leadership
experience to the Board.
Peter is the CEO of Evolv
Technology, a US based leader in
human security screening. Prior
to that he was President and CEO
of empow cybersecurity, a market
innovator in AI, machine learning
and advanced security analytics.
Prior to empow, between 2008
to 2017, he was President and
CEO of Fidelis Cybersecurity,
a leading US-based Advanced
Threat Defense business. Before
joining Fidelis, Peter was President
and CEO of Crossbeam Systems,
a market leader in Unified Threat
Management. Prior to that he was
the President of Nortel Networks’
enterprise business where he was
responsible for growing a $2 billion
and 5,000 employee voice and
data business in EMEA.
Andrew Miller (Interim COO) was
until 31 May 2020 the CFO of the
Company. He was until January
2022 the CFO and COO of C5
Capital Limited, an investment
firm investing in the secure data
ecosystem including cybersecurity,
cloud infrastructure, data analytics
and space, and CFO of the Haven
Group, a private equity backed
cyber security services provider.
Prior to joining Corero Andrew was
with the Datatec Limited group in
a number of roles between 2000
and 2009 including the Logicalis
Group Limited (‘Logicalis’)
Operations Director and
Corporate Finance and Strategy
Director. Prior to this, Andrew
gained considerable corporate
finance experience in London with
Standard Bank, West Deutsche
Landesbank and Coopers &
Lybrand. Andrew trained and
qualified as a chartered accountant
and has a bachelor’s degree in
commerce from the University
of Natal, South Africa. Andrew
is a Chartered Accountant with
over 20 years’ experience in the
technology industry.
Duncan is responsible for the
Company secretarial function
and is also the Group Financial
Controller. Prior to joining the
Company, Duncan was Divisional
Financial Controller for CCH,
a Wolters Kluwer business,
specialising in providing books,
online information, software,
CPD and fee protection to tax
and accounting professionals. He
is a fellow of the Association of
Chartered Certified Accountants.
Ashley Stephenson (CTO) first
joined Corero Network Security
as Executive Vice President of
the Network Security division,
with responsibility for product
and solution strategy in March
2012, and was appointed Chief
Executive Officer of Corero in
January 2013. An IT industry
executive and internet technology
entrepreneur, Ashley has operating
experience in the United States,
Europe and Asia. His previous
experience includes: CEO of Reva
Systems, which was acquired
by ODIN, and CEO of Xedia
Corporation, which was acquired
by Lucent. He has provided
strategic advisory services to a
number of leading multinational IT
companies including technology
vendors, distributors and services
companies. Ashley began
his career at IBM Research &
Development in the UK. He is
a graduate of Imperial College,
London with a degree in Physics
and is an Associate of the Royal
College of Science.
Ashley has deep technology
and software development skills
and experience.
CEO of Evolv Technology Inc.
None.
Director of Eyealike, Inc. and
StepVest LLC.
None.
Chairman of Hyve Group plc, an
international events and exhibitions
group listed on the London Stock
Exchange. Chairman of AIM listed
Gamma Communications plc
(standing down as Chairman on 17
May 2023) and Tribal Group plc,
a technology company. Richard
is also a director of a number of
private companies.
28
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
29
�eXeCUTive CHAirMAN’S COrPOrATe
GOverNANCe iNTrODUCTiON
QCA CODe COMPLiANCe
Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
Jens Montanana
EXECuTIVE CHAIRMAN
The Board is committed to continue
to uphold high standards of
corporate governance, enhancing
shareholder value, and engaging in
a fair and transparent manner with
all of the Group’s stakeholders.
BOARD COMMITMENT TO GOVERNANCE
The Board is committed to continue to uphold high standards of
corporate governance, enhancing shareholder value, and engaging
in a fair and transparent manner with all of the Group’s stakeholders.
The Board therefore supports and is committed to the principles of
the QCA Corporate Governance Code. Details of our governance
processes and procedures are set in out in the following pages.
BOARD LEADERSHIP AND EFFECTIVENESS
The Board recognises that to remain effective it must ensure
that it has the right balance of skills, experience, knowledge
and independence to enable it to discharge its duties and
responsibilities. The Directors believe in the necessity for open
debate in the boardroom and consider that existing Board dynamics
and processes encourage honest, constructive and open debate
with the Executive Directors. We conduct internal board evaluation
reviews to monitor the Corero Board is operating effectively.
OUR CULTURE AND VALUES
We recognise the importance of our values and how we live them
within our culture. The Board undertakes informal enquiries of
employees to ensure our values are upheld and promoted to
maintain a healthy corporate culture. In country Board meetings
providing the Board with the opportunity to informally interact with
employees based in the UK and US office locations.
BOARD COMPOSITION
Neil Pritchard, the former CFO resigned from the Board and the
Company with effect from 30 September 2022. There were no other
changes to the board composition during 2022. Subsequent to
the year-end, Lionel Chmilewsky resigned from the Board on 28
February 2023. I assumed the role of Executive Chairman with effect
from 15 February 2023, and Andrew Miller was appointed Interim
Chief Operating Officer with effect from 1 March 2023.
STAKEHOLDER ENGAGEMENT
We seek to maintain an open dialogue with all stakeholders
including shareholders, customers, partners, suppliers and our
employees, even in these on-going uncertain times with the global
pandemic. Details of our stakeholders along with details of the
forms of engagement undertaken by the Board are set out on pages
22 to 23.
In this context, I would like to give my continued thanks to our
institutional and private investors for their continued support; to
all wider stakeholders including our customers, strategic partners
and suppliers; and thank you as ever to all our employees for their
determination, integrity and commitment to Corero.
LOOKING FURTHER AHEAD
Corero has delivered a stable performance in 2022 across many
metrics. The expectation of strong forecast growth in the DDoS
market underpins the Board’s continued confidence, alongside
Corero’s improved sales execution in the target ICP, and superior
technological solution in that marketplace. To capitalise on this, we
will continue investment in 2023 to deliver our strategic goals with
the objective of creating long-term values for all our stakeholders.
Jens Montanana
EXECUTIVE CHAIRMAN
24 April 2023
As an AIM-listed company, Corero adopts the principles of the Quoted Companies Alliance Corporate Governance Code (the ‘QCA
Code’). The QCA Code identifies ten principles to be followed in order for companies to deliver growth in long-term shareholder value,
encompassing an efficient, effective and dynamic management framework accompanied by good communication to promote confidence
and trust. The following explains how Corero follows those QCA Code principles:
1 Establish a strategy and
business model to promote
long-term value for
shareholders
2 understand and meet
shareholder needs and
expectations
3 Take into account wider
stakeholder and social
responsibilities and their
implications for long-term
success
4 Embed effective risk
management, considering both
opportunities and threats,
throughout the organisation
5 Maintain the Board as a
well-functioning, balanced
team led by the Chair
Corero’s strategy is focused on being the leader in real-
time, high performance DDoS protection and scaling the
business for profitability though revenue growth.
For more information please see
pages 4 and 5.
The Executive Chairman and CFO communicate regularly
with shareholders, investors and analysts, including at our
full year and half-yearly results roadshows. The full Board is
available at the AGM to communicate with shareholders.
Shareholders, our customers, partners and employees are
our most important stakeholders. We engage with these
communities via regular communications in our day-to-day
activities, and via formal feedback requests.
For more information please visit:
http://www.corero.com/about/
investor-relations
For more information please see
page 22 and 23.
Ultimate responsibility for risk management rests with the
Board. Day-to-day management of risk is delivered through
the way we do business and our culture.
For more information please see
pages 24 and 25.
The Board has three established Committees: Audit, Risk
and Compliance Committee; Nomination Committee;
and Remuneration Committee. The composition and
experience of the Board is reviewed primarily by the
Nomination Committee.
For more information please see
pages 32, 33 and 35.
6 Ensure that between them the
Directors have the necessary
up-to-date experience, skills
and capabilities
The Board is satisfied that its current composition
includes an appropriate balance of skills, experience and
capabilities, including experience of the cyber security
market and international markets.
For more information please see
pages 28, 29 and 34.
7 Evaluate Board performance
based on clear and relevant
objectives, seeking continuous
improvement
8 Promote a corporate culture
that is based on ethical values
and behaviours
9 Maintain governance
structures and processes that
are fit for purpose and support
good decision making by the
Board
10 Communicate how the
Company is governed and is
performing by maintaining a
dialogue with shareholders and
other relevant stakeholders
The Board considers the effectiveness and relevance of its
contributions, any learning and development needs and
the level of scrutiny of the senior management team. An
annual Board effectiveness review is undertaken to enable
the Board to stand back and assess its strengths and areas
for development.
Corero recognises the importance of culture and values
and in conjunction with employees defined the Company’s
agreed values which are reinforced via training and
performance management.
The Board is responsible for the Group’s overall strategic
direction and management, and for the establishment and
maintenance of a framework of delegated authorities and
controls to ensure the efficient and effective management
of the Group’s operations. The Board is satisfied that the
necessary controls and resources exist within the Company
to enable these responsibilities to be met.
For more information please see
page 34.
For more information please see
pages 26 and 27.
For more information please see
pages 32 to 34.
The investors section of our website includes our Annual
Report, results, presentations, notice of AGM and results of
the AGM and general meetings.
For more information please visit:
http://www.corero.com/about/
investor-relations
30
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
31
�COrPOrATe GOverNANCe rePOr T
Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
BOARD COMPOSITION AND RESPONSIBILITIES
The Board sets Corero’s overall strategic direction, reviews management performance and ensures that the Company has the necessary financial
and human resource in place to meet its objectives. Operational management of the Company is delegated to the Chief Executive Officer.
EMPLOYMENT AND SERVICE AGREEMENTS
The Director employment and service contracts are summarised
below:
CORPORATE GOVERNANCE
• Review of the management structure and senior management
responsibilities.
The Board comprises the Non-executive Chairman, two independent Non-executive Directors, one non-independent Non-executive
Director and three Executive Directors whose Board and Committee responsibilities are set out below:
Non-executive /
Executive Director
Board
Compliance Committee
Audit, Risk and
Remuneration
Committee
Jens Montanana
Executive
Chairman
Peter George
Richard Last
Andrew Miller
Ashley Stephenson
Non-executive
Non-executive
Executive
Executive
Member
Member
Member
Member
Member
Chairman
Member
Chairman
Member
Nomination
Committee
Chairman
Member
Member
One third of all Directors are subject to annual reappointment by shareholders, as well as any Director appointed to the Board in the period
since the last AGM, and any Non-executive Director whose tenure is more than nine years or whose independence is the subject of Board
judgement. Ashley Stephenson and Andrew Miller will be offering themselves for re-election at the forthcoming AGM.
The Corero Board members’ biographies and their relevant experience, capabilities and skills and are set out on pages 28 and 29.
BOARD BALANCE AND INDEPENDENCE
The composition of the Board is reviewed regularly. Appropriate training, briefings, and inductions are available to all Directors on
appointment and subsequently as necessary, taking into account existing qualifications and experience.
The Board is satisfied that, between the Directors, it has an effective and appropriate balance of skills and experience, including
operational, commercial and technology expertise and experience. All members of the Board have more than 20 years’ technology
experience through investing in and working for a range of companies from start-ups to large established technology companies, with
complementary financial, commercial, sales and marketing skills.
The skills and experience of the Board are summarised in the table below:
Technology
Cyber security
Sales and
marketing
Jens Montanana
Peter George
Richard Last
Andrew Miller
Ashley Stephenson
The Board is cognisant of the lack of gender diversity and plans to address this as the Company grows through its recruitment policy.
All Directors are able to take independent legal advice in relation to their duties, if necessary at the Company’s expense. In addition, the
Directors have direct access to the advice and services of the Company Secretary. The Directors keep their skills up to date through a
combination of their other roles (if applicable), attending appropriate training courses and seminars funded by the Company if appropriate,
and by reading widely.
There are no external advisers to the Board or any of its Committees, other than the Company’s broker (Canaccord Genuity).
Corero’s Executive Chairman, Jens Montanana, is a material shareholder with an equity interest in Corero of 37.46% at 24 April 2023. His
interests are strongly aligned with all shareholders.
Richard Last is a Corero shareholder with a 0.50% equity interest in Corero at 24 April 2023 and has been a Non-executive Director of the
Company for over 10 years. His independence has been considered by the Board. The Board is satisfied that Richard Last operates in an
independent manner and is independent.
• Ashley Stephenson, Executive Director, has an employment
agreement which provides for the payment of six months’
base salary if the agreement is terminated by the Company
without cause.
• The Non-executive Director’s letters of appointment are for
12-month terms and provide that the appointment may be
terminated by either party giving to the other not less than
three months’ notice.
Non-executive Directors, per their letters of appointment, have
a time commitment to the Company of not less than eight days
per annum including the attendance of Board meetings and the
Company AGM. In addition, Non-executive Directors are expected
to devote appropriate preparation time ahead of each meeting.
BOARD RESPONSIBILITIES
The Board meets, virtually or in person, on average once a quarter;
additional meetings or conference calls are held as required. Each
Director is provided with sufficient information to enable them to
consider matters in good time for meetings and enable them to
discharge their duties properly.
The Board also ensures that the principal goal of the Company is to
create shareholder value, while having regard to other stakeholder
interests, and takes responsibility for setting the Company’s values
and standards.
The Board has a formal schedule of matters reserved to it for
consideration and approval. These include:
• Strategy and management.
• With the assistance of the Remuneration Committee, approval
of remuneration policies.
• Consideration of the independence of the Non-executive Directors.
• Receiving reports and feedback from the Company’s
shareholders.
The Board receives regular briefings on the Company’s performance
(including commentary and analysis), key issues and risks affecting
the Company’s business.
The Company maintains liability insurance for its Directors and
Officers. The Company has also entered into indemnity agreements
with the Directors, in terms of which the Company has indemnified
its Directors, subject to the Companies Act limitations, against any
liability arising out of the exercise of the Directors’ powers, duties
and responsibilities as a Director or Officer.
In the year ended 31 December 2022, the Board met, virtually
or physically, on four scheduled occasions; further meetings and
conference calls were held as and when necessary. Details of Directors’
attendance at scheduled meetings in the year to 31 December 2022 is
shown in the table below:
Jens Montanana
Richard Last
Peter George
Andrew Miller
Lionel Chmilewsky*
Ashley Stephenson
Meetings attended
4/4
4/4
4/4
4/4
4/4
4/4
Company.
• Approval of strategic plans and budgets and any material
changes to them.
• Approval of the acquisition or disposal of subsidiaries and major
investments, projects and contracts.
• Changes relating to the Company’s capital structure.
• Delegation of the Board’s powers and authorities.
FINANCIAL MATTERS AND INTERNAL CONTROLS
• Oversight of the Company’s operations ensuring competent
and prudent management, sound planning and maintenance of
adequate accounting and other records.
• Approval of the annual and interim financial statements and
accounting policies.
• Approval of the dividend policy.
• Ensuring an appropriate system of internal control and risk
management is in place.
*
Lionel Chmilewsky (the Company’s former CEO) resigned from the Board
effective 28 February 2023.
DIRECTORS’ CONFLICT OF INTEREST
The Company has effective procedures in place to monitor and
deal with conflicts of interest. The Board is aware of the other
commitments and interests of the Directors, and changes to these
commitments and interests are reported to and, where appropriate,
agreed with the rest of the Board.
EVOLUTION OF THE COMPANY’S GOVERNANCE
FRAMEWORK
The Board will, on an on-going basis, and as the Company’s
business develops and grows, review the appropriateness of the
governance framework, including the composition of the Board
and the need for an internal audit function, to ensure the Company
delivers on its strategy and goals whilst maintaining appropriate
governance structures.
People
International
Governance
Finance
• Responsibility for the overall strategy and management of the
32
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
33
�BOArD PerFOrMANCe AND
reMUNerATiON POLiCY
BOArD COMMiTTee rePOrTS
Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
INTRODUCTION
An annual Board effectiveness review is undertaken to enable
the Board to stand back and assess its strengths and areas for
development. This review is conducted internally.
The Board may refresh the performance assessment process based
on external advice and if appropriate engage a third-party facilitator
to assist in the performance of such effectiveness reviews every
three years.
The Remuneration Committee’s (‘RC’) remit is to measure the
performance of and determine the remuneration policy relating
to Directors and senior employees. To support this responsibility,
it has access to professional and other advice external to the
Group. Taking the performance factors into account, it then makes
recommendations to the Board.
To assist the work of the RC, the views of the Executive Chairman
and Chief Financial Officer are also invited where appropriate.
However, they do not participate in any decision related to their
own remuneration.
The Nomination Committee reviews and recommends nominees as
new Directors to the Board. Senior management appointments are
required to be approved by the RC.
The Group is committed to the governing objective of maximising
shareholder value over time. Each year the remuneration framework
and the packages of the Directors are reviewed to ensure they
continue to achieve this objective.
The Group operates in the cyber security market which is a market
with significant growth potential. It is also a competitive market with
a number of companies who are significantly larger than Corero.
The Group’s Executive Director remuneration policy is designed to
attract and retain Directors of the calibre required to maintain the
Group’s position in its marketplace. This is maintained through the
use of bonus and share option schemes, as follows.
BONUS
A cash bonus designed to incentivise specific short-term financial
goals. Goals and objectives are set for the Executive Directors
based on key financial performance metrics. The Chief Technology
Officer on-target bonus is set at two-thirds of base salary and the
Chief Financial Officer is set at one half of base salary.
SHARE OPTIONS
Share options are granted to encourage and reward delivery of the
Company’s long-term strategic objectives and provide alignment
with shareholders through the use of share-based incentives.
All share-based incentives offered to Directors have a three year
vesting schedule, with one-third vesting on the first anniversary of
the grant/start date, a further third on the second anniversary of the
grant/start date and the final third the third anniversary of the grant/
start date. Shares acquired on the exercise of options may not be
sold until the second anniversary of the grant date. Share options
are granted with an exercise price set at the higher of market price
or such other price as determined by the RC.
CONFLICTS OF INTEREST
The members of the RC do not have any conflicts from cross-
directorships that relate to the business of the Committee. The
members of the RC do not have any day-to-day involvement in the
running of the Group.
BOARD CHANGES
Given Corero’s size, the Company does not have internal succession
candidates for the Executive Directors. In the event an Executive
Director replacement is required, the Company would seek to
recruit a replacement through a recruitment search process. The
Board is satisfied that the Company’s middle management will
ensure the Company’s business is not adversely impacted in the
period between an Executive Director leaving and a replacement
being recruited.
The Board has three established Committees:
• Audit, Risk and Compliance Committee: responsible
for reviewing the Group’s interim and year end results
announcements, and the Annual Report and Accounts;
determining the application of the financial reporting and
internal control and risk management procedures and assessing
the scope, quality and results of the external audit.
• Remuneration Committee: responsible for the policy for the
remuneration of the Executive Directors and senior management;
setting the remuneration of the Executive Directors, determining
the payment of bonuses to Executive Directors; and approving
the Company’s bonus and incentive arrangements for employees.
• Nomination Committee: responsible for reviewing the
composition, structure and size of the Board; assessing the
leadership needs of the Group; and recommending nominees
as new Directors to the Board.
AUDIT, RISK AND COMPLIANCE COMMITTEE
(‘ARCC’) REPORT
The ARCC members comprise Richard Last, who is the Committee
Chairman, and member Peter George, and meets at least twice a
year. The Company’s Chief Financial Officer and Group Financial
Controller, and the Company’s external auditors attend the meetings.
In the year ended 31 December 2022, the ARCC met on two
occasions. The attendance of individual Committee members at
ARCC meetings in the year to 31 December 2022 is shown in the
table below:
Meetings attended
Post the year-end, and in line with good governance practice, the
ARCC led a competitive audit tender process for the 2023 Group
audit. As a result of this, the ARCC recommended the Board of
Directors propose a change of auditors at the forthcoming AGM,
with BDO to stand down as auditors following the completion of the
2022 year-end audit.
REMUNERATION COMMITTEE (‘RC’) REPORT
The RC comprises Peter George, and members Jens Montanana
and Richard Last. The RC meets at least twice a year.
In the year ended 31 December 2022, the RC met on two scheduled
occasions; further meetings and conference calls were held as and
when necessary. The attendance of individual Committee members
at scheduled RC meetings in the year to 31 December 2022 is
shown in the table below:
Peter George (Committee Chairman)
Richard Last
Jens Montanana
Meetings attended
2/2
2/2
2/2
The RC’s activities during the year, which are based on its terms of
reference, are set out below:
• Reviewed the performance of the Executive Directors and set
the remuneration of the Executive Directors.
• Determined the payment of bonuses to Executive Directors
and approved the Company’s bonus and incentive
arrangements for employees.
Richard Last (Committee Chairman)
Peter George
2/2
2/2
• Ensured the Company’s share option schemes were operated
properly and approved the share option grants to Executive
Directors and employees.
The ARCC’s activities during the year, based on its terms of
reference, are set out below:
The remuneration of the Chairman and Non-executive Directors is
decided upon by the Board.
• Reviewed the scope and results of the external audit, its cost
effectiveness and the objectivity of the auditors.
Details of Directors’ remuneration for the year ended 31 December
2022 is set out in note 24 of the financial statements.
• Reviewed, prior to publication, the interim financial statements,
preliminary results announcement, the annual financial
statements and the other information included in the Annual
Report. Considered the regulatory, technical and operational
risks of the Company and ensured these risks are properly
assessed, monitored and reported on and the appropriate
policies and procedures are in place.
The key financial reporting judgements relating to the financial
statements for the year ended 31 December 2022 which the ARCC
have considered and discussed with the auditors, include:
Financial Statements note
Going concern basis for financial statements
Revenue recognition
2.2
2.5
Carrying value of goodwill and intangible assets
2.12 and 9
NOMINATION COMMITTEE (‘NC’) REPORT
The NC comprises Jens Montanana (Chairman), Richard Last and
Peter George. The NC meets as required.
In the year ended 31 December 2022, the NC met on one
scheduled occasion. The attendance of individual Committee
members at NC meetings in the year to 31 December 2022 is
shown in the table below:
Jens Montanana (Committee Chairman)
Richard Last
Peter George
Meetings attended
1/1
1/1
1/1
The NC’s activities during the year, which are based on its terms of
reference, are set out below:
The ARCC is satisfied with the treatment in the financial statements
and the disclosure in the notes.
• Reviewed the composition, structure, and size of the Board.
• Reviewed the leadership needs of the Group.
34
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
35
�DireCTOrS’ rePOrT
GROUP RESULTS
The Group’s Income Statement on page 46 shows a profit for the
year of $0.6 million (2021: profit of $1.5 million).
On this basis, the Directors have therefore concluded that it
is appropriate to prepare the financial statements on a going
concern basis.
DIRECTORS’ SHAREHOLDINGS
GOING CONCERN
The financial position and cash flows are described in the Financial
Review on page 18. An indication of likely future developments
affecting the Company is included in the Strategic Report on pages
16 to 27.
The Directors have prepared detailed income statement, balance
sheet and cash flow projections for the period to 30 April 2024
(“going concern assessment period”). The cash flow projections
have been subjected to sensitivity analysis of the revenue, cost
and combined revenue and cost levels which demonstrate that the
Group and Company will maintain a positive cash balance through
the going concern assessment period. As part of the sensitivity
analysis, the Directors have noted that should the forecasted
revenues not be achieved, mitigating actions can be taken to
address any cash flow concerns. These actions include the utilisation
of the undrawn revolving credit facility of £1 million, deferral of
capital expenditure, reduction in marketing and other variable
expenditure alongside a hiring freeze. In addition, the projections
confirm that the bank loan covenants will be met during the going
concern assessment period.
The Directors are also not aware of any significant matters in
the remainder of calendar 2024 that occur outside the going
concern period that could reasonably possibly impact the going
concern conclusion.
The Directors have also considered the geo-political environment,
including rising inflation in some of our key markets and the conflict
in Ukraine, and whilst the impact on the Group is currently deemed
minimal, the Directors remain vigilant and ready to implement
mitigation action in the event of a downturn in demand or an impact
on operations.
DIVIDENDS
The Directors have not recommended a dividend (2021: $nil).
SHARE CAPITAL
The issued share capital of the Company, together with details
of movements in the Company’s issued share capital during the
financial period are shown in note 22 to the financial statements.
As at the date of this report, 499,953,971 ordinary shares of 1p each
(‘ordinary shares’) were in issue and fully paid with an aggregate
nominal value of $7.0 million.
The market price of the ordinary shares at 31 December 2022 was
9.3p and the shares traded in the range 9.3p to 14.5p during the
year (as at 31 December 2021 was 12.5p and the shares traded in
the range 9.0p to 16.0p during the year ended 31 December 2021).
ISSUE OF SHARES POWERS AT THE AGM
At the AGM held on 9 June 2022, shareholders granted authority
to the Board under the Articles and section 551 of the Companies
Act 2006 (the ‘Act’) to exercise all powers of the Company to
allot relevant securities up to an aggregate nominal amount of
£1,649,507.68.
Also at the AGM held on 9 June 2022, shareholders granted
authority to the Board under the Articles and section 570(1) of the
Act to exercise all powers of the Company to allot equity securities
wholly for cash up to an aggregate nominal amount of £494,852.30
without application of the statutory pre-emption rights contained in
section 561(1) of the Act.
SUBSTANTIAL SHAREHOLDINGS
The Company has been notified of the following holdings that are 3% or more of the Group’s ordinary share capital as at 24 April 2023:
Ordinary shares of 1 pence each
Jens Montanana*
Caraway Group Inc
Sabvest Capital Holdings Ltd
Juniper Networks Inc
Herald Investment Management Ltd
Richard Koch
Peter Kennedy Gain**
Number
187,300,406
53,500,000
50,000,000
49,179,772
34,592,121
29,701,500
16,378,246
%
37.46
10.70
10.00
9.84
6.92
5.94
3.28
*
of which 33,674,846 are held in the name of JPM International Limited, which is wholly owned by Jens Montanana, and 125,871,751 are held in the name of
The New Millennium Technology Trust of which Jens Montanana is a beneficiary
** of which 4,900,000 shares are held in the name of Draper Gain Investments Ltd
Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
Jens Montanana
Peter George
Richard Last
Andrew Miller
Lionel Chmilewsky*
Ashley Stephenson
24 April 2023
31 December 2022
31 December 2021
Number
%
Number
%
Number
187,300,406
37.46
187,300,406
37.46
187,300,406
–
2,500,000
1,091,437
–
38,000
–
0.50
0.22
–
0.01
–
2,500,000
1,091,437
–
38,000
–
0.50
0.22
–
0.01
–
2,500,000
1,091,437
–
38,000
%
37.85
–
0.51
0.22
–
0.01
* Lionel Chmilewsky (the Company’s former CEO) resigned from the Board effective 28 February 2023.
DIRECTORS’ INDEMNITIES
The Company has qualifying third party indemnity provisions in
place for the benefit of its Directors. These remain in force at the
date of this report.
DIRECTORS AND DIRECTORS’ INTERESTS
The Directors who served in office during the year and up to the
date of this report and their interests in the Company’s shares were
as above.
The biographical details of the current Directors of the Company are
set out on pages 28 and 29.
Details of the share options held by Directors are shown in note 27
to the financial statements.
FINANCIAL RISK MANAGEMENT OBJECTIVES
AND POLICIES
The Group’s business activities expose it to a variety of financial
risks. The policies for managing these risks are described below:
•
Liquidity risk – arises from the Group’s management of working
capital and finance charges. It is a risk that the Group will
encounter difficulty in meeting its financial obligations, including
its covenants and a repayment term bank loan drawn down by
the Company in April 2022 ($1.2 million at 31 December 2022)
details of which are set out in note 18, as they fall due. Liquidity
risk is managed by the Finance function. Annual budgets
are agreed by the Board, enabling the Group’s cash flow
requirements to be anticipated.
• Credit risk – arises from cash and cash equivalents and
from credit exposures to the Group’s customers including
outstanding receivables and committed transactions. Credit
risk is managed with regular reports of exposures reviewed
by management. The Group does not set individual credit
limits but seeks to ensure that customers enter into legally
enforceable contracts that include settlement terms that
demonstrate the customers’ commitment to the transaction and
minimise this risk exposure.
The amounts of trade receivables presented in the Statement of
Financial Position are shown net of allowances for doubtful accounts
estimated by management based on prior experience and their
assessment of the current economic environment (note 15).
The Group has no significant concentration of credit risk, with
exposure spread over a number of customers.
The credit risk on liquid funds and financial instruments is limited
because the counterparties are banks with acceptable credit ratings
assigned by international credit rating agencies.
• Cash flow interest rate risk – the Group’s policy is to as far as
possible minimise interest rate cash flow risk exposure on its
financing. The Group is exposed to interest rate increases on
the term bank loan ($1.2 million at 31 December 2022) details
of which are set out in note 18, which bears interest at UK base
rate plus 6.5%. The bank loan does not have early repayment
penalties and thus the Group can if GBP interest rates increase
to punitive levels, seek to refinance the loan. The Group’s
policy is to balance the risk in relation to cash balances held
by spreading these across a number of financial institutions as
opposed to maximising interest income.
• Currency risk – there was no material impact from trading
currency risk on the Group’s profit or loss for the year from
exchange rate movements, as foreign currency transactions are
entered into by Group companies whose functional currency
is aligned with the currencies in which it transacts. Exchange
rate risks do arise in relation to (i) the bank loan which is GBP
denominated and equity fund raises which are in GBP, given the
Company’s AIM listing, to the extent such funds are required to
support US dollar denominated funding requirements, and (ii)
GBP denominated obligations of the Group given the invoicing
currency of the Group is US dollar denominated. The Group
has not hedged such GBP debt and equity fund raises or GBP
denominated expenses in the past as US denominated funds
received by the Group’s UK subsidiary have been used to fund
the Group’s US subsidiary to the extent such funding has been
required, with the GBP funding requirements satisfied from the
GBP denominated funds generated from GBP debt and equity
fund raises. The Group keeps this policy under review based on
the expected timing of US dollar and GBP operational funding
requirements.
The principal risk which applies to the Parent Company’s financial
statements is the risk that the returns generated by the subsidiaries
might not support the carrying value of the cost of the investments
in subsidiaries. The carrying value is tested at least annually for
impairment and, if necessary, impaired as appropriate.
36
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
37
�DireCTOrS’ rePOrT CONTINUED
STATeMeNT OF DireCTOrS’
reSPONSiBiLiTieS
Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
CAPITAL MANAGEMENT
The Group monitors its available capital, which it considers to be all
components of equity against its expected requirements.
The Group’s objectives when maintaining capital are to safeguard
the entity’s ability to continue as a going concern, so that it can
continue to provide returns for shareholders and benefits for other
stakeholders, and to ensure that sufficient funds can be raised
for investing activities. In order to maintain or adjust the capital
structure, the Company may return capital to shareholders, issue
new shares, or sell assets. The Group does not review its capital
requirements according to any specified targets or ratios.
TREASURY MANAGEMENT
The objectives of Group treasury policies are to ensure that
adequate financial resources are available for development of
the business while at the same time managing financial risks.
Financial instruments may be used to reduce financial risk
exposures arising from the Group’s business activities and not
for speculative purposes.
The Group’s treasury activities are managed by the Group Financial
Controller who reports to the Board on the implementation of the
Group treasury policy.
ENVIRONMENT
The Group’s activities are primarily office-based and as such the
Directors believe that there is no significant environmental impact
arising from the Group’s activities. The Group complies with local
WEEE regulations. No environmental performance indicators are
therefore included within this report. The Group’s environmental
policy states: “We endeavour to recycle appropriate materials where
possible and to efficiently use natural resources and energy supplies
so as to minimise our environmental impact. We will comply with
the relevant statutes and legislation. Furthermore, employees
are encouraged to be environmentally aware. Company cars are
not provided.”
RESEARCH AND DEVELOPMENT
The development of computer software is an integral part of the
Group’s business and the Group continues to develop its software
in response to user demand, and particularly the changing IT
security threat landscape. During the year the Group enhanced
the features and functionality of its existing products. A capital
investment of $1.7 million (2021: $1.8 million) was made during the
year. Amortisation of $1.7 million (2021: $1.9 million) and costs not
capitalised of $1.7 million (2021: £1.5 million) were charged to the
Group Income Statement during the year.
EMPLOYEES
The quality and commitment of the Group’s employees has
played a major role in the Company’s continued progress. This
has been demonstrated in many ways, including strong customer
satisfaction, the development of new product offerings and the
flexibility employees have shown in adapting to changing business
requirements. The Group operates sales commission, incentive
bonus plans and share option plans to provide incentives for
achievements which add value to the business.
ANNUAL GENERAL MEETING
Notice of the AGM together with details of the business to be
considered will be sent to shareholders in due course.
AUDITORS
In so far as each Director is aware:
•
•
there is no relevant audit information of which the Company’s
auditors are unaware; and
the Directors have taken all the steps that they ought to
have taken to make themselves aware of any relevant audit
information and to establish that the Company’s auditors are
aware of that information.
Following a competitive tender process, the Directors will
recommend a change of auditors at the forthcoming AGM.
As a result, BDO will be standing down as auditors following
the completion of the 2022 year-end audit.
By order of the Board
Duncan Swallow
COMPANY SECRETARY
24 April 2023
The Directors are responsible for keeping adequate accounting
records that are sufficient to show and explain the Group’s
transactions and disclose with reasonable accuracy at any time the
financial position of the Group and enable them to ensure that the
financial statements comply with the Companies Act 2006. They are
also responsible for safeguarding the assets of the Group and hence
for taking reasonable steps for the prevention and detection of
fraud and other irregularities.
The Directors are responsible for ensuring the Annual Report and
the financial statements are made available on a website. Financial
statements are published on the Company’s website in accordance
with legislation in the United Kingdom governing the preparation
and dissemination of financial statements, which may vary from
legislation in other jurisdictions. The maintenance and integrity of
the Company’s website is the responsibility of the Directors. The
Directors’ responsibility also extends to the on-going integrity of the
financial statements contained therein.
The Directors are responsible for preparing the Annual Report
and Financial Statements in accordance with applicable law
and regulations.
Company law requires the Directors to prepare financial statements
for each financial year. Under that law the Directors have elected
to prepare the Group financial statements in accordance with UK
adopted international accounting standards in conformity with
the requirements of the Companies Act 2006. The Directors have
chosen to prepare the Company financial statements in accordance
with FRS101. Under company law the Directors must not approve
the financial statements unless they give a true and fair view of the
state of affairs of the Group and Parent Company and of the profit
or loss of the Group for that period. The Directors are also required
to prepare financial statements in accordance with the rules of
the London Stock Exchange for companies trading securities on
the AIM. In preparing these financial statements, the Directors are
required to:
•
select suitable accounting policies and then apply
them consistently;
• make judgements and estimates that are reasonable
and prudent;
•
state whether they have been prepared in accordance with
UK adopted international accounting standards in conformity
with the requirements of the Companies Act 2006, subject to
any material departures disclosed and explained in the financial
statements; and
• prepare the financial statements on the going concern basis
unless it is inappropriate to presume that the Group will
continue in business.
38
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
39
�iNDePeNDeNT AUDiTOr’S rePOr T
TO THe MeMBerS OF COrerO NeTwOrK SeCUriTY PLC
OPINION ON THE FINANCIAL STATEMENTS
In our opinion:
•
•
•
•
the financial statements give a true and fair view of the state
of the Group’s and of the Parent Company’s affairs as at 31
December 2022 and of the Group’s profit for the year then ended;
the Group financial statements have been properly prepared in
accordance with UK adopted international accounting standards;
the Parent Company financial statements have been properly
prepared in accordance with United Kingdom Generally
Accepted Accounting Practice; and
the financial statements have been prepared in accordance with
the requirements of the Companies Act 2006.
We have audited the financial statements of Corero Network
Security plc (the ‘Parent Company’) and its subsidiaries (the
‘Group’) for the year ended 31 December 2022 which comprise
the Consolidated Income Statement, the Consolidated Statement
of Comprehensive Income, the Consolidated and Company
Statements of Financial Position, the Consolidated Statement of
Cash Flows, the Consolidated and Company Statements of Changes
in Equity and notes to the financial statements, including a summary
of significant accounting policies.
The financial reporting framework that has been applied in the
preparation of the Group financial statements is applicable law
and UK adopted international accounting standards. The financial
reporting framework that has been applied in the preparation of the
Parent Company financial statements is applicable law and United
Kingdom Accounting Standards, including Financial Reporting
Standard 101 Reduced Disclosure Framework (United Kingdom
Generally Accepted Accounting Practice).
BASIS FOR OPINION
We conducted our audit in accordance with International Standards
on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities
under those standards are further described in the Auditor’s
responsibilities for the audit of the financial statements section of
our report. We believe that the audit evidence we have obtained is
sufficient and appropriate to provide a basis for our opinion.
Independence
We remain independent of the Group and the Parent Company
in accordance with the ethical requirements that are relevant
to our audit of the financial statements in the UK, including the
FRC’s Ethical Standard as applied to listed entities, and we have
fulfilled our other ethical responsibilities in accordance with these
requirements.
CONCLUSIONS RELATING TO GOING CONCERN
In auditing the financial statements, we have concluded that the
Directors’ use of the going concern basis of accounting in the
preparation of the financial statements is appropriate.
Given our assessment of risk and the significance of this area, we
have determined going concern to be a key area of focus for the
audit. Our evaluation of the Directors’ assessment of the Group’s
and the Parent Company’s ability to continue to adopt the going
concern basis of accounting and response to the key audit matter is
included in the ‘Key Audit Matters’ section below.
Based on the work we have performed, we have not identified
any material uncertainties relating to events or conditions that,
individually or collectively, may cast significant doubt on the Group
and the Parent Company’s ability to continue as a going concern
for a period of at least twelve months from when the financial
statements are authorised for issue.
Our responsibilities and the responsibilities of the Directors with
respect to going concern are described in the relevant sections of
this report.
OVERVIEW
Coverage
100% (2021: 100%) of Group profit before tax
100% (2021: 100%) of Group revenue
100% (2021: 100%) of Group total assets
Key audit matters (KAM)
Revenue recognition
Going concern
Materiality
Group financial statements as a whole
Goodwill and intangible asset impairment*
$400,000 (2021:$418,000) based on 2% (2021: 2%) of revenue.
2022
2021
✘
✘
✘
✘
✘
* Goodwill and intangible asset impairment was no longer considered to be a KAM due to the fact the recoverable amount was significantly in excess of the carrying
value of the assets assessed by Management for impairment as required under IAS 36 Impairment.
Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
AN OVERVIEW OF THE SCOPE OF OUR AUDIT
Our Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of internal
control, and assessing the risks of material misstatement in the financial statements. We also addressed the risk of management override
of internal controls, including assessing whether there was evidence of bias by the Directors that may have represented a risk of
material misstatement.
Based on our assessment of the Group, we determined there to be three significant components, Corero Network Security plc, Corero
Network Security, Inc. and Corero Network Security (UK) Limited each of which were subject to full scope audits by the Group audit team.
Corero Group Services Limited was considered a non-significant component, but was subject to a full scope audit for statutory purposes,
contributing to the overall Group coverage obtained.
Key audit matters
Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of
the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified,
including those which had the greatest effect on: the overall audit strategy, the allocation of resources in the audit, and directing the efforts
of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming
our opinion thereon, and we do not provide a separate opinion on these matters.
Key audit matter
Revenue
recognition
See accounting
policy at note 2.5,
the key accounting
estimate at note 3.2
and note 4.
How the scope of our audit addressed the key audit matter
Our procedures included the following:
• We gained an understanding of the Group’s methodology in determining
the fair value of the different deliverables in multiple element arrangements
and assessed the appropriateness of this through review of accounting
policies against the applicable accounting standard, IFRS 15. For a sample of
transactions we recalculated the Group’s determination of the fair value of the
different deliverables in multiple element arrangements as set out in note 2.5 of
the financial statements, to check that it provided a suitable basis on which to
recognise revenue.
• For a sample of revenue transactions around the year end, we corroborated to
supporting documentation, including invoice, underlying contract, subsequent
receipt through the bank statement and associated evidence of satisfaction of
the obligation, recalculating the accompanying revenue and deferred revenue
where applicable to verify that revenue was recorded in the correct period.
• We assessed the basis upon which performance obligations were recognised for
each revenue stream and compared this to the requirements of the applicable
accounting standards, industry practice, and the Group’s specific circumstances.
• We also tested on a sample basis the accuracy of the deferred income balance
through corroborating to supporting documentation, including invoice, along
with testing a sample of transactions around the year-end to supporting
documentation, including invoice and proof of delivery to verify that they were
recorded in the correct period.
Key observations: Based on the work performed we consider that the Group’s
revenue recognition accounting policy is appropriate, and that revenue has been
recognised in accordance with the Group’s revenue policy.
The Group generates
revenue primarily from
the sale of hardware and
associated software and
related maintenance and
support contracts.
It does this directly through
arrangements with end-users
(either through the sale of
hardware and a software
licence or by selling the
software as a service) as
well as through distributors.
The sales of licences may
be on a perpetual or a fixed
term basis.
We considered there to be a
significant audit risk arising
from the allocation of the
value of the transaction price
to the individual performance
obligations included in the
sale as well as the timing
of revenue recognition
with regard to appropriate
recognition of point in time
revenue recognised around
the year end due to the
potential material impact of
these transactions.
40
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
41
�iNDePeNDeNT AUDiTOr’S rePOr T CONTINUED
TO THe MeMBerS OF COrerO NeTwOrK SeCUriTY PLC
Key audit matter
Going concern
See note 2.2.
The financial performance
of the Group was adversely
impacted by broader macro-
economic factors. This
has continued to have an
impact on the Group’s future
expected cash flows, with a
consequent impact on the
going concern assessment.
In addition, as described in
note 18, the Group has loan
covenant requirements to
adhere to in connection with
its financing.
Whilst the directors’
assessment in relation
to going concern did
not identify any material
uncertainties in this respect
we nevertheless considered
going concern to be a
significant risk and a key
audit matter.
How the scope of our audit addressed the key audit matter
In assessing the director’s review of the going concern assumption within the
financial statements, we have undertaken the following audit procedures:
• Confirming the mathematical accuracy of the underlying calculations in
the forecasts.
• Analysing the directors’ assessment of going concern based upon the Group’s
cash flow forecasts through to 30 April 2024. This included assessing and
challenging assumptions with reference to historic experience and recent
contract wins made in relation to revenues, expenses, and the associated cash
flows and any other cash related assumptions. Further, we checked actual results
for FY 2022 against budget to review the accuracy of management’s historic
forecasts and we compared the forecast against available post year-end trading
and cash flow results;
• We reviewed the bank loan documents to understand the terms and covenants
which the Group and Parent Company is required to comply with, comparing
these to the Group’s forecasts;
• We recalculated and confirmed management’s covenant compliance
calculations for the period under audit, and assessed future covenant
compliance using the Directors’ forecasts and compared them to the covenants
in place;
• We made inquiries of the Directors as to their knowledge of events or
conditions beyond the period of their assessment that may cast significant
doubt on the entity’s ability to continue as a going concern.
• We considered whether any post-balance sheet events had occurred, which may
impact going concern.
• We assessed the adequacy of the disclosures in the financial statements (see
note 2.2) with reference to our knowledge of the business and information
obtained in performing our procedures.
Our conclusion in respect of going concern is included within the “Conclusions
relating to going concern” section of this report on page 40.
OUR APPLICATION OF MATERIALITY
We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. We consider
materiality to be the magnitude by which misstatements, including omissions, could influence the economic decisions of reasonable users
that are taken on the basis of the financial statements.
In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level,
performance materiality, to determine the extent of testing needed. Importantly, misstatements below these levels will not necessarily
be evaluated as immaterial as we also take account of the nature of identified misstatements, and the particular circumstances of their
occurrence, when evaluating their effect on the financial statements as a whole.
Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
Based on our professional judgement, we determined materiality for the financial statements as a whole and performance materiality as
follows:
Materiality
Basis for determining materiality
Rationale for the benchmark applied
Group financial statements
Parent company financial statements
2022
$’000
400
2021
$’000
418
2022
$’000
245
2021
$’000
319
2.0% of revenue 0.5% of net assets,
capped at 61% of
Group materiality
0.5% of net assets,
capped at 76% of
Group materiality
Revenue was considered to be the
most appropriate benchmark as it is a
consistent indicator of the performance
of the Group for users of the financial
statements.
The materiality of the Parent Company
was capped at a percentage of Group
materiality to respond to aggregation
risk.
Performance materiality
300
314
184
239
Basis for determining performance materiality
75% of Group materiality
75% of Parent Company materiality
Rationale for the percentage applied for
performance materiality
75% of materiality - this was set with
reference to the level of adjustments
identified in the prior year, planned
nature of testing and the size and
complexity of the Group.
75% of parent company materiality –
this was set with reference to the level
of adjustments identified in the prior
year and the planned nature of testing.
Component materiality
For the purposes of our Group audit opinion, we set materiality for each significant component of the Group, apart from the Parent
Company whose materiality is set out above, based on a percentage of between 93% and 31% (2021: 95% and 25%) of Group materiality
dependent on the size and our assessment of the risk of material misstatement of that component. Component materiality ranged from
$370,000 to $125,000 (2021: $397,000 to $105,937). In the audit of each component, we further applied performance materiality levels
of 75% (2021: 75%) of the component materiality to our testing to ensure that the risk of errors exceeding component materiality was
appropriately mitigated.
Reporting threshold
We agreed with the Audit Committee that we would report to them all individual audit differences in excess of $20,000 (2021: $20,900). We
also agreed to report differences below this threshold that, in our view, warranted reporting on qualitative grounds.
OTHER INFORMATION
The directors are responsible for the other information. The other information comprises the information included in the Annual Report
and Accounts other than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not
cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance
conclusion thereon. Our responsibility is to read the other information and, in doing so, consider whether the other information is materially
inconsistent with the financial statements or our knowledge obtained in the course of the audit, or otherwise appears to be materially
misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether this gives
rise to a material misstatement in the financial statements themselves. If, based on the work we have performed, we conclude that there is
a material misstatement of this other information, we are required to report that fact.
We have nothing to report in this regard.
42
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
43
�iNDePeNDeNT AUDiTOr’S rePOr T CONTINUED
TO THe MeMBerS OF COrerO NeTwOrK SeCUriTY PLC
OTHER COMPANIES ACT 2006 REPORTING
Based on the responsibilities described below and our work performed during the course of the audit, we are required by the Companies
Act 2006 and ISAs (UK) to report on certain opinions and matters as described below.
Strategic report and Directors’ report
Matters on which we are required to report by exception
In our opinion, based on the work undertaken in the course of the
audit:
• the information given in the Strategic report and the Directors’
report for the financial year for which the financial statements are
prepared is consistent with the financial statements; and
• the Strategic report and the Directors’ report have been prepared in
accordance with applicable legal requirements.
In the light of the knowledge and understanding of the Group and
Parent Company and its environment obtained in the course of the
audit, we have not identified material misstatements in the strategic
report or the Directors’ report.
We have nothing to report in respect of the following matters in
relation to which the Companies Act 2006 requires us to report to you
if, in our opinion:
• adequate accounting records have not been kept by the Parent
Company, or returns adequate for our audit have not been received
from branches not visited by us; or
• the Parent Company financial statements are not in agreement with
the accounting records and returns; or
• certain disclosures of Directors’ remuneration specified by law are
not made; or
• we have not received all the information and explanations we
require for our audit.
RESPONSIBILITIES OF DIRECTORS
As explained more fully in the statement of Directors’ responsibilities, the Directors are responsible for the preparation of the financial
statements and for being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to
enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Parent Company’s ability to continue
as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the
Directors either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so.
AUDITOR’S RESPONSIBILITIES FOR THE AUDIT OF THE FINANCIAL STATEMENTS
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement,
whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance,
but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists.
Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be
expected to influence the economic decisions of users taken on the basis of these financial statements.
Extent to which the audit was capable of detecting irregularities, including fraud
Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our
responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. The extent to which our
procedures are capable of detecting irregularities, including fraud is detailed below:
Overview
Strategic Report
GOverNANCe
Financial Statements
Corporate Directory
Non-compliance with laws and regulations
Based on:
• Our understanding of the Group and the industry in which it
operates;
• Discussion with management and those charged with
governance; and
• Obtaining and understanding of the Group’s policies and
procedures regarding compliance with laws and regulations,
we considered the significant laws and regulations which are directly
relevant to specific assertions in the financial statements are those
that relate to the applicable reporting frameworks, Companies Act
2006, the AIM rules, data privacy and the relevant tax regulations
including but not limited to, Corporate and VAT legislation, and
Employment Taxes.
Our procedures in respect of the above included:
• Review of minutes of meeting of those charged with governance
for any instances of non-compliance with laws and regulations;
• Review of financial statement disclosures and agreeing to
supporting documentation; and
• Review of legal expenditure accounts to understand the nature
of expenditure incurred.
Fraud
We assessed the susceptibility of the financial statements to
material misstatement, including fraud. Our risk assessment
procedures included:
• Enquiry with management and those charged with governance
regarding any known or suspected instances of fraud;
• Obtaining an understanding of the Group’s policies and
procedures relating to:
— Detecting and responding to the risks of fraud; and
— Internal controls established to mitigate risks related
to fraud.
• Review of minutes of meeting of those charged with governance
for any known or suspected instances of fraud;
• Discussion amongst the engagement team as to how and where
fraud might occur in the financial statements;
• Performing analytical procedures to identify any unusual or
unexpected relationships that may indicate risks of material
misstatement due to fraud; and
• Considering remuneration incentive schemes and performance
targets and the related financial statement areas impacted
by these.
Our procedures in respect of the above included:
•
In response to the risk of fraud in revenue recognition, the
procedures set out in the key audit matters section of the report.
• Testing a sample of journal entries throughout the year,
which met a defined risk criteria, by agreeing to supporting
documentation; and
• Assessing significant estimates made by management for bias.
We also communicated relevant identified laws and regulations and
potential fraud risks to all engagement team members who were
all deemed to have appropriate competence and capabilities and
remained alert to any indications of fraud or non-compliance with
laws and regulations throughout the audit.
Our audit procedures were designed to respond to risks of material
misstatement in the financial statements, recognising that the risk
of not detecting a material misstatement due to fraud is higher
than the risk of not detecting one resulting from error, as fraud
may involve deliberate concealment by, for example, forgery,
misrepresentations or through collusion. There are inherent
limitations in the audit procedures performed and the further
removed non-compliance with laws and regulations is from the
events and transactions reflected in the financial statements, the less
likely we are to become aware of it.
A further description of our responsibilities is available on
the Financial Reporting Council’s website at: www.frc.org.uk/
auditorsresponsibilities. This description forms part of our
auditor’s report.
USE OF OUR REPORT
This report is made solely to the Parent Company’s members, as a
body, in accordance with Chapter 3 of Part 16 of the Companies Act
2006. Our audit work has been undertaken so that we might state
to the Parent Company’s members those matters we are required
to state to them in an auditor’s report and for no other purpose.
To the fullest extent permitted by law, we do not accept or assume
responsibility to anyone other than the Parent Company and the
Parent Company’s members as a body, for our audit work, for this
report, or for the opinions we have formed.
Leighton Thomas
(Senior Statutory Auditor)
For and on behalf of BDO LLP, Statutory Auditor
London, UK
24 April 2023
Based on our risk assessment, we considered the areas most
susceptible to fraud to be revenue recognition and override of
controls by management.
BDO LLP is a limited liability partnership registered in England and
Wales (with registered number OC305127).
44
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
45
�Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
CONSOLiDATeD STATeMeNT OF
COMPreHeNSive iNCOMe
FOr THe YeAr eNDeD 31 DeCeMBer 2022
Profit for the year
Other comprehensive (expense)/income:
Items reclassified subsequently to profit or loss upon derecognition:
Foreign exchange differences
Other comprehensive expense for the year net of taxation attributable
to the equity owners of the parent
Total comprehensive (expense)/income for the year attributable to the equity
owners of the parent
Year ended
31 December 2022
$’000
Year ended
31 December 2021
$’000
554
1,522
(1,087)
(1,087)
(533)
(122)
(122)
1,400
CONSOLiDATeD iNCOMe STATeMeNT
FOr THe YeAr eNDeD 31 DeCeMBer 2022
Continuing operations
Revenue
Cost of sales
Gross profit
Operating expenses
Consisting of:
Operating expenses before depreciation and amortisation
Depreciation and amortisation of intangible assets
Operating profit
Other income
Finance income
Finance costs
Profit before taxation
Taxation credit
Profit after taxation
Profit after taxation attributable to equity owners of the parent
Basic and diluted earnings/(loss) per share
Basic earnings per share
Diluted earnings per share
EBITDA
Adjusted EBITDA – for unrealised foreign exchange differences on
intercompany loan and PPPL forgiveness
The notes on pages 53 to 81 form part of these financial statements.
Note
4
10,11,12
5
18
5
6
7
7
8
8
Year ended
31 December 2022
$’000
Year ended
31 December 2021
$’000
20,121
(2,576)
17,545
(16,869)
(14,926)
(1,943)
676
–
7
(279)
404
150
554
554
Cents
0.1
0.1
2,619
1,658
20,895
(3,112)
17,783
(16,642)
(14,450)
(2,192)
1,141
637
1
(406)
1,373
149
1,522
1,522
Cents
0.3
0.3
3,970
3,246
46
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
47
�Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
CONSOLiDATeD STATeMeNT OF
FiNANCiAL POSiTiON
AS AT 31 DeCeMBer 2022
COMPANY STATeMeNT OF
FiNANCiAL POSiTiON
AS AT 31 DeCeMBer 2022
As at
31 December 2022
$’000
As at
31 December 2021
$’000
Note
As at
31 December 2022
$’000
As at
31 December 2021
$’000
Note
Assets
Non-current assets
Goodwill
Acquired intangible assets
Capitalised development expenditure
Property, plant and equipment – owned assets
Leased right of use assets
Trade and other receivables
Current assets
Inventories
Trade and other receivables
Cash and cash equivalents
Total assets
Liabilities
Current Liabilities
Trade and other payables
Lease liabilities
Deferred income
Borrowings
Net current assets
Non-current liabilities
Trade and other payables
Lease liabilities
Deferred income
Borrowings
Net assets
Capital and reserves attributable to the equity owners of
the parent
Share capital
Share premium
Capital redemption reserve
Share options reserve
Foreign exchange translation reserve
Accumulated profit and loss reserve
Total shareholders’ equity
9
10
11
12
12
15
14
15
16
17
20
18
16
17
20
18
22
23
8,991
2
4,500
604
62
1,571
15,730
164
5,294
5,646
11,104
26,834
(3.956)
(78)
(3,323)
(971)
(8,328)
2,776
(100)
–
(2,285)
(237)
(2,622)
15.884
6,980
82,284
7,051
1,777
(2,593)
(79,615)
15,884
8,991
4
4,528
796
145
859
15,323
57
3,206
11,201
14,464
29,787
(4,068)
(94)
(4,677)
(1,421)
(10,260)
4,204
(143)
(78)
(2,147)
(1,356)
(3,724)
15,803
6,914
82,122
7,051
1,490
(1,506)
(80,268)
15,803
Assets
Non-current assets
Investments in subsidiaries
Trade and other receivables
Current assets
Trade and other receivables
Cash and cash equivalents
Liabilities
Current Liabilities
Trade and other payables
Borrowings
Net current liabilities
Non-current liabilities
Trade and other payables
Borrowings
Net assets
Total equity attributable to owners of the Parent
Share capital
Share premium
Capital redemption reserve
Share options reserve
Foreign exchange translation reserve
Accumulated profit and loss reserve
Total equity
13
15
15
16
18
16
18
22
23
70,209
72
70,281
3,232
5,070
8,302
(8,427)
(971)
(9,398)
(1,096)
(100)
(237)
(337)
68,848
6,980
82,284
7,051
1,465
(18,354)
(10,578)
68,848
76,071
97
76,168
17
10,132
10,149
(8,936)
(1,421)
(10,357)
(208)
(112)
(1,356)
(1,468)
74,492
6,914
82,122
7,051
1,212
(10,532)
(12,275)
74,492
The Company financial statements were prepared in accordance with Financial Reporting Standard 101 Reduced Disclosure Framework.
The Company has taken advantage of the following disclosure exemptions:
The requirements of IAS 7 Statement of Cash Flows, IFRS 7 Financial Instruments: Disclosures and IAS 24 Related Party Disclosures.
The Company has taken advantage of section 408 of the Companies Act 2006 and has not included an income statement in these financial
statements. The Parent Company’s profit for the year was $1.7 million (2021: $11.6 million).
These financial statements were approved by the Board of Directors on 24 April 2023 and signed on their behalf.
Andrew Miller
DIRECTOR
These financial statements were approved by the Board of Directors on 24 April 2023 and signed on their behalf.
The notes on pages 53 to 81 form part of these financial statements.
Andrew Miller
DIRECTOR
The notes on pages 53 to 81 form part of these financial statements.
48
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
49
�CONSOLiDATeD STATeMeNT OF
CASH FLOwS
FOr THe YeAr eNDeD 31 DeCeMBer 2022
CONSOLiDATeD STATeMeNT OF
CHANGeS iN eQUiTY
FOr THe YeAr eNDeD 31 DeCeMBer 2022
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
Operating activities
Profit before taxation for the year
Adjustments for movements:
Amortisation of acquired intangible assets
Amortisation of capitalised development expenditure
Depreciation – owned assets
Depreciation – leased assets
Finance income
Finance expense
Finance lease interest costs
Share based payments expense
PPPL forgiveness
Cash generated from operating activities before movement in working capital
Movement in working capital:
(Increase)/decrease in inventories and sales evaluation assets
(Increase)/decrease in trade and other receivables
Decrease in trade and other payables
Net movement in working capital
Cash (used in)/generated from operating activities
Taxation received
Net cash (used in)/generated from operating activities
Cash flows from investing activities
Investment in development expenditure
Purchase of property, plant and equipment
Net cash used in investing activities
Cash flows from financing activities
Net proceeds from issue of ordinary share capital
Proceeds from borrowings
Finance income
Lease liability payments
Finance expense
Repayments of borrowings
Net cash (used in)/generated from financing activities
(Decrease)/increase in cash and cash equivalents
Effects of exchange rates on cash and cash equivalents
Cash and cash equivalents at 1 January
Cash and cash equivalents at 31 December
The notes on pages 53 to 81 form part of these financial statements.
Year ended
31 December 2022
$’000
Year ended
31 December 2021
$’000
404
2
1,732
497
82
(7)
268
11
386
–
3,375
(26)
(3,867)
(1,361)
(5,254)
(1,879)
150
(1,729)
(1,704)
(420)
(2,124)
228
–
7
(104)
(158)
(1,364)
(1,391)
(5,244)
(311)
11,201
5,646
1,373
5
1,872
604
93
(1)
388
18
522
(637)
4,237
175
223
(1,999)
(1,601)
2,636
149
2,785
(1,754)
(421)
(2,175)
–
2,683
1
(103)
(238)
(1,738)
605
1,215
(154)
10,140
11,201
Share
premium
account
$’000
Capital
redemption
reserve
$’000
Share
options
reserve
$’000
Foreign
exchange
translation
reserve
$’000
Accumulated
profit and
loss reserve
$’000
Total
attributable
to equity
owners of the
parent
$’000
82,122
7,051
968
(1,384)
(81,790)
13,881
1 January 2021
Profit for the year
Other comprehensive income
Total comprehensive expense for the year
Contributions by and distributions to owners
Share based payments
Total contributions by and distributions
to owners
Share
capital
$’000
6,914
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
31 December 2021 and 1 January 2022
6,914
82,122
7,051
Profit for the year
Other comprehensive expense
Total comprehensive income for the year
Contributions by and distributions to owners
Issue of share capital – exercise of options
Fully exercised share options
Share based payments
Total contributions by and distributions
to owners
–
–
–
66
–
–
66
–
–
–
162
–
–
162
–
–
–
–
–
–
–
31 December 2022
6,980
82,284
7,051
The share capital comprises the nominal values of all shares issued.
–
–
–
522
522
1,490
–
–
–
–
(99)
386
287
1,777
–
(122)
(122)
–
–
1,522
–
1,522
–
–
1,522
(122)
1,400
522
522
(1,506)
(80,268)
15,803
–
(1,087)
(1,087)
–
–
–
–
554
–
554
–
99
–
99
554
(1,087)
(533)
228
–
386
614
(2,593)
(79,615)
15,884
The share premium account comprises the amounts subscribed for share capital in excess of the nominal value, net of issuance costs.
The capital redemption reserve comprises the amount transferred from deferred shares on redemption of the deferred shares.
The share options reserve represents the cost to the Group of share options.
The foreign exchange translation reserve arises on retranslating the net assets of UK operations into US dollars.
The retained earnings are all other net gains and losses and transactions with owners not recognised elsewhere.
The notes on pages 53 to 81 form part of these financial statements.
50
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
51
�COMPANY STATeMeNT OF
CHANGeS iN eQUiTY
FOr THe YeAr eNDeD 31 DeCeMBer 2022
1 January 2021
Profit for the year
Other comprehensive income
Total comprehensive income for
the year
Contributions by and distributions
to owners
Share based payments
Total contributions by and
distributions to owners
31 December 2021 and
1 January 2022
Profit for the year
Other comprehensive expense
Total comprehensive expense for
the year
Contributions by and distributions
to owners
Issue of share capital – exercise of
options
Fully exercised share options
Share based payments
Total contributions by and
distributions to owners
Share
capital
$’000
6,914
Share
premium
account
$’000
82,122
Capital
redemption
reserve
$’000
Restated
Share options
reserve
$’000
Foreign
exchange
translation
reserve
$’000
Restated
Accumulated
profit and loss
reserve
$’000
Total
attributable to
equity owners
of the parent
$’000
7,051
773
(9,947)
(23,869)
–
(585)
11,594
–
(585)
63,044
11,594
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
439
439
6,914
82,122
7,051
1,212
(10,532)
(12,275)
–
–
–
–
–
(7,822)
1,697
–
439
439
74,492
1,697
(7,822)
(7,882)
1,697
(6,125)
–
–
–
–
–
–
–
–
228
(94)
347
481
(18,354)
(10,578)
68,848
–
–
–
–
(94)
347
253
1,465
–
–
–
66
–
–
66
–
–
–
162
–
–
162
–
–
–
–
–
–
–
31 December 2022
6,980
82,284
7,051
(585)
11,594
11,009
Corero Network Security plc is a public limited company incorporated in the United Kingdom under the Companies Act 2006 and
registered in England and Wales. The functional currency of the Company entity is GBP.
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
NOTeS TO THe FiNANCiAL STATeMeNTS
1. GENERAL INFORMATION
Presentation currency
These consolidated financial statements are presented in US dollars (‘$’) rounded to the nearest $’000 unless otherwise stated which
represents the presentational currency of the Group.
The average $-GBP sterling (‘GBP’) exchange rates used for the conversion of the Consolidated Monthly Income Statements for the year
ended 31 December 2022 was between 1.20-1.36 (2021: between 1.33-1.41). The closing $-GBP exchange rate used for the conversion of
the Group’s assets and liabilities at 31 December 2022 was 1.21 (2021: 1.35).
2. SIGNIFICANT ACCOUNTING POLICIES
2.1 Basis of preparation
The Group financial statements have been prepared in accordance with UK adopted international accounting standards and in conformity
with the requirements of the Companies Act 2006. The Parent Company financial statements have been prepared in accordance with
Financial Reporting Standard101 (‘FRS 101’) ‘Reduced Disclosure Framework’.
2.2 Going Concern
The financial statements have been prepared on a going concern basis.
The Directors have prepared detailed income statement, balance sheet and cash flow projections for the period to 30 April 2024 (“going
concern assessment period”). The cash flow projections have been subjected to sensitivity analysis of the revenue, cost and combined revenue
and cost levels which demonstrate that the Group and Company will maintain a positive cash balance through the going concern assessment
period. As part of the sensitivity analysis, the Directors have noted that should the forecasted revenues not be achieved, mitigating actions can
be taken to address any cash flow concerns. These actions include the utilisation of the undrawn revolving credit facility of £1 million, deferral
of capital expenditure, reduction in marketing and other variable expenditure alongside a hiring freeze. In addition, the projections confirm
that the bank loan covenants will be met during the going concern assessment period.
The Directors are also not aware of any significant matters in the remainder of calendar 2024 that occur outside the going concern period
that could reasonably possibly impact the going concern conclusion.
The Directors have also considered the geo-political environment, including rising inflation in some of our key markets and the conflict in
Ukraine, and whilst the impact on the Group is currently deemed minimal, the Directors remain vigilant and ready to implement mitigation
action in the event of a downturn in demand or an impact on operations.
On this basis, the Directors have therefore concluded that it is appropriate to prepare the financial statements on a going concern basis.
2.3 Basis of consolidation
The consolidated financial statements incorporate the results, assets, liabilities, and cash flows of the Company and each of its subsidiaries
for the financial year ended 31 December 2022.
Subsidiaries are entities controlled by the Group. Control is deemed to exist when the Group has all of the following elements: a) power
over the subsidiary, b) exposure or rights to variable returns from that subsidiary, and c) ability to use its power to affect the amount of the
return from the subsidiary. The results, assets, liabilities and cash flows of subsidiaries are included in the consolidated financial statements
from the date control commences until the date that control ceases.
Where necessary, adjustments are made to the financial statements of subsidiaries to bring the accounting policies used into line with
those used by the Group.
Intra–group balances and transactions are eliminated on consolidation.
52
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
53
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
2. SIGNIFICANT ACCOUNTING POLICIES CONTINUED
2.4 Business combinations
The acquisition method is used to account for all acquisitions. The cost of an acquisition is measured at the fair values, on the date of
acquisition, of assets given, liabilities incurred or assumed, and equity instruments issued.
At the date of acquisition, the identifiable assets and liabilities and contingent liabilities of a subsidiary are measured at their fair values.
Any excess of the cost of acquisition over the fair values of the identifiable net assets acquired is recognised as goodwill.
2.5 Revenue
The Group’s revenue is derived from the following products and services:
• appliance and perpetual software licenses;
•
•
•
software subscription licenses for a defined term;
support services for a defined term;
installation and training services;
• DDoS Protection as-a-Service (‘DDPaaS’) for a defined term; and
• SecureWatch Managed Service (enhanced security monitoring services) for a defined term.
The element of DDPaaS revenues pertaining to as-a-service assets is included in reported revenues and is recognised on a straight–line
basis over the term of the contract.
Performance obligations, timing of revenue recognition and revenue recognition
Revenue is recognised when control of the goods (appliances and software) transfer to the customer and services are delivered.
Goods are shipped free on board (‘FOB’) from Corero, or Corero’s contract manufacturer, to the customer. The point of transfer of control
for appliances is at the point of FOB shipment to the customer and for software at the point of electronic transfer to the customer.
Revenue recognised on transfer of control of appliance
and software products
Appliance, perpetual software licenses and software subscription licenses
Revenue recognised over–time (over the term of the contract)
Support, DDPaaS and SecureWatch Managed services
Revenue recognised once the service has been delivered
Installation and training services
Determining the transaction price
The contract price is determined by reference to the Corero Sales Quotation or DDPaaS Agreement and is a fixed price. Certain DDPaaS
contracts have an element of the transaction value or all of the transaction value determined by reference to a share of the customers’
revenue generated from the Corero solution (‘Revenue Share’). This Revenue Share revenue is recognised when the Revenue Share
is determined.
Corero does not have any other variable consideration payable by the customer and does not pay any consideration to the customer.
There is no provision for purchase price adjustments, right of return or price concessions.
Allocating amounts to performance obligations
For contracts containing only a single performance obligation (annual support services, ‘DDPaaS’ and SecureWatch Managed Service)
there is no requirement to make an allocation of the contract price.
For contracts containing multiple products, the transaction price is allocated to the separate performance obligations based on relative
stand–alone selling prices (‘SSP’). The SSP is determined using defined price lists and historic customer discount rates.
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
Incremental costs of obtaining a contract
Deferred sales commission relating to the support and DDPaaS revenue from a new sales contract is recorded in prepayments and
amortised over five years. Corero follows the requirements of the IFRS 15 standard with regards to the amortisation period which requires
amortisation on a systematic basis that is consistent with the transfer to the customer of the goods or services to which the asset relates.
The expectation, supported by historic evidence, is that customers will generally renew their support contracts for more than three years
with the additional expectation of follow–on hardware and software (and associated services) business from a significant number of existing
customers. Based on this, and consistent with previous treatment, Corero has assessed that a reasonable period for capitalised sales
commission to be amortised is five years. Periodic customer reviews will be undertaken to ascertain if there is any evidence that the value
of the customer relationship has been negatively impacted, in which case the prepayment will be appropriately written down. Applying the
practical expedient, Corero recognises the incremental costs of obtaining contracts as an expense when incurred if the amortisation period
of the prepayment that Corero otherwise would have recognised is one year or less.
Fulfilment costs
Corero’s principal fulfilment costs relate to the costs of the Corero customer support team which delivers the customer support services,
DDPaaS services and the SecureWatch Managed services. These costs are not separately allocated or identifiable against specific
customers. Therefore, these costs are recognised in the period in which they are incurred in the Consolidated Income Statement.
Contract assets and liabilities
Contract assets arise when goods and services have been delivered and invoiced but payment is not yet due. Contract liabilities arise for
future delivery of services which have been invoiced and payment is due. Contract liabilities are shown as deferred income in the Statement
of Financial Position.
2.6 Government grants
Government grants are recognised at fair value when there is reasonable assurance that the Group will comply with the conditions
attaching to them and the grant will be received. Grants related to purchase of assets are treated as deferred income and allocated to
the Consolidated Income Statement over the useful lives of the related assets while grants related to expenses are netted off against the
related item of expenditure in the Consolidated Income Statement.
2.7 Cost of sales
Cost of sales includes all direct costs associated with revenue generation, including goods directly related to revenue, services delivery,
operation costs, DDoS as-a-service depreciation and amounts charged by external third parties for services. Examples of such costs would
include third–party appliance costs and third-party software license costs.
2.8 Foreign currencies
Transactions in foreign currencies are translated at the exchange rate ruling at the date of each transaction. Foreign currency monetary
assets and liabilities are retranslated using the exchange rates at the reporting date. Gains and losses arising from changes in exchange
rates after the date of the transaction are recognised in profit or loss in the Consolidated Income Statement.
Non–monetary assets and liabilities that are measured in terms of historical cost in a foreign currency are translated at the exchange rate at
the date of the original transaction.
In the consolidated financial statements, the net assets of the Group’s UK operations are translated from GBP into US dollars at the
exchange rate at the reporting date. Income and expense items are translated into US dollars at the average exchange rates for the period.
The resulting exchange differences are recognised in the foreign exchange translation reserve.
54
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
55
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
2. SIGNIFICANT ACCOUNTING POLICIES CONTINUED
2.9 Intangible assets
Internally generated intangible assets
The Group’s internally generated intangible asset relates to its development expenditure.
Development expenditure is capitalised only when it is probable that future economic benefit will result from the project and the following
criteria are met:
•
the technical feasibility of the product has been ascertained;
• adequate technical, financial and other resources are available to complete and sell or use the intangible asset;
•
•
•
the Group can demonstrate how the intangible asset will generate future economic benefits and the ability to use or sell the intangible
asset can be demonstrated;
it is the intention of management to complete the intangible asset and use it or sell it; and
the development costs can be measured reliably.
Expenditure not meeting these criteria is expensed in the Consolidated Income Statement.
After initial recognition, internally generated intangible assets are carried at cost less accumulated amortisation and any impairment losses.
Amortisation is charged once the asset is capable of generating economic benefits.
Acquired intangible assets
Identifiable intangible assets acquired as part of a business combination are initially recognised separately from goodwill, irrespective of
whether the assets have been recognised by the acquiree before the business combination. An intangible asset is considered identifiable
only if it is separable or if it arises from contractual or other legal rights, regardless of whether those rights are transferable or separable
from the entity or from other rights and obligations.
Intangible assets acquired as part of a business combination and recognised by the Group are computer software and
customer relationships.
Purchased computer software is carried at cost less accumulated amortisation and any impairment losses.
Customer contracts and the related customer relationships are carried at cost less accumulated amortisation and any impairment losses.
Amortisation
Intangible assets are amortised on a straight–line basis to reduce their carrying value to zero over their estimated useful lives. The following
useful lives were applied during the year:
• Computer software acquired – three years straight line.
• Capitalised development expenditure – five years straight line.
Amortisation costs are included within operating expenses in the Consolidated Income Statement. Methods of amortisation and useful
lives are reviewed, and if necessary adjusted, at each reporting date.
2.10 Property, plant and equipment
Depreciation commences when an asset is available for use. Depreciation is calculated so as to write off the cost or value of an asset, net of
anticipated disposal proceeds, over the useful life of that asset as follows:
•
Leasehold improvements – period of the lease (straight-line basis).
• Right-of-use assets – period of the lease (straight-line basis).
• Computer equipment, evaluation assets and DDoS Protection as-a-Service assets – three years (straight-line basis).
• Fixtures and fittings – five years (straight-line basis).
Property, plant and equipment is stated at cost less accumulated depreciation and any impairment losses. Cost comprises the purchase
cost of property, plant and equipment together with any directly attributable costs. Evaluation assets are used by customers during proof-
of-concept trials. Evaluation assets are stated at cost less accumulated depreciation. When an evaluation asset is retained by a customer as
part of a sale, the net book value of the evaluation asset is charged to cost of sales. Depreciation of DDoS Protection as-a-Service assets is
charged to cost of sales.
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
Subsequent costs are included in an asset carrying value or are recognised as a separate asset when it is probable that future economic
benefits associated with the additional expenditure will flow to the Group and the cost of the item can be measured reliably. All other costs
are charged to the Consolidated Income Statement as incurred.
Methods of depreciation, residual values and useful lives are reviewed, and if necessary adjusted, at each balance sheet date.
The gain or loss arising from the disposal or retirement of an item of property, plant and equipment is determined as the difference
between the net disposal proceeds and the carrying amount of the item and included in the Consolidated Income Statement.
2.11 Inventory
Inventory is stated at the lower of cost or net realisable value. Cost is computed using standard cost, which approximates to actual cost, on
a first-in, first-out basis. Rapid technological change and new product introductions and enhancements could result in excess or obsolete
inventory, the value of which may not be recoverable.
To minimise this risk, the Group evaluates inventory levels and expected usage on a periodic basis and records valuation allowances
as required.
2.12 Impairment
At each reporting date, the Group assesses whether there is any indication that its assets have been impaired. If any such indication exists,
the recoverable amount of the asset is estimated in order to determine the extent of any impairment. If it is not possible to estimate
the recoverable amount of the individual asset, the recoverable amount of the cash-generating unit (‘CGU’) to which the asset belongs
is determined.
The recoverable amount of an asset or a CGU is the higher of its fair value less costs to sell and its value in use. The recoverable amount
is calculated using the present value of the future cash flows expected to be derived from an asset or CGU. This present value is derived
using a cost of capital rate that reflects current market assessments of the time value of money and of the risks specific to the asset for
which future cash flow estimates have not been adjusted. If the recoverable amount of an asset is less than its carrying amount, the carrying
amount of the asset or CGU is reduced to its recoverable amount. That reduction is recognised as an impairment loss.
An impairment loss relating to assets carried at cost less any accumulated depreciation or amortisation is recognised immediately in the
Consolidated Income Statement.
Goodwill acquired in a business combination is, from the acquisition date, allocated to each of the CGU’s or groups of CGU’s that are
expected to benefit from the synergies of the combination.
Goodwill is tested for impairment at least annually, and whenever there is an indication that the asset may be impaired.
An impairment loss is recognised for CGU’s if the recoverable amount of the CGU is less than the carrying amount of the CGU. The impairment
loss is allocated to reduce the carrying amount of the assets of the CGU by first reducing the carrying amount of any goodwill allocated to the
CGU, and then reducing the carrying amounts of the other assets of the CGU pro rata.
If an impairment loss subsequently reverses, the carrying amount of the asset or CGU is increased to the revised estimate of its recoverable
amount but limited to the carrying amount that would have been determined had no impairment loss been recognised in prior years.
A reversal of an impairment loss is recognised in the Consolidated Income Statement. Impairment losses on goodwill are not
subsequently reversed.
2.13 Leases
All leases are accounted for by recognising a right-of-use asset and a lease liability except for:
•
•
leases with a duration of 12 months or less; and
leases of low value assets.
Lease liabilities are measured at the present value of the contractual payments due to the lessor over the lease term, with the discount
rate determined by reference to the rate inherent in the lease unless this is not readily determinable, in which case the Group’s incremental
borrowing rate on commencement of the lease is used.
56
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
57
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
2. SIGNIFICANT ACCOUNTING POLICIES CONTINUED
2.13 Leases continued
On initial recognition, the carrying value of the lease liability also includes:
• amounts expected to be payable under any residual value guarantee;
•
the exercise price of any purchase option granted in favour of the Group if it is reasonably certain to assess that option; and
• any penalties payable for terminating the lease, if the term of the lease has been estimated on the basis of termination option
being exercised.
Right-of-use assets are initially measured at the amount of the lease liability, reduced for any lease incentives received, and increased for:
•
•
•
lease payments made at or before commencement of the lease;
initial direct costs incurred; and
the amount of any provision recognised where the Group is contractually required to dismantle, remove or restore the lease.
Subsequent to initial measurement, lease liabilities increase as a result of interest charged at a constant rate on the balance outstanding
and are reduced for lease payments made. Lease payments are analysed between capital and interest. The interest element is charged to
the Consolidated Income Statement over the period of the lease. The capital element reduces the balance owed to the lessor.
Right-of-use assets are amortised on a straight-line basis over the remaining term of the lease or over the remaining economic life of
the asset.
The total rentals payable under leases which are not recognised as a right-of-use asset and a lease liability (an ‘operating lease’) are
charged to the Consolidated Income Statement on a straight-line basis over the lease term.
2.14 Investments in subsidiaries
In the Company’s separate financial statements, investments in subsidiaries are carried at cost less any impairment provisions.
2.15 Taxation
The tax expense represents the sum of current tax and deferred tax.
Current tax
Current tax is based on taxable profit for the year and is calculated using tax rates enacted or substantively enacted at the reporting date.
Taxable profit differs from accounting profit either because items are taxable or deductible in periods different to those in which they are
recognised in the financial statements (temporary differences), or because they are never taxable or deductible (permanent differences).
Deferred tax
Deferred tax on temporary differences at the reporting date between the tax bases of assets and liabilities and their carrying amounts for
financial reporting purposes is accounted for using the balance sheet liability method.
Using the balance sheet liability method, deferred tax liabilities are recognised in full for all taxable temporary differences and deferred tax
assets are recognised to the extent that it is probable that taxable profits will be available against which deductible temporary differences
can be utilised. However, if the temporary difference arises from the initial recognition of goodwill or the initial recognition of an asset or
liability in a transaction other than a business combination, that at the time of the transaction affects neither accounting nor taxable profit,
it is not recognised as deferred tax asset or liability.
Deferred taxation is measured at the tax rates that are expected to apply when the asset is realised, or the liability settled, based on tax
rates and laws enacted or substantively enacted at the reporting date.
2.16 Post-retirement benefits
The Group makes contributions in respect of certain employees to defined contribution pension plans under which it is required to pay
fixed contributions to group and personal pension funds.
Contributions to the schemes are based on a proportion of the employees’ earnings and are charged to the Consolidated Income
Statement. The Group has no obligation beyond these contributions.
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
2.17 Financial instruments
The Group classifies financial instruments, or their component parts, on initial recognition as a financial asset, a financial liability, or an
equity instrument in accordance with the substance of the contractual arrangement.
Financial assets and financial liabilities are recognised in the Group’s Statement of Financial Position when the Group becomes party to the
contractual provisions of the instrument.
The particular recognition and measurement methods adopted for the Group’s financial instruments are disclosed below:
Trade and other receivables
Trade and other receivables are stated at their fair value at time of initial recognition, reflecting, where material, the time value of money.
A provision for impairment of trade receivables is established when there is evidence that the Group will not be able to collect all amounts
due. The simplified approach is used for assessing the expected credit loss on trade receivables, requiring the lifetime expected credit loss
to be recorded as the provision for impairment.
An impairment provision is recorded against the intercompany loan note instrument between the Company and Corero Network Security,
Inc. based on calculating the risk adjusted carrying value of the loan to take account of the credit loss which is expected to arise over the
period until the cash is realised. The amount of the provision is based on whether there has been a significant increase in credit risk since
the initial recognition of the loan. In situations where the credit risk has not increased significantly and the loan amount is expected to be
recovered, the expected credit loss is limited to the effect of discounting the intercompany loan over the period until repayment is realised
at the effective interest rate.
Cash and cash equivalents
Cash and cash equivalents include cash in hand and deposits on call with banks.
Trade and other payables
Trade and other payables are not interest bearing and are stated at their fair value at time of initial recognition. Thereafter they are
accounted for at amortised cost.
Debt obligations
Debt obligations include interest bearing bank borrowings which are stated at their fair value less transaction costs at time of initial
recognition. Debt obligations are subsequently measured at amortised cost.
2.18 Equity instruments
An equity instrument is any contract that evidences a residual interest in the assets of the Company after deducting all its liabilities.
Equity instruments issued by the Company are recorded at the proceeds received, net of directly attributable issue costs.
2.19 Employee share option schemes
The Group operates an equity-settled share-based compensation plan. The fair value of the employees’ services received in exchange for
the grant of share options is measured at grant date and recognised as an expense on a straight-line basis over the vesting period, based
on the Group’s estimate of shares that will eventually vest. Fair value is determined by reference to the Black-Scholes option pricing model.
If a granted option is cancelled and regranted the increase in fair value of the granted option measured immediately before and after the
cancellation and regrant is added to the value of the employee’s service received in exchange for the grant. If an option grant is cancelled
the previously recorded expense is credited to the Consolidated Income Statement.
At each reporting date, the Group revises its estimate of the number of options that are expected to become exercisable.
When share options are exercised, the proceeds received, net of any transaction costs, are credited to share capital (nominal value) and
share premium.
2.20 Standards and Interpretations not yet effective
There are a number of standards, amendments to standards, and interpretations which have been issued that are effective in future
accounting periods that the Group has decided not to adopt early as they will not have a significant impact on the presentation of the
Group financial statements.
58
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
59
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
3. CRITICAL ACCOUNTING JUDGEMENTS AND KEY SOURCES OF ESTIMATION UNCERTAINTY
3.1 Critical judgements in applying the Group’s accounting policies
In the process of applying the Group accounting policies, the following judgements have had a significant effect on the amounts
recognised in the financial statements:
Internally generated research and development costs
Management monitors progress of internal research and development projects. Judgement is required in distinguishing the research
phase from the development phase. Development costs are recognised as an asset when all criteria are met and a project has passed
the feasibility phase, whereas research costs are expensed as incurred. Management monitors whether the recognition requirements
for development costs continue to be met. This is necessary as the economic success of any product development is uncertain.
Going concern
The Directors have reviewed the future profit and cash flow projections in conjunction with the current economic climate in order to express
an opinion on the adequacy of working capital and the ability to continue as a going concern for the foreseeable future. The methodology
contained in the projections is detailed in the note 2.2.
3.2 Key accounting estimates and assumptions
Key assumptions concerning the future and other key sources of estimation uncertainty that have a significant risk of causing a material
adjustment to the carrying amounts of assets and liabilities within the next financial year are as follows:
Impairment of intangible assets and property, plant and equipment
The Group tests goodwill at least annually for impairment, and whenever there is an indication that the asset may be impaired. All
other intangible assets and property, plant and equipment are tested for impairment when indicators of impairment exist. Impairment
is determined with reference to the higher of fair value less costs to sell and value in use. Fair value less costs to sell is estimated using
discounted future cash flows. Significant assumptions are made in estimating future cash flows about future events including future market
conditions, future growth rates and appropriate discount rates. Changes in these assumptions could affect the outcome of impairment
reviews. Details of the main assumptions used in the assessment of the carrying value of the Group’s CGU are set out in note 9.
Impairment of investments (applies to the Company financial statements only)
The Directors have reviewed the cost of investments in subsidiaries of the Company with reference to current and future trading conditions.
The investment in subsidiaries has been reviewed with reference to a valuation based on a discounted free cash flow, in conjunction with
the goodwill impairment review, which the Directors consider to be an appropriate valuation methodology.
Standalone Selling Price – Revenue recognition
On a quarterly basis the Group analyses the selling prices for each deal compared to the current Standalone Selling Price (‘SSP’). This
analysis includes grouping similar deals based on qualitative factors such as customer profile, size, and region, together with a quantitative
comparison to the then current SSP. SSP fair value prices are adjusted for future quarters if management identifies a pattern of variances of
greater than 10% between actual selling prices and the then current SSP.
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
4. SEGMENT REPORTING
Business segments
The Group is managed according to one business unit, Corero Network Security, which makes up the Group’s reportable operating
segment. This business unit forms the basis on which the Group reports its primary segment information to the Board, which management
consider to be the Chief Operating Decision maker for the purposes of IFRS 8 Operating Segments.
The Group’s revenues from external customers are divided into the following geographies:
The Americas
EMEA
APAC
Total
2022
$’000
14,695
4,388
1,038
20,121
2021
$’000
16,042
2,778
2,075
20,895
Revenues from external customers are identified on the basis of invoicing systems and adjusted to take into account the difference
between invoiced amounts and deferred revenue adjustments as required by IFRS.
An international SaaS customer, the Group’s largest customer, accounted for 13% of 2022 revenue (2021: 22%).
The revenue is analysed as follows for each revenue category:
Software license and appliance revenue
DDoS Protection as-a-Service revenue
Maintenance and support services revenue
Total
The revenue is analysed by timing of delivery of goods or services as:
Point in time delivery
Over time
Total
2022
$’000
8,107
4,854
7,160
2021
$’000
10,337
4,025
6,533
20,121
20,895
2022
$’000
8,107
12,014
20,121
2021
$’000
10,337
10,558
20,895
No unsatisfied performance obligations arise except from those revenues which are recognised over time. See note 20 for further details.
Contract balances
Contract assets
Contract liabilities
At 1 January
Transfers in the period to/from trade receivables from/to contract assets
Amounts included in contract liabilities that were recognised as revenue in the
period from the opening balance
Amounts included in contract liabilities that were recognised as revenue from
amounts invoiced in the period
Amounts invoiced in the period and not recognised as revenue in the period
2022
$’000
1,276
1,517
–
–
–
2021
$’000
2,429
(1,153)
–
–
–
At 31 December
2,793
1,276
Company
The Company has no contract assets or liabilities (2021: $nil).
2022
$’000
6,824
–
2021
$’000
6,149
–
(4,629)
(3,442)
(5,880)
(5,889)
9,293
5,608
10,006
6,824
60
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
61
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
5. PROFIT FOR THE YEAR
The following items have been included in arriving at the Group’s profit for the year before taxation:
Unrealised (gain)/loss on intercompany loan
Finance expense – Clydesdale loan interest and fees
Finance expense – lease liability
Research and development expenditure not capitalised
Amortisation of acquired intangible assets (note 10)
Amortisation of capitalised development expenditure (note 11)
Depreciation of property, plant and equipment (note 12)
DDoS Protection as-a-Service asset depreciation (note 12)
Other income – PPPL forgiveness (note 18)
Auditor’s remuneration
Remuneration received by the Company’s auditor for the audit of these Financial Statements
The audit of the financial statements of other Group companies
Fees payable to the Company’s auditor for taxation compliance services
Fees payable to the Company’s auditor for taxation advisory services
6. TAX ON PROFIT ON ORDINARY ACTIVITIES
Current tax credit
Total
2022
$’000
(961)
268
11
1,743
2
1,732
209
370
–
2022
$’000
137
44
33
46
260
2022
$’000
150
150
2021
$’000
(87)
388
18
1,546
5
1,872
315
382
(637)
2021
$’000
105
42
35
9
191
2021
$’000
149
149
The tax assessed on the profit on ordinary activities for the year differs from the weighted average UK corporate rate of tax of 19% per the
2022 and 2023 governmental budgets (2021: 19.0%). The differences are reconciled below:
Total tax reconciliation
Profit before taxation
Theoretical tax charge at UK Corporation tax rate 19% (2021: 19.0%)
Effect of:
– expenditure that is not tax deductible
– accelerated capital allowances
– other timing differences
– losses utilised
Taxation charge
R&D tax credits
2022
$’000
404
77
79
(28)
6
(134)
–
2021
$’000
1,373
261
125
(43)
–
(343)
–
150
149
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
Factors affecting future tax charges
As at 31 December 2022, the Group’s cumulative fixed asset timing differences were $12,000 (2021: $23,000) and no deferred tax asset has
been recognised in respect of these items.
Tax losses at 31 December 2022 amounted to $89.7 million (2021: $89.3 million). This comprised UK tax losses of $13.5 million and US tax
losses of $76.2 million. The utilisation of US tax losses which are all attributable to Corero Network Security, Inc. is subject to the provisions
of Section 382 of the United States Treasury Internal Revenue Code of 1986, as amended. Corero Network Security, Inc did not undergo an
ownership change within the meaning of section 382 for the period 1 February 2017 to 31 December 2021, and thus $15.0 million of the US
tax losses are available at full value to set-off against future taxable profits. The utilisation of the remaining US tax losses of $61.2 million will
be subject to meeting the change of ownership test for the period prior to 1 February 2017. This test will be undertaken as and when these
tax losses are required to offset against taxable profits of Corero Network Security, Inc. US tax losses expire 20 years from the end of the
accounting period in which the loss arose.
UK tax losses arising in the period prior to 1 April 2017 can only used against taxable profits of the same trade, after 1 April 2017 the losses
can be used against total company profits.
Deferred tax assets of $3.4 million (2021: $3.4 million) relating to the UK tax losses (applying a tax rate of 25.0% to tax losses expected to
unwind after 1 April 2023, the rate substantively enacted on 10 June 2021) and the deferred tax assets of $16.0 million (2021: $15.9 million)
relating to the US tax losses and taxable temporary fixed asset differences (applying a tax rate of 21.0%) have not been recognised due to
uncertainties as to the extent and timing of their future recovery.
7. EARNINGS PER SHARE
Earnings per share is calculated by dividing the earnings attributable to ordinary shareholders of the Company by the weighted average
number of ordinary shares in issue during the year. Diluted earnings per share is calculated by dividing the earnings attributable to ordinary
shareholders of the Company by the weighted average number of ordinary shares in issue during the year plus the number of ordinary
shares to be issued from the exercise of attributable share options.
Basic Earnings per share
From profit for the year
Diluted Earnings per share
From profit for the year
Basic earnings/(loss) per share
From profit for the year
Diluted earnings/(loss) per share
Basic earnings per share
Dilutive effect of share options
Diluted earnings per share
2022
Cents
2021
Cents
0.1
0.1
2021
Weighted
average
number of
1p shares
Thousand
494,852
0.3
0.3
Profit
per share
Cents
0.3
Profit
per share
Cents
0.1
Profit
$’000
1,522
0.1
–
0.1
1,522
494,852
–
18,914
1,522
513,766
0.3
–
0.3
2022
Weighted
average
number of
1p shares
Thousand
495,900
495,900
15,248
511,148
Profit
$’000
554
554
–
554
62
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
63
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
8. KEY PERFORMANCE MEASURES
EBITDA and Adjusted EBITDA
Earnings before interest, tax, depreciation, and amortisation (‘EBITDA’) is defined as earnings from operations before interest, tax,
depreciation, and amortisation charges. The following is a reconciliation of EBITDA and Adjusted EBITDA for the periods presented:
Profit before taxation
Adjustments for:
Finance income
Finance expense
Finance lease interest costs
Depreciation – owned assets
Depreciation – lease liabilities
Amortisation of acquired intangible assets
Amortisation of capitalised development expenditure
EBITDA
Other income - PPPL forgiveness
Unrealised foreign exchange differences on intercompany loan
Year ended
31 December
2022
$’000
Year ended
31 December
2021
$’000
404
1,373
(7)
268
11
127
82
2
1,732
2,619
–
(961)
(1)
388
18
222
93
5
1,872
3,970
(637)
(87)
Adjusted EBITDA – for unrealised foreign exchange differences on intercompany loan and PPPL
forgiveness
1,658
3,246
9. GOODWILL
Group
Cost
At 1 January 2021
At 31 December 2021
At 31 December 2022
Impairment
At 1 January 2021
At 31 December 2021
At 31 December 2022
Carrying amount
At 31 December 2022
At 31 December 2021
At 1 January 2021
$’000
17,983
17,983
17,983
(8,992)
(8,992)
(8,992)
8,991
8,991
8,991
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
Goodwill is tested at least annually for impairment and when there are indications that goodwill might be impaired.
Goodwill is allocated to the Group’s single CGU, Corero Network Security (‘CNS’).
The recoverable amount for the CNS CGU was determined based on a discounted cash flow calculation to calculate fair values less costs
to sell using cash flow projections over a 10 year period (2021: 10 year period). The discounted cash flow approach is a level 3 fair value
calculation in the IFRS 13 fair value hierarchy.
The key assumptions for the discounted cash flow calculation are those regarding revenue growth and discount rates as summarised in the
table below and commented on below:
Forecast cash flow period
Extrapolated cash flow period
2022
2021
Years 1-2
Years 1-2
Years 3-10
Years 3-10
Cumulative annual growth rate (‘CAGR’) for revenue used for the forecast/extrapolated periods
10.9%
12.2%
Growth rates (‘CAGR’) used for the forecast/extrapolated periods:
Year 1–2 (forecast period)
Years 3–5 (extrapolated period)
Years 6–10 (extrapolated period)
Revenue growth rate used beyond the extrapolated period
Discount rate
16.3%
15.0%
6.5%
2.5%
17.3%
23.5%
15.0%
6.5%
2.5%
12.3%
The pre-tax cash flows for the forecast period are derived from the most recent financial budget for the year ending 31 December 2023
(‘2023 Budget’) and the plan for the year ending 31 December 2024 (‘2024 Plan’) approved by the Board, with a sensitivity reflecting
prior year experience and progress made in 2022 (10% applied to the 2023 Budget revenue and 15% to the 2024 Plan revenue).
The extrapolation for the period 2025 to 2032 is based on management estimates (with the key assumptions set out below).
The future pre-tax cash flows are discounted by a WACC of 17.3% (2022: 12.3%).
The key assumptions underlying the cash flow projections and which the recoverable amount is most sensitive to are (i) the revenue growth
rates forecast and extrapolated for the period 2023 to 2027 (ii) and the discount rate.
The cash flow forecasts assume a CAGR revenue growth of 15.5% in the period 2023 to 2027 (18.3% for the period 2022 to 2026) and
6.5% for the period 2028 to 2032 (a ‘CAGR’ of 10.9% for 10-year forecast period; 2022: 12.2%). The cashflow forecasts reflect a sensitivity
of 10% applied to the CNS 2023 Budget revenues and a sensitivity of 15% applied to the 2024 Plan revenues (and a sensitivity of 5% to
2023 operating costs and capital expenditure, and a sensitivity of 7.5% to 2024 operating costs and capital expenditure) reflecting prior
year experience. The management of the Group believe these growth rates are appropriate for the forecasts given the significant progress
the business made in 2021 and 2022, the strategy for 2023 which is focused on scaling the business for profitability through leveraging
the Group’s expanded routes to market and the on-going investment in sales and marketing. This strategy is expected to deliver further
increases in revenue in the forecast period.
The assumed growth rates are supported by the fact that the IT security market is forecast to grow strongly for the foreseeable future.
The DDoS market is expected to reach $6.7 billion by 2026 (Source: MarketsandMarkets DDoS Protection and Mitigation market – Global
Forecast to 2026, June 2019) – a CAGR of 15.1% in the period 2021 to 2026.
The above market growth rates used in the future cash flow assumptions reflect that CNS is in the relatively early stages of the commercial
exploitation of its intellectual property. In addition, the business’s strategy, aside from greater sales growth penetration, is to continue to
develop its product and solution offerings to remain its market leadership technological credentials in its chosen markets thereby providing
the opportunity to generate above market average growth rates.
The growth rate assumed in the period beyond the 10-year extrapolation period of 2.5% is considered reasonable as historically IT spend
has exceeded GDP growth.
64
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
65
�Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
11. CAPITALISED DEVELOPMENT EXPENDITURE
Group
Cost
At 1 January 2021
Additions
At 31 December 2021 and at 1 January 2022
Additions
At 31 December 2022
Amortisation
At 1 January 2021
Charge for year
At 31 December 2021 and at 1 January 2022
Charge for year
At 31 December 2022
Net book value
At 31 December 2022
At 31 December 2021
At 1 January 2021
Company
The Company has no capitalised development expenditure (2021: $nil).
Total
$’000
22,310
1,754
24,064
1,704
25,768
(17,664)
(1,872)
(19,536)
(1,732)
(21,268)
4,500
4,528
4,646
NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
9. GOODWILL CONTINUED
The discount rate is based on a cost of equity using the Capital Asset Pricing Model with the key inputs being a risk-free interest rate
estimate of 3.88% (based on 10-year US government bonds) (2021: 1.52%), comparable company betas, an equity risk premium of 6.2%
(2021: 6.2%), and small company risk premium of 4.5% (2021: 4.5%). The WACC has been assessed based on that fact that the Company
had debt at 31 December 2022 of $1.2 million (debt at 31 December 2021: $2.8 million). The WACC used in the valuation reflects current
market assessments of the time value of money and the risks specific to CNS.
As stated above, the valuation to support the value in use of the CNS CGU is sensitive to changes in the cash flow forecasts and the
discount rate assumptions, and there is no absolute guarantee that the expected growth will be achieved. If the discount rate is increased
from 17.3% to 48.0%, this would mathematically result in an impairment of the carrying value of goodwill of $9 million meaning the goodwill
would be fully impaired. If the sensitivity of 10% applied to the CNS 2023 Budget and 15% to the 2024 Plan revenues (and sensitivity of
5% to CNS 2023 Budget operating costs and capital expenditure, and 7.5% to the 2024 Plan operating costs and capital expenditure) was
increased to 34.0% for the CNS 2023 Budget and 36.0% to the 2024 Plan revenues (and sensitivity of 17.0% to CNS 2023 Budget operating
costs and capital expenditure, and 18.0% to the 2024 Plan operating costs and capital expenditure), this would mathematically result in an
impairment of the carrying value of goodwill of $9 million meaning the goodwill would be fully impaired.
Apart from the considerations in determining the value in use of the CNS CGU extensively described above, the management of the Group
is not currently aware of any other reasonably possible changes that would necessitate changes in its key estimates.
10. ACQUIRED INTANGIBLE ASSETS
Group
Cost
At 1 January 2021
Additions
At 31 December 2021 and at 1 January 2022
Additions
At 31 December 2022
Amortisation
At 1 January 2021
Charge for year
At 31 December 2021 and at 1 January 2022
Charge for year
At 31 December 2022
Net book value
At 31 December 2022
At 31 December 2021
At 1 January 2021
Company
The Company has no intangible fixed assets (2021: $nil).
Computer
software
$’000
Customer
relationships
$’000
6,017
–
6,017
–
6,017
(6,008)
(5)
(6,013)
(2)
(6,015)
2
4
9
197
–
197
–
197
(197)
–
(197)
–
(197)
–
–
–
Total
$’000
6,214
–
6,214
–
6,214
(6,205)
(5)
(6,210)
(2)
(6,212)
2
4
9
66
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
67
�Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
12. PROPERTY, PLANT AND EQUIPMENT
Group
13. INVESTMENT IN SUBSIDIARIES
Company
Sales
evaluation
assets
$’000
DDoS
protection
as-a-service
assets
$’000
Fixtures and
Fittings
$’000
Leasehold
Improvements
$’000
Right-of-use
assets
$’000
Total
$’000
Investment in Corero
Network Security, Inc. and
Corero Network Security
(uK) Limited
$’000
Investment in Corero
Group Services Limited
$’000
Loan note
$’000
Cost
1 January 2021
Additions
Transfers
Disposals
Foreign currency translation
At 31 December 2021
and 1 January 2022
Additions
Transfers
Disposals
Foreign currency translation
At 31 December 2022
Depreciation
At 1 January 2021
Charge for year
Transfers
Disposals
Foreign currency translation
At 31 December 2021
and at 1 January 2022
Charge for year
Transfers
Disposals
Foreign currency translation
At 31 December 2022
Net book value
At 31 December 2022
At 31 December 2021
At 1 January 2021
Computer
Equipment
$’000
1,042
17
–
(59)
(3)
997
114
0
0
(20)
1,091
(834)
(129)
–
21
3
(939)
(65)
0
0
20
(984)
107
58
208
216
136
(67)
(99)
–
186
137
(57)
(69)
(10)
187
(91)
(59)
16
50
–
(84)
(38)
9
18
(1)
(96)
91
102
125
1,377
104
106
426
3,271
268
67
(57)
(7)
–
–
–
–
–
–
–
–
–
–
(83)
1
421
–
(298)
(9)
1,648
104
106
344
3,385
169
57
(64)
(62)
1,748
(695)
(382)
(16)
27
4
(1,062)
(370)
(9)
31
41
0
0
0
(1)
103
(74)
(13)
–
–
–
(87)
(7)
0
0
2
0
0
0
(2)
104
(52)
(21)
–
–
–
(73)
(17)
0
0
2
0
0
0
0
420
0
(133)
(95)
344
3,577
(189)
(93)
–
83
–
(199)
(82)
0
0
(1)
(1,935)
(697)
–
181
7
(2,444)
(579)
0
49
63
(1,369)
(92)
(88)
(282)
(2,911)
379
586
682
11
17
30
16
33
54
62
145
237
666
941
1,336
Cost
At 1 January 2021
Capitalisation of intercompany balances
Additions
Foreign currency translation
At 31 December 2021 and at 1 January 2022
Additions
Foreign currency translation
At 31 December 2022
Impairment
At 1 January 2021
Impairment credit/(charge)
Foreign currency translation
At 31 December 2021 and at 1 January 2022
Impairment credit
Foreign currency translation
At 31 December 2022
Net book value
At 31 December 2022
At 31 December 2021
At 1 January 2021
70,302
3,416
–
(653)
73,065
–
(7,740)
65,325
(22,268)
10,326
207
(11,735)
1,134
1,243
(9,358)
55,967
61,330
48,035
10,878
–
–
(101)
10,777
–
(1,142)
9,635
(4,928)
(138)
46
(5,020)
652
532
(3,836)
5,799
5,757
5,950
8,627
–
444
(87)
8,984
420
(961)
8,443
(1,691)
1,675
16
–
–
–
–
8,443
8,984
6,936
Total
$’000
89,807
3,416
444
(841)
92,826
(9,843)
83,403
(28,887)
11,863
269
(16,755)
1,786
1,775
(13,194)
70,209
76,071
60,921
The Directors have reviewed the carrying value of the cost of investments in subsidiaries of the Company with reference to the Company
market capitalisation at 31 December 2022 or on a discounted free cash flow valuation whichever is the higher value, which the Directors
consider to be an appropriate valuation methodology. Based on the Company market capital valuation as at 31 December 2022, the
provision against the investment in subsidiaries was $13.2 million (at 31 December 2021: $16.8 million), comprising a provision against
the investment in Corero Network Security, Inc. and Corero Network Security (UK) Limited (together ‘CNS’) of $9.4 million and a provision
against the investment in Corero Group Services Limited of $3.8 million.
The Company’s investment in Corero Network Security, Inc. includes a loan note instrument. These loan notes bear interest at 5.0%
per annum which at the election of Corero Network Security, Inc. is payable quarterly or added to the principal amount which is due on
31 October 2026. As at 31 December 2022, the expected credit loss provision was $nil million (2021: $nil million).
DDoS Protection as-a-Service assets’ depreciation is charged to cost of sales.
Company
The Company has no property, plant and equipment (2021: $nil).
68
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
69
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
13. INVESTMENT IN SUBSIDIARIES CONTINUED
The Company owns:
• 100% of the issued share capital of Corero Network Security, Inc. a company incorporated in Delaware, USA. The company’s business
address is 293 Boston Post Road, Marlborough, MA 01752, USA. The principal business of the company consists of the development
and sale of appliance and software security products and solutions.
• 100% of the issued share capital of Corero Group Services Limited, a company incorporated and registered in England and Wales.
The company’s business address is Salisbury House, 29 Finsbury Circus, London, EC2M 5QQ, England, United Kingdom. The principal
business of the company consists of providing administration services to the Group.
• 100% of the issued share capital of Corero Network Security (UK) Limited, a company incorporated and registered in England and
Wales. The company’s business address is 3rd Floor, 53 Hanover Street, Edinburgh, EH2 2PJ and registered address is Salisbury
House, 29 Finsbury Circus, London, EC2M 5QQ, England, United Kingdom. The principal business of the company consists of sale of
appliances and software security products and solutions, providing development and marketing services on behalf of Corero Network
Security, Inc.
14. INVENTORIES
Gross inventory
Less: provision for impairment
Net inventory
Group
2022
$’000
217
(53)
164
Group
2021
$’000
139
(82)
57
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
The maturity profile of trade and other receivables is set out in the table below:
In one year or less, or on demand
In more than one year, but not more than five years
Group
Company
2022
$’000
5,294
1,571
6,865
2021
$’000
3,206
859
4,065
2022
$’000
3,232
72
3,304
2021
$’000
17
97
114
Balances due in more than one year, but not more than five years, are presented as non-current in the Statement of Financial Position.
The analysis of trade and other receivables by foreign currency is set out in the table below:
US dollars
UK pound
Group
Company
2022
$’000
5,727
1,138
6,865
2021
$’000
3,163
902
4,065
2022
$’000
–
3,304
3,304
2021
$’000
–
114
114
The Group’s foreign currency receivables are denominated in the functional currency of the subsidiaries in which they arise. There is no
impact on the result for the year from exchange rate movements on such financial instruments.
Net inventory comprises finished goods and raw materials. The value of inventory recognised as an expense in cost of sales was $1.7 million
(2021: $1.9 million).
16. TRADE AND OTHER PAYABLES
Company
The Company holds no inventory (2021: $nil).
15. TRADE AND OTHER RECEIVABLES
Trade receivables
Contract assets (note 4)
Less: provision for impairment of trade receivables
Net trade receivables
Other debtors
Prepayments
Amounts due from subsidiaries
Group
Company
2022
$’000
1,092
2,793
(25)
3,860
160
2,845
–
6,865
2021
$’000
740
1,276
(24)
1,992
180
1,893
–
4,065
2022
$’000
2021
$’000
–
–
–
–
68
19
3,217
3,304
–
–
–
–
76
38
–
114
None of the Company’s trade and other receivables are secured by collateral or credit enhancements (2021: None).
The Group applies the simplified approach to measuring expected credit losses using a lifetime expected credit loss for trade receivables
and contract assets. To measure expected credit losses on a collective basis, trade receivables and contract assets are grouped based on a
similar credit risk and aging. The expected loss rates are based on the Group’s historical credit losses experienced over a two year period
prior to the period end. The historical loss rates are then adjusted for current and forward-looking information on macroeconomic factors
affecting the Group’s customers. The Group has identified gross domestic product growth rates, unemployment rates and inflation rates as
the key macroeconomic factors in the countries in which the Group operates. The Directors consider that the carrying amount of trade and
other receivables approximates their fair value.
Trade payables
Amounts due to subsidiaries
Other payables
Accruals
Group
Company
2022
$’000
1,619
–
159
2,278
4,056
2021
$’000
1,567
–
36
2,608
4,211
2022
$’000
–
8,427
–
100
8,527
2021
$’000
–
8,794
–
254
9,048
None of the Group or Company’s trade and other payables are secured by collateral or credit enhancements.
The Directors consider that the carrying amount of trade and other payables approximates their fair value. 74% (2021: 66%) of the trade and
other payables are due in less than three months.
The amounts due to subsidiaries are repayable on demand.
The analysis of trade and other payables by foreign currency is set out in the table below:
US dollars
UK pound
Group
Company
2022
$’000
2,161
1,895
4,056
2021
$’000
1,977
2,234
4,211
2022
$’000
–
8,527
8,527
2021
$’000
–
9,048
9,048
The Group’s foreign currency payables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact
on the result for the year from exchange rate movements on such financial instruments.
70
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
71
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
17. LEASE LIABILITIES
At 1 January
Payments
Interest cost
At 31 December
The Directors consider that the carrying amount of lease liabilities approximates to their fair value.
The analysis of lease liabilities by foreign currency is set out in the table below:
US dollars
UK pound
Company
The Company has no lease liabilities (2021: $nil).
18. BORROWINGS
The Group borrowings:
Bank loans
The Company borrowings:
Bank loan
Group
2022
$’000
172
(105)
11
78
Group
2022
$’000
78
–
78
2022
$’000
1,208
2022
$’000
1,208
Group
2021
$’000
257
(103)
18
172
Group
2021
$’000
172
–
172
2021
$’000
2,777
2021
$’000
2,777
The borrowings facility comprises a drawn £2.0 million term loan facility and an undrawn £1.0 million Revolving Credit Facility (‘RCF’)
for a three-year term. The facility terms include: no early repayment penalties or redemption premium; a reduced interest rate (payable
quarterly) at 6.5% per annum over the Bank of England base rate before any potential downward EBITDA margin ratchet adjustment;
2.6% interest per annum on the RCF; arrangement fee of 3.75%; and standard security and loan covenants in line with the existing lending
arrangements including the payment of a fee equal to 1.0% of the disposal proceeds on a sale or a change of control of the Company
above a threshold amount of £100.0 million if such disposal or change of control occurs before April 2025.
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
Interest is payable quarterly in arrears based on 3-month GBP UK base rate plus 6.5%. The loan principal repayment schedule by year for
the bank loan is:
Year
2023
2024
The contractual future cash flows, including undiscounted interest based on the interest rate at 31 December 2022 of 10.0%
(at 31 December 2021: 6.75%) for the bank loan, is:
Year
2023
2024
$’000
1,008
252
1,260
$’000
1,097
339
1,436
The bank loan is secured by debentures over the business assets of all Group companies and by Group company guarantees including
a guarantee from the Company. The bank loan terms include typical covenants for such a loan, as well as revenue and cash consumption
covenants, which are tested quarterly and monthly respectively. These covenants were met for each covenant reporting period in the
reporting period ended 31 December 2022.
Paycheck Protection Program Loan (‘PPPL’)
The Company’s US trading subsidiary, Corero Network Security, Inc was advanced, via its US bank, Pacific Western Bank, a Paycheck
Protection Program Loan for $637,000 on 11 May 2020. The PPPL was a component of the US federal stimulus package known as the
Coronavirus Aid, Relief and Economic Security Act, which offered help to businesses in the US during the COVID-19 crisis. Notification of
the PPP loan forgiveness in full was received from Pacific Western Bank on 28th January 2021. The forgiveness of the PPP loan is a non–cash
movement and is shown as ‘other income’ in the Group Income Statement.
19. FINANCIAL INSTRUMENTS
The Group’s financial instruments are categorised as shown below:
Group
Financial assets
Trade and other receivables
Cash
Group
Financial liabilities
Trade and other payables
Borrowings
Book Value
2022
$’000
Book Value
2021
$’000
4,020
5,646
9,666
2,158
11,201
13,359
Book Value
2022
$’000
Book Value
2021
$’000
4,134
1,208
5,342
4,383
2,901
7,284
For the purpose of this note financial assets - trade and other receivables exclude prepayments.
The Group manages liquidity and credit risk in line with the financial risk management objectives and policies as set out on page 25.
At the present time the Group does not have significant exposure interest rate risk. There are no differences between the fair values and
book values held by the Group.
72
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
73
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
20. DEFERRED INCOME
Group
Current
More than one year but less than five years
2022
$’000
3,323
2,285
5,608
2021
$’000
4,677
2,147
6,824
The Group’s deferred income balance will be recognised as revenue evenly over the remaining term of the service and support agreements
in place. The service and support agreements expire at various times throughout the year with no particular seasonality.
Company
The Company has no deferred income (2021: $nil).
21. PENSIONS
The Group’s pension arrangements are operated through defined contribution schemes.
Defined contribution schemes
Defined contribution pension costs
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
23. SHARE PREMIUM
1 January 2021 and 1 January 2022
Issued by way of option exercises
66,667 ordinary shares of 4.25p each (5.61c)
20,000 ordinary shares of 15p each (18.45c)
1,000,000 ordinary shares of 15p each (18.15c)
2,126,667 ordinary shares of 15p each (21.3c)
400,000 ordinary shares of 4.25p each (4.80c)
155,000 ordinary shares of 4.25p each (4.80c)
1,333,333 ordinary shares of 4.25p each (5.23c)
31 December 2022
$’000
82,122
1
1
18
45
19
8
70
82,284
Consideration received in excess of the nominal value is included in share premium, less registration, commission, and professional fees.
2022
$’000
192
2021
$’000
153
24. EMPLOYEES AND DIRECTORS
Employee expenses, including Directors, during the period
Group
22. SHARE CAPITAL
Authorised share capital
The authorised share capital comprises 745,821,970 (2021: 745,821,970) ordinary shares of 1 penny (‘p’) (1.4 cents (‘c’)) each.
Issued ordinary share capital
1 January 2021 and 1 January 2022
494,852,304 ordinary shares of 1p each
Issued by way of option exercises
66,667 ordinary shares of 1p each (1.32c)
20,000 ordinary shares of 1p each (1.23c)
1,000,000 ordinary shares of 1p each (1.21c)
2,126,667 ordinary shares of 1p each (1.42c)
400,000 ordinary shares of 1p each (1.13c)
155,000 ordinary shares of 1p each (1.13c)
1,333,333 ordinary shares of 1p each (1.23c)
31 December 2022
499,953,971 ordinary shares of 1p each
Wages and salaries
Social security costs
Other pension costs
Average monthly numbers of employees (including Directors) employed
Sales and marketing
Technical, support and services
Management, operations and administration
Company
The Company has no employees (2021: nil).
Total
2022
$’000
11,087
1,229
192
Total
2021
$’000
9,130
1,027
153
12,508
10,310
2022
Number
2021
Number
21
38
6
65
19
35
6
60
$’000
6,914
–
–
12
30
5
2
17
6,980
74
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
75
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
24. EMPLOYEES AND DIRECTORS CONTINUED
Directors, being the Key Management personnel
Directors
Ashley Stephenson
Andrew Miller
Jens Montanana
Lionel Chmilewsky
Peter George
Richard Last
Bonus
$’000
Benefits
$’000
Pension
$’000
Subtotal
$’000
Options
$’000
Company
National
Insurance
Contributions
$’000
Total
2022
$’000
Total
2021
$’000
161
–
–
167
–
–
328
23
1
–
11
–
–
35
–
–
–
53
–
–
53
530
141
40
596
36
34
1,377
–
–
–
–
–
–
–
9
18
–
127
–
3
539
159
40
723
36
37
554
29
80
819
72
78
157
1,534
1,632
Salary
& fees
$’000
346
140
40
365
36
34
961
Bonus payments of $328,000 were awarded to Directors in respect of the year to 31 December 2022 (2021: $352,000).
Lionel Chmilewsky has an employment agreement with a wholly owned subsidiary of the Company which provides for the payment of
six months’ base salary if the agreement is terminated by the Company without cause. Lionel Chmilewsky resigned as a Director of the
Company on 28 February 2023.
Ashley Stephenson has an employment agreement with a wholly owned subsidiary of the Company which provides for the payment of
six months’ base salary if the agreement is terminated by the Company without cause.
Andrew Miller was a Non-executive Director during the year and Interim Chief Financial Officer for the period 1 September to 31 December
2022. Andrew Miller has a Director’s Loan of $72,000 which is repayable in August 2030. Andrew Miller was appointed Interim Chief
Operating Officer on 1st March 2023.
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
27. SHARE OPTIONS
The Company has the following share option schemes:
• Enterprise Management Incentive Scheme for its employees, which has been approved by HMRC.
• Executive Enterprise Management Incentive Scheme, which has been approved by HMRC.
• Unapproved Share Option Scheme.
• Deferred Payment Share Plan.
Options granted have a three–year vesting period, vesting one third on the first anniversary of grant, one third on the second anniversary
of grant and one third on the third anniversary of grant. Shares acquired on the exercise of an option may not be sold until the expiry of
the second anniversary following the date of option grant. With the exception of options granted in April 2017 to Directors which include a
revenue growth performance vesting condition, there are no vesting conditions for options granted.
If an option holder ceases to be in employment or hold office within the Group, options granted shall immediately lapse unless such
cessation is because of the option holder’s death; the option holder’s ill health or disability; the company that employs the option holder
ceasing to be under the control of the Company or such company ceasing to be within the Group; the transfer of sale of the undertaking
or part-undertaking in which the option holder is employed to a person who is neither under the control of the Company nor within the
Group; or any other reason that the Board in its absolute discretion shall determine.
On a cessation of employment or office as set out above, options shall be exercisable to the extent they have vested according to the
terms of the option agreement and the provisions of the relevant share option scheme and must be exercised within 30 days following such
cessation unless otherwise determined by the Board or if such cessation is by reason of death in which case the option holder’s personal
representatives must exercise the option within 12 months following the date of the option holder’s death.
For option agreements granted post June 2020 and subject to the approval of the Board, where an option holder has, as at the date of
the grant, been employed by a Group company for a period of at least three years and whose employment is terminated either: (a) by
the company other than for cause; or (b) by resignation on the part of the option holder, such option holder shall be entitled to retain the
options granted under the option agreement following the effective date of the termination and such retained options shall continue to
vest and be exercisable by the option holder in accordance with the vesting terms set out in the agreement.
Share options granted at 31 December 2022 were as follows:
25. LEASE COMMITMENTS
The Group has total future minimum lease payments under non-cancellable leases totalling $85,000 (2021: $7,000) analysed by year of
expiry as follows:
Option holders
Date granted
Expiry date
Enterprise Management Incentive Scheme
Exercise
price – pence
(cents)
At
1 January
2022
Granted
Exercised
Forfeit/
cancelled
At
31 December
2022
Land and building agreements expiring:
Within one year
More than one year but less than five years
Company
The Company has no lease commitments (2021: $nil).
2022
$’000
2021
$’000
64
21
85
7
–
7
26. CONTINGENT LIABILITIES
Corero Network Security (UK) Limited was in December 2015 awarded a grant of £600,000 for a development project over three years from
Scottish Enterprise. Any monies becoming repayable by Corero Network Security (UK) Limited under the grant terms for breaches of the
grant conditions are guaranteed by the Company. These conditions which are typical for a grant of this nature, and which apply for a period
of five years from the final grant payment date (being 14 March 2019), include maintaining minimum headcount in Scotland and no change
of control.
Other Holders
April 2019
April 2029
8.4p (11c)
10,000
September 2019
September 2029
2.5p (3c)
5,000
April 2020
June 2020
April 2030
4.2p (5c)
357,500
June 2030
5.3p (7c)
8,975,500
September 2020
September 2030
7.8p (10c)
10,000
October 2020
October 2030
9.0p (12c)
12,500
January 2021
January 2031
13.0p (18c)
685,000
November 2021
November 2031
9.25p (12c)
27,500
–
–
–
–
–
–
–
–
September 2022
September 2032
10.8p (12c)
–
410,000
Executive Enterprise Management Incentive Scheme
Andrew Lloyd
April 2017
April 2027
8p (10c)
2,083,333
–
–
–
–
–
–
–
10,000
5,000
357,500
(1,888,333)
(866,667)
6,220,500
–
–
–
–
–
–
–
–
10,000
12,500
(150,000)
535,000
(27,500)
-
–
–
410,000
2,083,333
76
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
77
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
27. SHARE OPTIONS CONTINUED
Share options granted at 31 December 2021 were as follows:
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
Option holders
Date granted
Expiry date
unapproved French Share Option Scheme
Exercise
price – pence
(cents)
At
1 January
2022
Granted
Exercised
Forfeit/
cancelled
At
31 December
2022
Lionel Chmilewsky
June 2020
June 2030
5.3p (7c)
7,000,000
January 2021
January 2031
13.0p (18c)
500,000
unapproved Share Option Scheme
Jens Montanana
Richard Last
Andrew Lloyd
April 2017
May 2018
April 2027
8p (10c)
994,000
May 2028
13.6p (18c)
425,000
October 2018
October 2028
11.0p (14c)
400,000
January 2021
January 2031
13.0p (18c)
350,000
April 2017
June 2017
April 2027
8p (10c)
450,000
June 2027
13.6 (18c)
180,000
October 2018
October 2028
11.0p (14c)
200,000
January 2021
January 2031
13.0p (18c)
350,000
April 2017
June 2017
April 2027
8p (10c)
580,001
June 2027
13.6 (18c)
200,000
Ashley Stephenson
June 2020
June 2030
5.3p (7c)
7,919,000
January 2021
January 2031
13.0p (18c)
350,000
Andrew Miller
June 2020
June 2030
5.3p (7c)
5,775,000
Peter George
January 2019
January 2029
11.3p (15c)
750,000
Other holders
September 2011
September 2021
37.5p (61c)
40,000
January 2021
January 2031
13.0p (18c)
350,000
March 2012
March 2022
54.5p (89c)
140,000
April 2013
May 2014
April 2023
25p (38c)
100,000
May 2024
25p (42c)
670,666
September 2016
September 2026
22.5p (33c)
5,000
October 2018
October 2028
11.0p (14c)
50,000
September 2019
September 2029
2.5p (3c)
3,531,667
April 2020
April 2020
June 2020
April 2030
4.2p (5c)
455,000
April 2030
4.2p (5c)
50,000
June 2030
5.3p (7c) 4,603,500
September 2020
September 2030
7.8p (10c)
300,000
January 2021
January 2031
13.0p (18c)
610,000
November 2021
November 2031
9.25p (12c)
25,000
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
January 2022
January 2032
13.0p(18c)
September 2022
September 2032
10.8p (12c)
– 4,260,000
–
910,000
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
(40,000)
(140,000)
–
–
–
–
7,000,000
500,000
994,000
425,000
400,000
350,000
450,000
180,000
200,000
350,000
580,001
200,000
7,919,000
350,000
5,775,000
750,000
350,000
–
–
100,000
670,666
5,000
50,000
(3,193,334)
(238,333)
100,000
–
–
–
–
–
–
–
–
(50,000)
405,000
–
50,000
(180,000)
4,423,500
(300,000)
–
(125,000)
485,000
–
–
–
25,000
4,260,000
910,000
The closing mid-market price for the Company’s shares at 31 December 2022 was 9.25p (11.2c) and the low and high for the year was 9.25p
(11.2c) and 14.5p (19.0c).
In the 12 months to 31 December 2022, 5,081,667 options were exercised (2021: nil) and 2,117,500 options were forfeited (2021: 1,805,833).
49,520,167 5,580,000 (5,081,667)
(2,117,500)
47,901,000
Option holders
Date granted
Expiry date
Enterprise Management Incentive Scheme
Exercise
price –
pence
(cents)
At
1 January
2021
Granted
Exercised
Forfeit/
cancelled
At
31 December
2021
Other Holders
April 2019
April 2029
8.4p (11c)
10,000
September 2019 September 2029
2.5p (3c)
5,000
April 2020
June 2020
April 2030
4.2p (5c)
465,000
June 2030
5.3p (7c)
8,985,500
September 2020 September 2030
7.8p (10c)
10,000
October 2020
October 2030
9.0p (12c)
12,500
–
–
–
–
–
–
January 2021
January 2031 13.0p (18c)
November 2021 November 2031 9.25p (12c)
–
–
685,000
27,500
Executive Enterprise Management Incentive Scheme
Andrew Lloyd
April 2017
April 2027
8p (10c)
2,083,333
unapproved French Share Option Scheme
Lionel Chmilewsky
June 2020
June 2030
5.3p (7c)
7,000,000
–
–
January 2021
January 2031 13.0p (18c)
–
500,000
unapproved Share Option Scheme
Jens Montanana
April 2017
April 2027
8p (10c)
994,000
May 2018
May 2028 13.6p (18c)
425,000
October 2018
October 2028 11.0p (14c)
400,000
–
–
–
Richard Last
January 2021
January 2031 13.0p (18c)
–
350,000
April 2017
June 2017
April 2027
8p (10c)
450,000
June 2027
13.6 (18c)
180,000
October 2018
October 2028 11.0p (14c)
200,000
–
–
–
January 2021
January 2031 13.0p (18c)
–
350,000
Andrew Lloyd
April 2017
June 2017
April 2027
8p (10c)
580,001
June 2027
13.6 (18c)
200,000
Ashley Stephenson
June 2020
June 2030
5.3p (7c)
7,919,000
–
–
–
January 2021
January 2031 13.0p (18c)
–
350,000
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
10,000
5,000
(107,500)
357,500
(10,000)
8,975,500
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
10,000
12,500
685,000
27,500
2,083,333
7,000,000
500,000
994,000
425,000
400,000
350,000
450,000
180,000
200,000
350,000
580,001
200,000
7,919,000
350,000
78
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
79
�NOTeS TO THe FiNANCiAL STATeMeNTS
CONTiNUeD
27. SHARE OPTIONS CONTINUED
Option holders
Date granted
Expiry date
unapproved Share Option Scheme continued
Exercise
price –
pence
(cents)
At
1 January
2021
Granted
Exercised
Forfeit/
cancelled
At
31 December
2021
Andrew Miller
June 2020
June 2030
5.3p (7c)
5,775,000
Peter George
January 2019
January 2029
11.3p (15c)
750,000
–
–
January 2021
January 2031
13.0p (18c)
–
350,000
Other holders
March 2011
March 2021
40p (65c)
290,000
September 2011
September 2021
37.5p (61c)
40,000
March 2012
March 2022
54.5p (89c)
140,000
April 2013
May 2014
April 2023
May 2024
25p (38c)
100,000
25p (42c)
670,666
September 2016
September 2026
22.5p (33c)
October 2018
October 2028
11.0p (14c)
5,000
50,000
September 2019
September 2029
2.5p (3c)
4,430,000
April 2020
April 2020
June 2020
April 2030
April 2030
June 2030
4.2p (5c)
605,000
4.2p (5c)
50,000
5.3p (7c)
4,603,500
September 2020
September 2030
7.8p (10c)
300,000
–
–
–
–
–
–
–
–
–
–
–
–
January 2021
January 2031
13.0p (18c)
November 2021 November 2031
9.25p (12c)
–
–
960,000
25,000
47,728,500
3,597,500
Total number of options granted to Directors
31 December 2022
Options granted
31 December 2021
Options granted
Relevant Share Option scheme
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
5,775,000
750,000
350,000
(290,000)
–
–
–
–
–
–
–
40,000
140,000
100,000
670,666
5,000
50,000
(898,333)
3,531,667
(150,000)
455,000
–
–
–
50,000
4,603,500
300,000
(350,000)
610,000
–
25,000
(1,805,833)
49,520,167
Ashley Stephenson
Andrew Miller
8,269,000
5,915,000
8,269,000
Unapproved Share Option Scheme
5,915,000
Executive Enterprise Management Scheme and Unapproved Share
Option Scheme
Jens Montanana
2,169,000
2,169,000
Unapproved Share Option Scheme
Lionel Chmilewsky
7,500,000
7,500,000
Unapproved Share Option Scheme
Peter George
Richard Last
1,100,000
1,180,000
1,100,000
Unapproved Share Option Scheme
1,180,000
Unapproved Share Option Scheme
26,133,000
26,133,000
None of the Directors holding office at the balance sheet date exercised options during the year (2021: none).
Andrew Miller has a contractual right (granted in March 2011) to purchase 140,000 ordinary shares in the Company from the Employee
Share Ownership Trust at 40p per share pursuant to a grant made to him under the Deferred Payment Share Plan.
Overview
Strategic Report
Governance
FiNANCiAL STATeMeNTS
Corporate Directory
Share-based payments
The Remuneration Committee (‘RC’) approves the grant of share options to employees of the Group under the Group’s share
option schemes.
Share options are granted with a fixed exercise price which is equal to the market price at the date of the grant or higher price determined
by the RC. The share options granted are required to be exercised within 10 years from the date of grant.
Share options are valued using the Black-Scholes option-pricing model.
The weighted average fair value of the options granted in the year was 6.9p (7.82c). The value of share options granted during the year was
calculated using the Black-Scholes option pricing model. The following variables and ranges were used:
Share price at date of grants
Exercise price
Expected volatility
Estimated years to exercise
Risk free interest rate
The table below provides information on all options outstanding at the end of the year:
2022
2021
10.8p–13.0p (12c–18c)
9.25p–13.0p (12c–18c)
10.8p–13.0p (12c–18c)
9.25p–13.0p (12c–18c)
54.7%–65.0%
70.6%–76.5%
4.0–4.8
1.0%–3.0%
4.1–4.9
0%–0.01%
Weighted average remaining contractual life
Average remaining contractual life
Options exercisable
Exercise price range
Weighted average share price
Weighted average exercise price
Expected volatility
Risk free rate – 5 year gilt rate
Expected dividend yield
7.2 years
6.3 years
29,399,167
2.5p–55p (3c–73c)
7.1p (8.0c)
7.4p (8.3c)
0.2%–76.5%
-0.08%–3.3%
Nil
Volatility is calculated as the standard deviation of the closing daily share price over a period of 24 months prior to the grant date.
Operating expenses in the Group Income Statement included a charge of $386,000 (2021: $522,000) relating to employee
share-based payments.
28. RELATED PARTIES AND TRANSACTIONS
There have been no equity placings or offers in the year ended 31 December 2022 or 2021.
The Directors consider the Group’s key management personnel to be the Board of Directors of the Company whose compensation
is detailed in note 24.
Company key management compensation was $nil (2021: $nil) as the key management are employed by subsidiaries.
80
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
81
�GLOSSArY
COrPOrATe DireCTOrY
Overview
Strategic Report
Governance
Financial Statements
COrPOrATe DireCTOrY
5G
AI
AIM
ARR
CAGR
CGu
CNS
CPu
CSPs
DDoS
DDPaaS
DPDK
DPI
EBITDA
Eu
FCA
FRC
FRS
IAS
IFRS
IoT
ISA
MSSP
NICs
POPs
PPPL
RCF
R&D
ROI
SOC
SSP
TCO
TDC
TDD
TDS
Fifth Generation Cellular Network Technology
Artificial Intelligence
Alternative Investment Market
Annualised Recurring Revenues
Compound Annual Growth Rate
Cash-Generating Unit
Corero Network Security
Central Processing Unit
Communication Service Providers
Distributed Denial of Service
DDoS Protection as-a-Service
Data Plane Development Kit
Deep Packet Inspection
Earnings Before Interest, Tax, Depreciation, and Amortisation
European Union
Financial Conduct Authority
Financial Reporting Council
Financial Reporting Standard
International Accounting Standards
International Financial Reporting Standards
Internet of Things
International Standard on Auditing
Managed Security Service Provider
Network Interface Cards
Points of Presence
Paycheck Protection Program Loan
Revolving Credit Facility
Research and Development
Return On Investment
Security Operations Center
Stand–alone Selling Prices
Total Cost of Ownership
SmartWall® Threat Defense Cloud
SmartWall® Threat Defense Director
SmartWall® Threat Defense System
DIRECTORS
Jens Montanana (Executive Chairman)
Richard Last (Non-executive Director)
Peter George (Non-executive Director)
Andrew Miller (Interim Chief Operating Officer)
Ashley Stephenson (Chief Technology Officer)
SECRETARY AND REGISTERED OFFICE
Duncan Swallow
Salisbury House
29 Finsbury Circus
London
EC2M 5QQ
NOMINATED ADVISER AND BROKER
Canaccord Genuity Ltd
88 Wood Street
London
EC2V 7QR
FINANCIAL PUBLIC RELATIONS
Vigo Communications
Sackville House
40 Piccadilly
London
W1J 0DR
AUDITOR
BDO LLP
55 Baker Street
London
W1U 7EU
SOLICITORS
Dorsey and Whitney LLP
199 Bishopsgate
London
EC2M 3UT
BANKERS
Santander
2 The Forbury
Reading
RG1 3EU
Pacific Western Bank
406 Blackwell Street
Suite 240
Durham
North Carolina
27701
USA
REGISTRARS
Link Group
10th Floor
Central Square
29 Wellington Street
Leeds
LS1 4DL
WEBSITE ADDRESS
www.corero.com
Printed by a Carbon Neutral Operation (certified: CarbonQuota) under the PAS2060 standard.
Printed on material from well-managed, FSC™ certified forests and other controlled sources.
This publication was printed by an FSC™ certified printer that holds an ISO 14001 certification.
100% of the inks used are HP Indigo ElectroInk which complies with RoHS legislation and
meets the chemical requirements of the Nordic Ecolabel (Nordic Swan) for printing companies,
95% of press chemicals are recycled for further use and, on average 99% of any waste
associated with this production will be recycled and the remaining 1% used to generate energy.
The paper is Carbon Balanced with World Land Trust, an international conservation charity, who
offset carbon emissions through the purchase and preservation of high conservation value land.
Through protecting standing forests, under threat of clearance, carbon is locked-in, that would
otherwise be released.
82
Corero Network Security plc Annual Report and Accounts 2022
Corero Network Security plc Annual Report and Accounts 2022
83
83
�CORERO NETWORK SECuRITY PLC
Registered Office
Salisbury House
29 Finsbury Circus
London
EC2M 5QQ
UK
�