More annual reports from ECSC Group plc:
2020 ReportPeers and competitors of ECSC Group plc:
AppenCompany Information Directors David Mathewson (Non-Executive Chairman) Ian Mann (Chief Executive Officer) Lucy Sharp (Chief Operating Officer) Elizabeth Gooch (Non-Executive Director) Nominated Advisor & Broker to the Company Allenby Capital Limited 5 St. Helen’s Place London EC3A 6AB Registered Office 28 Campus Road Listerhills Science Park Bradford BD7 1HR Telephone Number 01274 736 223 Company Secretary David Mathewson Website www.ecsc.co.uk Auditors to the Company BDO LLP Central Square 29 Wellington Street Leeds LS1 4DL Solicitors to the Company Freeths LLP 1 Vine Street Mayfair London W1J 0AH Financial PR Alma PR Aldwych House 71-91 Aldwych London WC2B 4HN Registrar Equiniti Group plc Aspect House Spencer Road Lancing West Sussex BN99 6DA Page 2 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Contents 2 Company Information 5 Chairman’s Statement 14 Strategic Report 22 Board of Directors 23 Directors’ Report 29 Remuneration Report 34 Statement of Directors Responsibilities. 35 Independent Auditor’s Report to the Members of ECSC Group plc 39 Consolidated Statement of Comprehensive Income 40 Consolidated Statement of Financial Position 41 Company Statement of Financial Position 42 Consolidated Statement of Changes in Equity 43 Company Statement of Changes in Equity 44 Consolidated Cash Flow Statement 45 Company Cash Flow Statement 46 Notes to the Financial Statements “We are delighted to report such strong organic growth for the full year, with continued emphasis on our Managed Services recurring revenue. The team continues to acquire new clients, deliver quality service, develop our technologies, and build a solid base for on going growth.” Ian Mann Chief Executive Officer Page 3 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Cyber Security Experts For Almost Two Decades 18 Year Record Organic Growth £5,000,000 £4,000,000 £3,000,000 £2,000,000 £1,000,000 0 IPO 00-01 01-02 02-03 03-04 04-05 05-06 06-07 07-08 08-09 09-10 10-11 11-12 12-13 13-14 04-15 2016* 2017 * Adjusted for 12 months 35% Organic revenue growth to £5.4m (2017: £4.0m*) 27% Consulting Service division revenue up to £3.1m (2017: £2.4m) 56% Managed Services division revenue up to £1.7m (2017:£1.1m*) 95 New Consulting Clients 67% Gross Profit increase to £2.7m (2017: 1.6m*) £0.6m EBITDA loss (adjusted) (2017:£2.9m*) * Restated due to IFRS 15 adoption from 1 January 2018 Page 4 ECSC Group plcAnnual Report Year ended 31 December 2018 Chairman’s Statement These strong results represent the second full year of trading since the IPO in December 2016. This organic growth has been driven by the successful execution of our strategy combined with a number of external factors: the continued incidence of high- profile cyber security breaches, the implementation of the new Data Protection Act in May 2018, incorporating the General Data Protection Regulations (”GDPR”), and the increasing priority accorded to cyber security in corporate boardrooms generally. Whilst we are yet to see the resulting fines imposed by the Information Commissioners’ Office (“ICO”) under the new regulations, organisations of all sizes now understanding the requirement of mandatory breach reporting and the impact of fines of up to 2% of global turnover for cyber security breaches. The benefits of our restructuring efforts earlier in 2018 are demonstrated in our performance for the year. This has produced a 35% increase in revenue for the year, and a significantly reduced monthly cost base. We are generating a steady flow of new clients as well as repeat business from our established clients. The results reflect the extensive work completed internally within the Company to control costs, implement improvements within sales and leverage the capacity within the operational infrastructure. This improved performance is the result of a focussed and motivated team delivering strong growth, whilst keeping tight control over costs and cash management. The new ECSC Kepler Artificial Intelligence (AI) technology, delivered through our global Security Operation Centres (“SOCs”), is central to the growth in the Managed Services Division. Clients increasingly recognise that 24/7/365 cyber security breach detection and expert incident response, is vital to the protection of personal information and maintenance of critical IT systems. For all but the largest global organisations, the outsourcing of these critical functions is the logical choice, and ECSC has the technology, expertise and processes to deliver. I was delighted when we won another industry award recently for our managed security service, with regard to supporting systems requiring compliance to the Payment Card Industry Data Security Standard (“PCI DSS”). On behalf of the Board, I would like to thank all of our clients, staff and advisors for their continued support and commitment during the year. ECSC is well positioned in a growing cyber security marketplace, and we look forward with confidence to broadening our base of clients and delivering improved operating results. David Mathewson Non-Executive Chairman 12 March 2019 “The results reflect the extensive work completed internally within ECSC to control costs, implement improvements within sales, and leverage the capacity within the operational infrastructure. This improved performance reflects a focussed and motivated team delivering strong growth whilst keeping tight control over costs and cash management.” David Mathewson Non-Executive Chairman Page 5 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Cyber Security Experts For Almost Two Decades What We Do Incident response ‘emergency’ service Remotely manage client cyber security devices from ECSC’s Security Operations Centre (SOC) Cyber security reviews Technical penetration testing of cyber security Develop Artificial Intelligence (AI) Cyber Essentials Consultancy to help clients achieve ISO 27001 information security certification Advise and assess clients for certification to the Payment Card Industry Data Security Standard (PCI DSS) Page 6 Page 6 ECSC Group plcAnnual Report Year ended 31 December 2018 Chief Executive Officer’s Review Managed Services received significant investment in the year following the IPO, including the establishment of an additional Security Operations Centre (“ SOC”) in Brisbane, Australia, allowing us to deliver true 24/7/365 security breach monitoring and response. The investment also allowed for the introduction of our Incident Response unit in London, hosting our Incident Response emergency equipment, thus enabling the Incident Response team to respond rapidly to our southern UK based clients. Furthermore, the investment allows for continued research and development into the ECSC proprietary AI software ‘Kepler’. This technology is used extensively within our security devices to enable the identification, assessment and alerting of critical security events to the SOC teams for analysis and reporting to clients. The Board continues to see the Managed Services revenue stream as a priority for growth. With strong foundations now in place in terms of the technical infrastructure and in-house expertise, we are able to leverage the capacity of this division and to ensure that the Company is well placed to secure additional Managed Services contracts in the future. Vendor Products Sales of third-party vendor products, whilst growing at 36% represents only 4% of overall sales. Whilst this is not a strategic segment of the business, this continues to be a useful service for those clients requiring a trusted provider to source products on their behalf. Strong growth was seen across all divisions, which reflects the extensive in-house expertise, development, investment from previous years, and a growing cyber security market. Consulting Division We are pleased to report that Consulting revenue has grown by 27% from the previous year, with significant new client acquisitions varying in organisation size and across a wide range of sectors. Additionally, over the period 67% of Consulting sales constituted repeat business, a testament to our focus on building strong client relationships and delivering excellent service. Cyber security testing continues to account for the largest proportion of our Consultancy sales and is typically the initial starting point for any client looking to improve their cyber security for the first time. Commonly, initial testing engagements lead to further sales across multiple service lines as a result of the Company’s ‘land and expand’ strategy, facilitated by our consultative sales approach and comprehensive breadth of service. The requirement for companies to assess their businesses against recognised standards, including ISO 27001, PCI DSS, and Cyber Essentials, has continued to grow as organisations are increasingly required to demonstrate external verification of their cyber security capabilities to their customers, partners, and stakeholders. Managed Services Division The growth of Managed Services is central to the Company’s ongoing growth strategy. Managed Services provided the Group with multi-year, recurring revenues which enhance the quality and visibility of earnings. We are delighted to report revenue growth of 56% within this division; which includes both recurring revenues (46% growth) and related incident response activities. Page 7 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Chief Executive Officer’s Review cont. Sales & Marketing Further improvements were made to the structure of the sales team in 2018, including changes to the sales management personnel. A significant focus has been placed on the management and ongoing training and development of the sales team, with monthly training introduced to provide a better understanding of our services and client needs. Additional resource in the marketing team has led to an increase in marketing activities, allowing for more effectively targeted campaigns. This additional resource enables the Company to identify and respond to new opportunities for growth within our existing client base and new clients alike. With sales and marketing activity aligned, we are witnessing stronger performance across both teams. Partner Programme In Q4 2018, we launched our Partner Programme, allowing IT Value Added Resellers to directly sell selected ECSC services whilst referring more complex projects to the ECSC sales team to deliver. In addition to our own partner recruitment, training and support we are also collaborating with an established distributor to leverage their existing partners and support systems to include ECSC services. The Board expects the continued expansion of the Partner Programme to have a positive impact impact on future growth. Technology Development We have continued to invest in ECSC’s proprietary software in the year, including continued development of our Managed Services AI software that is embedded within many of our managed devices. The focus remains on delivery of our technology through Managed Services. This ensures we can provide end-users with a comprehensive offering including appropriate in-house resource, expert management and effective 24/7 monitoring. Market Prospects & Organic Growth Strategy The UK cyber security market continues to exhibit growth as highlighted in www.statista.com, and remains an attractive segment of the wider IT sector. Against this backdrop, we are confident that the organic growth strategy of ECSC remains appropriate. Managed Services remains the strategic focus of the Board, to build our recurring revenue streams and target the fastest growing segments of the market. Key Performance Indicators The Key Performance Indicators on page 9 were established in 2018 to enable meaningful measurements of the Group’s performance. Outlook We are delighted to report such strong organic growth for the full year, well ahead of the previous year, with continued emphasis on building our Managed Services recurring revenue supported by our Consultancy Services. The team continues to acquire new clients, deliver quality service, develop our technologies and build a solid base for ongoing growth. We believe we are well positioned to build on the strong organic growth achieved in 2018 and we look forward to the future with confidence. Going Concern Attention is drawn to Going Concern in the Financial Review Page 8 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Chief Executive Officer’s Review cont. Performance Indicator Rationale 2018 2017 Management Comment Revenue Growth Measurement of the success of the organic growth strategy 35% 9%* A strong year, compared with the long-term average of approximately 20% per year Visibility of the success of increasing the percentage of revenue from long-term recurring revenues Visibility of the success of increasing the percentage of revenue from long-term recurring revenues Combined measurement of new client contracts together with renewals of existing client contracts 46% 25%* This reflects new contract wins, renewals and contract expansions 29% 27%* It remains the strategy to increase this proportion £2.5m N/A The best overall measure of progress and future managed services revenue Managed Services Recurring Revenue Growth Managed Service Recurring Revenue Proportion Managed Services Order Book Managed Services Gross Margin Delivery efficiency measurement 53% 33%* Consulting Repeat Revenue Quasi-recurring from longer- term consulting clients 78% 68% Consulting Gross Margin Contract Liabilities Delivery efficiency measurement 57% 50% Contracted and invoiced revenue where performance obligations have yet to be settled £0.9m £0.8m* Measuring the increased leveraging of IPO investment in delivery capacity Given consulting growth of 27%, this represents significant client retention A reflection on capacity required for growth and management of consultant workload This will reflect growth in long-term client relationships, particularly managed services * Restated for 2017 and showing like-for-like comparison, due to IFRS 15 adoption from 1 January 2018 Ian Mann Chief Executive Officer 12 March 2019 Page 9 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Cyber Security Experts For Almost Two Decades ECSC Group plcAnnual Report Year ended 31 December 2018 Cyber Security Challenges for Organisations Knowing how secure they are Dealing with a cyber security breach There is increasing pressure on Senior Management to demonstrate that they have effective cyber security defences in place, which has only been heightened further by the introduction of the General Data Protection Regulation (“GDPR”). The challenge for many organisations is that they don’t have direct experience of dealing with a serious cyber security breach, meaning they are often unequipped to understand the situation and therefore the best course of action. For many organisations, understanding their critical systems and the realistic threats they face is a challenge in itself. Related ECSC Solution: Cyber Security Review, Testing Achieving cyber security standards Organisations are increasingly required to demonstrate via external verification, their own cyber security capabilities to their clients and stakeholders. The increased focus on breach prevention, and mandatory GDPR breach reporting mean demonstrating a ‘defensible position’ has never been more important. Related ECSC Solution: ISO 27001, PCI DSS, Cyber Essentials Certifications Finding technologies that actually deliver Many organisations are influenced by the latest technologies and all that the endless features/ benefits promise, only to find that they don’t have sufficient in-house resource to maximise the effectiveness of these technologies. However great the promise, technology cannot replace the need for real people. Related ECSC Solution: Managed Services Related ECSC Solution: Incident Response Retainer Detecting cyber security breaches 24/7/365 With many organisations now recognising that cyber criminals don’t work typical business hours, monitoring and detecting 40 hours a week is not enough. In order to deliver a 24/7/365 service, organisations would need to employ a minimum of six dedicated and qualified security analysts in addition to investing in the right monitoring and detection systems. Related ECSC Solution: Managed Services, Outsourced Security Operations Centre “We have been working with ECSC for many years and the relationship is excellent.” Network Security Manager Travel and Leisure Industry Page 11 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Cyber Security Experts For Almost Two Decades Employee Engagement Survey “Hands down the best company I’ve ever worked for” “We celebrate each other’s successes” “Fantastic team spirit where everyone digs in” 100% believe their work influences the success of the company 96% feel proud of this company 100% believe their team supports each other to be the best they can be Sample response to our latest Employee Engagement Survey Page 12 ECSC Group plcAnnual Report Year ended 31 December 2018 Chief Operating Officer’s Overview Our people are our strength. The Company recognises that the recruitment and retention of cyber security expertise is central to our continued success. It is our mission to attract, and develop, the best people, technology and methodologies to help our clients meet the challenge of making their use of information and communications technologies more secure – our employees are central to the delivery of this mission. We pride ourselves on developing and nurturing talent and expertise in this fast paced environment. Talent is sought from universities across the country and we offer student placements, apprenticeships and graduate roles. We select the best consultants, testers and engineers, with varying levels of experience, and a range of expertise, and ensure they are supported in their development and cyber security careers. The company has clearly defined values upon which our culture and behaviours are based: Excellence : We motivate our teams to foster a commitment to exceed expectations, for the clients, the company, and each other. Communication : Our organisation is filled with knowledgeable, experienced highly-skilled professionals, where everyone’s views are valued and considered, ensuring we can deliver the highest level of services for our clients. Synergy : Through a combined effort of our teams, and with our leading industry professionals, we achieve common goals, service success and a total effect that is greater through working together. Challenge : We believe we work at our best if we enjoy what we do for our clients, so we work with people who like to solve problems, have a thirst for knowledge, who enjoy delivering the best solutions, and are motivated to be the best they can be. We are proud of the team spirit we promote and aim to recruit like-minded, forward-thinking people, who are passionate about security, and appreciate our strong culture which permeates through the company and into the delivery of excellent service to our clients. Regular Employee Engagement surveys are carried out to gauge employee satisfaction in their roles and are consistently encouraged by the positive responses. The hard work and focus of our team has enabled our continuing progress and their support in delivering against our mission and growth strategy has been unwavering. We are very proud to have a team of this calibre and thank them for their continued hard work and contribution. Lucy Sharp Chief Operating Officer 12 March 2019 “Very high level information security professional organisation. As someone currently delivering an information security management system, I have found them, at all levels, to be focused, knowledgeable and supportive. You don’t always get what you pay for in life, with GDPR, mistakes could be critical to business survival, I wouldn’t put my company’s money anywhere else.” Infrastructure Project Manager Automobiles and Parts Industry Page 13 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Strategic Report for the year ended 31 December 2018 Financial Review Principal Activities The principal activity of the Group during the year continued to be the provision of professional cyber security services, including Consulting, Managed Services and the sale of Vendor Products. Comparative Financial Information The Comparative figures in these statutory accounts have been restated to adopt IFRS 15 (see note 4.3). Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 Revenue Consulting Managed Service Vendor Products Other Gross Profit Consulting Managed Service Vendor Products Other EBITDA (Adjusted)* Other Income Sales & Marketing Costs Administration Expenses EBITDA** Share Based Payments Exceptional Items Depreciation and Amortisation Operating (Loss)/ Profit (Adjusted)* Operating (Loss)/ Profit * Adjusted Operating Loss and EBITDA excludes one-off charges and share based charges. * * EBITDA is defined as Earnings before Interest, Tax, Depreciation and Amortisation. (As defined in note 26 in the Financial Statement) 3,122 1,745 228 287 5,382 1,783 923 42 (8) 2,740 152 (1,817) (1,710) (635) (111) (120) (866) (392) (1,027) (1,258) 2,449 1,118 168 263 3,998 1,228 364 38 15 1,645 121 (2,545) (2,160) (2,939) (93) (275) (3,307 (254) (3,193) (3,561) Adjusted KPI’s are used by the Group in order to understand underlying performance and exclude items which distort compatibility, as well as being consistent with public broker forecasts and measures. The method of adjustments are consistently applied but may not be comparable with those used by other companies. Items that have been excluded include Share based charges and one-off charges. Page 14 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Strategic Report for the year ended 31 December 2018 (cont.) Financial Review (cont.) Revenue & Organic Growth Total revenue in the year ended 31 December 2018 was £5.38m, up 34.6% on the comparable prior period (revenue in the 12 months ended 31 December 2017 was £4.00m). Within this, Consulting revenue grew by 27% to £3.12m (2017: £2.45m). Managed Services division revenue rose by 56% in the year to £1.75m (2017: £1.12m). This includes Incident Response revenues which rose to £0.18m (2017: £0.05m). Vendor Products revenue in the year grew by 35.7% to £0.23m, (2017: £0.17m). Due to the adoption of IFRS 15, revenues (Manage Service) in 2017 was reduced by £117k giving a contract liability of £117k. Further information on the impact of IFRS 15 is included in Note 4.3 to the Financial Statements. Margin Generation Gross Profit for the year was £2.74m, yielding a 51% margin (2017: £1.65m, yielding a 41% margin). This was due to improved margins in both Consulting and Managed Service. The Consulting margin rose to 57% in the year (2017: 50%). This was due to the current pool of Consultants now better matched to our activity levels, the Board expects the Consulting margin to remain at a similar level in the future. The Managed Services margin rose to 53% (2017: 33%), with the increase being a direct result of new contracts utilising the capacity built in 2017. Cost Restructure & Exceptional Costs During the first quarter of the year ended 31 December 2018, the Directors continued to undertake a cost restructure to reduce the operating losses of the Group and reduce the rate of cash burn following the rapid scale-up of the previous year. The objective was to reduce the operating cost base by £45,000 per month, which was achieved by reducing headcount and by stricter controls with regard overheads. In achieving these recurring cost savings, a number of one-off, exceptional costs were incurred, including payments in lieu of notice and lease cancellation costs. These exceptional costs totalled £0.12m (2017: £0.28m) (see note 27) in the year, the bulk of which were incurred in the first half of the year. EBITDA & Operating Loss Adjusted EBITDA for the year, which excludes one-off charges and share based charges, was a loss of £0.64m (2017: loss of £2.94m). EBITDA for the year was a loss of £0.87m (2017: loss of £3.31m). Adjusted Operating Loss for the year, which excludes one-off charges and share based charges, was £1.03m (2017: loss of £3.19m). The Operating Loss in the year was £1.26m (2017: loss of £3.56m). Cash Flow The cash balance at the start of the year was £1.6m. During the year, the cash balance has fallen due to the EBITDA loss (£0.87m), capital expenditure (£0.15m), and development costs (£0.18m). During the year, the Group received a refund of £0.12m from HMRC in respect of a surrender of R&D Tax Credits from earlier periods. Page 15 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Strategic Report for the year ended 31 December 2018 (cont.) Financial Review (cont.) The cash balance at 31 December 2018 was £0.65m. The closing cash balance is as budgeted, and, together with more active management of the Company’s debtors, provides a solid base for the Company’s growth plans for the year ahead. Balance Sheet The Group’s Balance Sheet as at 31 December 2018 had Net Assets of £1.04m (2017: £2.17m). Retained Earnings and Distributable Reserves as at 31 December 2018 were a cumulative loss of £4.91m (2017: cumulative loss of £3.68m). Going Concern The Directors have assessed the going concern status of the Group by reference to a number of factors. In particular, the Directors have considered the strong rate of growth in the cyber security market; the fact that business continues to attract new clients and is not overly dependent on any single client; the fact that the business continues to retain key staff following the restructuring, the fact that the business has no Corporation Tax liability to HMRC and that the Group has only modest financing facilities which are not subject to financial covenants. Moreover, having reduced the monthly operating losses significantly by way of the cost restructure (see section cost restructure & exceptional costs, page 21), the rate of cash burn has also been significantly reduced. In undertaking their review, the Directors have prepared financial projections for the years ending 31 December 2019 and 2020, a review which assumed continued revenue growth and cost efficiency. In the event that this revenue and cost performance is not achieved, the Directors have also considered a sensitivity analysis based on lower revenue growth and have formulated contingency plans for this scenario, which enable the Group to preserve its financial resources. As such, the Directors have concluded that the cash balance at 31 December 2018 is sufficient to fund the ongoing growth and development of the Group and to meet its liabilities as they fall due for at least the 12 months from the date of approval of the financial statements. IFRS 15 The Directors adopted the application of IFRS 15: Revenue from contracts with customers from 1 January 2018, applying the fully retrospective method of transition. The core principle is that revenue should only be recognised as the client receives the benefit of the goods or services provided under a commercial contract, in an amount that reflects the consideration to which the provider expects to be entitled for the transfer of the goods or services. Further information on the impact of IFRS 15 is included in Note 4.3 to the Financial Statements. Dividend The Board has not declared a dividend for the year ended 31 December 2018 (2017: £nil). David Mathewson Non-Executive Chairman 12 March 2019 Page 16 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Strategic Report for the year ended 31 December 2018 (cont.) Principal Risks and Uncertainties ECSC Group plc (‘ECSC’ or ‘the Company’ or ‘the Group’) is exposed to a number of Macro, Business and Financial risks. The Directors take a proactive approach to the identification and mitigation of these risks. Summary of Risks The most significant risks to the Group are summarised in the table below. These risks are explained in further detail following the summary. The table does not include all the potential risks associated with Group activities and are not in any order of priority. Principal Risks Economic conditions Mitigating Actions/Factors Expenditure on cyber security has become non-discretionary in nature and is less sensitive to economic fluctuations Rapid technological change Investment in proprietary intellectual property Competition Cyber security breach Reputation Dependence on key personnel Ability to recruit and retain skilled personnel Maintaining a broad, full-service offering Certifications to ISO 27001, PCI DSS and Cyber Essentials; avoidance of technologies associated with common security breaches Consistent focus on legal, financial, regulatory and technological compliance Board and Senior Management structure and remuneration is designed to reduce the risks associated with the loss of any single person Ongoing development of a wide range of employee benefits and incentives, career progression and technical development Reliance on key systems Disaster recovery and business continuity plans Client acquisition Client retention Future funding requirements Macro Risks Economic Conditions Sale team training and development, partner programme, and expanded marketing activities. Expanded service delivery function and service management layer Flotation on the Alternative Investment Market of the London Stock Exchange The Group could be affected by national and international economic factors outside its control, including an economic slowdown, changes in the monetary and fiscal policies of the Government, exchange rate fluctuations, commodity price volatility, inflation, increases in interest rates and banking sector conditions. Any UK economic downturn, either globally or locally, may have an adverse effect on the demand for the Group’s services. A more prolonged economic downturn may lead to an overall decline in the volume of the Group’s activities and sales, restricting the Group’s ability to realise a profit. However, given the proliferation of cyber security breaches and the damage caused, in financial and reputational terms, expenditure by corporates on cyber security is increasingly of a non-discretionary nature, such that demand has become less sensitive to general economic fluctuations. Page 17 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Strategic Report for the year ended 31 December 2018 (cont.) Principal Risks and Uncertainties (cont.) Geopolitical Risks The Group’s operations now or in the future may be adversely affected by factors outside the control of the Group, including election results, changes in Government policy, terrorist activities, labour unrest, civil disorder and political upheaval, war, subversive activities and sabotage, fires, floods, natural disasters and epidemics. Brexit The current political impasse, and resulting business uncertainty is likely to be impact on decisions regarding significant investment. For ECSC, this could lead to delays in closing significant managed service contracts. The Board has considered the impact of the UK’s decision to leave the European Union and concluded that, since 97% of revenue (see note 6) is generated in the UK, the impact of any future potential barriers to free trade are unlikely to directly impact the Group. However, there is potential to impact our clients and therefore their cyber security budgets. Business Risks Technology The markets in which the Group operates are characterised by rapid technological change, changes in client requirements, frequent product and service introductions employing new technologies, and the emergence of new industry standards and practices that could render the Group’s existing technology and services obsolete. In order to compete successfully, the Group will need to continue to improve its services, and to develop and market new products that keep pace with technological change. This may place strain on the Group’s capital resources, which may adversely impact the revenues and profitability of the Group. The success of the Group depends on its ability to anticipate and respond to technological changes and client requirements in a timely and cost-effective manner. There can be no assurance that the Group will be able to effectively anticipate and respond to technological changes and client needs in the future. Intellectual Property In order to mitigate Technology risk and maximise its competitive advantage, the Group seeks to protect its intellectual property. Much of the Group’s intellectual property is not of a nature that is capable of registration, so protection of intellectual property relies on maintaining the confidentiality of know-how, methodologies and processes which, in turn, are largely dependent on people. There is a risk that if the confidentiality of the Group’s intellectual property were compromised, this could lead to a loss of competitive advantage. To mitigate this risk, the Group employs strict terms of confidentiality in its standard terms of employment. The Group’s software is largely developed in-house. However, some aspects of it are based on open-source licences such as the General Public Licence (a widely used form of licence within the free and open-source code software domain), which oblige ECSC to provide access to the source code of the relevant software package if a client requests it. There is a limited risk that ECSC could be pursued by way of enforcement action in this area, which may have a material adverse effect on the Group’s performance. Competition There can be no guarantee that the Group’s current competitors or new entrants to the market will not bring superior technologies, products or services to the market, or equivalent products at a lower price, which may have an adverse effect on the Group’s business. Such companies may also have greater financial and marketing resources than the Group. These competitive risks are mitigated by maintaining a full service offer, spanning Consulting and Managed Services, with a strategic focus on expanding the recurring revenue base from retained clients, underpinned by a proactive account management process. Page 18 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Strategic Report for the year ended 31 December 2018 (cont.) Principal Risks and Uncertainties (cont.) Cyber Security Breach As with all providers in this sector, the potential embarrassment and reputational impact of a major cyber security breach for ECSC itself is significant. However, ECSC manages this risk in a number of ways: External certification to international security standards, such as ISO 27001 and PCI DSS. • • Avoidance of technologies commonly targeted for attack – ECSC makes extensive use of Linux-based technologies, including all operational desktop PCs and laptops, and does not support Bring Your Own Device (BYOD) policies for any company business, including for Associate Consultants. The Company directs the same level of security expertise at its own security as to that of its clients, avoiding the common issue with IT companies that their own internal IT is managed by a less capable internal team than their client-facing delivery team. • Reputation The Group’s reputation, in terms of the services it provides, the manner in which it conducts its business and the financial performance it achieves, are central to the Group’s success. The Group’s services, and the software on which they are based, are complex and may contain undetected defects when first introduced. Such defects could damage the Group’s reputation, ultimately leading to an increase in the Group’s costs or reduction in its revenues. Other issues that may give rise to reputational risk include, but are not limited to, failure to deal appropriately with legal and regulatory requirements in any jurisdiction (which may result in the issuance of a warning notice or sanction by a regulator or an offence being committed by a member of the Company or any of its employees or Directors), money-laundering, bribery and corruption, factually incorrect reporting, staff disputes, fraud (including on the part of clients), technological delays or malfunctions, the inability to respond to a disaster, lack of data privacy, and poor record-keeping. In addition, failure to meet the expectations of clients, suppliers, employees, shareholders, regulators and other business partners may have a material adverse effect on the Group’s reputation. To mitigate these varied risks, the Group has adopted a strict and thorough approach to compliance, investing resources to meet relevant legal, financial, regulatory and technological standards and requirements. Dependence on Directors and Senior Management The Group’s performance is substantially dependent on the continued services and performance of its Directors and senior management. Although certain Directors and key personnel have entered into Service Agreements or Letters of Appointment with the Group, there can be no assurance that the Group will retain their services. The loss of the services of any of the Directors or key personnel may have a material adverse effect on the business, operations, relationships and/or prospects of the Group. The risk of loss of a Director or member of senior management is mitigated by offering market competitive remuneration for key roles, including appropriate levels of equity incentivisation via the share option schemes of the Group. Ability to Recruit and Retain Skilled Personnel The Group believes that it has the appropriate incentivisation structures to attract and retain the calibre of employees necessary to ensure the growth and development of the Group. However, any difficulties encountered in hiring appropriate employees and the failure to do so may have a detrimental effect upon the trading performance of the Group. The ability to attract new employees with the appropriate expertise and skills cannot be guaranteed. Page 19 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Strategic Report for the year ended 31 December 2018 (cont.) Principal Risks and Uncertainties (cont.) Reliance on Key Systems The Group’s dependency upon technology exposes it to significant risk in the event that such technology or the Group’s systems experience any form of damage, interruption or failure. The Group’s systems are vulnerable to damage or interruption from events including: • • • • power loss and infrastructure failure; fire or physical destruction; computer hacking activities; and acts of criminal damage or terrorism. Any malfunctioning of the Group’s technology and systems, or those of key third parties, even for a short period of time, could result in a lack of confidence in the Group’s services, the termination of client contracts and potential claims for damages, with a consequential material adverse effect on the Group’s operations and performance. The Group has a well considered, certified and regularly rehearsed disaster recovery and business continuity plan to mitigate this risk. New Client Acquisition and Retention of Existing Clients The Group’s future success depends on its ability to increase sales of its services and products to new clients, increase sales to its existing clients, and maintain existing client contractual relationships. The rate at which new and existing clients purchase services and existing clients renew their contracts depends on a number of factors, including the efficacy of the Group’s services and the utility of the Group’s new offerings, as well as factors outside of the Group’s control, such as clients’ perceived need for security solutions, the introduction of services by the Group’s competitors that are perceived to be superior to the Group’s services, end clients’ IT budgets and general economic conditions. A failure to increase sales as a result of any of the above could materially adversely affect the Group’s financial performance and position. Failure to Develop, Launch and Market New Services The Group’s long-term growth and profitability is dependent on its ability to develop and successfully launch and market new services. The Group’s revenues and market share may suffer if it is unable to successfully introduce new products in a timely fashion or if any new or enhanced products or services are introduced by its competitors that its customers find more advanced and/or better suited to their needs. While the Group continuously invests in research and development to develop products in line with client demand and expectations, if it is not able to keep pace with product development and technological advances, including shifts in technology in the markets in which it operates, or to meet client demands, this could have a material adverse effect on the Group’s financial performance and position. Page 20 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Strategic Report for the year ended 31 December 2018 (cont.) Principal Risks and Uncertainties (cont.) Financial Risks Future Funding Requirements Although not presently anticipated by the Directors, the Group may need in the future (more than twelve months) to raise equity or debt capital to fund future acquisitions, expansion and/or business development. There can be no guarantee that the necessary funds will be available on a timely basis, on favourable terms, or at all, or that such funds, if raised, would be sufficient. If the Group is not able to obtain additional capital on acceptable terms, or at all, it may be forced to curtail or abandon acquisition opportunities, expansion and/or business development. The above could have a material adverse effect on Group performance. This risk is partially mitigated by the Group’s quotation on the Alternative Investment Market of the London Stock Exchange, which provides a conduit to equity investors. David Mathewson Non-Executive Chairman 12 March 2019 Page 21 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Board of Directors The Board of ECSC Group plc comprises two Executive Directors and two Non-Executive Directors. Lucy Sharp (age 39) Chief Operating Officer Lucy has over 18 years of experience in the cyber-security sector, having joined ECSC at its inception. Lucy worked as an ISO 27001 consultant, leading this area prior to taking the position of Operations Director in 2012. Lucy has held a number of professional certifications, including CISSP, PCI QSA, and ISO Lead Auditor. Whilst working at ECSC, Lucy completed a Masters in Business Management at Leeds Metropolitan University. Elizabeth Gooch MBE (age 57) Non-Executive Director Elizabeth Gooch is an award-winning UK tech entrepreneur, having started her career in industry, joining Forward Trust (a subsidiary of Midland Bank) and then Birmingham Midshires Building Society, before establishing eg solutions in 1988. She pioneered the introduction of industrial production management methodologies into the service sector and invented the eg operational intelligence ® software suite to embed these techniques into businesses. eg was listed on the Alternative Investment Market and was acquired by a major US Software Company in 2017. Elizabeth was named as one of The Telegraph’s Most Disruptive Entrepreneurs and West Midlands Woman of the Year for her Outstanding Contribution to Technology. She was made a Member of the Order of the British Empire in the Queens Jubilee Birthday Honours 2012, in recognition of her achievements in delivering significant benefits for clients with the products she designed. Elizabeth is now CEO of The Tech Growth Factory; a company she established to assist the founders of small technology companies achieve their growth potential. Elizabeth Gooch is the independent Non-Executive Director following the Board reorganisation during March and April 2018. The Board has slimmed down to two Non-Executive Directors and two Executive Directors. David Mathewson Non-Executive Director Chairman is a Charted Accountant and has been overseeing the finance function from April 2018. The Board has considered its independence and effectiveness, and is satisfied to the degree of competence and efficient in place. Elizabeth Gooch is the independent Non-Executive Director following the Board reorganisation during March and April 2018. The Board has slimmed down to two Non-Executive Directors and two Executive Directors. David Mathewson Non-Executive Chairman is a Charted Accountant and has been overseeing the finance function from April 2018. The Board has considered its independence and effectiveness, and is satisfied to the degree of competence and efficient in place. The Board is responsible for the formulation of business strategy, operational execution, financial performance and compliance. The Executive Directors are responsible for day- to-day operational and financial management, whilst the Non-Executive Directors are responsible for delivering effective corporate governance. The profile of each Director is as follows: David Mathewson (age 71) Non-Executive Chairman David is a Chartered Accountant who has spent most of his career in merchant banking and as a non-executive director. He was an Executive Director of Noble Grossart Limited, Scotland’s premier merchant bank, for many years. Previous non-executive roles include Chairman of Sportech Plc and he was also a Director of Playtech Group plc. During his tenure at Playtech, he was appointed Chief Financial Officer and oversaw the company move from AIM to the Main Market of the London Stock Exchange. He is currently a Non-Executive Director of AIM traded SEC SPA, an Italian company, also traded on AIM, and Chairman of Bioflow Ltd. The Board has reviewed David’s time commitment from his other directorships and has concluded that they average six to seven working days per month. The Board is therefore comfortable that David has sufficient available capacity to carry out his duties as a Non-Executive Chairman of ECSC Group plc. Ian Mann (age 51) Chief Executive Officer Ian has over 18 years of experience in the cyber-security sector, having founded ECSC. He was previously an advisor for GCHQ, and established a Cisco Networking Academy for Dixons City Technology College. Ian’s professional certifications include CISSP, PCI QSA, and ISO Lead Auditor. Ian holds a B.Eng. in Electrical and Electronic Engineering from the University of Nottingham, and an MBA from the Open University. Page 22 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Directors’ Report for the year ended 31 December 2018 Principal Activities and Review of the Business The principal activity of the Group during the year continued to be the provision of professional cyber security services. Future developments of the Group have been reviewed as part of the Strategic Report. Principal Risks and Uncertainties For information on the principal risks and uncertainties of the Group, please see pages 17 to 21 of the Strategic Report. Results and Dividends The loss for the period, after taxation, amounted to £1,238k (2017: loss of £3,526k). The Board has not declared a dividend for the year ended 31 December 2018 (2017: £nil). Going Concern The Directors are satisfied that the Group has sufficient financial resources to continue to operate for the foreseeable future, which is considered to be at least the 12 months from the date of approval of the financial statements. For this reason, the going concern basis is considered appropriate for the preparation of the financial statements (for more information see note 4.2 to the Financial Statements). Research and Development Research and development activities are grouped into three broad areas: Proprietary software, operating systems, applications, tools and documentation used to provide Managed Services. • • Proprietary software, tools and techniques used to provide Consulting Services. • Core internal business systems to support revenue generating activities. Chairman Corporate Governance Overview As Chairman of the Board of Directors of ECSC Group plc it is my responsibility to ensure that ECSC has both sound corporate governance and an effective Board. As Chairman, my responsibilities include leading the Board effectively, overseeing the Company’s corporate governance model, communicating with shareholders, and ensuring that good information flows freely between Executives and Non-Executives in a timely manner. ECSC Group plc has adopted the QCA Corporate Governance Code in line with the London Stock Exchange’s recent changes to the AIM Rules, requiring all AIM-listed companies to adopt and comply or explain non-compliance with a recognised corporate governance code. The Board considers that the Group complies with the QCA Code so far as it is practicable having regard to the size, nature and current stage of development of the Company, and will disclose any areas of non-compliance in the text below. The Board believes that corporate governance is a framework which underpins the core values for running the business in which we all believe, including a commitment to open and transparent communications with stakeholders. Further details on Corporate Governance is on the Group’s website at https://investor.ecsc.co.uk/governance/corporate-governance.html. Page 23 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Directors’ Report for the year ended 31 December 2018 (cont.) QCA Principles 1. Establish a strategy and business model which promotes long-term value for shareholders The Board has concluded that the highest medium and long-term value can be delivered to its shareholders by a focused strategy for the Company. Details of the Business strategy can be found on page 7. 2. Seek to understand and meet shareholder needs and expectations The Group is strongly committed to the maintenance of good investor relations and seeks, wherever possible, to build a relationship of mutual understanding with both its institutional and private client investors. The Company communicates how it is governed and is performing through its Annual Report and Accounts, full-year and half-year announcements, regulatory announcements and its website: https://investor.ecsc.co.uk/. The Group have a dedicated email address investor@ecsc.co.uk for shareholder enquiries. 3. Take into account wider stakeholder and social responsibilities and their implications for long-term success The Board recognises that the long-term success of the Group is reliant upon the efforts of the employees of the Group and its suppliers, regulators and other stakeholders. The Group prepares an annual strategic plan and detailed budget which considers a wide range of key resources and stakeholders. Everyone within the Group is a valued member of the team, and our aim is to help every individual achieve their full potential. We offer equal opportunities regardless of race, gender, gender identity or reassignment, age, disability, religion or sexual orientation. See employee survey, (page 12) 4. Embed effective risk management, considering both opportunities and threats, throughout the organisation The Board attaches considerable importance to the Company’s system of internal control and risk management. An ongoing process has been established for identifying, evaluating, and managing the significant risks faced by the Group. Details of key risks to the business can be found on pages 17. 5. Maintain the board as a well-functioning, balanced team led by the Chair ECSC is controlled by the Board of Directors , details of the Board and the roles can be found on pages 22. 6. Ensure that between them the Directors have the necessary up-to-date experience, skills and capabilities The Directors have both a breadth and depth of skills and experience to fulfil their roles and deliver the strategy of the Group for the benefit of the shareholders over the medium to long-term. The Group believes that the current balance of skills in the Board as a whole, reflects a very broad range of commercial and professional skills. The Directors continue to develop their skill set and keep up to date with current regulations in their prospective markets. Details of the Directors’ experience and areas of expertise are outlined on pages 22. 7. Evaluate board performance based on clear and relevant objectives, seeking continuous improvement The Board informally review board performance as part of the day to day running of the business. ECSC Group plc has yet to carry out a formal assessment of board effectiveness and the board will keep this under consideration and put in procedures when it is felt appropriate. The Company has adopted a code for Directors’ and employees’ dealings in securities which is appropriate for a company whose securities are traded on AIM, and is in accordance with the requirements of the Market Abuse Regulation which came into effect in 2016. Page 24 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Directors’ Report for the year ended 31 December 2018 (cont.) 8. Promote a corporate culture that is based on ethical values and behaviours The company has clearly defined values upon which our culture and behaviours are based. These are outlined in the Chief Operating Officer’s Overview on page 13. 9. Maintain governance structures and processes that are fit for purpose and support good decision-making by the board The Board is committed to, and ultimately responsible for, high standards of corporate governance, and has chosen to adopt the QCA Code. We review our corporate governance arrangements regularly and expect to evolve these over time, in line with the Group’s growth. The Board delegates responsibilities to Committees and individuals as it sees fit, with the Chairman being responsible for the effectiveness of the Board, and the Executive Directors being accountable for the management of the Company’s business and shareholder liaison. 10. Communicate how the company is governed and is performing by maintaining a dialogue with shareholders and other relevant stakeholders The Board is strongly committed to the maintenance of good investor relations and to having constructive dialogue with its shareholders. Executive Directors and Chair seek to meet with shareholders and other investors/potential investors at regular intervals during the year. Page 25 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Directors’ Report for the year ended 31 December 2018 (cont.) Committee Chairman This report sets out information about the remuneration of the Directors of the Company for the year ended 31 December 2018. As a company admitted to AIM, ECSC Group is not required to prepare a Directors Remuneration report. However, the board supports the principle of transparency and has prepared this report in order to provide information to shareholders on Directors remuneration arrangements. THE REMUNERATION COMMITTEE Committee Composition Elizabeth Gooch MBE was appointed chair of the Committee on 16 April 2018. The other member of the committee is David Mathewson. Committee Responsibilities The Remuneration Committee’s primary purpose is to ensure that the remuneration packages of the senior and most highly rewarded team at ECSC Group are both aligned to the company’s purpose and values and linked to the successful delivery of the company’s long-term strategy. Committee Meetings The Remuneration Committee met at least four times in the period from April 2018, with other board members in attendance as appropriate. The Committees main activities during the year included: • Reviewed Committee Terms of Reference and made recommendations to the board for update • Oversaw a benchmarking exercise for Director’s Remuneration and approved proposals for changes in the remuneration of Directors for the forthcoming period. • Agreed individual share option awards • Agreed targets and performance measures for bonus payments for the forthcoming financial period • Administered the group’s share schemes PricewaterhouseCoopers LLP were consulted during the year to provide market guidelines for the remuneration of the Executive and Non-Executive Directors and an overview of potential long-term incentive designs. In determining the Directors remuneration for the year, the Committee consulted Ian Mann, Chief Executive and Lucy Sharp, Chief Operating Officer about its proposals. Directors’ Interests and Remuneration The Directors who held office during the period were as follows: David Mathewson Ian Mann Lucy Sharp Elizabeth Gooch (appointed 16 April 2018) Nigel Payne (resigned from Board 5 April 2018) Stephen Hammell (resigned from Board 13 April 2018) Stephen Vaughan (resigned from Board 13 April 2018) Page 26 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Directors’ Report for the year ended 31 December 2018 (cont.) Audit Committee The duties of the Audit Committee are to consider the relationship with the Company’s auditor (appointment, re-appointment and terms of engagement), to review the integrity of the Company’s financial statements, to keep under review the appropriateness of the Company’s accounting policies, and to review the effectiveness and adequacy of the Company’s internal financial controls. In addition, it will receive and review such reports as it from time to time requests from the Company’s management and auditor. The Audit Committee meets at least twice a year and has unrestricted access to the Company’s auditor. The Audit Committee comprises David Mathewson and Elizabeth Gooch and is chaired by David Mathewson. Nomination Committee The duties of the Nomination Committee are to consider the structure, size and composition of the Board and make recommendations to the Board with regard to any changes. It is also responsible for identifying and nominating candidates to fill Board vacancies as and when they arise. The Nomination Committee also makes recommendations to the Board concerning, among other things, plans for succession for both Executive and Non-Executive Directors. It meets at least twice a year. The Nomination Committee comprises Elizabeth Gooch and David Mathewson and is chaired by David Mathewson. Disclosure Committee The Disclosure Committee is the first point of contact with the Nominated Adbisor (“NOMAD”) for all routine and non-routine matters which the NOMAD wishes to discuss with the Board and shall carry out duties to ensure the Company’s compliance with the AIM Rules and Market Abuse Regulations. The Disclosure Committee meets twice a year and comprises David Mathewson and Elizabeth Gooch and is chaired by David Mathewson. Attendance at Board and Committee meetings There were twelve Board meetings held during the year, all of which were attended by Ian Mann, Lucy Sharp and David Mathewson. Elizabeth Gooch joined the Board during April and therefore attended 9 Board meetings during the year. The Audit Committee had two meetings during the year at which both Elizabeth Gooch and David Mathewson attended. Page 27 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Directors’ Report for the year ended 31 December 2018 (cont.) The following Directors had interests in the ordinary shares of the Company as at 31 December 2018: David Mathewson Ian Mann Lucy Sharp Elizabeth Gooch Number of Ordinary Shares 35,419 2,248,690 230,419 50,000 % of Issued Share Capital 0.39% 24.71% 2.53% 0.55% Details of the Directors remuneration are included in the Remuneration Report on pages 29-33. Substantial Interests At 31 December 2018, the Company had been notified, under the Disclosure and Transparency Rules, of the following major shareholdings and the percentages of voting rights represented by such holdings, excluding the shareholdings and associated voting rights of the Directors noted above, as follows: Number of Ordinary Shares % of Issued Share Capital Unicorn Asset Management Ravinder Bahra Hargreaves Lansdown Artemis Investment Management Phil McLear Malcolm Hoare John Leach 1,448,946 1,069,068 315,020 294,733 472,290 300,300 283,920 15.93% 11.75% 3.46% 3.24% 5.19% 3.30% 3.12% Annual General Meeting The next Annual General Meeting will take place on 19 June 2019. Statement of Disclosure of Information to Auditors The Directors of the Company who held office at the date of approval of this Annual Report as set out above each confirm that: • • so far as each Director is aware, there is no relevant audit information of which the Company’s auditors are unaware; and each Director has taken all the steps that they ought to have taken as a Director in order to make themselves aware of any relevant audit information and to establish that the Company’s auditors are aware of that information. Auditors BDO LLP has indicated its willingness to continue as auditor. Accordingly a resolution proposing its reappointment as auditor will be put to the members at the next Annual General Meeting. On behalf of the Board David Mathewson Non-Executive Chairman 12 March 2019 Page 28 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Renumeration Committee Report As an AIM listed company ECSC Group plc is not required to comply with schedule 8 of the Large and Medium-sized Companies and Groups (Accounts and Reports) Regulations 2008 as amended in August 2013. Nor is it required to comply with the principles relating to Directors remuneration in the UK Corporate Code 2016 (“the code”). The content of this report is unaudited unless stated. Remuneration Policy The objectives of the remuneration policy are to ensure that the overall remuneration of Executive Directors is aligned with the performance of the Group and preserves an appropriate balance of reward and shareholder value. The Company’s policy is to remunerate Directors appropriately such that they are sufficiently rewarded and incentivised for their level of responsibility, the complexity of their role and to reflect their skills and experience. The use of Annual Performance Bonuses and equity-based incentives, linked to Company performance, helps to align the interests of the Directors and Shareholders. The Remuneration Committee sets the level of basic pay and other benefits for Executive Directors and other Senior Managers. It does this in line with its assessment of the appropriate market rate for the roles, wishing to be able to attract and retain good candidates for these roles. In addition, the Company operates an Executive Annual Performance Bonus Scheme covering the Executive Directors. The criteria for payment of bonuses (which are not pensionable if paid) are set by the Remuneration Committee at the beginning of each financial year. The award of any bonus is decided by the Remuneration Committee at the end of the year by reference to the objectives set for the year, the corresponding performance of the Company, and by using its discretion. The Company also operates a share based incentive scheme as outlined below. The Company’s policy is also that a substantial proportion of the remuneration of the Executive Directors should be performance related in order to encourage and reward improving business performance and shareholder returns. In determining remuneration arrangements for Executive Directors, the Committee is sensitive to pay and employment conditions elsewhere in the Cyber Security and general IT Software and Services markets, especially when determining base salary increases. The committee has reviewed the Remuneration Policy for the forthcoming year and has concluded that it remains appropriate for the forthcoming three year period. Page 29 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Renumeration Committee Report (cont.) Remuneration for Executive Directors. The main components of the remuneration arrangements for Executive Directors are as follows: Purpose & Link to Strategy Operation Maximum Opportunity Performance Conditions Base Salary To provided fixed competitive remuneration that will attract and retain key employees and reflect their experience and position in the Group. Benefits To provide market levels of benefits on a cost-effective basis. Reviewed annually taking into account industry-standard executive remuneration and pay levels elsewhere within the sector. Salaries for the year ended 31 December 2017 are set out below. None. Private health cover for the executive and their family, life insurance cover of one-times salary and a company car. Private healthcare benefits are provided through third-party providers and therefore the cost to the Company may vary from year to year. None. Pension Providing post-retirement benefits. The Group contributes to individual’s personal pension schemes 10% of base salary None. Annual incentive Recognises achievements of annual objectives which support the short to medium term strategy of the Group Performance targets are set by the Remuneration Committee at the start of the year with input, as appropriate, from the Executive Directors Executive Share Options Plan Setting value creation through share growth as a major objective for Executive Directors and senior managers. Alignment of option holder interests with those of shareholders through delivery of shares. There is currently no Executive Share Option Plan in operation. The Group intend to introduce a scheme during 2019. The Chief Operating Officer, Lucy Sharp, participates in the EMI scheme. See below. No criteria had been set for the financial year ended 31 December 2018 while the Group focussed on cost reduction and EBITDA margin improvement. Details of the scheme for the forthcoming period are set out below. For the forthcoming period payment will be based on the achievement of stretching targets in weighted Key Performance Indicators linked to the Group’s strategy N/A N/A During the year the Committee commissioned a review of the salaries and rewards of the Directors, including market benchmarking with peer companies in the Cyber Security Sector. As a result, the basic salaries of all Directors have been adjusted and a revised Annual Performance Bonus Scheme for the Executive Directors has been introduced for the forthcoming financial period. The new Executive Directors Annual Performance Bonus Scheme is structured so as to pay up to 60% of basic salary for the Chief Executive and 40% of basic salary for the Chief Operating Officer based on the achievement of stretching targets in certain key performance indicators aligned with the Group’s strategy. The bonus related Key Performance Indicators for the forthcoming period are Revenue, EBITDA, Cash and Gross Margin and they are appropriately weighted. Page 30 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Renumeration Committee Report (cont.) The committee intends to introduce a Long-Term Incentive Plan (“LTIP”) for the Executive Directors during 2019. Details of the scheme will be communicated to shareholders and any awards will be disclosed in next year’s Remuneration Committee Report. Remuneration for Non – Executive Directors Remuneration of the Non-Executive Directors is determined by the Board within the limits set by the Company’s Articles of Association and is based on fees paid in similar companies, the skills required, and the expected time commitment required of each individual. Non-Executive Directors are not entitled to pensions, annual bonuses or employee benefits. They are entitled to participate in share option arrangements relating to the Company’s shares and both were allocated 100,000 options on 20 April 2018. The options had an exercise price of 78pence and are subject to a three year vesting period and the performance condition that the Company’s closing mid-market share price must exceed 200 pence for 10 consecutive business days following the vesting date. The grant represented 2.2% of the current issued share capital of the company. Each of the Non-Executive Directors has a letter of appointment stating his/her annual fee and that his/her appointment is initially for a term of three years, subject to re-appointment at the AGM and renewable for further periods of three years. Their appointment may be terminated with three months written notice at any time. David Mathewson also oversaw the finance function on a part time basis to support the work of Gemma Basharan, Financial Controller. This arrangement has provided the Group with a cost effective arrangement whilst improving financial reporting and controls. Additional fees were paid to David Mathewson during the period to compensate him for these additional duties. Following the Board re-structure in March 2018 the number of Non-Executive Directors was reduced from three to two in order to reduce costs. The Board has decided to continue this arrangement into the forthcoming financial period and the duties of the third Non-Executive Director will continue to be shared between David Mathewson and Elizabeth Gooch. Annual Bonus Payments for 2018 Following the success of the financial year ended 31 December 2018, the committee resolved to pay modest bonuses (as set out in the table below) in recognition of the performance of the Executive Directors during the year. The bonuses were paid after the financial year end. The annual incentive paid to Executive Directors for the year ended 31 December 2018 was 11% of the basic salary of the Chief Executive and 14% of the basic salary of the Chief Operating Officer Name of Director Nigel Payne Ian Mann Lucy Sharp Stephen Hammell Stephen Vaughan David Mathewson Elizabeth Gooch Total Salary or Fees Paid Benefit-in- Kind £’000 £’000 Pension £’000 Annual Bonus Share Based Payments Year ended 31 December 2018 Year ended 31 December 2017 £’000 £’000 £’000 £’000 10 209 103 80 9 64 25 500 - 1 10 - - - 11 - 20 12 6 - - 38 - 25 15 - - - 40 - - 23 - - 5 5 33 10 255 163 86 9 69 30 622 28 237 135 82 32 32 - 546 Notes: • • • Benefits-in-Kind includes the provision of Company Cars and Private Medical insurance Share Based Payments are stated at the cost of the award recognised in the financial period Annual bonus paid after the year end Page 31 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Renumeration Committee Report (cont.) Ian Mann, Chief Executive is the highest paid Director. Employee Benefit Expense (including Directors) during the periods amounted to: GROUP Year ended 31 December 2018 £’000 GROUP Year ended 31 December 2017 £’000 COMPANY Year ended 31 December 2018 £’000 COMPANY Year ended 31 December 2017 £’000 4,155 476 112 4,743 4,867 536 97 5,500 3,971 427 96 4,494 4,807 514 89 5,410 Wages and Salaries Social Security Costs Pension Contributions Directors Interests Details of the Directors Shareholdings are included in the Director’s Report on page 28 Share Incentives The Company operates an Enterprise Management Incentive (‘EMI’) Scheme. The EMI Scheme provides the opportunity for eligible Directors and employees to buy ECSC ordinary shares at a future date in accordance with the scheme rules. The options are subject to the option holder’s continuing employment, are not transferable, and have a life of 10 years. All grants under the scheme are subject to approval by the Remuneration Committee. In August 2018 the Company granted options over 185,000 shares at an exercise price of 93 pence per share, subject to a 3 year vesting period, to 14 employees. The exercise price was set by reference to the average mid-market share price over the 3 days preceding the grant. There was a performance condition attaching to this grant, ordinary shares trade at a mid-market minimum price of 200 pence per share over 30 consecutive trading days during the vesting period. During the year, options over 5,000 options have lapsed, predominantly due to recipients leaving the Company, such that options over 180,000 shares remain exercisable in the future. Outstanding Share Based Awards The outstanding Share Based Awards of the Directors as at 31 December 2018 are: Granted In Year Lapsed In Year Vested In Year End Of Year Price At Grant Exercise Price Name Of Director Lucy Sharp Stephen Hammell Elizabeth Gooch David Mathewson Type Of Reward Share Option Share Option Share Option Share Option Date Of Grant 19 May 2017 69,758 - 7 Dec 2017 100,000 100,000 18 Apr 2018 18 Apr 2018 100,000 100,000 - - - - - - 69,758 497.5p 167.0p - 132.5p 140.0p 100,000 79.0p 78.0p 100,000 79.0p 78.0p The closing mid-market price of the Group’s shares at 31 December was 67.5 pence. During the financial year the share price reached a high of 237.5 pence and a low of 62.3 pence. Page 32 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Renumeration Committee Report (cont.) Directors Service Contracts The Service contracts and letters of appointment of Directors include the following terms: Executive Directors Ian Mann Lucy Sharp Date of Appointment 1 May 2018 30 November 2016 Non-Executive Directors Date of Appointment David Mathewson Elizabeth Gooch 18 April 2018 16 April 2018 Statement of Voting at General Meeting Notice Period 6 months 6 months Notice Period 3 months 3 months At the Annual General Meeting of the Company held (last years date 14 June 2018), all resolutions were passed. Approval This report was approved by the Directors and signed by order of the Board. Elizabeth Gooch MBE Chairman of the Remuneration Committee 12 March 2019 Page 33 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Statement of Directors’ Responsibilities The Directors are responsible for preparing the Annual Report and the financial statements in accordance with applicable law and regulations. Company Law requires the Directors to prepare financial statements for each financial year. Under that law the Directors have elected to prepare the financial statements in accordance with International Financial Reporting Standards as adopted by the EU. Under Company Law the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Company and the Group and of the profit or loss of the Group for the reporting period. In preparing these financial statements, the Directors are required to: select suitable accounting policies and then apply them consistently; • • make judgments and estimates that are reasonable and prudent; • state whether applicable accounting standards have been followed, subject to any material departures disclosed and explained in the financial statements; and prepare the financial statements on the going concern basis unless it is inappropriate to presume that the Company will continue in business. • The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Company’s transactions and disclose with reasonable accuracy at any time the financial position of the Company and enable them to ensure that the financial statements comply with the Companies Act 2006. They are also responsible for safeguarding the assets of the Company and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. Financial information is published on the Company’s website. The maintenance and integrity of this website is the responsibility of the Directors. The work carried out by the Company’s auditors does not involve consideration of these matters and, accordingly, the auditors accept no responsibility for any changes that may occur to the financial statements after they are initially presented on the website. It should be noted that legislation in the United Kingdom governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions. By order of the Board David Mathewson Non-Executive Chairman 12 March 2019 Page 34 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Independent auditor’s report to the members of ECSC Group plc Opinion We have audited the financial statements of ECSC Group plc (the ‘parent company’) and its subsidiaries (the ‘Group’) for the year ended 31 December 2018 which comprise the consolidated statement of comprehensive income, the consolidated and company statement of financial position, the consolidated and company statements of changes in equity, the consolidated and company cash flow statement and the notes to the financial statements, including a summary of significant accounting policies. The financial reporting framework that has been applied in the preparation of the financial statements is applicable law and International Financial Reporting Standards (IFRSs) as adopted by the European Union and, as regards the parent company financial statements, as applied in accordance with the provisions of the Companies Act 2006. In our opinion: • the financial statements give a true and fair view of the state of the Group’s and of the parent company’s affairs as at 31 December 2018 and of the Group’s loss for the year then ended; the Group financial statements have been properly prepared in accordance with IFRSs as adopted by the European Union; the parent company financial statements have been properly prepared in accordance with IFRSs as adopted by the European Union and as applied in accordance with the provisions of the Companies Act 2006; and the financial statements have been prepared in accordance with the requirements of the Companies Act 2006. • • • Basis for opinion We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report. We are independent of the Group and the parent company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Conclusions relating to going concern We have nothing to report in respect of the following matters in relation to which the ISAs (UK) require us to report to you where: • • the directors’ use of the going concern basis of accounting in the preparation of the financial statements is not appropriate; or the directors have not disclosed in the financial statements any identified material uncertainties that may cast significant doubt about the Group’s or the parent company’s ability to continue to adopt the going concern basis of accounting for a period of at least twelve months from the date when the financial statements are authorised for issue. Page 35 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Independent auditor’s report to the members of ECSC Group plc Key audit matters Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) we identified, including those which had the greatest effect on: the overall audit strategy, the allocation of resources in the audit; and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. Key audit matter Going Concern assessment The directors have set out their assessment of going concern in note 4.2 to the financial statements. How our audit addressed the key audit matter Our audit procedures included obtaining and examining management’s forecasts for the next two years. Independent Auditor’s Report to the Members of ECSC Group plc (continued) The group continued to be loss making for the third year running having made a loss after tax of £1,238k (2017: £3,526k). At the reporting date cash reduced to £650k (2017: £1,597k) and the group had negative operating cash flows for the year of £634k (2017: £3,062k). We challenged management’s assumptions used in the forecast period by considering available evidence, including actual monthly cash generation in 2018 and revenue pipeline for 2019 and beyond, to support these assumptions. The above factors necessitated further assessment of whether it is appropriate to continue preparing the consolidated and parent company financial statements on a going concern basis. We considered this to be a key audit matter because management’s assessment involves significant assumptions and judgements which are based on their best estimates, analysis of the current market conditions and the group’s performance. Our application of materiality We have reviewed the disclosures made in the financial statements both in the Strategic Report and in note 4.2 to the financial statements. We assessed whether these adequately and completely disclose the basis of the judgements taken and the view formed by management with respect to the going concern basis of preparation. We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. We consider materiality to be the magnitude by which misstatements, including omissions, could influence the economic decisions of reasonable users that are taken on the basis of the financial statements. In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level, performance materiality, to determine the extent of testing needed. Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also take account of the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements as a whole. The materiality for the Group financial statements was set at £89,000 (2017: £70,000). This was determined with reference to a benchmark of Revenue, of which this represents 1.65% (2017: 1.65%), which we consider to be one of the principal considerations for members of the company in assessing the financial performance of the business. The materiality for the parent company financial statements was set at £88,000 (2017: £70,000). This has been limited to the component materiality set for the audit of the group. In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level, performance materiality, to determine the extent of testing needed. Performance materiality of £67,000 (2017: £52,500 has been set at 75% (2017: 75%) of the above materiality. This has been assessed on criteria such as historic adjustment levels, complexity and controls of the Group. We agreed with the Audit Committee that we would report to the committee all individual audit differences in excess of £3,500 (2017: Page 36 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Independent auditor’s report to the members of ECSC Group plc £2,500). We also agreed to report differences below this threshold that, in our view, warranted reporting on qualitative grounds. An overview of the scope of our audit Our Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of internal control, and assessing the risks of material misstatement in the financial statements at the Group level. There are two components within the Group, of which only one is significant, the parent company, which was subject to full scope audit by the Group audit team. Other information The directors are responsible for the other information. The other information comprises the information included in the Group Strategic Report, Director’s Report and Consolidated Financial Statements, other than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the financial statements or a material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. Opinions on other matters prescribed by the Companies Act 2006 In our opinion, based on the work undertaken in the course of the audit: • the information given in the strategic report and the directors’ report for the financial year for which the financial statements are prepared is consistent with the financial statements; and the strategic report and the directors’ report have been prepared in accordance with applicable legal requirements. • Matters on which we are required to report by exception In the light of the knowledge and understanding of the Group and the parent company and its environment obtained in the course of the audit, we have not identified material misstatements in the strategic report or the directors’ report. We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion: • adequate accounting records have not been kept by the parent company, or returns adequate for our audit have not been received from branches not visited by us; or the parent company financial statements are not in agreement with the accounting records and returns; or certain disclosures of directors’ remuneration specified by law are not made; or • • • we have not received all the information and explanations we require for our audit. Responsibilities of directors As explained more fully in the directors’ responsibilities statement set out on page 34, the directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the directors are responsible for assessing the Group’s and the parent company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the directors either intend to liquidate the Group or the parent company or to cease operations, or have no realistic alternative but to do so. Page 37 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Independent auditor’s report to the members of ECSC Group plc Auditor’s responsibilities for the audit of the financial statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. A further description of our responsibilities for the audit of the financial statements is located on the Financial Reporting Council’s website at: www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report. Use of our report This report is made solely to the parent company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the parent company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the parent company and the parent company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Mark Langford (Senior Statutory Auditor) For and on behalf of BDO LLP, Statutory Auditor Leeds United Kingdom 12 March 2019 BDO LLP is a limited liability partnership registered in England and Wales (with registered number OC305127). Page 38 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Consolidated Statement of Comprehensive Income For the year ended 31 December 2018 Revenue Cost of Sales Gross Profit Other Income Sales & Marketing Costs Administration Expenses Operating Loss before Exceptional Items Share Based Payments Exceptional Items Operating Loss Finance Income Loss before Taxation Taxation Credit Loss for the Period Other Comprehensive Income Total Comprehensive Income for the Period Attributed to Equity Holders of the Company Loss per Share Basic Loss per Share Diluted Loss per Share * The comparative figures have been restated in accordance with Note 4.3 Note 6 6 7 23 27 8 26 10 11 Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 5,382 (2,642) 2,740 152 (1,817) (2,333) (1,027) 111 120 (1,258) 1 (1,257) 19 (1,238) (1,238) pence (13.6) (13.6) 3,998 (2,353) 1,645 121 (2,545) (2,782) (3,193) 93 275 (3,561) 6 (3,555) 29 (3,526) (3,526) pence (39.0) (39.0) Page 39 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Consolidated Statement of Financial Position As at 31 December 2018 ASSETS Non-current Assets Intangible Assets Property, Plant and Equipment Deferred Tax Asset Total Non-current Assets Current Assets Inventory Trade and Other Receivables Corporation Tax Recoverable Cash and Cash Equivalents Total Current Assets TOTAL ASSETS LIABILITIES Current Liabilities Trade and Other Payables Finance Leases Total Current Liabilities Non-current Liabilities Deferred Tax Liability Finance Leases Total Non-current Liabilities TOTAL LIABILITIES NET ASSETS EQUITY Equity attributable to Owners of the Parent: Share Capital Share Premium Account Share Option Reserve Retained Earnings TOTAL EQUITY Note Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 12 13 10 14 15 7 16 17 18 10 18 20 20 20 20 412 398 4 814 18 1,194 155 646 2,013 2,828 (1,749) (20) (1,769) - (20) (20) (1,789) 1,038 91 5,661 186 (4,900) 1,038 400 491 - 891 53 1,204 122 1,592 2,971 3,862 (1,620) (20) (1,640) (15) (41) (56) (1,696) 2,166 91 5,661 93 (3,679) 2,166 * The comparative figures have been restated in accordance with Note 4.3 The financial statements were approved and authorised for issue by the Board of Directors on 12 March 2019 and were signed on its behalf by: Director 12 March 2019 ECSC Group plc Registered Number: 03964848 Page 40 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Company Statement of Financial Position As at 31 December 2018 ASSETS Non-current Assets Intangible Assets Property, Plant and Equipment Deferred Tax Asset Total Non-current Assets Current Assets Inventory Trade and Other Receivables Corporation Tax Recoverable Cash and Cash Equivalents Total Current Assets TOTAL ASSETS LIABILITIES Current Liabilities Trade and Other Payables Finance Leases Total Current Liabilities Non-current Liabilities Deferred Tax Liability Finance Leases Total Non-current Liabilities TOTAL LIABILITIES NET ASSETS EQUITY Equity attributable to Owners of the Parent: Share Capital Share Premium Account Share Option Reserve Retained Earnings TOTAL EQUITY Note Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 12 13 10 14 15 7 16 17 18 10 18 20 20 20 20 412 398 4 814 18 1,194 155 646 2,013 2,828 (1,749) (20) (1,769) - (20) (20) (1,789) 1,039 91 5,661 204 (4,918) 1,039 400 491 - 891 53 1,204 122 1,592 2,971 3,862 (1,620) (20) (1,640) (15) (41) (56) (1,696) 2,166 91 5,661 93 (3,679) 2,166 * The comparative figures have been restated in accordance with Note 4.3 For the year ended 31 December 2018, Loss after Taxation for the Company was £1,239k (2017:loss of £3,528k) Director 12 March 2019 ECSC Group plc Registered Number: 03964848 Page 41 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Consolidated Statement of Changes in Equity For the year ended 31 December 2018 Balance as at 31 December 2016 (as previously stated) IFRS15 adjustment (see note 6) Balance as at 31 December 2016 (as restated) Loss and Total Comprehensive Income: Income for the year ended 31 December 2017 Transactions with shareholders Exercise of Equity Warrant Grant of Share Options Balance as at 31 December 2017 (as restated) Balance as at 31 December 2017 (as previously restated) IFRS 15 Adjustment (see note 6) Balance as at 31 December 2017 (as restated) Loss and Total Comprehensive Income for the year ended 31 December 2018 Transactions with shareholders Issue of shares Grant of Share Options Balance as at 31 December 2018 (as restated) Share Capital £’000 90 90 - 1 - 91 91 91 - - 91 Share Premium Account £’000 5,512 5,512 - 149 - 5,661 5,661 5,661 - - 5,661 Share Option Reserve £’000 0 0 - - 93 93 93 93 Retained Earnings £’000 (51) (100) (151) Total £’000 5,551 (100) 5,451 (3,526) (3,526) - - (3,677) (3,460) (217) (3,677) 150 93 2,168 2,385 (217) 2,168 (1,238) (1,238) (18) 111 186 18 - (4,897) - 111 1,041 Page 42 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Company Statement of Changes in Equity For the year ended 31 December 2018 Balance as at 31 December 2016 (as previously stated) IFRS15 adjustment (see note 6) Balance as at 31 December 2016 (as restated) Loss and Total Comprehensive Income: Income for the year ended 31 December 2017 Transactions with shareholders Exercise of Equity Warrant Grant of Share Options Balance as at 31 December 2017 (as restated) Balance as at 31 December 2017 (as previously restated) IFRS 15 Adjustment (see note 6) Balance as at 31 December 2017 (as restated) Loss and Total Comprehensive Income for the year ended 31 December 2018 Transactions with shareholders Issue of shares Grant of Share Options Balance as at 31 December 2018 (as restated) Share Capital £’000 90 90 - 1 - 91 91 91 - - 91 Share Premium Account £’000 5,512 5,512 - 149 - 5,661 5,661 5,661 - - 5,661 Share Option Reserve £’000 0 0 - - 93 93 93 93 Retained Earnings £’000 (51) (100) (151) Total £’000 5,551 (100) 5,451 (3,528) (3,528) - - (3,679) (3,462) (217) (3,679) 150 93 2,166 2,383 (217) 2,166 (1,239) (1,239) (18) 111 186 18 - (4,900) - 111 1,038 Page 43 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Consolidated Cash Flow Statement For the year ended 31 December 2018 Cash Flow from Operating Activities (Loss)/Profit before Taxation Adjustment for: Amortisation of Intangibles Depreciation of Property, Plant and Equipment Loss on Disposal of Equipment Share Based Payment Cash used up in Operating Activities before changes in Working Capital Change in Inventory Change in Trade and Other Receivables Change in Trade and Other Payables Cash used up in Operating Activities Corporation Tax received Net Cash Flow from Operations Acquisition of Property, Plant and Equipment Disposal Proceeds Development Costs capitalised Net Cash Flow used in Investing Activities Proceeds from Issuance of Shares Net Cash used in Financial Activities Net (decrease)/increase in Cash & Cash Equivalents Cash & Cash Equivalents at beginning of period Cash & Cash Equivalents at end of period * The comparative figures have been restated in accordance with Note 4.3 Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 Note (1,257) (3,555) 12 13 23 14 15 17 13 12 23 16 175 217 - 111 (754) 35 (148) 111 (756) 122 (634) (126) (187) (313) - 0 (947) 1,597 650 100 154 6 93 (3,203) (53) (218) 233 (3,240) 178 (3,062) (358) 17 (137) (478) 150 150 (3,390) 4,987 1,597 Page 44 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Company Cash Flow Statement For the year ended 31 December 2018 Cash Flow from Operating Activities (Loss)/Profit before Taxation Adjustment for: Amortisation of Intangibles Depreciation of Property, Plant and Equipment Loss on Disposal of Equipment Share Based Payment Cash used up in Operating Activities before changes in Working Capital Change in Inventory Change in Trade and Other Receivables Change in Trade and Other Payables Cash used up in Operating Activities Corporation Tax received Net Cash Flow from Operations Acquisition of Property, Plant and Equipment Disposal Proceeds Development Costs capitalised Net Cash Flow used in Investing Activities Proceeds from Issuance of Shares Net Cash used in Financial Activities Net (decrease)/increase in Cash & Cash Equivalents Cash & Cash Equivalents at beginning of period Cash & Cash Equivalents at end of period * The comparative figures have been restated in accordance with Note 4.3 Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 Note (1,259) (3,557) 12 13 23 14 15 17 13 12 23 16 175 198 - 111 (775) 35 (145) 129 (756) 122 (634) (126) - (187) (313) - 0 (946) 1,592 646 100 146 6 93 (3,212) (53) (292) 256 (3,301) 178 (3,123) (302) 17 (137) (422) 150 150 (3,395) 4,987 1,592 Page 45 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements For the year ended 31 December 2018 1. Corporate Information ECSC Group plc is incorporated in England and Wales and quoted on the London Stock Exchange’s Alternative Investment Market (AIM: ECSC). Further copies of these financial statements will be available at the Company’s registered office: 28 Campus Road, Listerhills Science Park, Bradford, West Yorkshire, BD7 1HR. These financial statements for the year ended 31 December 2018 were approved by the Board of Directors on 12 March 2019. 2. General Information These financial statements may contain certain statements about the future outlook of ECSC Group plc. Although the Directors believe their expectations are based on reasonable assumptions, any statements about future outlook may be influenced by factors that could cause actual outcomes and results to be materially different. 3. Basis of Preparation These financial statements for the year ended 31 December 2018 have been prepared in accordance with International Financial Reporting Standards, International Accounting Standards and Interpretations (collectively ‘IFRS’) issued by the International Accounting Standards Board (‘IASB’) as adopted by the European Union (‘adopted IFRS’). The financial statements for the year ended 31 December 2018 (and comparatives) have been prepared on a consolidated basis. The consolidated financial statements present the results of the Company and its subsidiaries (‘the Group’) as if they formed a single entity. The financial statements of the Group and Company are both prepared in accordance with IFRS. The financial statements have been presented in thousands of Pounds Sterling (£’000, GBP) as this is the currency of the primary economic environment that the Company operates in. 4. Accounting Policies The principal accounting policies applied in the preparation of the financial statements are set out below. These policies have been consistently applied to all periods presented, unless otherwise stated. 4.1 Basis of Accounting The financial statements have been prepared on the historical cost basis except as stated. New standards, amendments to and interpretations to published standards not yet effective The Directors will adopt application of IFRS 16 “leases” from 1 January 2019, applying the modified retrospective method. The core principle is to report information that represents lease transactions and provides a basis for users of financial statements to assess the amount, timing and uncertainty of cash flows arising from leases. The adoption of the standard will effectively bring the leases onto the statement of financial position as a ‘right of use asset and a lease liability. The rental charge is replaced by depreciation, which will be recognised on a straight line basis, and interest. The Directors have assessed the impact of IFRS 16 on the reported figures for the year ended 31 December 2018. If the standard had applied during that period, whilst reported cash flow would not have changed, it would of resulted in a reclassification of a proportion of operating lease costs from Administrative Expenses to the depreciation and interest charge, impacting EBITDA positively as well as Operating Profit. The value of the leases, after discounting as at 31 December 2018 is £1.10m. No material impact on profit before tax is expected. This amount will be recorded as a right of use asset on the Balance sheet with a corresponding lease liability. Page 46 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 4.2 Going Concern The Directors have reviewed whether the Group has adequate resources to continue in operational existence for the foreseeable future. In conducting this review, the Directors have considered a range of factors, including the market prospects for cyber security services, client relationships and dependency, supplier relationships and dependency, actual or potential litigation, staff retention and reliance, relationships with HMRC and regulators, financing arrangements, historic trading and cash flow performance, current trading and cash flow performance, and future trading and cash flow expectations. In undertaking their review, the Directors have prepared financial projections for the years ending 31 December 2019 and 2020, a review which assumed continued revenue growth and cost efficiency. In the event that this revenue and cost performance is not achieved, the Directors have also considered a sensitivity analysis based on lower revenue growth and have formulated contingency plans for this scenario, which enable the Group to preserve its financial resources. Based on this review, the Directors have concluded that the Group has adequate resources to meet its liabilities as they fall due and continue in operational existence for the foreseeable future, which is considered to be at least the next 12 months from the date of approval of the financial statements. Consequently, the Directors have adopted the going concern basis in preparing the financial statements. 4.3 Revenue Recognition The Group has adopted application of IFRS 15 “Revenue from contracts with customers” from 1 January 2018, applying the fully retrospective method of transition. The core principle is that revenue should only be recognised as the client receives the benefit of the goods or services provided under a commercial contract, in an amount that reflects the consideration to which the provider expects to be entitled for the transfer of the goods or services. The adoption of IFRS 15 has impacted the timing of the recognition of set-up revenues at the commencement of a new Managed Service contract. Under IAS 18, the set-up element of a Managed Service contract was recognised as revenue in full on delivery of the respective products and services, with the Managed Service element deferred and released to revenue over the term of the contract. Under IFRS 15, the set-up element also has to be deferred and recognised as revenue over the term of the contract. Performance obligations and timing of revenue recognition Revenue comprises the sales value of goods and services supplied during the year, exclusive of Value Added Tax and trade discounts. Revenue from the provision of Consulting services is recognised as services are rendered, based on the contracted daily billing rate and the number of days delivered during the period. Revenue from Pre-paid contracts are deferred in the balance sheet and recognised on utilisation of service by the client. Pre-paid revenue is included within Consulting in note 6. There has been no change in recognition compared to the previous policy and there are no financial component in revenue. Revenue from Managed Services contracts includes: • Hardware – hardware revenue is recognised on delivery and is included within other revenue as set out in note 6. This is when control of hardware passes to the customer. • Device build - Device build revenue is deferred and recognised on a straight line basis over the term of the contract. This represents a change in recognition under IFRS 15 compared to IAS 18, due to the performance obligation not being considered to distinct from management and monitoring performance obligation. Previously devise build was recognised as a set-up fee on completion of the work being performed. • Configuration and installation - deferred and recognised on a straight line basis over the term of the contract. This represents a change in recognition under IFRS 15 compared to IAS 18, due to the performance obligation not being considered to distinct from management and monitoring performance obligation. Previously configuration and instalment was recognised as a set-up fee on completion of the work being performed. Licensing - deferred and recognised on a straight line basis over the invoice period, due to the performance obligation not being • Page 47 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 considered to distinct from management and monitoring performance obligation • Management and monitoring - deferred and recognised on a straight line basis over the invoice period. Revenue from the sale of products (vendor) is recognised when control has passes to the customer, which is considered to occur when the software or hardware product has been delivered to the client. Determining the transaction price The Group’s revenue is derived from fixed price contracts and therefore the amount of revenues to be earned from each contract is determined by reference to those fixed prices. Other than the change in recognition for configuration and instalments there have been no changes to revenue recognition on adoption of IFRS 15. Costs of obtaining long-term contracts and costs of fulfilling contracts Commissions paid to sale staff for work in obtaining the Managed Service contracts are prepaid and amortised over the terms of the contract on a straight line basis. Commissions paid to sale staff for work in obtaining the Prepaid Consultancy are recognised in the month of invoice. Transition The Group has adopted application of IFRS 15: “Revenue from contracts with customers” from 1 January 2018, applying the fully retrospective method of transition. Comprehensive income Revenue Statement of Financial Position Trade and other payables Opening equity at 1 January 2017 Audit 2017 £,000 4,115 1,380 5,551 IFRS £,000 (117) 216 (100) Restated 2017 £,000 3,998 1,596 4,551 Due to the adoption of IFRS 15, revenues (Managed Services) in 2017 were reduced by £117k giving a contract liability of £117k. Trade and other payable balance also includes £99k of contract liability relating to 2016. EPS changes due to adoption is as follows, basic loss per share before restated (37.7), restated (39.0). Page 48 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 At 1 January IFRS 15 adjustment Commission expensed during the period Commissions paid in advanced of contract completion Recognised as revenue during the period Invoiced in advanced of performance during period Contract Assets 2018 £’000 Contract Assets 2017 £’000 - - (13) 62 - - 49 - - - - - - - Contract Liabilities 2018 £’000 (829) - - - 2,129 (2,249) (949) Contract Liabilities 2017 £’000 (388) (216) - - 1,225 (1,450) (829) Contract Assets balance of £49k (2017:£nil) is included in the Trade Receivables (note 15). Contract Liabilities balance of £949 (2017: £829k) is included in Trade Payables (note 17). 4.4 Finance Income Finance income is accrued on an annual basis, by reference to the principal outstanding at the applicable effective credit interest rate. 4.5 Government Grant Income Government Grant Income is recognised in the Statement of Comprehensive Income over the period in which the Company recognises expenses for the related costs for which the grants are intended to compensate. Government tax credits available on eligible Research and Development expenditure (‘R&D Tax Credits’) and not reclaimable through other means are recognised as Other Income and treated as a government grant. Government Grant Income also includes other grants received from government agencies (see note 7). 4.6 Operating Profit Operating Profit is stated after all expenses, including those considered to be exceptional, but before finance income or expenses. Exceptional items are items of income or expense which, because of their nature or size, require separate presentation to allow shareholders to better understand the financial performance of the period and allow comparison with prior years. 4.7 Foreign Currencies Assets and liabilities in foreign currencies are translated into sterling at the rates of exchange prevailing at the balance sheet date. Transactions in foreign currencies are translated into sterling at the rate of exchange prevailing at the date of the transaction. Exchange differences are recognised in Operating Profit. On consolidation, the results of overseas operations are translated into Sterling at rates approximating those prevailing when the transactions took place. All assets and liabilities of overseas entities are translated at the rate prevailing at the reporting date. Exchange differences arising on translating the opening net assets at opening rate and the results of overseas operations at actual rate are recognised in Other Comprehensive Income and accumulated in the foreign exchange reserve. Page 49 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 4.8 Employee Benefits Short-Term Benefits Wages, salaries, paid annual leave and sick leave, bonuses and non-monetary benefits are accrued in the period in which the associated services are rendered by employees of the Company. Defined Contribution Pension Scheme The Company operates a defined contribution pension scheme for employees. The assets of the scheme are held separately from those of the Company. The annual contributions are charged to the Statement of Comprehensive Income. The Company also contributes to the personal pension plans of the Directors in accordance with their Service Contracts. Employee Share Based Payments Where equity settled share options are granted to employees (including Directors), the fair value of the options at the date of grant is charged to the Consolidated Statement of Comprehensive Income, as a Share Based Payment Charge, over the vesting period of the options, with a corresponding movement in the Share Option Reserve. Non-market vesting conditions are taken into account by adjusting the number of equity instruments expected to vest at each reporting date so that, ultimately, the cumulative amount recognised over the vesting period is based on the number of options that eventually vest. Non-vesting conditions and market vesting conditions are factored into the fair value of the options granted. As long as all other vesting conditions are satisfied, a charge is made irrespective of whether the market vesting conditions are satisfied. Where the terms and conditions of options are modified before they vest, the increase in the fair value of the options, measured immediately before and after modification, is also charged to the Consolidated Statement of Comprehensive Income over the remaining vesting period. 4.9 Operating Lease Agreements Rentals applicable to operating leases where substantially all of the risks and rewards of ownership remain with the lessor are charged to the Statement of Comprehensive Income on a straight line basis over the full period of the lease. Any lease incentives are spread on a straight line basis over the full period of the lease. 4.10 Property, Plant and Equipment All additions are initially recorded at historic cost. Depreciation is calculated so as to write-off the cost of an asset, less its estimated residual value, over the useful economic life of that asset as follows: Leasehold Property Office Furniture and Equipment Computer Equipment Motor Vehicles 4.11 Finance Lease Agreements 20% reducing balance 20% reducing balance 33% straight line 20% straight line Where substantially all of the risks and rewards of ownership of a leased asset are transferred to the Group (‘Finance Lease’), the asset is treated as if it had been transferred outright. The amount initially recognised as an asset is the lower of the fair value of the leased asset and the present value of the minimum lease payments payable over the term of the lease. The corresponding lease commitment is shown as a liability. Lease payments are analysed between capital and interest. The interest element is charged to the Statement of Comprehensive Page 50 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 Income over the period of the lease and is calculated to represent a constant proportion of the lease liability. The capital element reduces the liability owed to the lessor. 4.12 Research and Development Expenditure Expenditure on research activities is recognised as an expense in the period in which it is incurred. Expenditure on development activities generating an intangible asset is capitalised if all of the criteria set out in IAS 38 are met. Capitalised assets are amortised over their useful economic life, which is considered to be five years. If the criteria set out in IAS 38 are not met, expenditure on development activities is recognised as an expenses in the period in which it is incurred. 4.13 Inventories Inventories are carried at the lower of cost or net realisable value. Net realisable value is calculated based on the expected revenue from sale in the normal course of business less any costs to sell. Due allowance is made for obsolete and slow moving items. 4.14 Financial Instruments IFRS 9 ‘Financial instruments’ replaces IAS 39 ‘Financial instruments: Recognition and Measurement’ with the exception of macro hedge accounting. The standard is effective for accounting periods beginning on or after 1st January 2018. The standard covers three elements: • Classification and measurement: Changes to a more principle based approach to classify financial assets as either held at amortised cost, fair value through other comprehensive income (FVOCI) or fair value through profit or loss, dependant on the business model and cash flow characteristics of the financial asset; Impairment: Moves to an impairment model based on expected credit losses based on a three stage approach; • • Hedge accounting: The IFRS 9 hedge accounting requirements are designed to allow hedge accounting to be more closely aligned with the Group’s underlying risk management. A new International Accounting Standard Board (IASB) project is in progress to develop an approach to better reflect dynamic risk management in entities’ financial statements. The Group have applied IFRS 9 for the first time in the current year, in replacement of IAS 39. The Group applied the simplified method of the expected credit loss model when calculating impairment losses on its financial assets measured at amortised cost, such as trade receivables. This resulted in greater judgement due to the need to factor in forward-looking information when estimating the appropriate amount to provisions. In applying IFRS 9 the Group considered the probability of a default occurring over the contractual life of its trade receivables balances on initial recognition of those assets. The Group has not restated comparatives on adoption of IFRS 9 as there has been no material impart and the provision calculated under the expected loss model is not significantly different. Due to this there has been no adjustment recorded in respect of the IFRS 9 transition in opening equity at 1st January 2018. The classification of certain financial instruments was also affected on initial application of IFRS 9. Financial assets previously categorised as Loan and receivables under IAS 39 are now classified as Amortised cost. Page 51 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 Financial Assets The Group and Company’s Financial Assets include Cash and Cash Equivalents, Trade Receivables and Other Receivables. • • Initial Recognition and Measurement Financial Assets are classified as amortised cost and initially measured at fair value. Subsequent Measurement Financial assets are subsequently measured at amortised cost, using the effective interest method, less impairment. Interest is recognised by applying the effective interest method, except for short-term receivables when the recognition of interest would be immaterial. • Derecognition of Financial Assets The Company derecognises a Financial Asset only when the contractual rights to the cash flows from the asset expire, or it transfers the Financial Asset and substantially all the risks and rewards of ownership of the asset to another entity. Financial Liabilities and Equity Instruments The Group and Company’s Financial Liabilities include Trade Payables, Accruals, Other Payables and Finance Leases. Financial Liabilities are classified at amortised cost. • Classification as Debt or Equity Financial Liabilities and Equity Instruments issued by the Company are classified according to the substance of the contractual arrangements entered into and the definitions of a Financial Liability and an Equity Instrument. • • Equity Instruments An Equity Instrument is any contract that evidences a residual interest in the assets of the Company after deducting all of its liabilities. Equity Instruments are recorded at the proceeds received, net of direct issue costs. Trade Payables, Other Payables and Accruals Trade Payables, Accruals and Other Payables are initially measured at fair value, net of transaction costs, and are subsequently measured at amortised cost, where applicable, using the effective interest method, with interest expense recognised on an effective yield basis. • Finance Leases Finance Leases are treated as Financial Liabilities measured at amortised cost. • Derecognition of Financial Liabilities The Company derecognises financial liabilities when the Company’s obligations are discharged, cancelled or expire. Offsetting of Financial Instruments Financial Assets and Financial Liabilities are offset, and the net amount reported in the Statement of Financial Position if there is a currently enforceable legal right to offset the recognised amounts and there is an intention to settle on a net basis, or to realise the assets and settle the liabilities simultaneously. 4.15 Cash and Cash Equivalents Cash and Cash Equivalents comprise cash on hand and demand deposits, and other short-term highly liquid investments which are readily convertible to known amounts of cash and are subject to insignificant risk of changes in value. Page 52 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 4.16 Impairment of Assets Non-Financial Assets The carrying amounts of the Company’s Non-Financial Assets, other than Deferred Tax Assets, are reviewed at each reporting date to determine whether there is any indication of impairment. If any such indication exists, then the asset’s recoverable amount is estimated. The recoverable amount of an asset or cash-generating unit is the greater of its value in use and its fair value less costs to sell. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and risk specific to the asset. For the purpose of impairment testing, assets are grouped together into the smallest group of assets that generates cash inflows from continuing use that are largely independent of the cash inflows of other assets or groups of assets. An impairment loss is recognised if the carrying amount of an asset or its cash generating unit exceeds its estimated recoverable amount. Impairment losses are recognised in profit and loss. Impairment losses recognised in prior periods are assessed at each reporting date for any indications that the loss has decreased or no longer exists. An impairment loss is reversed if there has been a change in the estimates used to determine the recoverable amount. An impairment loss is reversed only to the extent that the asset’s carrying amount does not exceed the carrying amount that have been determined, net of depreciation or amortisation, if no impairment loss had been recognised. 4.17 Corporation Tax Corporation Tax expense represents the sum of the tax currently payable and Deferred Tax. The tax currently payable is based on taxable profit for the year. Taxable profit differs from profit as reported in the Statement of Comprehensive Income because it excludes items of income or expense that are taxable or deductible in other years and it further excludes items that are not taxable or tax deductible. The Company’s liability for current tax is calculated using tax rates (and tax laws) that have been enacted or substantively enacted by the end of the financial period. Government tax credits available on eligible Research and Development expenditure and not reclaimable through other means are recognised as Other Income and treated as a government grant. This applies when there are no taxable profits against which to offset the tax credit. The amount receivable by the Group and Company is shown on the face of the balance sheet within Corporation Tax Recoverable. Notes to the Financial Statements (continued) For the year ended 31 December 2018 4.18 Deferred Tax Deferred Tax is recognised in respect of all timing differences that have originated but not reversed at the balance sheet date where transactions or events have occurred at that date that will result in an obligation to pay more, or a right to pay less or to receive more tax. Deferred Tax Assets are recognised only to the extent that the Directors consider that it is more likely than not that there will be suitable taxable profits from which the future reversal of the underlying timing differences can be deducted. Deferred Tax is measured on an undiscounted basis at the tax rates that are expected to apply in the periods in which timing differences reverse, based on tax rates and laws enacted or substantively enacted at the balance sheet date. Page 53 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 4.19 Share Capital Ordinary Share Capital is recorded at nominal value and proceeds received in excess of nominal value of shares issued, if any, is accounted for in the Share Premium Account. Both Ordinary Share Capital and Share Premium Account are classified as equity. Costs incurred directly to the issue of shares are accounted for as a deduction from Share Premium Account; otherwise such costs are charged to the Statement of Comprehensive Income. 4.20 Operating Segments An operating segment is a component of the Company that engages in business activities from which it may earn revenues and incur expenses, including revenues and expenses that relate to transactions with any of the Company’s other components. An operating segment’s operating results are reviewed regularly by the Directors of the Company to assess performance and make decisions about resource allocation. The Board considers that the Company’s activity constitutes three operating and three reporting segments as defined under IFRS 8. 4.21 Related Parties Parties are considered to be related if one party has the ability (directly or indirectly) to control the other party or exercise significant influence over the other party in making financial and operating decisions. Parties are also considered related if they are subject to common control or common significant influence. Related parties may be individuals or corporate entities. 5. Critical Accounting Judgements, Estimates and Sources of Estimation Uncertainty In applying the accounting policies, the Directors may at times be required to make critical accounting judgements and estimates about the carrying amount of assets and liabilities. These estimates and assumptions, when made, are based on historical experience and other factors that the Directors consider are relevant. The key estimates and assumptions concerning the future and other key sources of estimation uncertainty at the end of the financial year, that have significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year, are stated below. Judgements Going Concern Management apply their judgement in reviewing whether the Group has adequate resources to continue in operational existence for the foreseeable future, which is considered to be 12 months from the date of approval of the financial statement. The basis for this judgement is detailed in note 4.2. Development Costs Capitalised & Amortised Management apply their judgement in determining whether an identified intangible software asset meets the criteria for capitalisation under IAS 38. The carrying value of Intangible Assets as at 31 December 2018 was £412k (2017: £400k). Management estimate the percentage of development staff time used to enhance and improve the Company’s intangible software assets in order to capitalise a proportion of salary costs each period. In the year ended 31 December 2018, the amount of staff time capitalised into Intangible Assets was £187k (2017: £137k). Development Costs capitalised into Intangible Assets are amortised over management’s estimate of the useful economic life of the asset recognised. In the year ended 31 December 2018, the useful economic life of all Intangible Assets was estimated to be 5 years, resulting in an amortisation charge of £175k (2017: £100k). If the useful economic life of Intangible Assets was estimated to be 3 years, the amortisation charge would have been approximately £235k (2017: £189k). Page 54 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 6. Revenue and Segment Information The Group’s principal revenue is derived from the provision of cyber security professional services. During this period, the Directors received information on financial performance on a divisional basis. The Directors consider that there are three reportable operating segments: Consulting (including Remote Support services), Managed Services, and Vendor Products. There were a small number of other transactions recorded during each period which are not considered to be part of either of the three reportable operating segments. These are presented below within the ‘Other’ caption and are not significant. The Directors do not receive any information on the financial position of each segment, including information on assets and liabilities. Accordingly, such information has not been presented. The Group is not reliant on any single client, with no single client accounting for 10% or more of revenue. All revenue recognised is derived from external clients. The Group has fixed assets located in the UK (cost of £863k; NBV of £398k) and Australia (cost of £57k; NBV of £29k). The Group’s revenue and gross profit by operating segment for the year ended 31 December 2018 were as follows: Revenue Consulting Managed Service Vendor Products Other Total Revenue Gross Profit Consulting Managed Service Vendor Products Other Gross Profit Operating Loss Finance Income Loss before Taxation * The comparative figures have been restated in accordance with Note 4.3 Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 3,122 1,745 228 287 5,382 1,783 923 42 (8) 2,740 (1,258) 1 (1,257) 2,449 1,118 168 263 3,998 1,228 364 38 15 1,645 (3,561) 6 (3,555) Page 55 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 6. Revenue and Segment Information (continued) Revenue by country for the year ended 31 December 2018 was as follows: United Kingdom USA South Africa Eire France Egypt Channel Islands Czech Republic Switzerland Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 5,214 3,919 - - 46 45 - 67 4 6 42 - 16 5 - 11 5 - 5,382 3,998 * The comparative figures have been restated in accordance with Note 4.3 The Group’s United Kingdom revenue by operating segment for the year ended 31 December 2018 were as follows: Revenue United Kingdom Consulting Managed Service Vendor Products Other Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 2,970 1,741 227 276 5,214 2,380 1,118 168 253 3,919 Page 56 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 7. Other Income Withholding Tax R&D Tax Credits Total Year ended 31 December 2018 £’000 3 152 155 Restated* Year ended 31 December 2017 £’000 1 121 122 A credit has been recognised within Other Income as a result of R&D Tax Credit surrenders. For the year ended 31 December 2018, the surrender resulted in a credit of £152k, included within Corporation Tax Recoverable. 8. Operating Loss Operating Loss is stated after charging: Depreciation of Owned Assets Amortisation of Intangibles - Development Costs Auditors Remuneration - Audit Services Auditors Remuneration - Non-Audit Services - Taxation Compliance Services - Other Taxation Services - Other Assurance Services Operating Lease Charge -Property Operating Lease Charge - Other Inventories Expensed Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 217 175 38 9 - 14 95 35 104 514 100 32 11 7 10 90 43 92 The amount charged in respect of Auditors’ Remuneration for the Group and the Company audit was £38k. None of the subsidiaries (see note 29) of the Group were subject to audit in the year ended 31 December 2018. Page 57 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 9. Employee Benefit Expense Employee Benefit Expense (including Directors) during the periods amounted to: Wages and Salaries Social Security Costs Pension Contributions GROUP Year ended 31 December 2018 £’000 4,155 476 112 4,743 GROUP Year ended 31 December 2017 £’000 4,867 536 97 5,500 COMPANY Year ended 31 December 2018 £’000 3,971 427 96 4,494 COMPANY Year ended 31 December 2017 £’000 4,807 514 89 5,410 In the year ended 31 December 2018, Employee Benefit Expense includes the element of Exceptional Costs (see note 27) that are staff related. Directors’ remuneration for the Group and Company is as follows: Salaries, Bonus, Benefits-in-Kind Pension Contributions Share Based Payments Social Security Costs Year ended 31 December 2018 £’000 505 38 33 63 639 Restated* Year ended 31 December 2017 £’000 632 31 51 73 787 Details of Directors’ remuneration can be found in the Remuneration Report on pages 28-32. Key management personnel, being those persons having responsibility for planning, directing and controlling the activities of the Group, are considered to be the Directors listed on pages 22-28 (Board of Directors). Amounts paid to the highest paid director in the period were as follows: Salaries, Bonus, Benefits-in-Kind Pension Contributions Year ended 31 December 2018 £’000 210 12 222 Restated* Year ended 31 December 2017 £’000 220 17 237 Page 58 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 9. Employee Benefit Expense (continued) The average monthly number of employees during the year was: Directors Operational 10. Taxation Recognised in the Statement of Comprehensive Income Corporation Tax Charge/(Credit) Deferred Tax Credit Total Tax Credit Reconciliation of Total Tax Charge Credit Loss before Tax UK Corporation at rate of 19.0% (2017 19.5%/19.0%) Expenses not detuctible for tax purposes Income not taxable for tax purposes Exercise of Share Options Difference between current and Deferred Tax rates Over/under provision in prior period - Corporation Tax Over/under provision in prior period - Deferred Tax Tax losses on which Deferred Tax not recognised Total Tax Credit * The comparative figures have been restated in accordance with Note 4.3 Year ended 31 December 2018 £’000 4 78 82 Year ended 31 December 2018 £’000 - (19) (19) Year ended 31 December 2018 £’000 (1,257) (164) 2 - (14) - - (19) 176 (19) Restated* Year ended 31 December 2017 £’000 6 97 103 Restated* Year ended 31 December 2017 £’000 5 (34) (29) Restated* Year ended 31 December 2017 £’000 (3,555) (658) 2 (14) - - 5 (34) 67- (29) Page 59 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 10. Taxation (continued) Deferred Tax Assets & Liabilities Deferred Tax Assets Deferred Tax Liabilities Deferred Tax - Net Liabilities Year ended 31 December 2018 £’000 119 (115) 4 Restated* Year ended 31 December 2017 £’000 95 (110) (15) Deferred Tax Assets of £119K is recognised in respect of unutilised trading losses, Share Based Payments and short-term timing differences. Deferred Tax Liabilities of £115k arise on timing differences in the carrying value of certain of the Company’s assets for financial reporting purposes and for corporation tax purposes. These will reverse as the fair value of the related assets are depreciated over time. Deferred Tax balances have been calculated at the rate of 17%, being the rate of Corporation Tax rate expected to be in force when the timing differences reverse. Unutilised Trading Losses The Company continues to carry forward unutilised trading losses of £4,747k (£3,930k, 2017). A Deferred Tax Asset of £807k (£647k, 2017) has not been recognised as at 31 December 2018 in respect of the unutilised trading losses. No further Deferred Tax Asset has been recognised because the Board envisages that a significant period of time will be required to generate sufficient profits to utilise the trading losses carried forward. Page 60 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 11. Earnings per Share Basic Earnings per Share is calculated by dividing the Profit for the period attributable to Equity Holders of the Company by the weighted average number of Ordinary Shares outstanding during the period (‘Basic Number of Ordinary Shares’). Diluted Earnings per Share is calculated by dividing the Profit for the period attributable to Equity Holders of the Company by the weighted average number of Ordinary Shares outstanding during the period plus the weighted average number of Ordinary Shares that would be issued on conversion of all the potential dilutive Ordinary Shares (‘Diluted Number of Ordinary Shares’), subject to the effect of anti-dilutive potential shares being ignored in accordance with IAS 33. Adjusted Earnings per Share is calculated by dividing Adjusted Profit (after adding-back exceptional costs incurred in the period; see note 27) by Diluted Number of Ordinary Shares. The calculation of Basic, Diluted and Adjusted Earnings per Share is as follows: Net Profit attributable to Equity Holders of the Company Add back: Exceptional Costs Add back: Share Based Payments Adjusted Profit Number of Ordinary Shares (‘000) Initial Weighted Average Bonus Issue Exercise Share Option IPO Placing Equity Warrant Basic Number of Ordinary Shares Weighted Average Dilutive Shares in Period Diluted Number of Ordinary Shares Earnings per Share (pence): Basic Earnings per Share Diluted Earnings per Share** Adjusted Earnings per Share Year ended 31 December 2018 £’000 Restated* Year ended 31 December 2017 £’000 (1,238) 120 111 (1,007) 9,047 - 14 - 37 9,098 458 9,556 (13.6) (13.6) (11.1) (3,526) 275 93 (3,158) 8,994 - - - 53 9,047 129 9,176 39.0 (39.0) (34.4) * The comparative figures have been restated in accordance with Note 4.3 ** In accordance with IAS 33, the effect of anti-dilutive potential shares has been ignored Page 61 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 11. Earnings per Share (continued) During the year ended 31 December 2018, Ordinary Shares were issued as follows: • On 27 April 2018, David Mathewson, Non-Executive Chairman exercised his options over 6,411 ordinary shares in the Company at nil cost per share. • On 2 May 2018, a former Director exercised options over 8,041 ordinary shares in the Company at nil cost per share. These share issues were taken into account in calculating the Basic Number of Ordinary Shares. During the year ended 31 December 2018, the following dilutive events have occurred: • • On 7 August 2018, the Company granted options over 185,000 Ordinary Shares to selected employees, of which 180,000 remain On 18 April 2018, the Company granted options over 200,000 Ordinary Shares to the Non-Executive Directors. outstanding as at 31 December 2018. These dilutive events were taken into account in calculating Diluted Number of Ordinary Shares. 12. Intangible Assets GROUP & COMPANY Development Costs Costs As at 01 January 2017 Additions As at 31 December 2017 As at 01 January 2018 Additions As at 31 December 2018 Amortisation As at 01 January 2017 Additions As at 31 December 2017 As at 01 January 2018 Additions As at 31 December 2018 Net Book Value As at 31 December 2017 As at 31 December 2018 £’000 567 137 704 704 187 891 £’000 204 100 304 304 175 479 400 412 Page 62 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 13. Property, Plant and Equipment GROUP Cost At 01 January 2017 Additions Disposals At 31 December 2017 Additions Disposals At 31 December 2018 Depreciation At 01 January 2017 Charge for Period Disposals At 31 December 2017 Charge for Period Disposals At 31 December 2018 Net Book Value At 31 December 2017 At 31 December 2018 Leasehold Property £’000 Office Equipment £’000 Computer Equipment £’000 Motor Vehicles £’000 Total £’000 46 53 - 99 4 103 24 10 - 34 14 14 65 55 52 67 - 119 1 120 12 17 - 29 21 21 90 70 249 299 (1) 547 92 639 86 113 - 199 171 171 348 269 82 - (33) 49 8 57 9 14 (10) 13 11 11 36 33 429 419 (34) 814 105 0 919 131 154 (10) 275 217 0 217 539 427 As at 31 December 2018, assets held under Finance Leases had a Net Book Value of £40k (2017: £61k). The depreciation charge of the respective assets in the year was £nil (2017: £nil). Page 63 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 13. Property, Plant and Equipment (continued) COMPANY Cost At 01 January 2017 Additions Disposals At 31 December 2017 Additions Disposals At 31 December 2018 Depreciation At 01 January 2017 Charge for Period Disposals At 31 December 2017 Charge for Period Disposals At 31 December 2018 Net Book Value At 31 December 2017 At 31 December 2018 Leasehold Property £’000 Office Equipment £’000 Computer Equipment £’000 Motor Vehicles £’000 Total £’000 46 53 - 99 4 103 24 10 - 34 14 14 65 55 52 46 - 98 1 99 12 15 - 27 14 21 71 58 249 264 (1) 512 92 604 86 107 - 193 159 159 319 252 82 - (33) 49 8 57 9 14 (10) 13 11 11 36 33 429 363 (34) 758 105 0 863 131 146 (10) 267 198 0 198 491 398 As at 31 December 2018, assets held under Finance Leases had a Net Book Value of £40k (2017: £61k). The depreciation charge of the respective assets in the year was £nil (2017: £nil). Page 64 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 14. Inventory GROUP As at 31 December 2018 £’000 GROUP As at 31 December 2017 £’000 COMPANY As at 31 December 2018 £’000 COMPANY As at 31 December 2017 £’000 Inventory 18 53 18 53 15. Trade Receivables and Other Receivables Trade Receivables Other Receivables Intercompany Receivables Prepayments Contract Asset GROUP As at 31 December 2018 £’000 GROUP As at 31 December 2017 £’000 COMPANY As at 31 December 2018 £’000 COMPANY As at 31 December 2017 £’000 869 8 - 197 49 1,123 994 10 - 126 - 1,130 869 8 96 172 49 1,194 994 10 100 100 - 1,204 The carrying amount of Trade Receivables and Other receivables approximates to their fair value. Intercompany Receivables represent loans provided by ECSC Group plc to ECSC Australia Pty Ltd. The loans are repayable on demand. 16. Cash & Cash Equivalents Cah & cash Equivalents GROUP As at 31 December 2018 £’000 650 GROUP As at 31 December 2017 £’000 1,597 COMPANY As at 31 December 2018 £’000 646 COMPANY As at 31 December 2017 £’000 1,592 Page 65 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 17. Trade Payables and Other Payables Trade Payables Other Taxation and Social Security Accruals Contract Liabilities Intercompany Payables Other Payables GROUP As at 31 December 2018 £’000 GROUP As at 31 December 2017 £’000 COMPANY As at 31 December 2018 £’000 COMPANY As at 31 December 2017 £’000 170 345 205 949 - 38 130 327 277 829 - 33 167 343 205 949 50 35 127 321 273 829 39 31 1,707 1,596 1,749 1,620 The carrying amount of Trade Payables and Other Payables approximates to their fair value due to their short term nature. 18. Finance Leases The Group entered into a Finance Lease in November 2017 to fund investment in IT equipment. Capital repayments under the Finance Lease are structured as follows: GROUP As at 31 December 2018 £’000 GROUP As at 31 December 2017 £’000 COMPANY As at 31 December 2018 £’000 COMPANY As at 31 December 2017 £’000 Payable in one year or less Payable between one and two years Payable between one and five years Payable in five years or more Finance Lease Balance 20 20 - - 40 20 20 21 - 61 20 20 - - 40 Total payments under the Finance Lease are as follows: Group & Company Payable in one year or less Payable between one and two years Payable between one and five years Payable in five years or more Finance Lease Balance Capital £’000 Interest £’000 20 20 40 1 0 1 There have been no cash flows arising from changes in liabilities from financing activities (2017: none). 20 20 21 - 61 Total £’000 21 20 41 Page 66 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 19. Secured Facilities The Group has been provided with payments facilities by Barclays Bank plc, including a BACS payment facility and a credit card facility. These payment facilities are secured by a debenture in favour of Barclays that creates fixed and floating charges over the assets of the Company. 20. Share Capital Ordinary Share Capital During the period ended 31 December 2018, the movement in Share Capital was: Ordinary Shares As at 1 January 2017 Increase in Authorised Share Capital Exercise of Equity Warrant At at 31 December 2017 As at 1 January 2018 Exercise of Share Options At at 31 December 2018 Number of Authorised Shares Number of Shares Issued and Fully Paid Ordinary Share Capital £’000 8,994,131 2,998,000 - 11,992,131 11,992,131 - 11,992,131 8,994,121 - 89,941 9,084,072 9,084,072 14,425 9,098,497 90 - 1 91 91 - 91 On 22 June 2017, the Authorised Share Capital of the Company was increased by 2,998,000 by way of an Ordinary Resolution. On 9 June 2017, Stockdale Securities Limited exercised its Equity Warrant, subscribing for 89,941 new Ordinary Shares at an exercise price of 167 pence per share. This resulted in a capital inflow of £150k and a credit to the Share Premium Account of £149k. On 27 April 2018, David Mathewson, Non-Executive Chairman exercised options over 6,411 Ordinary Shares at nil cost per share. On 2 May 2018, a former Director exercised options over 8,041 Ordinary Shares at nil cost per share. Share Premium Account The balance of the Share Premium Account represents amounts received in excess of the nominal value (1 pence per share) of Ordinary Shares. This account is non-distributable. Share Option Reserve The balance of the Share Option Reserve represents the accumulated amounts charged to the Statement of Comprehensive Income in respect of Share Based Payments. This reserve is non-distributable. Retained Earnings The balance of the Retained Earnings account represents the accumulated retained profits or losses of the Group. This account is a distributable reserve, provided that the accumulated balance is positive. Page 67 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 21. Financial Instruments and Financial Risk Management The Group’s and Company’s principal financial instruments comprise: Intercompany Receivables Trade Payables Cash and Cash Equivalents • • Trade Receivables • Other Receivables • • • Accruals • • Other Payables • Finance Lease Liabilities Intercompany Payables The Group’s and Company’s accounting policies, including the criteria for recognition, and the basis on which income and expenses are recognised in respect of each class of financial asset and financial liability, are set out in note 4.14 to the financial statements. The information about the extent and nature of these recognised financial instruments, including significant terms and conditions that may affect the amount, timing and certainty of future cash flows, are disclosed in the respective notes where applicable. The Group and Company does not use financial instruments for speculative purposes. The principal financial instruments used by the Group and Company, from which financial instrument risk arises, are as follows: Financial Assets Trade Receivables Other Receivables Intercompany Receivables Cash and Cash Equivalents Total Financial Assets Financial Liabilities Trade Payables Accruals Intercompany Payables Other Payables Finance Leases Total Financial Liabilities Fair Values GROUP As at 31 December 2018 £’000 GROUP As at 31 December 2017 £’000 COMPANY As at 31 December 2018 £’000 COMPANY As at 31 December 2017 £’000 869 8 - 650 1,527 170 205 - 38 40 453 994 10 - 1,597 2,601 130 277 - 33 61 501 869 8 96 646 1,619 167 205 50 35 40 497 994 10 100 1,592 2,696 127 273 39 31 61 531 The Directors have assessed that the fair values of Cash and Cash Equivalents, Trade Receivables, Trade Payables, Other Payables and Finance Leases approximate to their carrying amounts largely due to the short-term maturities of these instruments. There are no fair value adjustments to assets or liabilities charged to the Statement of Comprehensive Income. Page 68 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 21. Financial Instruments and Financial Risk Management (continued) Market Risk Market risk is the risk that the fair value of future cash flows of a financial instrument will fluctuate due to changes in market prices. Market risk comprises three types of risk – commodity price risk, interest rate risk; and foreign currency risk. The Group and Company has limited exposure to each of these risks as discussed below. Capital Management The Group and Company manages its capital to ensure that it will be able to continue as a going concern while attempting to maximise the return to stakeholders through the optimisation of the debt and equity structure. The capital structure of the Group and Company consists of issued Share Capital, Retained Earnings and Finance Leases. The Group and Company do not generally enter into derivative transactions (such as interest rate swaps and forward foreign currency contracts) and has been throughout the period covered by these financial statements, the Group’s and Company’s policy that no trading in financial derivative instruments shall be undertaken. Credit Risk Credit risk is the risk that a counterparty will cause a financial loss to the Group by failing to discharge its obligations to the Group. The Group manages its exposure to this risk by applying limits to the amount of credit exposure to any one counterparty and employs strict minimum credit worthiness criteria as to the choice of counterparty. The maximum exposure to credit risk for receivables and other financial assets is represented by their carrying amount. The Group considers credit risk to be low due to its processes and the nature of its clients, which includes a broad spread of large corporates, SMEs and public sector organisations. The Group uses an expected credit loss model for impairment that represents its estimate of incurred losses in respect of the Trade Receivables as appropriate. The Group applies the IFRS 9 simplified approach to measure expected credit losses using a lifetime expected credit loss provision for trade receivables and contract assets. The expected loss rates are based on the Group’s historical credit losses experienced over the two year period prior to the period end. The historical loss rates are then adjusted for current and forward-looking information on macroeconomic factors affecting the Group’s customer. Under the expected credit loss model impairment allowance wasn’t material resulting in no provision being made. A reconciliation of the movement in the impairment allowance for receivables is shown below: Provision for and doubtful debts as at 31 December 2017 Amount released Amount provided Expected credit loss provision as at December 2018 £’000 2 (2) 0 - Page 69 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 21. Financial Instruments and Financial Risk Management (continued) Trade Receivables Trade Receivables, net of impairment provisions, for the Group and Company as at 31 December 2018 were £869k (2017: £994k). These Trade Receivables are not secured by any collateral or credit insurance. The Group’s standard terms are 30 days from date of invoice but non-standard terms may be agreed with certain customers. Invoices which remain unpaid for periods greater than agreed terms are assessed as overdue. As at 31 December 2018, Trade Receivables past due for the Group and Company total £132k (2017: £139k) of which nil (2017: £2k) have been impaired. As at 31 December 2018, Trade Receivables of £132k (2017: £139k) were past due but not impaired, as follows: GROUP As at 31 December 2018 £’000 GROUP As at 31 December 2017 £’000 COMPANY As at 31 December 2018 £’000 COMPANY As at 31 December 2017 £’000 131 1 - 132 113 24 2 139 131 1 - 132 113 24 2 139 Up to 3 months 3 months to 6 months 6 months to 12 months Cash Holdings The Group only holds cash at mainstream banking institutions to mitigate the credit risk on cash deposits. The credit rating of the principal banking institution is A (Standard & Poor’s). Interest Rate Risk The Company’s exposure to changes in interest rates relates to Cash Holdings and Finance Leases. Cash is held either on current or short term deposits at a floating rate of interest determined by the relevant bank’s prevailing base rate. The outstanding balance of Finance Leases at 31 December 2018 was £40k. This relates to a single facility at a fixed rate of interest. Interest Rate Sensitivity When reviewing sensitivity to movement in interest rates, it is noted that interest rates are at historically low levels and that Cash balances significantly outweigh debt balances. The Directors consider that any downward movement in interest rates would be immaterial to the Group. The Directors consider that an upward movement in interest rates would benefit the Group, although the impact of a 1% rise in interest rates would be immaterial. Page 70 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 21. Financial Instruments and Financial Risk Management (continued) Foreign Currency Exchange Risks Foreign currency risk is the risk that the fair value or future cash flows of an exposure will fluctuate because of the changes in foreign exchange rates. The Group’s exposure to the risk of changes in foreign exchange rates relates primarily to the Group’s operating activities when revenue or expenses are denominated in a foreign currency. The Group does not hedge its foreign currencies. Transactions with customers are mainly denominated in GBP. The Group has suppliers that invoice in US dollars and Australian dollars. The balances exposed to credit risk at year end were as follows: US Dollars Australian Dollars Liquidity Risks As at 31 December 2018 £’000 2 4 6 As at 31 December 2017 £’000 2 5 7 Liquidity risk arises from the Group’s management of working capital. It is the risk that the Group will encounter difficulty in meeting its financial obligations as they fall due. The Group’s policy is to ensure that it will always have sufficient cash to allow it to meet its liabilities when they become due. The maturity profile of the Group’s financial liabilities at the reporting dates, based on contractual undiscounted payments, are summarised below: Trade Payables, Other Taxation and Social Security, Accruals, Other Payables As at 31 December 2018 £’000 758 758 As at 31 December 2017 £’000 767 767 Page 71 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 22. Related Party Transactions ECSC Australia Pty Ltd During the year ended 31 December 2018, ECSC Group plc incurred management fees to ECSC Australia Pty Ltd of £330k. As at 31 December 2018, the balance payable by ECSC Group plc to ECSC Australia Pty Ltd in respect of outstanding management fees was £50k. During the year ended 31 December 2017, ECSC Group plc provided loans totalling £100k to ECSC Australia Pty Ltd to fund the costs of establishing a Security Operations Centre in Brisbane, Australia. As at 31 December 2018, the loan balance payable by ECSC Australia Pty Ltd to ECSC Group plc was £96k. The loan is repayable on demand and attracts interest at the rate of 3% over base rate. Directors Loans During the year ended 31 December 2017, there were no new loan advances to Directors. In January 2018, a loan totalling £20k was granted to one Director (2017: £nil). The loan was interest free and was fully repaid in May 2018. Page 72 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 23. Share Based Payments Share Based Payment Schemes The Company operates a number of equity-settled Share Based Payment schemes, as follows: Enterprise Management Incentive (‘EMI’) Scheme Save As You Earn (‘SAYE’) Share Option Scheme • • • Non-Executive Director Remuneration Scheme (‘NED Scheme’) • Non-Executive Directors Share Options (‘NED1 Scheme’) EMI Scheme May-2017 The EMI Scheme provides the opportunity for eligible Directors and employees to buy Ordinary Shares at a future date in accordance with the scheme rules. The options are subject to the option holder’s continuing employment, are not transferable and have a life of 10 years. All grants under the scheme are subject to approval by the Remuneration Committee. In May 2017, the Company granted options over 269,824 Ordinary Shares at an exercise price of 167 pence per share, subject to a three year vesting period, to 31 employees. There were no performance conditions attaching to this grant. Within this grant, Lucy Sharp, a Director of the Company, was granted options over 69,758 Ordinary Shares. During the year ended 31 December 2018, options over 15,810 Ordinary Shares (2017:79,524) options have lapsed, such that options over 174,490 Ordinary Shares remain exercisable in the future. December-2017 In December 2017 the Company granted options over 148,000 Ordinary Shares at an exercise price of 140 pence per share, subject to a three year vesting period, to eight employees. There was a performance condition attaching to this grant. In order for the options to vest, the share price of the Company must grow by at least 10% pa on a compound basis over the three year vesting period from a start point of 140 pence per share. This is a one-off performance condition that shall be tested at the end of the vesting period, and does not require 10% growth in individual years of the vesting period. If an event occurs before the expiry of the vesting period that causes the option to become exercisable under the scheme rules, then the Remuneration Committee, in its sole discretion, may waive or modify downwards the performance condition at the time of early vesting. During the year ended 31 December 2018, options over 123,000 Ordinary Shares have lapsed, such that options over 25,000 Ordinary Shares remain exercisable in the future. August-2018 In August 2018 the Company granted options over 185,000 Ordinary Shares a an exercise price of 93 pence per share, subject to a three year vesting period, to 14 employees. In order for the options to vest, the Ordinary Shares must trade at a minimum mid- market price of 200 pence per share over 30 consecutive trading days during the vesting period. During the year ended 31 December 2018, options over 5,000 Ordinary Shares have lapsed, such that options over 180,000 Ordinary Shares remain exercisable in the future. Page 73 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 23. Share Based Payments (continued) SAYE Scheme The SAYE Scheme provides the opportunity for eligible Directors and employees to buy Ordinary Shares at a future date at the end of a linked savings contract. The options are subject to the scheme rules, are not transferable and have a life of 10 years. All grants under the scheme are subject to approval by the Remuneration Committee. In November 2017, the Company granted options over 42,624 Ordinary Shares at an exercise price of 125 pence per share, subject to a three year vesting period, to 30 employees who applied to join the scheme. During the year ended 31 December 2018, options over 14,400 (2017: 1,440) Ordinary Shares have lapsed, such that options over 26,784 Ordinary Shares remain exercisable in the future. Notes to the Financial Statements (continued) For the year ended 31 December 2018 NED Scheme In October 2017, the Company agreed to alter the payment of service fees payable to its three Non-Executive Directors from monthly cash payments to the grant of nil exercise share options. Since the options are in lieu of cash payments, there are no performance conditions attaching to the grant of these options and they may be exercised on grant. During the period October 2017 to December 2017, the Company allocated options over 20,836 Ordinary Shares under this scheme. Within this total, Nigel Payne was allocated 8,014 options, Stephen Vaughan was allocated 6,411 options and David Mathewson was allocated 6,411 options. These options were not formally granted during the year ended 31 December 2017 but were granted in March 2018 publication of the financial results of the Company for the year ended 31 December 2017. From 1 January 2018, the payment of service fees has returned to monthly cash payments. In April 2018 options over 14,425 Ordinary Shares were exercised, such that options over 6,411 Ordinary Shares remain exercisable in the future. NED 1 Scheme In April 2018, the Company granted options over 200,000 Ordinary Shares as an exercise price of 78 pence per share, subject to a three year vesting period. Within this total David Mathewson was allotted 100,000 options and Elizabeth Gooch was allotted 100,000 options. In order for the options to vest, the Ordinary Share must trade at a minimum mid-market price of 200 pence per share over 10 consecutive trading days during the vesting period. Share Based Payment Charge In accordance with the requirements of IFRS 2, the Company calculated the fair value of the share options at the date of grant using a Black Scholes option pricing model for the EMI and SAYE Schemes. For the NED scheme, the fair value of the services rendered was assessed. A Share Based Payment charge is recognised by spreading the fair value of the option over the maturity period, with allowance made for options that have lapsed in the period. The movement in the number of options during the year, the option pricing assumptions, the option valuation at the grant date and the Share Based Payment Charge in the year, for each scheme described above, is as follows: Page 74 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 23. Share Based Payments (continued) Scheme Number of Options: Outstanding at 01 January 2017 Granted during the year Forfeited during the year Exercised during the year Expired during the year Outstanding at 31 December 2017 Exercisable at 31 December 2017 Outstanding at 01 January 2018 Granted during the year Forfeited during the year Exercised during the year Expired during the year EMI (May-17) EMI (Dec-17) EMI (Aug 17) SAYE NED NED 1 (Apr-17) Total - - 269,824 148,000 (79,524) - - - - - 190,300 148,000 - - 190,300 148,000 - - - - - - - - - - 185,000 - 42,624 (1,440) - - 41,184 - 41,184 - (15,810) (123,000) (5,000) (14,400) - - - - - - - - - 20,836 - - - 20,836 20,836 20,836 - - (14,425) - 6,411 6,411 - - - - - - - - 481,284 (80,964) - - 400,320 20,836 400,320 200,000 385,000 - - - (158,210) (14,425) 0 200,000 612,685 - 6,411 Outstanding at 31 December 2018 174,490 25,000 180,000 26,784 Exercisable at 31 December 2018 Option Pricing Assumptions: Pricing Model - - - Black Scholes Black Scholes Black Scholes Black Scholes Weighted Average share price at grant date (pence) Weighted average exercise price (pence) 312 167 135 140 93 93 131 125 125 - Black Scholes 79 78 Weighted Average contract life Weighted Average risk free rate Volatility Option Valuation: Option Valuation at grant date (£’000) Share Based Payments Charge in 2018: Share Based Payment Charge (£’000) Weighted Average Exercise Price: 3 years 3 years 3 years 3 years 0 years 3 years 1% 40% 286 90 1% 40% 1% 40% 9 2 47 6 93 1% 40% 10 3 125 1% 40% 1% 40% 8 - - 45 10 78 603 406 111 At grant date, forfeit date and end of period (pence) 167 140 The volatility assumption, calculated at the standard deviation of expected share price returns, is based on analysis of the share prices of comparable companies over the last 3-5 years. Exercise of Stockdale Warrant On 9 June 2017, Stockdale Securities Limited exercised its Equity Warrant granted in December 2016 over 89,941 shares at an exercise price of 167 pence per share. The share price on the day of exercise was 445 pence. Page 75 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements For the year ended 31 December 2018 24. Commitments The Group’s future minimum lease payments under non-cancellable operating leases are as follows: Not later than one year Later than one year and not later than five years More than five years 25. Controlling Party ECSC Group plc does not have an ultimate controlling party. 26. Adjusted Loss before Taxation and Adjusted EBITDA Adjusted Loss before Taxation Loss before Taxation Share Based Payments Exceptional Items Adjusted (Loss)/Profit before Taxation * The comparative figures have been restated in accordance with Note 4.3 As at 31 December 2018 £’000 174 503 478 1,155 Year ended 31 December 2018 £’000 (1,257) 111 120 (1,026) As at 31 December 2017 £’000 195 520 44 759 Restated* Year ended 31 December 2017 £’000 (3,555) 93 275 (3,187) Page 76 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 Adjusted EBITDA: Operating Loss Depreciation and Amortisation EBITDA** Share Based Payments Exceptional Items EBITDA (Adjusted)* Operating Loss Share Based Payments Exceptional Items Operating Loss (Adjusted)* Year ended 31 December 2018 £’000 (1,258) 392 (866) 111 120 (635) Year ended 31 December 2018 £’000 (1,258) 111 120 (1,027) Restated* Year ended 31 December 2017 £’000 (3,561) 254 (3,307) 93 275 (2,939) Restated* Year ended 31 December 2017 £’000 (3,561) 93 275 (2,939) Page 77 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 27. Exceptional Costs During the year ended 31 December 2018, the Company continued to undertake a restructuring exercise to reduce its operating costs and mitigate its monthly operating losses. In achieving these recurring cost savings, a number of one-off, exceptional costs were incurred, including payments in lieu of notice and car termination costs. These Exceptional Costs totalled £120k and were charged to the Statement of Comprehensive Income in the year ended 31 December 2018. Exceptional Costs are analysed as follows: Payments in Lieu of Notice Redundancy Payments Ex-gratia Payments Employee Benefit Expense Taxation & Social Security Costs Staff Related Costs Car Termination Costs Legal Costs Exceptional Costs 28. Subsidiary Undertakings As at 31 December 2018 £’000 As at 31 December 2017 £’000 76 76 12 88 11 21 120 185 5 37 227 23 250 18 7 275 ECSC Group plc currently has the following wholly-owned subsidiaries, which are incorporated and registered in England and Wales: Name of Subsidiary Registered Office Date of Incorporation Principal Activity ECSC Services Limited ECSC Labs Limited ECSC Australia Limited 28 Campus Road Listerhills Science Park Bradford BD7 1HR 28 Campus Road Listerhills Science Park Bradford BD7 1HR 28 Campus Road Listerhills Science Park Bradford BD7 1HR 18 April 2017 Dormant 18 April 2017 Dormant 29 September 2016 Intermediary holding company Page 78 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades Notes to the Financial Statements (cont.) For the year ended 31 December 2018 ECSC Australia Limited currently has the following wholly-owned subsidiary, which is incorporated and registered in Australia: Name of Subsidiary Registered Office Date of Incorporation Principal Activity ECSC Australia Pty Limited Governor Phillip Tower Level 36 1 Farrer Place Sydney NSW 2000 The share capital of each Group entity is as follows: 20 March 2017 Provision of professional cyber security services Entity Ordinary Shares in Issue Nominal Value Investment at Cost ECSC Services Limited ECSC Labs Limited ECSC Australia Limited 1 share 1 share 1 share £1 £1 £1 ECSC Australia Pty Limited 100 shares AUD 1 Total * AUD = Australian dollars £1 £1 £1 AUD 100 £60 Page 79 ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades ECSC Group plcAnnual Report Year ended 31 December 2018
Continue reading text version or see original annual report in PDF format above