�Company Information
Directors
David Mathewson (Non-Executive Chairman)
Ian Mann (Chief Executive Officer)
Lucy Sharp (Chief Operating Officer)
Elizabeth Gooch (Non-Executive Director)
Nominated Advisor & Broker to the Company
Allenby Capital Limited
5 St. Helen’s Place
London
EC3A 6AB
Registered Office
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
Telephone Number
01274 736 223
Company Secretary
David Mathewson
Website
www.ecsc.co.uk
Auditors to the Company
BDO LLP
Central Square
29 Wellington Street
Leeds
LS1 4DL
Solicitors to the Company
Freeths LLP
1 Vine Street
Mayfair
London
W1J 0AH
Financial PR
Alma PR
Aldwych House
71-91 Aldwych
London
WC2B 4HN
Registrar
Equiniti Group plc
Aspect House
Spencer Road
Lancing
West Sussex
BN99 6DA
Page 2
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Contents
2 Company Information
5 Chairman’s Statement
14 Strategic Report
22 Board of Directors
23 Directors’ Report
29 Remuneration Report
34 Statement of Directors Responsibilities.
35 Independent Auditor’s Report to the Members of ECSC Group plc
39 Consolidated Statement of Comprehensive Income
40 Consolidated Statement of Financial Position
41 Company Statement of Financial Position
42 Consolidated Statement of Changes in Equity
43 Company Statement of Changes in Equity
44 Consolidated Cash Flow Statement
45 Company Cash Flow Statement
46 Notes to the Financial Statements
“We are delighted to report such strong
organic growth for the full year, with
continued emphasis on our Managed
Services recurring revenue. The team
continues to acquire new clients, deliver
quality service, develop our technologies,
and build a solid base for on going
growth.”
Ian Mann
Chief Executive Officer
Page 3
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Cyber Security Experts
For Almost Two Decades
18 Year Record Organic Growth
£5,000,000
£4,000,000
£3,000,000
£2,000,000
£1,000,000
0
IPO
00-01
01-02
02-03
03-04
04-05
05-06
06-07
07-08
08-09
09-10
10-11
11-12
12-13
13-14
04-15
2016*
2017
* Adjusted for 12 months
35%
Organic revenue growth
to £5.4m
(2017: £4.0m*)
27%
Consulting Service division
revenue up
to £3.1m
(2017: £2.4m)
56%
Managed Services
division revenue up
to £1.7m
(2017:£1.1m*)
95
New Consulting
Clients
67%
Gross Profit increase
to £2.7m
(2017: 1.6m*)
£0.6m
EBITDA loss
(adjusted)
(2017:£2.9m*)
* Restated due to IFRS 15 adoption from 1 January 2018
Page 4
ECSC Group plcAnnual Report Year ended 31 December 2018�Chairman’s Statement
These strong results represent the second full year
of trading since the IPO in December 2016. This
organic growth has been driven by the successful
execution of our strategy combined with a number
of external factors: the continued incidence of high-
profile cyber security breaches, the implementation
of the new Data Protection Act in May 2018,
incorporating the General Data Protection
Regulations (”GDPR”), and the increasing priority
accorded to cyber security in corporate boardrooms
generally.
Whilst we are yet to see the resulting fines imposed
by the Information Commissioners’ Office (“ICO”)
under the new regulations, organisations of all sizes
now understanding the requirement of mandatory
breach reporting and the impact of fines of up to 2%
of global turnover for cyber security breaches.
The benefits of our restructuring efforts earlier in
2018 are demonstrated in our performance for the
year. This has produced a 35% increase in revenue
for the year, and a significantly reduced monthly cost
base. We are generating a steady flow of new clients
as well as repeat business from our established
clients.
The results reflect the extensive work completed
internally within the Company to control costs,
implement improvements within sales and leverage
the capacity within the operational infrastructure.
This improved performance is the result of a
focussed and motivated team delivering strong
growth, whilst keeping tight control over costs and
cash management.
The new ECSC Kepler Artificial Intelligence (AI)
technology, delivered through our global Security
Operation Centres (“SOCs”), is central to the
growth in the Managed Services Division. Clients
increasingly recognise that 24/7/365 cyber security
breach detection and expert incident response, is
vital to the protection of personal information and
maintenance of critical IT systems.
For all but the largest global organisations, the
outsourcing of these critical functions is the logical
choice, and ECSC has the technology, expertise and
processes to deliver.
I was delighted when we won another industry award
recently for our managed security service, with
regard to supporting systems requiring compliance
to the Payment Card Industry Data Security Standard
(“PCI DSS”).
On behalf of the Board, I would like to thank all of
our clients, staff and advisors for their continued
support and commitment during the year.
ECSC is well positioned in a growing cyber security
marketplace, and we look forward with confidence
to broadening our base of clients and delivering
improved operating results.
David Mathewson
Non-Executive Chairman
12 March 2019
“The results reflect the extensive work
completed internally within ECSC to
control costs, implement improvements
within sales, and leverage the capacity
within the operational infrastructure. This
improved performance reflects a focussed
and motivated team delivering strong
growth whilst keeping tight control over
costs and cash management.”
David Mathewson
Non-Executive Chairman
Page 5
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Cyber Security Experts
For Almost Two Decades
What We Do
Incident response
‘emergency’ service
Remotely manage client
cyber security devices
from ECSC’s Security
Operations Centre (SOC)
Cyber security reviews
Technical penetration
testing of cyber security
Develop Artificial
Intelligence (AI)
Cyber Essentials
Consultancy to help
clients achieve ISO 27001
information security
certification
Advise and assess clients
for certification to the
Payment Card Industry
Data Security Standard
(PCI DSS)
Page 6
Page 6
ECSC Group plcAnnual Report Year ended 31 December 2018�Chief Executive Officer’s Review
Managed Services received significant investment
in the year following the IPO, including the
establishment of an additional Security Operations
Centre (“ SOC”) in Brisbane, Australia, allowing us
to deliver true 24/7/365 security breach monitoring
and response. The investment also allowed for
the introduction of our Incident Response unit in
London, hosting our Incident Response emergency
equipment, thus enabling the Incident Response
team to respond rapidly to our southern UK based
clients. Furthermore, the investment allows for
continued research and development into the ECSC
proprietary AI software ‘Kepler’. This technology is
used extensively within our security devices to enable
the identification, assessment and alerting of critical
security events to the SOC teams for analysis and
reporting to clients.
The Board continues to see the Managed Services
revenue stream as a priority for growth. With strong
foundations now in place in terms of the technical
infrastructure and in-house expertise, we are able to
leverage the capacity of this division and to ensure
that the Company is well placed to secure additional
Managed Services contracts in the future.
Vendor Products
Sales of third-party vendor products, whilst growing
at 36% represents only 4% of overall sales. Whilst
this is not a strategic segment of the business, this
continues to be a useful service for those clients
requiring a trusted provider to source products on
their behalf.
Strong growth was seen across all divisions,
which reflects the extensive in-house expertise,
development, investment from previous years, and
a growing cyber security market.
Consulting Division
We are pleased to report that Consulting revenue has
grown by 27% from the previous year, with significant
new client acquisitions varying in organisation size
and across a wide range of sectors. Additionally,
over the period 67% of Consulting sales constituted
repeat business, a testament to our focus on building
strong client relationships and delivering excellent
service.
Cyber security testing continues to account for the
largest proportion of our Consultancy sales and
is typically the initial starting point for any client
looking to improve their cyber security for the first
time. Commonly, initial testing engagements lead
to further sales across multiple service lines as a
result of the Company’s ‘land and expand’ strategy,
facilitated by our consultative sales approach and
comprehensive breadth of service.
The requirement for companies to assess their
businesses against recognised standards, including
ISO 27001, PCI DSS, and Cyber Essentials, has
continued to grow as organisations are increasingly
required to demonstrate external verification of
their cyber security capabilities to their customers,
partners, and stakeholders.
Managed Services Division
The growth of Managed Services is central to the
Company’s ongoing growth strategy. Managed
Services provided the Group with multi-year,
recurring revenues which enhance the quality and
visibility of earnings. We are delighted to report
revenue growth of 56% within this division; which
includes both recurring revenues (46% growth) and
related incident response activities.
Page 7
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Chief Executive Officer’s Review cont.
Sales & Marketing
Further improvements were made to the structure
of the sales team in 2018, including changes to the
sales management personnel.
A significant focus has been placed on the
management and ongoing training and development
of the sales team, with monthly training introduced
to provide a better understanding of our services and
client needs.
Additional resource in the marketing team has led
to an increase in marketing activities, allowing for
more effectively targeted campaigns. This additional
resource enables the Company to identify and
respond to new opportunities for growth within our
existing client base and new clients alike. With sales
and marketing activity aligned, we are witnessing
stronger performance across both teams.
Partner Programme
In Q4 2018, we launched our Partner Programme,
allowing IT Value Added Resellers to directly sell
selected ECSC services whilst referring more
complex projects to the ECSC sales team to deliver.
In addition to our own partner recruitment, training
and support we are also collaborating with an
established distributor to leverage their existing
partners and support systems to include ECSC
services.
The Board expects the continued expansion of the
Partner Programme to have a positive impact impact
on future growth.
Technology Development
We have continued to invest in ECSC’s proprietary
software in the year, including continued
development of our Managed Services AI software
that is embedded within many of our managed
devices. The focus remains on delivery of our
technology through Managed Services. This ensures
we can provide end-users with a comprehensive
offering including appropriate in-house resource,
expert management and effective 24/7 monitoring.
Market Prospects & Organic Growth Strategy
The UK cyber security market continues to exhibit
growth as highlighted in www.statista.com, and
remains an attractive segment of the wider IT sector.
Against this backdrop, we are confident that
the organic growth strategy of ECSC remains
appropriate. Managed Services remains the
strategic focus of the Board, to build our recurring
revenue streams and target the fastest growing
segments of the market.
Key Performance Indicators
The Key Performance Indicators on page 9
were established in 2018 to enable meaningful
measurements of the Group’s performance.
Outlook
We are delighted to report such strong organic
growth for the full year, well ahead of the previous
year, with continued emphasis on building our
Managed Services recurring revenue supported by
our Consultancy Services. The team continues to
acquire new clients, deliver quality service, develop
our technologies and build a solid base for ongoing
growth. We believe we are well positioned to build on
the strong organic growth achieved in 2018 and we
look forward to the future with confidence.
Going Concern
Attention is drawn to Going Concern in the Financial
Review
Page 8
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Chief Executive Officer’s Review cont.
Performance Indicator
Rationale
2018
2017
Management Comment
Revenue Growth
Measurement of the success of
the organic growth strategy
35%
9%*
A strong year, compared with the
long-term average of approximately
20% per year
Visibility of the success of
increasing the percentage
of revenue from long-term
recurring revenues
Visibility of the success of
increasing the percentage
of revenue from long-term
recurring revenues
Combined measurement of
new client contracts together
with renewals of existing client
contracts
46%
25%*
This reflects new contract wins,
renewals and contract expansions
29%
27%*
It remains the strategy to increase
this proportion
£2.5m
N/A
The best overall measure of
progress and future managed
services revenue
Managed Services
Recurring Revenue
Growth
Managed Service
Recurring Revenue
Proportion
Managed Services
Order Book
Managed Services
Gross Margin
Delivery efficiency measurement
53%
33%*
Consulting Repeat
Revenue
Quasi-recurring from longer-
term consulting clients
78%
68%
Consulting Gross
Margin
Contract Liabilities
Delivery efficiency measurement
57%
50%
Contracted and invoiced revenue
where performance obligations
have yet to be settled
£0.9m £0.8m*
Measuring the increased leveraging
of IPO investment in delivery
capacity
Given consulting growth of 27%,
this represents significant client
retention
A reflection on capacity required
for growth and management of
consultant workload
This will reflect growth in
long-term client relationships,
particularly managed services
* Restated for 2017 and showing like-for-like comparison, due to IFRS 15 adoption from 1 January 2018
Ian Mann
Chief Executive Officer
12 March 2019
Page 9
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Cyber Security Experts
For Almost Two Decades
ECSC Group plcAnnual Report Year ended 31 December 2018�Cyber Security Challenges for Organisations
Knowing how secure they are
Dealing with a cyber security breach
There is increasing pressure on Senior Management
to demonstrate that they have effective cyber
security defences in place, which has only been
heightened further by the introduction of the General
Data Protection Regulation (“GDPR”).
The challenge for many organisations is that they
don’t have direct experience of dealing with a
serious cyber security breach, meaning they are
often unequipped to understand the situation and
therefore the best course of action.
For many organisations, understanding their critical
systems and the realistic threats they face is a
challenge in itself.
Related ECSC Solution: Cyber Security Review,
Testing
Achieving cyber security standards
Organisations are increasingly required to
demonstrate via external verification, their own
cyber security capabilities to their clients and
stakeholders.
The increased focus on breach prevention,
and mandatory GDPR breach reporting mean
demonstrating a ‘defensible position’ has never been
more important.
Related ECSC Solution: ISO 27001, PCI DSS, Cyber
Essentials Certifications
Finding technologies that actually deliver
Many organisations are influenced by the latest
technologies and all that the endless features/
benefits promise, only to find that they don’t have
sufficient in-house resource to maximise the
effectiveness of these technologies.
However great the promise, technology cannot
replace the need for real people.
Related ECSC Solution: Managed Services
Related ECSC Solution: Incident Response Retainer
Detecting cyber security breaches 24/7/365
With many organisations now recognising that
cyber criminals don’t work typical business hours,
monitoring and detecting 40 hours a week is not
enough.
In order to deliver a 24/7/365 service, organisations
would need to employ a minimum of six dedicated
and qualified security analysts in addition to
investing in the right monitoring and detection
systems.
Related ECSC Solution: Managed Services,
Outsourced Security Operations Centre
“We have been working with ECSC
for many years and the relationship is
excellent.”
Network Security Manager
Travel and Leisure Industry
Page 11
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Cyber Security Experts
For Almost Two Decades
Employee Engagement Survey
“Hands down the
best company I’ve
ever worked for”
“We celebrate each
other’s successes”
“Fantastic team
spirit where
everyone digs in”
100%
believe their work
influences the
success of the
company
96%
feel proud of this
company
100%
believe their team
supports each other
to be the best they
can be
Sample response to our latest Employee Engagement Survey
Page 12
ECSC Group plcAnnual Report Year ended 31 December 2018�Chief Operating Officer’s Overview
Our people are our strength. The Company
recognises that the recruitment and retention of
cyber security expertise is central to our continued
success. It is our mission to attract, and develop,
the best people, technology and methodologies
to help our clients meet the challenge of making
their use of information and communications
technologies more secure – our employees are
central to the delivery of this mission.
We pride ourselves on developing and nurturing
talent and expertise in this fast paced environment.
Talent is sought from universities across the country
and we offer student placements, apprenticeships
and graduate roles. We select the best consultants,
testers and engineers, with varying levels of
experience, and a range of expertise, and ensure
they are supported in their development and cyber
security careers.
The company has clearly defined values upon which
our culture and behaviours are based:
Excellence : We motivate our teams to foster a
commitment to exceed expectations, for the clients,
the company, and each other.
Communication : Our organisation is filled
with knowledgeable, experienced highly-skilled
professionals, where everyone’s views are valued and
considered, ensuring we can deliver the highest level
of services for our clients.
Synergy : Through a combined effort of our teams,
and with our leading industry professionals, we
achieve common goals, service success and a total
effect that is greater through working together.
Challenge : We believe we work at our best if we
enjoy what we do for our clients, so we work with
people who like to solve problems, have a thirst for
knowledge, who enjoy delivering the best solutions,
and are motivated to be the best they can be.
We are proud of the team spirit we promote and
aim to recruit like-minded, forward-thinking people,
who are passionate about security, and appreciate
our strong culture which permeates through the
company and into the delivery of excellent service to
our clients.
Regular Employee Engagement surveys are carried
out to gauge employee satisfaction in their roles
and are consistently encouraged by the positive
responses.
The hard work and focus of our team has enabled
our continuing progress and their support in
delivering against our mission and growth strategy
has been unwavering. We are very proud to have
a team of this calibre and thank them for their
continued hard work and contribution.
Lucy Sharp
Chief Operating Officer
12 March 2019
“Very high level information security
professional organisation. As someone
currently delivering an information
security management system, I have
found them, at all levels, to be focused,
knowledgeable and supportive. You
don’t always get what you pay for in life,
with GDPR, mistakes could be critical
to business survival, I wouldn’t put my
company’s money anywhere else.”
Infrastructure Project Manager
Automobiles and Parts Industry
Page 13
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Strategic Report for the year ended 31 December 2018
Financial Review
Principal Activities
The principal activity of the Group during the year continued to be the provision of professional cyber security services, including
Consulting, Managed Services and the sale of Vendor Products.
Comparative Financial Information
The Comparative figures in these statutory accounts have been restated to adopt IFRS 15 (see note 4.3).
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
Revenue
Consulting
Managed Service
Vendor Products
Other
Gross Profit
Consulting
Managed Service
Vendor Products
Other
EBITDA (Adjusted)*
Other Income
Sales & Marketing Costs
Administration Expenses
EBITDA**
Share Based Payments
Exceptional Items
Depreciation and Amortisation
Operating (Loss)/ Profit (Adjusted)*
Operating (Loss)/ Profit
* Adjusted Operating Loss and EBITDA excludes one-off charges and share based charges.
* * EBITDA is defined as Earnings before Interest, Tax, Depreciation and Amortisation.
(As defined in note 26 in the Financial Statement)
3,122
1,745
228
287
5,382
1,783
923
42
(8)
2,740
152
(1,817)
(1,710)
(635)
(111)
(120)
(866)
(392)
(1,027)
(1,258)
2,449
1,118
168
263
3,998
1,228
364
38
15
1,645
121
(2,545)
(2,160)
(2,939)
(93)
(275)
(3,307
(254)
(3,193)
(3,561)
Adjusted KPI’s are used by the Group in order to understand underlying performance and exclude items which distort compatibility, as well as being
consistent with public broker forecasts and measures. The method of adjustments are consistently applied but may not be comparable with those
used by other companies. Items that have been excluded include Share based charges and one-off charges.
Page 14
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Strategic Report for the year ended 31 December 2018 (cont.)
Financial Review (cont.)
Revenue & Organic Growth
Total revenue in the year ended 31 December 2018 was £5.38m, up 34.6% on the comparable prior period (revenue in the 12 months
ended 31 December 2017 was £4.00m). Within this, Consulting revenue grew by 27% to £3.12m (2017: £2.45m).
Managed Services division revenue rose by 56% in the year to £1.75m (2017: £1.12m). This includes Incident Response revenues
which rose to £0.18m (2017: £0.05m).
Vendor Products revenue in the year grew by 35.7% to £0.23m, (2017: £0.17m).
Due to the adoption of IFRS 15, revenues (Manage Service) in 2017 was reduced by £117k giving a contract liability of £117k. Further
information on the impact of IFRS 15 is included in Note 4.3 to the Financial Statements.
Margin Generation
Gross Profit for the year was £2.74m, yielding a 51% margin (2017: £1.65m, yielding a 41% margin). This was due to improved
margins in both Consulting and Managed Service.
The Consulting margin rose to 57% in the year (2017: 50%). This was due to the current pool of Consultants now better matched to
our activity levels, the Board expects the Consulting margin to remain at a similar level in the future.
The Managed Services margin rose to 53% (2017: 33%), with the increase being a direct result of new contracts utilising the capacity
built in 2017.
Cost Restructure & Exceptional Costs
During the first quarter of the year ended 31 December 2018, the Directors continued to undertake a cost restructure to reduce the
operating losses of the Group and reduce the rate of cash burn following the rapid scale-up of the previous year.
The objective was to reduce the operating cost base by £45,000 per month, which was achieved by reducing headcount and by stricter
controls with regard overheads.
In achieving these recurring cost savings, a number of one-off, exceptional costs were incurred, including payments in lieu of notice
and lease cancellation costs. These exceptional costs totalled £0.12m (2017: £0.28m) (see note 27) in the year, the bulk of which
were incurred in the first half of the year.
EBITDA & Operating Loss
Adjusted EBITDA for the year, which excludes one-off charges and share based charges, was a loss of £0.64m (2017: loss of £2.94m).
EBITDA for the year was a loss of £0.87m (2017: loss of £3.31m).
Adjusted Operating Loss for the year, which excludes one-off charges and share based charges, was £1.03m (2017: loss of £3.19m).
The Operating Loss in the year was £1.26m (2017: loss of £3.56m).
Cash Flow
The cash balance at the start of the year was £1.6m. During the year, the cash balance has fallen due to the EBITDA loss (£0.87m),
capital expenditure (£0.15m), and development costs (£0.18m).
During the year, the Group received a refund of £0.12m from HMRC in respect of a surrender of R&D Tax Credits from earlier
periods.
Page 15
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Strategic Report for the year ended 31 December 2018 (cont.)
Financial Review (cont.)
The cash balance at 31 December 2018 was £0.65m. The closing cash balance is as budgeted, and, together with more active
management of the Company’s debtors, provides a solid base for the Company’s growth plans for the year ahead.
Balance Sheet
The Group’s Balance Sheet as at 31 December 2018 had Net Assets of £1.04m (2017: £2.17m). Retained Earnings and Distributable
Reserves as at 31 December 2018 were a cumulative loss of £4.91m (2017: cumulative loss of £3.68m).
Going Concern
The Directors have assessed the going concern status of the Group by reference to a number of factors. In particular, the Directors
have considered the strong rate of growth in the cyber security market; the fact that business continues to attract new clients and
is not overly dependent on any single client; the fact that the business continues to retain key staff following the restructuring, the
fact that the business has no Corporation Tax liability to HMRC and that the Group has only modest financing facilities which are not
subject to financial covenants. Moreover, having reduced the monthly operating losses significantly by way of the cost restructure
(see section cost restructure & exceptional costs, page 21), the rate of cash burn has also been significantly reduced.
In undertaking their review, the Directors have prepared financial projections for the years ending 31 December 2019 and 2020, a
review which assumed continued revenue growth and cost efficiency.
In the event that this revenue and cost performance is not achieved, the Directors have also considered a sensitivity analysis based
on lower revenue growth and have formulated contingency plans for this scenario, which enable the Group to preserve its financial
resources.
As such, the Directors have concluded that the cash balance at 31 December 2018 is sufficient to fund the ongoing growth and
development of the Group and to meet its liabilities as they fall due for at least the 12 months from the date of approval of the
financial statements.
IFRS 15
The Directors adopted the application of IFRS 15: Revenue from contracts with customers from 1 January 2018, applying the fully
retrospective method of transition. The core principle is that revenue should only be recognised as the client receives the benefit
of the goods or services provided under a commercial contract, in an amount that reflects the consideration to which the provider
expects to be entitled for the transfer of the goods or services.
Further information on the impact of IFRS 15 is included in Note 4.3 to the Financial Statements.
Dividend
The Board has not declared a dividend for the year ended 31 December 2018 (2017: £nil).
David Mathewson
Non-Executive Chairman
12 March 2019
Page 16
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Strategic Report for the year ended 31 December 2018 (cont.)
Principal Risks and Uncertainties
ECSC Group plc (‘ECSC’ or ‘the Company’ or ‘the Group’) is exposed to a number of Macro, Business and Financial risks. The
Directors take a proactive approach to the identification and mitigation of these risks.
Summary of Risks
The most significant risks to the Group are summarised in the table below. These risks are explained in further detail following the
summary. The table does not include all the potential risks associated with Group activities and are not in any order of priority.
Principal Risks
Economic conditions
Mitigating Actions/Factors
Expenditure on cyber security has become non-discretionary in nature and
is less sensitive to economic fluctuations
Rapid technological change
Investment in proprietary intellectual property
Competition
Cyber security breach
Reputation
Dependence on key personnel
Ability to recruit and retain skilled personnel
Maintaining a broad, full-service offering
Certifications to ISO 27001, PCI DSS and Cyber Essentials; avoidance of
technologies associated with common security breaches
Consistent focus on legal, financial, regulatory and technological
compliance
Board and Senior Management structure and remuneration is designed to
reduce the risks associated with the loss of any single person
Ongoing development of a wide range of employee benefits and incentives,
career progression and technical development
Reliance on key systems
Disaster recovery and business continuity plans
Client acquisition
Client retention
Future funding requirements
Macro Risks
Economic Conditions
Sale team training and development, partner programme, and expanded
marketing activities.
Expanded service delivery function and service management layer
Flotation on the Alternative Investment Market of the London Stock
Exchange
The Group could be affected by national and international economic factors outside its control, including an economic slowdown,
changes in the monetary and fiscal policies of the Government, exchange rate fluctuations, commodity price volatility, inflation,
increases in interest rates and banking sector conditions.
Any UK economic downturn, either globally or locally, may have an adverse effect on the demand for the Group’s services. A more
prolonged economic downturn may lead to an overall decline in the volume of the Group’s activities and sales, restricting the Group’s
ability to realise a profit.
However, given the proliferation of cyber security breaches and the damage caused, in financial and reputational terms, expenditure
by corporates on cyber security is increasingly of a non-discretionary nature, such that demand has become less sensitive to general
economic fluctuations.
Page 17
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Strategic Report for the year ended 31 December 2018 (cont.)
Principal Risks and Uncertainties (cont.)
Geopolitical Risks
The Group’s operations now or in the future may be adversely affected by factors outside the control of the Group, including election
results, changes in Government policy, terrorist activities, labour unrest, civil disorder and political upheaval, war, subversive
activities and sabotage, fires, floods, natural disasters and epidemics.
Brexit
The current political impasse, and resulting business uncertainty is likely to be impact on decisions regarding significant investment.
For ECSC, this could lead to delays in closing significant managed service contracts.
The Board has considered the impact of the UK’s decision to leave the European Union and concluded that, since 97% of revenue
(see note 6) is generated in the UK, the impact of any future potential barriers to free trade are unlikely to directly impact the Group.
However, there is potential to impact our clients and therefore their cyber security budgets.
Business Risks
Technology
The markets in which the Group operates are characterised by rapid technological change, changes in client requirements, frequent
product and service introductions employing new technologies, and the emergence of new industry standards and practices that
could render the Group’s existing technology and services obsolete.
In order to compete successfully, the Group will need to continue to improve its services, and to develop and market new products
that keep pace with technological change. This may place strain on the Group’s capital resources, which may adversely impact the
revenues and profitability of the Group.
The success of the Group depends on its ability to anticipate and respond to technological changes and client requirements in a
timely and cost-effective manner. There can be no assurance that the Group will be able to effectively anticipate and respond to
technological changes and client needs in the future.
Intellectual Property
In order to mitigate Technology risk and maximise its competitive advantage, the Group seeks to protect its intellectual property.
Much of the Group’s intellectual property is not of a nature that is capable of registration, so protection of intellectual property relies
on maintaining the confidentiality of know-how, methodologies and processes which, in turn, are largely dependent on people. There
is a risk that if the confidentiality of the Group’s intellectual property were compromised, this could lead to a loss of competitive
advantage. To mitigate this risk, the Group employs strict terms of confidentiality in its standard terms of employment.
The Group’s software is largely developed in-house. However, some aspects of it are based on open-source licences such as the
General Public Licence (a widely used form of licence within the free and open-source code software domain), which oblige ECSC to
provide access to the source code of the relevant software package if a client requests it. There is a limited risk that ECSC could be
pursued by way of enforcement action in this area, which may have a material adverse effect on the Group’s performance.
Competition
There can be no guarantee that the Group’s current competitors or new entrants to the market will not bring superior technologies,
products or services to the market, or equivalent products at a lower price, which may have an adverse effect on the Group’s
business. Such companies may also have greater financial and marketing resources than the Group. These competitive risks are
mitigated by maintaining a full service offer, spanning Consulting and Managed Services, with a strategic focus on expanding the
recurring revenue base from retained clients, underpinned by a proactive account management process.
Page 18
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Strategic Report for the year ended 31 December 2018 (cont.)
Principal Risks and Uncertainties (cont.)
Cyber Security Breach
As with all providers in this sector, the potential embarrassment and reputational impact of a major cyber security breach for ECSC
itself is significant. However, ECSC manages this risk in a number of ways:
External certification to international security standards, such as ISO 27001 and PCI DSS.
•
• Avoidance of technologies commonly targeted for attack – ECSC makes extensive use of Linux-based technologies, including all
operational desktop PCs and laptops, and does not support Bring Your Own Device (BYOD) policies for any company business,
including for Associate Consultants.
The Company directs the same level of security expertise at its own security as to that of its clients, avoiding the common issue
with IT companies that their own internal IT is managed by a less capable internal team than their client-facing delivery team.
•
Reputation
The Group’s reputation, in terms of the services it provides, the manner in which it conducts its business and the financial
performance it achieves, are central to the Group’s success.
The Group’s services, and the software on which they are based, are complex and may contain undetected defects when first
introduced. Such defects could damage the Group’s reputation, ultimately leading to an increase in the Group’s costs or reduction in
its revenues.
Other issues that may give rise to reputational risk include, but are not limited to, failure to deal appropriately with legal and
regulatory requirements in any jurisdiction (which may result in the issuance of a warning notice or sanction by a regulator or
an offence being committed by a member of the Company or any of its employees or Directors), money-laundering, bribery and
corruption, factually incorrect reporting, staff disputes, fraud (including on the part of clients), technological delays or malfunctions,
the inability to respond to a disaster, lack of data privacy, and poor record-keeping.
In addition, failure to meet the expectations of clients, suppliers, employees, shareholders, regulators and other business partners
may have a material adverse effect on the Group’s reputation.
To mitigate these varied risks, the Group has adopted a strict and thorough approach to compliance, investing resources to meet
relevant legal, financial, regulatory and technological standards and requirements.
Dependence on Directors and Senior Management
The Group’s performance is substantially dependent on the continued services and performance of its Directors and senior
management. Although certain Directors and key personnel have entered into Service Agreements or Letters of Appointment with
the Group, there can be no assurance that the Group will retain their services. The loss of the services of any of the Directors or key
personnel may have a material adverse effect on the business, operations, relationships and/or prospects of the Group.
The risk of loss of a Director or member of senior management is mitigated by offering market competitive remuneration for key
roles, including appropriate levels of equity incentivisation via the share option schemes of the Group.
Ability to Recruit and Retain Skilled Personnel
The Group believes that it has the appropriate incentivisation structures to attract and retain the calibre of employees necessary to
ensure the growth and development of the Group. However, any difficulties encountered in hiring appropriate employees and the
failure to do so may have a detrimental effect upon the trading performance of the Group. The ability to attract new employees with
the appropriate expertise and skills cannot be guaranteed.
Page 19
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Strategic Report for the year ended 31 December 2018 (cont.)
Principal Risks and Uncertainties (cont.)
Reliance on Key Systems
The Group’s dependency upon technology exposes it to significant risk in the event that such technology or the Group’s systems
experience any form of damage, interruption or failure.
The Group’s systems are vulnerable to damage or interruption from events including:
•
•
•
•
power loss and infrastructure failure;
fire or physical destruction;
computer hacking activities; and
acts of criminal damage or terrorism.
Any malfunctioning of the Group’s technology and systems, or those of key third parties, even for a short period of time, could
result in a lack of confidence in the Group’s services, the termination of client contracts and potential claims for damages, with a
consequential material adverse effect on the Group’s operations and performance.
The Group has a well considered, certified and regularly rehearsed disaster recovery and business continuity plan to mitigate this
risk.
New Client Acquisition and Retention of Existing Clients
The Group’s future success depends on its ability to increase sales of its services and products to new clients, increase sales to its
existing clients, and maintain existing client contractual relationships.
The rate at which new and existing clients purchase services and existing clients renew their contracts depends on a number of
factors, including the efficacy of the Group’s services and the utility of the Group’s new offerings, as well as factors outside of the
Group’s control, such as clients’ perceived need for security solutions, the introduction of services by the Group’s competitors that
are perceived to be superior to the Group’s services, end clients’ IT budgets and general economic conditions. A failure to increase
sales as a result of any of the above could materially adversely affect the Group’s financial performance and position.
Failure to Develop, Launch and Market New Services
The Group’s long-term growth and profitability is dependent on its ability to develop and successfully launch and market new
services. The Group’s revenues and market share may suffer if it is unable to successfully introduce new products in a timely fashion
or if any new or enhanced products or services are introduced by its competitors that its customers find more advanced and/or better
suited to their needs.
While the Group continuously invests in research and development to develop products in line with client demand and expectations,
if it is not able to keep pace with product development and technological advances, including shifts in technology in the markets in
which it operates, or to meet client demands, this could have a material adverse effect on the Group’s financial performance and
position.
Page 20
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Strategic Report for the year ended 31 December 2018 (cont.)
Principal Risks and Uncertainties (cont.)
Financial Risks
Future Funding Requirements
Although not presently anticipated by the Directors, the Group may need in the future (more than twelve months) to raise equity
or debt capital to fund future acquisitions, expansion and/or business development. There can be no guarantee that the necessary
funds will be available on a timely basis, on favourable terms, or at all, or that such funds, if raised, would be sufficient. If the Group
is not able to obtain additional capital on acceptable terms, or at all, it may be forced to curtail or abandon acquisition opportunities,
expansion and/or business development. The above could have a material adverse effect on Group performance.
This risk is partially mitigated by the Group’s quotation on the Alternative Investment Market of the London Stock Exchange, which
provides a conduit to equity investors.
David Mathewson
Non-Executive Chairman
12 March 2019
Page 21
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Board of Directors
The Board of ECSC Group plc comprises two Executive Directors
and two Non-Executive Directors.
Lucy Sharp (age 39)
Chief Operating Officer
Lucy has over 18 years of experience in the cyber-security
sector, having joined ECSC at its inception. Lucy worked as
an ISO 27001 consultant, leading this area prior to taking the
position of Operations Director in 2012. Lucy has held a number
of professional certifications, including CISSP, PCI QSA, and ISO
Lead Auditor. Whilst working at ECSC, Lucy completed a Masters
in Business Management at Leeds Metropolitan University.
Elizabeth Gooch MBE (age 57)
Non-Executive Director
Elizabeth Gooch is an award-winning UK tech entrepreneur,
having started her career in industry, joining Forward Trust (a
subsidiary of Midland Bank) and then Birmingham Midshires
Building Society, before establishing eg solutions in 1988.
She pioneered the introduction of industrial production
management methodologies into the service sector and
invented the eg operational intelligence ® software suite to
embed these techniques into businesses. eg was listed on the
Alternative Investment Market and was acquired by a major
US Software Company in 2017. Elizabeth was named as one
of The Telegraph’s Most Disruptive Entrepreneurs and West
Midlands Woman of the Year for her Outstanding Contribution
to Technology. She was made a Member of the Order of the
British Empire in the Queens Jubilee Birthday Honours 2012, in
recognition of her achievements in delivering significant benefits
for clients with the products she designed. Elizabeth is now
CEO of The Tech Growth Factory; a company she established to
assist the founders of small technology companies achieve their
growth potential.
Elizabeth Gooch is the independent Non-Executive Director
following the Board reorganisation during March and April 2018.
The Board has slimmed down to two Non-Executive Directors
and two Executive Directors. David Mathewson Non-Executive
Director Chairman is a Charted Accountant and has been
overseeing the finance function from April 2018. The Board has
considered its independence and effectiveness, and is satisfied
to the degree of competence and efficient in place.
Elizabeth Gooch is the independent Non-Executive Director
following the Board reorganisation during March and April 2018.
The Board has slimmed down to two Non-Executive Directors
and two Executive Directors. David Mathewson Non-Executive
Chairman is a Charted Accountant and has been overseeing the
finance function from April 2018. The Board has considered its
independence and effectiveness, and is satisfied to the degree of
competence and efficient in place.
The Board is responsible for the formulation of business
strategy, operational execution, financial performance and
compliance. The Executive Directors are responsible for day-
to-day operational and financial management, whilst the
Non-Executive Directors are responsible for delivering effective
corporate governance.
The profile of each Director is as follows:
David Mathewson (age 71)
Non-Executive Chairman
David is a Chartered Accountant who has spent most of his
career in merchant banking and as a non-executive director.
He was an Executive Director of Noble Grossart Limited,
Scotland’s premier merchant bank, for many years. Previous
non-executive roles include Chairman of Sportech Plc and he
was also a Director of Playtech Group plc. During his tenure at
Playtech, he was appointed Chief Financial Officer and oversaw
the company move from AIM to the Main Market of the London
Stock Exchange. He is currently a Non-Executive Director of AIM
traded SEC SPA, an Italian company, also traded on AIM, and
Chairman of Bioflow Ltd. The Board has reviewed David’s time
commitment from his other directorships and has concluded
that they average six to seven working days per month. The
Board is therefore comfortable that David has sufficient available
capacity to carry out his duties as a Non-Executive Chairman of
ECSC Group plc.
Ian Mann (age 51)
Chief Executive Officer
Ian has over 18 years of experience in the cyber-security sector,
having founded ECSC. He was previously an advisor for GCHQ,
and established a Cisco Networking Academy for Dixons City
Technology College. Ian’s professional certifications include
CISSP, PCI QSA, and ISO Lead Auditor. Ian holds a B.Eng. in
Electrical and Electronic Engineering from the University of
Nottingham, and an MBA from the Open University.
Page 22
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Directors’ Report for the year ended 31 December 2018
Principal Activities and Review of the Business
The principal activity of the Group during the year continued to be the provision of professional cyber security services. Future
developments of the Group have been reviewed as part of the Strategic Report.
Principal Risks and Uncertainties
For information on the principal risks and uncertainties of the Group, please see pages 17 to 21 of the Strategic Report.
Results and Dividends
The loss for the period, after taxation, amounted to £1,238k (2017: loss of £3,526k). The Board has not declared a dividend for the
year ended 31 December 2018 (2017: £nil).
Going Concern
The Directors are satisfied that the Group has sufficient financial resources to continue to operate for the foreseeable future, which
is considered to be at least the 12 months from the date of approval of the financial statements. For this reason, the going concern
basis is considered appropriate for the preparation of the financial statements (for more information see note 4.2 to the Financial
Statements).
Research and Development
Research and development activities are grouped into three broad areas:
Proprietary software, operating systems, applications, tools and documentation used to provide Managed Services.
•
• Proprietary software, tools and techniques used to provide Consulting Services.
• Core internal business systems to support revenue generating activities.
Chairman Corporate Governance
Overview
As Chairman of the Board of Directors of ECSC Group plc it is my responsibility to ensure that ECSC has both sound corporate
governance and an effective Board. As Chairman, my responsibilities include leading the Board effectively, overseeing the Company’s
corporate governance model, communicating with shareholders, and ensuring that good information flows freely between Executives
and Non-Executives in a timely manner.
ECSC Group plc has adopted the QCA Corporate Governance Code in line with the London Stock Exchange’s recent changes to
the AIM Rules, requiring all AIM-listed companies to adopt and comply or explain non-compliance with a recognised corporate
governance code. The Board considers that the Group complies with the QCA Code so far as it is practicable having regard to the
size, nature and current stage of development of the Company, and will disclose any areas of non-compliance in the text below.
The Board believes that corporate governance is a framework which underpins the core values for running the business in which
we all believe, including a commitment to open and transparent communications with stakeholders. Further details on Corporate
Governance is on the Group’s website at https://investor.ecsc.co.uk/governance/corporate-governance.html.
Page 23
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Directors’ Report for the year ended 31 December 2018 (cont.)
QCA Principles
1. Establish a strategy and business model which promotes long-term value for shareholders
The Board has concluded that the highest medium and long-term value can be delivered to its shareholders by a focused strategy for
the Company. Details of the Business strategy can be found on page 7.
2. Seek to understand and meet shareholder needs and expectations
The Group is strongly committed to the maintenance of good investor relations and seeks, wherever possible, to build a relationship
of mutual understanding with both its institutional and private client investors. The Company communicates how it is governed and
is performing through its Annual Report and Accounts, full-year and half-year announcements, regulatory announcements and its
website: https://investor.ecsc.co.uk/. The Group have a dedicated email address investor@ecsc.co.uk for shareholder enquiries.
3. Take into account wider stakeholder and social responsibilities and their implications for long-term success
The Board recognises that the long-term success of the Group is reliant upon the efforts of the employees of the Group and its
suppliers, regulators and other stakeholders. The Group prepares an annual strategic plan and detailed budget which considers a
wide range of key resources and stakeholders. Everyone within the Group is a valued member of the team, and our aim is to help
every individual achieve their full potential. We offer equal opportunities regardless of race, gender, gender identity or reassignment,
age, disability, religion or sexual orientation. See employee survey, (page 12)
4. Embed effective risk management, considering both opportunities and threats, throughout the organisation
The Board attaches considerable importance to the Company’s system of internal control and risk management. An ongoing process
has been established for identifying, evaluating, and managing the significant risks faced by the Group. Details of key risks to the
business can be found on pages 17.
5. Maintain the board as a well-functioning, balanced team led by the Chair
ECSC is controlled by the Board of Directors , details of the Board and the roles can be found on pages 22.
6. Ensure that between them the Directors have the necessary up-to-date experience, skills and capabilities
The Directors have both a breadth and depth of skills and experience to fulfil their roles and deliver the strategy of the Group for the
benefit of the shareholders over the medium to long-term. The Group believes that the current balance of skills in the Board as a
whole, reflects a very broad range of commercial and professional skills. The Directors continue to develop their skill set and keep up
to date with current regulations in their prospective markets.
Details of the Directors’ experience and areas of expertise are outlined on pages 22.
7. Evaluate board performance based on clear and relevant objectives, seeking continuous improvement
The Board informally review board performance as part of the day to day running of the business. ECSC Group plc has yet to carry
out a formal assessment of board effectiveness and the board will keep this under consideration and put in procedures when it is
felt appropriate.
The Company has adopted a code for Directors’ and employees’ dealings in securities which is appropriate for a company whose
securities are traded on AIM, and is in accordance with the requirements of the Market Abuse Regulation which came into effect in
2016.
Page 24
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Directors’ Report for the year ended 31 December 2018 (cont.)
8. Promote a corporate culture that is based on ethical values and behaviours
The company has clearly defined values upon which our culture and behaviours are based. These are outlined in the Chief Operating
Officer’s Overview on page 13.
9. Maintain governance structures and processes that are fit for purpose and support good decision-making by the board
The Board is committed to, and ultimately responsible for, high standards of corporate governance, and has chosen to adopt the QCA
Code. We review our corporate governance arrangements regularly and expect to evolve these over time, in line with the Group’s
growth. The Board delegates responsibilities to Committees and individuals as it sees fit, with the Chairman being responsible for
the effectiveness of the Board, and the Executive Directors being accountable for the management of the Company’s business and
shareholder liaison.
10. Communicate how the company is governed and is performing by maintaining a dialogue with shareholders and other relevant
stakeholders
The Board is strongly committed to the maintenance of good investor relations and to having constructive dialogue with its
shareholders. Executive Directors and Chair seek to meet with shareholders and other investors/potential
investors at regular intervals during the year.
Page 25
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Directors’ Report for the year ended 31 December 2018 (cont.)
Committee Chairman
This report sets out information about the remuneration of the Directors of the Company for the year ended 31 December 2018. As
a company admitted to AIM, ECSC Group is not required to prepare a Directors Remuneration report. However, the board supports
the principle of transparency and has prepared this report in order to provide information to shareholders on Directors remuneration
arrangements.
THE REMUNERATION COMMITTEE
Committee Composition
Elizabeth Gooch MBE was appointed chair of the Committee on 16 April 2018. The other member of the committee is David
Mathewson.
Committee Responsibilities
The Remuneration Committee’s primary purpose is to ensure that the remuneration packages of the senior and most highly
rewarded team at ECSC Group are both aligned to the company’s purpose and values and linked to the successful delivery of the
company’s long-term strategy.
Committee Meetings
The Remuneration Committee met at least four times in the period from April 2018, with other board members in attendance as
appropriate. The Committees main activities during the year included:
• Reviewed Committee Terms of Reference and made recommendations to the board for update
• Oversaw a benchmarking exercise for Director’s Remuneration and approved proposals for changes in the remuneration of
Directors for the forthcoming period.
• Agreed individual share option awards
• Agreed targets and performance measures for bonus payments for the forthcoming financial period
• Administered the group’s share schemes
PricewaterhouseCoopers LLP were consulted during the year to provide market guidelines for the remuneration of the Executive and
Non-Executive Directors and an overview of potential long-term incentive designs.
In determining the Directors remuneration for the year, the Committee consulted Ian Mann, Chief Executive and Lucy Sharp, Chief
Operating Officer about its proposals.
Directors’ Interests and Remuneration
The Directors who held office during the period were as follows:
David Mathewson
Ian Mann
Lucy Sharp
Elizabeth Gooch (appointed 16 April 2018)
Nigel Payne (resigned from Board 5 April 2018)
Stephen Hammell (resigned from Board 13 April 2018)
Stephen Vaughan (resigned from Board 13 April 2018)
Page 26
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Directors’ Report for the year ended 31 December 2018 (cont.)
Audit Committee
The duties of the Audit Committee are to consider the relationship with the Company’s auditor (appointment, re-appointment and
terms of engagement), to review the integrity of the Company’s financial statements, to keep under review the appropriateness of
the Company’s accounting policies, and to review the effectiveness and adequacy of the Company’s internal financial controls. In
addition, it will receive and review such reports as it from time to time requests from the Company’s management and auditor. The
Audit Committee meets at least twice a year and has unrestricted access to the Company’s auditor. The Audit Committee comprises
David Mathewson and Elizabeth Gooch and is chaired by David Mathewson.
Nomination Committee
The duties of the Nomination Committee are to consider the structure, size and composition of the Board and make
recommendations to the Board with regard to any changes. It is also responsible for identifying and nominating candidates to fill
Board vacancies as and when they arise. The Nomination Committee also makes recommendations to the Board concerning, among
other things, plans for succession for both Executive and Non-Executive Directors. It meets at least twice a year. The Nomination
Committee comprises Elizabeth Gooch and David Mathewson and is chaired by David Mathewson.
Disclosure Committee
The Disclosure Committee is the first point of contact with the Nominated Adbisor (“NOMAD”) for all routine and non-routine matters
which the NOMAD wishes to discuss with the Board and shall carry out duties to ensure the Company’s compliance with the AIM
Rules and Market Abuse Regulations. The Disclosure Committee meets twice a year and comprises David Mathewson and Elizabeth
Gooch and is chaired by David Mathewson.
Attendance at Board and Committee meetings
There were twelve Board meetings held during the year, all of which were attended by Ian Mann, Lucy Sharp and David Mathewson.
Elizabeth Gooch joined the Board during April and therefore attended 9 Board meetings during the year.
The Audit Committee had two meetings during the year at which both Elizabeth Gooch and David Mathewson attended.
Page 27
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Directors’ Report for the year ended 31 December 2018 (cont.)
The following Directors had interests in the ordinary shares of the Company as at 31 December 2018:
David Mathewson
Ian Mann
Lucy Sharp
Elizabeth Gooch
Number of
Ordinary
Shares
35,419
2,248,690
230,419
50,000
% of Issued
Share
Capital
0.39%
24.71%
2.53%
0.55%
Details of the Directors remuneration are included in the Remuneration Report on pages 29-33.
Substantial Interests
At 31 December 2018, the Company had been notified, under the Disclosure and Transparency Rules, of the following major
shareholdings and the percentages of voting rights represented by such holdings, excluding the shareholdings and associated voting
rights of the Directors noted above, as follows:
Number of
Ordinary
Shares
% of Issued
Share
Capital
Unicorn Asset Management
Ravinder Bahra
Hargreaves Lansdown
Artemis Investment Management
Phil McLear
Malcolm Hoare
John Leach
1,448,946
1,069,068
315,020
294,733
472,290
300,300
283,920
15.93%
11.75%
3.46%
3.24%
5.19%
3.30%
3.12%
Annual General Meeting
The next Annual General Meeting will take place on 19 June 2019.
Statement of Disclosure of Information to Auditors
The Directors of the Company who held office at the date of approval of this Annual Report as set out
above each confirm that:
•
•
so far as each Director is aware, there is no relevant audit information of which the Company’s auditors are unaware; and
each Director has taken all the steps that they ought to have taken as a Director in order to make themselves aware of any
relevant audit information and to establish that the Company’s auditors are aware of that information.
Auditors
BDO LLP has indicated its willingness to continue as auditor. Accordingly a resolution proposing its reappointment as auditor will be
put to the members at the next Annual General Meeting.
On behalf of the Board
David Mathewson
Non-Executive Chairman
12 March 2019
Page 28
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Renumeration Committee Report
As an AIM listed company ECSC Group plc is not required to comply with schedule 8 of the Large and Medium-sized Companies and
Groups (Accounts and Reports) Regulations 2008 as amended in August 2013. Nor is it required to comply with the principles relating
to Directors remuneration in the UK Corporate Code 2016 (“the code”). The content of this report is unaudited unless stated.
Remuneration Policy
The objectives of the remuneration policy are to ensure that the overall remuneration of Executive Directors is aligned with the
performance of the Group and preserves an appropriate balance of reward and shareholder value.
The Company’s policy is to remunerate Directors appropriately such that they are sufficiently rewarded and incentivised for their level
of responsibility, the complexity of their role and to reflect their skills and experience. The use of Annual Performance Bonuses and
equity-based incentives, linked to Company performance, helps to align the interests of the Directors and Shareholders.
The Remuneration Committee sets the level of basic pay and other benefits for Executive Directors and other Senior Managers.
It does this in line with its assessment of the appropriate market rate for the roles, wishing to be able to attract and retain good
candidates for these roles. In addition, the Company operates an Executive Annual Performance Bonus Scheme covering the
Executive Directors. The criteria for payment of bonuses (which are not pensionable if paid) are set by the Remuneration Committee
at the beginning of each financial year. The award of any bonus is decided by the Remuneration Committee at the end of the year
by reference to the objectives set for the year, the corresponding performance of the Company, and by using its discretion. The
Company also operates a share based incentive scheme as outlined below.
The Company’s policy is also that a substantial proportion of the remuneration of the Executive Directors should be performance
related in order to encourage and reward improving business performance and shareholder returns. In determining remuneration
arrangements for Executive Directors, the Committee is sensitive to pay and employment conditions elsewhere in the Cyber Security
and general IT Software and Services markets, especially when determining base salary increases.
The committee has reviewed the Remuneration Policy for the forthcoming year and has concluded that it remains appropriate for the
forthcoming three year period.
Page 29
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Renumeration Committee Report (cont.)
Remuneration for Executive Directors.
The main components of the remuneration arrangements for Executive Directors are as follows:
Purpose & Link to Strategy
Operation
Maximum Opportunity
Performance Conditions
Base Salary
To provided fixed competitive
remuneration that will attract
and retain key employees and
reflect their experience and
position in the Group.
Benefits
To provide market levels of
benefits on a cost-effective
basis.
Reviewed annually taking into
account industry-standard
executive remuneration and
pay levels elsewhere within the
sector.
Salaries for the year ended 31
December 2017 are set out
below.
None.
Private health cover for the
executive and their family, life
insurance cover of one-times
salary and a company car.
Private healthcare benefits are
provided through third-party
providers and therefore the
cost to the Company may vary
from year to year.
None.
Pension
Providing post-retirement
benefits.
The Group contributes to
individual’s personal pension
schemes
10% of base salary
None.
Annual incentive
Recognises achievements
of annual objectives which
support the short to medium
term strategy of the Group
Performance targets are set by
the Remuneration Committee
at the start of the year with
input, as appropriate, from the
Executive Directors
Executive Share Options Plan
Setting value creation
through share growth as a
major objective for Executive
Directors and senior
managers. Alignment of option
holder interests with those of
shareholders through delivery
of shares.
There is currently no Executive
Share Option Plan in operation.
The Group intend to introduce
a scheme during 2019. The
Chief Operating Officer, Lucy
Sharp, participates in the EMI
scheme. See below.
No criteria had been set
for the financial year ended
31 December 2018 while
the Group focussed on cost
reduction and EBITDA margin
improvement. Details of the
scheme for the forthcoming
period are set out below.
For the forthcoming period
payment will be based on the
achievement of stretching
targets in weighted Key
Performance Indicators linked
to the Group’s strategy
N/A
N/A
During the year the Committee commissioned a review of the salaries and rewards of the Directors, including market benchmarking
with peer companies in the Cyber Security Sector. As a result, the basic salaries of all Directors have been adjusted and a revised
Annual Performance Bonus Scheme for the Executive Directors has been introduced for the forthcoming financial period.
The new Executive Directors Annual Performance Bonus Scheme is structured so as to pay up to 60% of basic salary for the Chief
Executive and 40% of basic salary for the Chief Operating Officer based on the achievement of stretching targets in certain key
performance indicators aligned with the Group’s strategy. The bonus related Key Performance Indicators for the forthcoming period
are Revenue, EBITDA, Cash and Gross Margin and they are appropriately weighted.
Page 30
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Renumeration Committee Report (cont.)
The committee intends to introduce a Long-Term Incentive Plan (“LTIP”) for the Executive Directors during 2019. Details of the
scheme will be communicated to shareholders and any awards will be disclosed in next year’s Remuneration Committee Report.
Remuneration for Non – Executive Directors
Remuneration of the Non-Executive Directors is determined by the Board within the limits set by the Company’s Articles of
Association and is based on fees paid in similar companies, the skills required, and the expected time commitment required of
each individual. Non-Executive Directors are not entitled to pensions, annual bonuses or employee benefits. They are entitled to
participate in share option arrangements relating to the Company’s shares and both were allocated 100,000 options on 20 April 2018.
The options had an exercise price of 78pence and are subject to a three year vesting period and the performance condition that the
Company’s closing mid-market share price must exceed 200 pence for 10 consecutive business days following the vesting date. The
grant represented 2.2% of the current issued share capital of the company.
Each of the Non-Executive Directors has a letter of appointment stating his/her annual fee and that his/her appointment is initially
for a term of three years, subject to re-appointment at the AGM and renewable for further periods of three years. Their appointment
may be terminated with three months written notice at any time.
David Mathewson also oversaw the finance function on a part time basis to support the work of Gemma Basharan, Financial
Controller. This arrangement has provided the Group with a cost effective arrangement whilst improving financial reporting and
controls. Additional fees were paid to David Mathewson during the period to compensate him for these additional duties.
Following the Board re-structure in March 2018 the number of Non-Executive Directors was reduced from three to two in order to
reduce costs. The Board has decided to continue this arrangement into the forthcoming financial period and the duties of the third
Non-Executive Director will continue to be shared between David Mathewson and Elizabeth Gooch.
Annual Bonus Payments for 2018
Following the success of the financial year ended 31 December 2018, the committee resolved to pay modest bonuses (as set out
in the table below) in recognition of the performance of the Executive Directors during the year. The bonuses were paid after the
financial year end.
The annual incentive paid to Executive Directors for the year ended 31 December 2018 was 11% of the basic salary of the Chief
Executive and 14% of the basic salary of the Chief Operating Officer
Name of Director
Nigel Payne
Ian Mann
Lucy Sharp
Stephen Hammell
Stephen Vaughan
David Mathewson
Elizabeth Gooch
Total
Salary or
Fees Paid
Benefit-in-
Kind
£’000
£’000
Pension
£’000
Annual
Bonus
Share Based
Payments
Year ended
31
December
2018
Year ended
31
December
2017
£’000
£’000
£’000
£’000
10
209
103
80
9
64
25
500
-
1
10
-
-
-
11
-
20
12
6
-
-
38
-
25
15
-
-
-
40
-
-
23
-
-
5
5
33
10
255
163
86
9
69
30
622
28
237
135
82
32
32
-
546
Notes:
•
•
•
Benefits-in-Kind includes the provision of Company Cars and Private Medical insurance
Share Based Payments are stated at the cost of the award recognised in the financial period
Annual bonus paid after the year end
Page 31
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Renumeration Committee Report (cont.)
Ian Mann, Chief Executive is the highest paid Director.
Employee Benefit Expense (including Directors) during the periods amounted to:
GROUP
Year ended
31 December
2018
£’000
GROUP
Year ended
31 December
2017
£’000
COMPANY
Year ended
31 December
2018
£’000
COMPANY
Year ended
31 December
2017
£’000
4,155
476
112
4,743
4,867
536
97
5,500
3,971
427
96
4,494
4,807
514
89
5,410
Wages and Salaries
Social Security Costs
Pension Contributions
Directors Interests
Details of the Directors Shareholdings are included in the Director’s Report on page 28
Share Incentives
The Company operates an Enterprise Management Incentive (‘EMI’) Scheme. The EMI Scheme provides the opportunity for eligible
Directors and employees to buy ECSC ordinary shares at a future date in accordance with the scheme rules. The options are subject
to the option holder’s continuing employment, are not transferable, and have a life of 10 years. All grants under the scheme are
subject to approval by the Remuneration Committee.
In August 2018 the Company granted options over 185,000 shares at an exercise price of 93 pence per share, subject to a 3 year
vesting period, to 14 employees. The exercise price was set by reference to the average mid-market share price over the 3 days
preceding the grant. There was a performance condition attaching to this grant, ordinary shares trade at a mid-market minimum
price of 200 pence per share over 30 consecutive trading days during the vesting period.
During the year, options over 5,000 options have lapsed, predominantly due to recipients leaving the Company, such that options over
180,000 shares remain exercisable in the future.
Outstanding Share Based Awards
The outstanding Share Based Awards of the Directors as at 31 December 2018 are:
Granted In
Year
Lapsed In
Year
Vested In
Year
End Of
Year
Price At
Grant
Exercise
Price
Name Of Director
Lucy Sharp
Stephen Hammell
Elizabeth Gooch
David Mathewson
Type Of
Reward
Share
Option
Share
Option
Share
Option
Share
Option
Date Of
Grant
19 May
2017
69,758
-
7 Dec 2017
100,000
100,000
18 Apr
2018
18 Apr
2018
100,000
100,000
-
-
-
-
-
-
69,758
497.5p
167.0p
-
132.5p
140.0p
100,000
79.0p
78.0p
100,000
79.0p
78.0p
The closing mid-market price of the Group’s shares at 31 December was 67.5 pence. During the financial year the share price
reached a high of 237.5 pence and a low of 62.3 pence.
Page 32
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Renumeration Committee Report (cont.)
Directors Service Contracts
The Service contracts and letters of appointment of Directors include the following terms:
Executive Directors
Ian Mann
Lucy Sharp
Date of Appointment
1 May 2018
30 November 2016
Non-Executive Directors
Date of Appointment
David Mathewson
Elizabeth Gooch
18 April 2018
16 April 2018
Statement of Voting at General Meeting
Notice Period
6 months
6 months
Notice Period
3 months
3 months
At the Annual General Meeting of the Company held (last years date 14 June 2018), all resolutions were passed.
Approval
This report was approved by the Directors and signed by order of the Board.
Elizabeth Gooch MBE
Chairman of the Remuneration Committee
12 March 2019
Page 33
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Statement of Directors’ Responsibilities
The Directors are responsible for preparing the Annual Report and the financial statements in accordance with applicable law and
regulations.
Company Law requires the Directors to prepare financial statements for each financial year. Under that law the Directors have
elected to prepare the financial statements in accordance with International Financial Reporting Standards as adopted by the EU.
Under Company Law the Directors must not approve the financial statements unless they are satisfied that they give a true and fair
view of the state of affairs of the Company and the Group and of the profit or loss of the Group for the reporting period. In preparing
these financial statements, the Directors are required to:
select suitable accounting policies and then apply them consistently;
•
• make judgments and estimates that are reasonable and prudent;
•
state whether applicable accounting standards have been followed, subject to any material departures disclosed and explained
in the financial statements; and
prepare the financial statements on the going concern basis unless it is inappropriate to presume that the Company will
continue in business.
•
The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Company’s
transactions and disclose with reasonable accuracy at any time the financial position of the Company and enable them to ensure that
the financial statements comply with the Companies Act 2006. They are also responsible for safeguarding the assets of the Company
and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities.
Financial information is published on the Company’s website. The maintenance and integrity of this website is the responsibility of
the Directors. The work carried out by the Company’s auditors does not involve consideration of these matters and, accordingly, the
auditors accept no responsibility for any changes that may occur to the financial statements after they are initially presented on the
website.
It should be noted that legislation in the United Kingdom governing the preparation and dissemination
of financial statements may differ from legislation in other jurisdictions.
By order of the Board
David Mathewson
Non-Executive Chairman
12 March 2019
Page 34
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Independent auditor’s report to the members of ECSC Group plc
Opinion
We have audited the financial statements of ECSC Group plc (the ‘parent company’) and its subsidiaries (the ‘Group’) for the year
ended 31 December 2018 which comprise the consolidated statement of comprehensive income, the consolidated and company
statement of financial position, the consolidated and company statements of changes in equity, the consolidated and company cash
flow statement and the notes to the financial statements, including a summary of significant accounting policies.
The financial reporting framework that has been applied in the preparation of the financial statements is applicable law and
International Financial Reporting Standards (IFRSs) as adopted by the European Union and, as regards the parent company financial
statements, as applied in accordance with the provisions of the Companies Act 2006.
In our opinion:
•
the financial statements give a true and fair view of the state of the Group’s and of the parent company’s affairs as at 31
December 2018 and of the Group’s loss for the year then ended;
the Group financial statements have been properly prepared in accordance with IFRSs as adopted by the European Union;
the parent company financial statements have been properly prepared in accordance with IFRSs as adopted by the European
Union and as applied in accordance with the provisions of the Companies Act 2006; and
the financial statements have been prepared in accordance with the requirements of the Companies Act 2006.
•
•
•
Basis for opinion
We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our
responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements
section of our report. We are independent of the Group and the parent company in accordance with the ethical requirements that are
relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we
have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have
obtained is sufficient and appropriate to provide a basis for our opinion.
Conclusions relating to going concern
We have nothing to report in respect of the following matters in relation to which the ISAs (UK) require us to report to you where:
•
•
the directors’ use of the going concern basis of accounting in the preparation of the financial statements is not appropriate; or
the directors have not disclosed in the financial statements any identified material uncertainties that may cast significant doubt
about the Group’s or the parent company’s ability to continue to adopt the going concern basis of accounting for a period of at
least twelve months from the date when the financial statements are authorised for issue.
Page 35
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Independent auditor’s report to the members of ECSC Group plc
Key audit matters
Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial
statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to
fraud) we identified, including those which had the greatest effect on: the overall audit strategy, the allocation of resources in the
audit; and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial
statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.
Key audit matter
Going Concern assessment
The directors have set out their assessment of going concern in
note 4.2 to the financial statements.
How our audit addressed the key audit matter
Our audit procedures included obtaining and examining
management’s forecasts for the next two years.
Independent Auditor’s Report to the Members of ECSC Group
plc (continued)
The group continued to be loss making for the third year running
having made a loss after tax of £1,238k (2017: £3,526k). At the
reporting date cash reduced to £650k (2017: £1,597k) and the
group had negative operating cash flows for the year of £634k
(2017: £3,062k).
We challenged management’s assumptions used in the forecast
period by considering available evidence, including actual
monthly cash generation in 2018 and revenue pipeline for 2019
and beyond, to support these assumptions.
The above factors necessitated further assessment of whether it
is appropriate to continue preparing the consolidated and parent
company financial statements on a going concern basis.
We considered this to be a key audit matter because
management’s assessment involves significant assumptions
and judgements which are based on their best estimates,
analysis of the current market conditions and the group’s
performance.
Our application of materiality
We have reviewed the disclosures made in the financial
statements both in the Strategic Report and in note 4.2 to the
financial statements. We assessed whether these adequately
and completely disclose the basis of the judgements taken
and the view formed by management with respect to the going
concern basis of preparation.
We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. We
consider materiality to be the magnitude by which misstatements, including omissions, could influence the economic decisions
of reasonable users that are taken on the basis of the financial statements. In order to reduce to an appropriately low level the
probability that any misstatements exceed materiality, we use a lower materiality level, performance materiality, to determine the
extent of testing needed. Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also
take account of the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their
effect on the financial statements as a whole.
The materiality for the Group financial statements was set at £89,000 (2017: £70,000). This was determined with reference to a
benchmark of Revenue, of which this represents 1.65% (2017: 1.65%), which we consider to be one of the principal considerations for
members of the company in assessing the financial performance of the business.
The materiality for the parent company financial statements was set at £88,000 (2017: £70,000). This has been limited to the
component materiality set for the audit of the group.
In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality
level, performance materiality, to determine the extent of testing needed. Performance materiality of £67,000 (2017: £52,500
has been set at 75% (2017: 75%) of the above materiality. This has been assessed on criteria such as historic adjustment levels,
complexity and controls of the Group.
We agreed with the Audit Committee that we would report to the committee all individual audit differences in excess of £3,500 (2017:
Page 36
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Independent auditor’s report to the members of ECSC Group plc
£2,500). We also agreed to report differences below this threshold that, in our view, warranted reporting on qualitative grounds.
An overview of the scope of our audit
Our Group audit was scoped by obtaining an understanding of the Group and its environment, including the Group’s system of
internal control, and assessing the risks of material misstatement in the financial statements at the Group level. There are two
components within the Group, of which only one is significant, the parent company, which was subject to full scope audit by the
Group audit team.
Other information
The directors are responsible for the other information. The other information comprises the information included in the Group
Strategic Report, Director’s Report and Consolidated Financial Statements, other than the financial statements and our auditor’s
report thereon. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise
explicitly stated in our report, we do not express any form of assurance conclusion thereon.
In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider
whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or
otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements,
we are required to determine whether there is a material misstatement in the financial statements or a material misstatement of
the other information. If, based on the work we have performed, we conclude that there is a material misstatement of this other
information, we are required to report that fact. We have nothing to report in this regard.
Opinions on other matters prescribed by the Companies Act 2006
In our opinion, based on the work undertaken in the course of the audit:
•
the information given in the strategic report and the directors’ report for the financial year for which the financial statements are
prepared is consistent with the financial statements; and
the strategic report and the directors’ report have been prepared in accordance with applicable legal requirements.
•
Matters on which we are required to report by exception
In the light of the knowledge and understanding of the Group and the parent company and its environment obtained in the course of
the audit, we have not identified material misstatements in the strategic report or the directors’ report.
We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you
if, in our opinion:
•
adequate accounting records have not been kept by the parent company, or returns adequate for our audit have not been
received from branches not visited by us; or
the parent company financial statements are not in agreement with the accounting records and returns; or
certain disclosures of directors’ remuneration specified by law are not made; or
•
•
• we have not received all the information and explanations we require for our audit.
Responsibilities of directors
As explained more fully in the directors’ responsibilities statement set out on page 34, the directors are responsible for the
preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as
the directors determine is necessary to enable the preparation of financial statements that are free from material misstatement,
whether due to fraud or error.
In preparing the financial statements, the directors are responsible for assessing the Group’s and the parent company’s ability
to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis
of accounting unless the directors either intend to liquidate the Group or the parent company or to cease operations, or have no
realistic alternative but to do so.
Page 37
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Independent auditor’s report to the members of ECSC Group plc
Auditor’s responsibilities for the audit of the financial statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material
misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a
high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material
misstatement when it exists.
Misstatements can arise from fraud or error and are considered material if, individually or in the
aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial
statements.
A further description of our responsibilities for the audit of the financial statements is located on the Financial Reporting Council’s
website at: www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report.
Use of our report
This report is made solely to the parent company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies
Act 2006. Our audit work has been undertaken so that we might state to the parent company’s members those matters we are
required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or
assume responsibility to anyone other than the parent company and the parent company’s members as a body, for our audit work,
for this report, or for the opinions we have formed.
Mark Langford (Senior Statutory Auditor)
For and on behalf of BDO LLP, Statutory Auditor
Leeds
United Kingdom
12 March 2019
BDO LLP is a limited liability partnership registered in England and Wales (with registered number OC305127).
Page 38
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Consolidated Statement of Comprehensive Income
For the year ended 31 December 2018
Revenue
Cost of Sales
Gross Profit
Other Income
Sales & Marketing Costs
Administration Expenses
Operating Loss before Exceptional Items
Share Based Payments
Exceptional Items
Operating Loss
Finance Income
Loss before Taxation
Taxation Credit
Loss for the Period
Other Comprehensive Income
Total Comprehensive Income for the Period
Attributed to Equity Holders of the Company
Loss per Share
Basic Loss per Share
Diluted Loss per Share
* The comparative figures have been restated in accordance with Note 4.3
Note
6
6
7
23
27
8
26
10
11
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
5,382
(2,642)
2,740
152
(1,817)
(2,333)
(1,027)
111
120
(1,258)
1
(1,257)
19
(1,238)
(1,238)
pence
(13.6)
(13.6)
3,998
(2,353)
1,645
121
(2,545)
(2,782)
(3,193)
93
275
(3,561)
6
(3,555)
29
(3,526)
(3,526)
pence
(39.0)
(39.0)
Page 39
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Consolidated Statement of Financial Position
As at 31 December 2018
ASSETS
Non-current Assets
Intangible Assets
Property, Plant and Equipment
Deferred Tax Asset
Total Non-current Assets
Current Assets
Inventory
Trade and Other Receivables
Corporation Tax Recoverable
Cash and Cash Equivalents
Total Current Assets
TOTAL ASSETS
LIABILITIES
Current Liabilities
Trade and Other Payables
Finance Leases
Total Current Liabilities
Non-current Liabilities
Deferred Tax Liability
Finance Leases
Total Non-current Liabilities
TOTAL LIABILITIES
NET ASSETS
EQUITY
Equity attributable to Owners of the Parent:
Share Capital
Share Premium Account
Share Option Reserve
Retained Earnings
TOTAL EQUITY
Note
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
12
13
10
14
15
7
16
17
18
10
18
20
20
20
20
412
398
4
814
18
1,194
155
646
2,013
2,828
(1,749)
(20)
(1,769)
-
(20)
(20)
(1,789)
1,038
91
5,661
186
(4,900)
1,038
400
491
-
891
53
1,204
122
1,592
2,971
3,862
(1,620)
(20)
(1,640)
(15)
(41)
(56)
(1,696)
2,166
91
5,661
93
(3,679)
2,166
* The comparative figures have been restated in accordance with Note 4.3
The financial statements were approved and authorised for issue by the Board of Directors on 12 March 2019 and were signed on its
behalf by:
Director
12 March 2019
ECSC Group plc
Registered Number: 03964848
Page 40
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Company Statement of Financial Position
As at 31 December 2018
ASSETS
Non-current Assets
Intangible Assets
Property, Plant and Equipment
Deferred Tax Asset
Total Non-current Assets
Current Assets
Inventory
Trade and Other Receivables
Corporation Tax Recoverable
Cash and Cash Equivalents
Total Current Assets
TOTAL ASSETS
LIABILITIES
Current Liabilities
Trade and Other Payables
Finance Leases
Total Current Liabilities
Non-current Liabilities
Deferred Tax Liability
Finance Leases
Total Non-current Liabilities
TOTAL LIABILITIES
NET ASSETS
EQUITY
Equity attributable to Owners of the Parent:
Share Capital
Share Premium Account
Share Option Reserve
Retained Earnings
TOTAL EQUITY
Note
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
12
13
10
14
15
7
16
17
18
10
18
20
20
20
20
412
398
4
814
18
1,194
155
646
2,013
2,828
(1,749)
(20)
(1,769)
-
(20)
(20)
(1,789)
1,039
91
5,661
204
(4,918)
1,039
400
491
-
891
53
1,204
122
1,592
2,971
3,862
(1,620)
(20)
(1,640)
(15)
(41)
(56)
(1,696)
2,166
91
5,661
93
(3,679)
2,166
* The comparative figures have been restated in accordance with Note 4.3
For the year ended 31 December 2018, Loss after Taxation for the Company was £1,239k (2017:loss of £3,528k)
Director
12 March 2019
ECSC Group plc
Registered Number: 03964848
Page 41
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Consolidated Statement of Changes in Equity
For the year ended 31 December 2018
Balance as at 31 December 2016 (as previously stated)
IFRS15 adjustment (see note 6)
Balance as at 31 December 2016 (as restated)
Loss and Total Comprehensive Income:
Income for the year ended 31 December 2017
Transactions with shareholders
Exercise of Equity Warrant
Grant of Share Options
Balance as at 31 December 2017 (as restated)
Balance as at 31 December 2017 (as previously restated)
IFRS 15 Adjustment (see note 6)
Balance as at 31 December 2017 (as restated)
Loss and Total Comprehensive
Income for the year ended 31 December 2018
Transactions with shareholders
Issue of shares
Grant of Share Options
Balance as at 31 December 2018 (as restated)
Share
Capital
£’000
90
90
-
1
-
91
91
91
-
-
91
Share
Premium
Account
£’000
5,512
5,512
-
149
-
5,661
5,661
5,661
-
-
5,661
Share
Option
Reserve
£’000
0
0
-
-
93
93
93
93
Retained
Earnings
£’000
(51)
(100)
(151)
Total
£’000
5,551
(100)
5,451
(3,526)
(3,526)
-
-
(3,677)
(3,460)
(217)
(3,677)
150
93
2,168
2,385
(217)
2,168
(1,238)
(1,238)
(18)
111
186
18
-
(4,897)
-
111
1,041
Page 42
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Company Statement of Changes in Equity
For the year ended 31 December 2018
Balance as at 31 December 2016 (as previously stated)
IFRS15 adjustment (see note 6)
Balance as at 31 December 2016 (as restated)
Loss and Total Comprehensive Income:
Income for the year ended 31 December 2017
Transactions with shareholders
Exercise of Equity Warrant
Grant of Share Options
Balance as at 31 December 2017 (as restated)
Balance as at 31 December 2017 (as previously restated)
IFRS 15 Adjustment (see note 6)
Balance as at 31 December 2017 (as restated)
Loss and Total Comprehensive
Income for the year ended 31 December 2018
Transactions with shareholders
Issue of shares
Grant of Share Options
Balance as at 31 December 2018 (as restated)
Share
Capital
£’000
90
90
-
1
-
91
91
91
-
-
91
Share
Premium
Account
£’000
5,512
5,512
-
149
-
5,661
5,661
5,661
-
-
5,661
Share
Option
Reserve
£’000
0
0
-
-
93
93
93
93
Retained
Earnings
£’000
(51)
(100)
(151)
Total
£’000
5,551
(100)
5,451
(3,528)
(3,528)
-
-
(3,679)
(3,462)
(217)
(3,679)
150
93
2,166
2,383
(217)
2,166
(1,239)
(1,239)
(18)
111
186
18
-
(4,900)
-
111
1,038
Page 43
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Consolidated Cash Flow Statement
For the year ended 31 December 2018
Cash Flow from Operating Activities
(Loss)/Profit before Taxation
Adjustment for:
Amortisation of Intangibles
Depreciation of Property, Plant and Equipment
Loss on Disposal of Equipment
Share Based Payment
Cash used up in Operating Activities before changes in Working Capital
Change in Inventory
Change in Trade and Other Receivables
Change in Trade and Other Payables
Cash used up in Operating Activities
Corporation Tax received
Net Cash Flow from Operations
Acquisition of Property, Plant and Equipment
Disposal Proceeds
Development Costs capitalised
Net Cash Flow used in Investing Activities
Proceeds from Issuance of Shares
Net Cash used in Financial Activities
Net (decrease)/increase in Cash & Cash Equivalents
Cash & Cash Equivalents at beginning of period
Cash & Cash Equivalents at end of period
* The comparative figures have been restated in accordance with Note 4.3
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
Note
(1,257)
(3,555)
12
13
23
14
15
17
13
12
23
16
175
217
-
111
(754)
35
(148)
111
(756)
122
(634)
(126)
(187)
(313)
-
0
(947)
1,597
650
100
154
6
93
(3,203)
(53)
(218)
233
(3,240)
178
(3,062)
(358)
17
(137)
(478)
150
150
(3,390)
4,987
1,597
Page 44
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Company Cash Flow Statement
For the year ended 31 December 2018
Cash Flow from Operating Activities
(Loss)/Profit before Taxation
Adjustment for:
Amortisation of Intangibles
Depreciation of Property, Plant and Equipment
Loss on Disposal of Equipment
Share Based Payment
Cash used up in Operating Activities before changes in Working Capital
Change in Inventory
Change in Trade and Other Receivables
Change in Trade and Other Payables
Cash used up in Operating Activities
Corporation Tax received
Net Cash Flow from Operations
Acquisition of Property, Plant and Equipment
Disposal Proceeds
Development Costs capitalised
Net Cash Flow used in Investing Activities
Proceeds from Issuance of Shares
Net Cash used in Financial Activities
Net (decrease)/increase in Cash & Cash Equivalents
Cash & Cash Equivalents at beginning of period
Cash & Cash Equivalents at end of period
* The comparative figures have been restated in accordance with Note 4.3
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
Note
(1,259)
(3,557)
12
13
23
14
15
17
13
12
23
16
175
198
-
111
(775)
35
(145)
129
(756)
122
(634)
(126)
-
(187)
(313)
-
0
(946)
1,592
646
100
146
6
93
(3,212)
(53)
(292)
256
(3,301)
178
(3,123)
(302)
17
(137)
(422)
150
150
(3,395)
4,987
1,592
Page 45
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements
For the year ended 31 December 2018
1. Corporate Information
ECSC Group plc is incorporated in England and Wales and quoted on the London Stock Exchange’s Alternative Investment Market
(AIM: ECSC). Further copies of these financial statements will be available at the Company’s registered office: 28 Campus Road,
Listerhills Science Park, Bradford, West Yorkshire, BD7 1HR. These financial statements for the year ended 31 December 2018 were
approved by the Board of Directors on 12 March 2019.
2. General Information
These financial statements may contain certain statements about the future outlook of ECSC Group plc. Although the Directors
believe their expectations are based on reasonable assumptions, any statements about future outlook may be influenced by factors
that could cause actual outcomes and results to be materially different.
3. Basis of Preparation
These financial statements for the year ended 31 December 2018 have been prepared in accordance with International Financial
Reporting Standards, International Accounting Standards and Interpretations (collectively ‘IFRS’) issued by the International
Accounting Standards Board (‘IASB’) as adopted by the European Union (‘adopted IFRS’).
The financial statements for the year ended 31 December 2018 (and comparatives) have been prepared on a consolidated basis. The
consolidated financial statements present the results of the Company and its subsidiaries (‘the Group’) as if they formed a single
entity. The financial statements of the Group and Company are both prepared in accordance with IFRS.
The financial statements have been presented in thousands of Pounds Sterling (£’000, GBP) as this is the currency of the primary
economic environment that the Company operates in.
4. Accounting Policies
The principal accounting policies applied in the preparation of the financial statements are set out below. These policies have been
consistently applied to all periods presented, unless otherwise stated.
4.1 Basis of Accounting
The financial statements have been prepared on the historical cost basis except as stated.
New standards, amendments to and interpretations to published standards not yet effective
The Directors will adopt application of IFRS 16 “leases” from 1 January 2019, applying the modified retrospective method. The core
principle is to report information that represents lease transactions and provides a basis for users of financial statements to assess
the amount, timing and uncertainty of cash flows arising from leases.
The adoption of the standard will effectively bring the leases onto the statement of financial position as a ‘right of use asset and a
lease liability. The rental charge is replaced by depreciation, which will be recognised on a straight line basis, and interest.
The Directors have assessed the impact of IFRS 16 on the reported figures for the year ended 31 December 2018. If the standard had
applied during that period, whilst reported cash flow would not have changed, it would of resulted in a reclassification of a proportion
of operating lease costs from Administrative Expenses to the depreciation and interest charge, impacting EBITDA positively as well
as Operating Profit. The value of the leases, after discounting as at 31 December 2018 is £1.10m. No material impact on profit before
tax is expected. This amount will be recorded as a right of use asset on the Balance sheet with a corresponding lease liability.
Page 46
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
4.2 Going Concern
The Directors have reviewed whether the Group has adequate resources to continue in operational existence for the foreseeable
future. In conducting this review, the Directors have considered a range of factors, including the market prospects for cyber security
services, client relationships and dependency, supplier relationships and dependency, actual or potential litigation, staff retention
and reliance, relationships with HMRC and regulators, financing arrangements, historic trading and cash flow performance, current
trading and cash flow performance, and future trading and cash flow expectations. In undertaking their review, the Directors have
prepared financial projections for the years ending 31 December 2019 and 2020, a review which assumed continued revenue growth
and cost efficiency.
In the event that this revenue and cost performance is not achieved, the Directors have also considered a sensitivity analysis based
on lower revenue growth and have formulated contingency plans for this scenario, which enable the Group to preserve its financial
resources.
Based on this review, the Directors have concluded that the Group has adequate resources to meet its liabilities as they fall due and
continue in operational existence for the foreseeable future, which is considered to be at least the next 12 months from the date of
approval of the financial statements. Consequently, the Directors have adopted the going concern basis in preparing the financial
statements.
4.3 Revenue Recognition
The Group has adopted application of IFRS 15 “Revenue from contracts with customers” from 1 January 2018, applying the fully
retrospective method of transition. The core principle is that revenue should only be recognised as the client receives the benefit
of the goods or services provided under a commercial contract, in an amount that reflects the consideration to which the provider
expects to be entitled for the transfer of the goods or services.
The adoption of IFRS 15 has impacted the timing of the recognition of set-up revenues at the commencement of a new Managed
Service contract. Under IAS 18, the set-up element of a Managed Service contract was recognised as revenue in full on delivery
of the respective products and services, with the Managed Service element deferred and released to revenue over the term of the
contract. Under IFRS 15, the set-up element also has to be deferred and recognised as revenue over the term of the contract.
Performance obligations and timing of revenue recognition
Revenue comprises the sales value of goods and services supplied during the year, exclusive of Value Added Tax and trade discounts.
Revenue from the provision of Consulting services is recognised as services are rendered, based on the contracted daily billing rate
and the number of days delivered during the period.
Revenue from Pre-paid contracts are deferred in the balance sheet and recognised on utilisation of service by the client. Pre-paid
revenue is included within Consulting in note 6. There has been no change in recognition compared to the previous policy and there
are no financial component in revenue.
Revenue from Managed Services contracts includes:
• Hardware – hardware revenue is recognised on delivery and is included within other revenue as set out in note 6. This is when
control of hardware passes to the customer.
• Device build - Device build revenue is deferred and recognised on a straight line basis over the term of the contract. This
represents a change in recognition under IFRS 15 compared to IAS 18, due to the performance obligation not being considered
to distinct from management and monitoring performance obligation. Previously devise build was recognised as a set-up fee on
completion of the work being performed.
• Configuration and installation - deferred and recognised on a straight line basis over the term of the contract. This represents
a change in recognition under IFRS 15 compared to IAS 18, due to the performance obligation not being considered to distinct
from management and monitoring performance obligation. Previously configuration and instalment was recognised as a set-up
fee on completion of the work being performed.
Licensing - deferred and recognised on a straight line basis over the invoice period, due to the performance obligation not being
•
Page 47
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
considered to distinct from management and monitoring performance obligation
• Management and monitoring - deferred and recognised on a straight line basis over the invoice period.
Revenue from the sale of products (vendor) is recognised when control has passes to the customer, which is considered to occur
when the software or hardware product has been delivered to the client.
Determining the transaction price
The Group’s revenue is derived from fixed price contracts and therefore the amount of revenues to be earned from each contract is
determined by reference to those fixed prices. Other than the change in recognition for configuration and instalments there have
been no changes to revenue recognition on adoption of IFRS 15.
Costs of obtaining long-term contracts and costs of fulfilling contracts
Commissions paid to sale staff for work in obtaining the Managed Service contracts are prepaid and amortised over the terms of the
contract on a straight line basis.
Commissions paid to sale staff for work in obtaining the Prepaid Consultancy are recognised in the month of invoice.
Transition
The Group has adopted application of IFRS 15: “Revenue from contracts with customers” from 1 January 2018, applying the fully
retrospective method of transition.
Comprehensive income
Revenue
Statement of Financial Position
Trade and other payables
Opening equity at 1 January 2017
Audit
2017
£,000
4,115
1,380
5,551
IFRS
£,000
(117)
216
(100)
Restated
2017
£,000
3,998
1,596
4,551
Due to the adoption of IFRS 15, revenues (Managed Services) in 2017 were reduced by £117k giving a contract liability of £117k. Trade
and other payable balance also includes £99k of contract liability relating to 2016. EPS changes due to adoption is as follows, basic
loss per share before restated (37.7), restated (39.0).
Page 48
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
At 1 January
IFRS 15 adjustment
Commission expensed during the period
Commissions paid in advanced of contract completion
Recognised as revenue during the period
Invoiced in advanced of performance during period
Contract
Assets
2018
£’000
Contract
Assets
2017
£’000
-
-
(13)
62
-
-
49
-
-
-
-
-
-
-
Contract
Liabilities
2018
£’000
(829)
-
-
-
2,129
(2,249)
(949)
Contract
Liabilities
2017
£’000
(388)
(216)
-
-
1,225
(1,450)
(829)
Contract Assets balance of £49k (2017:£nil) is included in the Trade Receivables (note 15). Contract Liabilities balance of £949 (2017:
£829k) is included in Trade Payables (note 17).
4.4 Finance Income
Finance income is accrued on an annual basis, by reference to the principal outstanding at the applicable effective credit interest
rate.
4.5 Government Grant Income
Government Grant Income is recognised in the Statement of Comprehensive Income over the period in which the Company
recognises expenses for the related costs for which the grants are intended to compensate.
Government tax credits available on eligible Research and Development expenditure (‘R&D Tax Credits’) and not reclaimable through
other means are recognised as Other Income and treated as a government grant. Government Grant Income also includes other
grants received from government agencies (see note 7).
4.6 Operating Profit
Operating Profit is stated after all expenses, including those considered to be exceptional, but before finance income or expenses.
Exceptional items are items of income or expense which, because of their nature or size, require separate presentation to allow
shareholders to better understand the financial performance of the period and allow comparison with prior years.
4.7 Foreign Currencies
Assets and liabilities in foreign currencies are translated into sterling at the rates of exchange prevailing at the balance sheet date.
Transactions in foreign currencies are translated into sterling at the rate of exchange prevailing at the date of the transaction.
Exchange differences are recognised in Operating Profit.
On consolidation, the results of overseas operations are translated into Sterling at rates approximating those prevailing when the
transactions took place. All assets and liabilities of overseas entities are translated at the rate prevailing at the reporting date.
Exchange differences arising on translating the opening net assets at opening rate and the results of overseas operations at actual
rate are recognised in Other Comprehensive Income and accumulated in the foreign exchange reserve.
Page 49
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
4.8 Employee Benefits
Short-Term Benefits
Wages, salaries, paid annual leave and sick leave, bonuses and non-monetary benefits are accrued in the period in which the
associated services are rendered by employees of the Company.
Defined Contribution Pension Scheme
The Company operates a defined contribution pension scheme for employees. The assets of the scheme are held separately from
those of the Company. The annual contributions are charged to the Statement of Comprehensive Income. The Company also
contributes to the personal pension plans of the Directors in accordance with their Service Contracts.
Employee Share Based Payments
Where equity settled share options are granted to employees (including Directors), the fair value of the options at the date of grant is
charged to the Consolidated Statement of Comprehensive Income, as a Share Based Payment Charge, over the vesting period of the
options, with a corresponding movement in the Share Option Reserve.
Non-market vesting conditions are taken into account by adjusting the number of equity instruments expected to vest at each
reporting date so that, ultimately, the cumulative amount recognised over the vesting period is based on the number of options that
eventually vest. Non-vesting conditions and market vesting conditions are factored into the fair value of the options granted. As long
as all other vesting conditions are satisfied, a charge is made irrespective of whether the market vesting conditions are satisfied.
Where the terms and conditions of options are modified before they vest, the increase in the fair value of the options, measured
immediately before and after modification, is also charged to the Consolidated Statement of Comprehensive Income over the
remaining vesting period.
4.9 Operating Lease Agreements
Rentals applicable to operating leases where substantially all of the risks and rewards of ownership remain with the lessor are
charged to the Statement of Comprehensive Income on a straight line basis over the full period of the lease. Any lease incentives are
spread on a straight line basis over the full period of the lease.
4.10 Property, Plant and Equipment
All additions are initially recorded at historic cost. Depreciation is calculated so as to write-off the cost of an asset, less its estimated
residual value, over the useful economic life of that asset as follows:
Leasehold Property
Office Furniture and Equipment
Computer Equipment
Motor Vehicles
4.11 Finance Lease Agreements
20% reducing balance
20% reducing balance
33% straight line
20% straight line
Where substantially all of the risks and rewards of ownership of a leased asset are transferred to the Group (‘Finance Lease’), the
asset is treated as if it had been transferred outright. The amount initially recognised as an asset is the lower of the fair value of the
leased asset and the present value of the minimum lease payments payable over the term of the lease. The corresponding lease
commitment is shown as a liability.
Lease payments are analysed between capital and interest. The interest element is charged to the Statement of Comprehensive
Page 50
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
Income over the period of the lease and is calculated to represent a constant proportion of the lease liability. The capital element
reduces the liability owed to the lessor.
4.12 Research and Development Expenditure
Expenditure on research activities is recognised as an expense in the period in which it is incurred.
Expenditure on development activities generating an intangible asset is capitalised if all of the criteria set out in IAS 38 are met.
Capitalised assets are amortised over their useful economic life, which is considered to be five years.
If the criteria set out in IAS 38 are not met, expenditure on development activities is recognised as an expenses in the period in which
it is incurred.
4.13 Inventories
Inventories are carried at the lower of cost or net realisable value. Net realisable value is calculated based on the expected revenue
from sale in the normal course of business less any costs to sell. Due allowance is made for obsolete and slow moving items.
4.14 Financial Instruments
IFRS 9 ‘Financial instruments’ replaces IAS 39 ‘Financial instruments: Recognition and Measurement’ with the exception of macro
hedge accounting. The standard is effective for accounting periods beginning on or after 1st January 2018. The standard covers three
elements:
• Classification and measurement: Changes to a more principle based approach to classify financial assets as either held at
amortised cost, fair value through other comprehensive income (FVOCI) or fair value through profit or loss, dependant on the
business model and cash flow characteristics of the financial asset;
Impairment: Moves to an impairment model based on expected credit losses based on a three stage approach;
•
• Hedge accounting: The IFRS 9 hedge accounting requirements are designed to allow hedge accounting to be more closely
aligned with the Group’s underlying risk management. A new International Accounting Standard Board (IASB) project is in
progress to develop an approach to better reflect dynamic risk management in entities’ financial statements.
The Group have applied IFRS 9 for the first time in the current year, in replacement of IAS 39. The Group applied the simplified
method of the expected credit loss model when calculating impairment losses on its financial assets measured at amortised
cost, such as trade receivables. This resulted in greater judgement due to the need to factor in forward-looking information when
estimating the appropriate amount to provisions.
In applying IFRS 9 the Group considered the probability of a default occurring over the contractual life of its trade receivables
balances on initial recognition of those assets.
The Group has not restated comparatives on adoption of IFRS 9 as there has been no material impart and the provision calculated
under the expected loss model is not significantly different. Due to this there has been no adjustment recorded in respect of the IFRS
9 transition in opening equity at 1st January 2018.
The classification of certain financial instruments was also affected on initial application of IFRS 9. Financial assets previously
categorised as Loan and receivables under IAS 39 are now classified as Amortised cost.
Page 51
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
Financial Assets
The Group and Company’s Financial Assets include Cash and Cash Equivalents, Trade Receivables and Other Receivables.
•
•
Initial Recognition and Measurement
Financial Assets are classified as amortised cost and initially measured at fair value.
Subsequent Measurement
Financial assets are subsequently measured at amortised cost, using the effective interest method, less impairment. Interest is
recognised by applying the effective interest method, except for short-term receivables when the recognition of interest would be
immaterial.
• Derecognition of Financial Assets
The Company derecognises a Financial Asset only when the contractual rights to the cash flows from the asset expire, or it
transfers the Financial Asset and substantially all the risks and rewards of ownership of the asset to another entity.
Financial Liabilities and Equity Instruments
The Group and Company’s Financial Liabilities include Trade Payables, Accruals, Other Payables and Finance Leases. Financial
Liabilities are classified at amortised cost.
• Classification as Debt or Equity
Financial Liabilities and Equity Instruments issued by the Company are classified according to the substance of the contractual
arrangements entered into and the definitions of a Financial Liability and an Equity Instrument.
•
•
Equity Instruments
An Equity Instrument is any contract that evidences a residual interest in the assets of the Company after deducting all of its
liabilities. Equity Instruments are recorded at the proceeds received, net of direct issue costs.
Trade Payables, Other Payables and Accruals
Trade Payables, Accruals and Other Payables are initially measured at fair value, net of transaction costs, and are subsequently
measured at amortised cost, where applicable, using the effective interest method, with interest expense recognised on an
effective yield basis.
•
Finance Leases
Finance Leases are treated as Financial Liabilities measured at amortised cost.
• Derecognition of Financial Liabilities
The Company derecognises financial liabilities when the Company’s obligations are discharged, cancelled or expire.
Offsetting of Financial Instruments
Financial Assets and Financial Liabilities are offset, and the net amount reported in the Statement of Financial Position if there is a
currently enforceable legal right to offset the recognised amounts and there is an intention to settle on a net basis, or to realise the
assets and settle the liabilities simultaneously.
4.15 Cash and Cash Equivalents
Cash and Cash Equivalents comprise cash on hand and demand deposits, and other short-term highly liquid investments which are
readily convertible to known amounts of cash and are subject to insignificant risk of changes in value.
Page 52
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
4.16 Impairment of Assets
Non-Financial Assets
The carrying amounts of the Company’s Non-Financial Assets, other than Deferred Tax Assets, are reviewed at each reporting date
to determine whether there is any indication of impairment. If any such indication exists, then the asset’s recoverable amount is
estimated.
The recoverable amount of an asset or cash-generating unit is the greater of its value in use and its fair value less costs to sell.
In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that
reflects current market assessments of the time value of money and risk specific to the asset. For the purpose of impairment
testing, assets are grouped together into the smallest group of assets that generates cash inflows from continuing use that are
largely independent of the cash inflows of other assets or groups of assets.
An impairment loss is recognised if the carrying amount of an asset or its cash generating unit exceeds its estimated recoverable
amount. Impairment losses are recognised in profit and loss.
Impairment losses recognised in prior periods are assessed at each reporting date for any indications that the loss has decreased
or no longer exists. An impairment loss is reversed if there has been a change in the estimates used to determine the recoverable
amount. An impairment loss is reversed only to the extent that the asset’s carrying amount does not exceed the carrying amount that
have been determined, net of depreciation or amortisation, if no impairment loss had been recognised.
4.17 Corporation Tax
Corporation Tax expense represents the sum of the tax currently payable and Deferred Tax.
The tax currently payable is based on taxable profit for the year. Taxable profit differs from profit as reported in the Statement of
Comprehensive Income because it excludes items of income or expense that are taxable or deductible in other years and it further
excludes items that are not taxable or tax deductible.
The Company’s liability for current tax is calculated using tax rates (and tax laws) that have been enacted or substantively enacted by
the end of the financial period.
Government tax credits available on eligible Research and Development expenditure and not reclaimable through other means are
recognised as Other Income and treated as a government grant. This applies when there are no taxable profits against which to
offset the tax credit. The amount receivable by the Group and Company is shown on the face of the balance sheet within Corporation
Tax Recoverable.
Notes to the Financial Statements (continued)
For the year ended 31 December 2018
4.18 Deferred Tax
Deferred Tax is recognised in respect of all timing differences that have originated but not reversed at the balance sheet date where
transactions or events have occurred at that date that will result in an obligation to pay more, or a right to pay less or to receive more
tax.
Deferred Tax Assets are recognised only to the extent that the Directors consider that it is more likely than not that there will be
suitable taxable profits from which the future reversal of the underlying timing differences can be deducted.
Deferred Tax is measured on an undiscounted basis at the tax rates that are expected to apply in the periods in which timing
differences reverse, based on tax rates and laws enacted or substantively enacted at the balance sheet date.
Page 53
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
4.19 Share Capital
Ordinary Share Capital is recorded at nominal value and proceeds received in excess of nominal value of shares issued, if any, is
accounted for in the Share Premium Account. Both Ordinary Share Capital and Share Premium Account are classified as equity.
Costs incurred directly to the issue of shares are accounted for as a deduction from Share Premium Account; otherwise such costs
are charged to the Statement of Comprehensive Income.
4.20 Operating Segments
An operating segment is a component of the Company that engages in business activities from which it may earn revenues and incur
expenses, including revenues and expenses that relate to transactions with any of the Company’s other components.
An operating segment’s operating results are reviewed regularly by the Directors of the Company to assess performance and make
decisions about resource allocation.
The Board considers that the Company’s activity constitutes three operating and three reporting segments as defined under IFRS 8.
4.21 Related Parties
Parties are considered to be related if one party has the ability (directly or indirectly) to control the other party or exercise significant
influence over the other party in making financial and operating decisions. Parties are also considered related if they are subject to
common control or common significant influence. Related parties may be individuals or corporate entities.
5. Critical Accounting Judgements, Estimates and Sources of Estimation Uncertainty
In applying the accounting policies, the Directors may at times be required to make critical accounting judgements and estimates
about the carrying amount of assets and liabilities. These estimates and assumptions, when made, are based on historical
experience and other factors that the Directors consider are relevant.
The key estimates and assumptions concerning the future and other key sources of estimation uncertainty at the end of the financial
year, that have significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next
financial year, are stated below.
Judgements
Going Concern
Management apply their judgement in reviewing whether the Group has adequate resources to continue in operational existence for
the foreseeable future, which is considered to be 12 months from the date of approval of the financial statement. The basis for this
judgement is detailed in note 4.2.
Development Costs Capitalised & Amortised
Management apply their judgement in determining whether an identified intangible software asset meets the criteria for
capitalisation under IAS 38. The carrying value of Intangible Assets as at 31 December 2018 was £412k (2017: £400k).
Management estimate the percentage of development staff time used to enhance and improve the Company’s intangible software
assets in order to capitalise a proportion of salary costs each period. In the year ended 31 December 2018, the amount of staff time
capitalised into Intangible Assets was £187k (2017: £137k).
Development Costs capitalised into Intangible Assets are amortised over management’s estimate of the useful economic life of the
asset recognised. In the year ended 31 December 2018, the useful economic life of all Intangible Assets was estimated to be 5 years,
resulting in an amortisation charge of £175k (2017: £100k). If the useful economic life of Intangible Assets was estimated to be 3
years, the amortisation charge would have been approximately £235k (2017: £189k).
Page 54
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
6. Revenue and Segment Information
The Group’s principal revenue is derived from the provision of cyber security professional services.
During this period, the Directors received information on financial performance on a divisional basis. The Directors consider that
there are three reportable operating segments: Consulting (including Remote Support services), Managed Services, and Vendor
Products. There were a small number of other transactions recorded during each period which are not considered to be part of
either of the three reportable operating segments. These are presented below within the ‘Other’ caption and are not significant.
The Directors do not receive any information on the financial position of each segment, including information on assets and
liabilities. Accordingly, such information has not been presented.
The Group is not reliant on any single client, with no single client accounting for 10% or more of revenue. All revenue recognised is
derived from external clients.
The Group has fixed assets located in the UK (cost of £863k; NBV of £398k) and Australia (cost of £57k; NBV of £29k). The Group’s
revenue and gross profit by operating segment for the year ended 31 December 2018 were as follows:
Revenue
Consulting
Managed Service
Vendor Products
Other
Total Revenue
Gross Profit
Consulting
Managed Service
Vendor Products
Other
Gross Profit
Operating Loss
Finance Income
Loss before Taxation
* The comparative figures have been restated in accordance with Note 4.3
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
3,122
1,745
228
287
5,382
1,783
923
42
(8)
2,740
(1,258)
1
(1,257)
2,449
1,118
168
263
3,998
1,228
364
38
15
1,645
(3,561)
6
(3,555)
Page 55
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
6. Revenue and Segment Information (continued)
Revenue by country for the year ended 31 December 2018 was as follows:
United Kingdom
USA
South Africa
Eire
France
Egypt
Channel Islands
Czech Republic
Switzerland
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
5,214
3,919
-
-
46
45
-
67
4
6
42
-
16
5
-
11
5
-
5,382
3,998
* The comparative figures have been restated in accordance with Note 4.3
The Group’s United Kingdom revenue by operating segment for the year ended 31 December 2018 were as follows:
Revenue United Kingdom
Consulting
Managed Service
Vendor Products
Other
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
2,970
1,741
227
276
5,214
2,380
1,118
168
253
3,919
Page 56
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
7. Other Income
Withholding Tax
R&D Tax Credits
Total
Year ended
31 December
2018
£’000
3
152
155
Restated*
Year ended
31 December
2017
£’000
1
121
122
A credit has been recognised within Other Income as a result of R&D Tax Credit surrenders. For the year ended 31 December 2018,
the surrender resulted in a credit of £152k, included within Corporation Tax Recoverable.
8. Operating Loss
Operating Loss is stated after charging:
Depreciation of Owned Assets
Amortisation of Intangibles - Development Costs
Auditors Remuneration - Audit Services
Auditors Remuneration - Non-Audit Services
- Taxation Compliance Services
- Other Taxation Services
- Other Assurance Services
Operating Lease Charge -Property
Operating Lease Charge - Other
Inventories Expensed
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
217
175
38
9
-
14
95
35
104
514
100
32
11
7
10
90
43
92
The amount charged in respect of Auditors’ Remuneration for the Group and the Company audit was £38k. None of the subsidiaries
(see note 29) of the Group were subject to audit in the year ended 31 December 2018.
Page 57
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
9. Employee Benefit Expense
Employee Benefit Expense (including Directors) during the periods amounted to:
Wages and Salaries
Social Security Costs
Pension Contributions
GROUP
Year ended
31 December
2018
£’000
4,155
476
112
4,743
GROUP
Year ended
31 December
2017
£’000
4,867
536
97
5,500
COMPANY
Year ended
31 December
2018
£’000
3,971
427
96
4,494
COMPANY
Year ended
31 December
2017
£’000
4,807
514
89
5,410
In the year ended 31 December 2018, Employee Benefit Expense includes the element of Exceptional Costs (see note 27) that are
staff related.
Directors’ remuneration for the Group and Company is as follows:
Salaries, Bonus, Benefits-in-Kind
Pension Contributions
Share Based Payments
Social Security Costs
Year ended
31 December
2018
£’000
505
38
33
63
639
Restated*
Year ended
31 December
2017
£’000
632
31
51
73
787
Details of Directors’ remuneration can be found in the Remuneration Report on pages 28-32.
Key management personnel, being those persons having responsibility for planning, directing and controlling the activities of the
Group, are considered to be the Directors listed on pages 22-28 (Board of Directors).
Amounts paid to the highest paid director in the period were as follows:
Salaries, Bonus, Benefits-in-Kind
Pension Contributions
Year ended
31 December
2018
£’000
210
12
222
Restated*
Year ended
31 December
2017
£’000
220
17
237
Page 58
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
9. Employee Benefit Expense (continued)
The average monthly number of employees during the year was:
Directors
Operational
10. Taxation
Recognised in the Statement of Comprehensive Income
Corporation Tax Charge/(Credit)
Deferred Tax Credit
Total Tax Credit
Reconciliation of Total Tax Charge Credit
Loss before Tax
UK Corporation at rate of 19.0% (2017 19.5%/19.0%)
Expenses not detuctible for tax purposes
Income not taxable for tax purposes
Exercise of Share Options
Difference between current and Deferred Tax rates
Over/under provision in prior period - Corporation Tax
Over/under provision in prior period - Deferred Tax
Tax losses on which Deferred Tax not recognised
Total Tax Credit
* The comparative figures have been restated in accordance with Note 4.3
Year ended
31 December
2018
£’000
4
78
82
Year ended
31 December
2018
£’000
-
(19)
(19)
Year ended
31 December
2018
£’000
(1,257)
(164)
2
-
(14)
-
-
(19)
176
(19)
Restated*
Year ended
31 December
2017
£’000
6
97
103
Restated*
Year ended
31 December
2017
£’000
5
(34)
(29)
Restated*
Year ended
31 December
2017
£’000
(3,555)
(658)
2
(14)
-
-
5
(34)
67-
(29)
Page 59
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
10. Taxation (continued)
Deferred Tax Assets & Liabilities
Deferred Tax Assets
Deferred Tax Liabilities
Deferred Tax - Net Liabilities
Year ended
31 December
2018
£’000
119
(115)
4
Restated*
Year ended
31 December
2017
£’000
95
(110)
(15)
Deferred Tax Assets of £119K is recognised in respect of unutilised trading losses, Share Based Payments and short-term timing
differences. Deferred Tax Liabilities of £115k arise on timing differences in the carrying value of certain of the Company’s assets
for financial reporting purposes and for corporation tax purposes. These will reverse as the fair value of the related assets are
depreciated over time. Deferred Tax balances have been calculated at the rate of 17%, being the rate of Corporation Tax rate
expected to be in force when the timing differences reverse.
Unutilised Trading Losses
The Company continues to carry forward unutilised trading losses of £4,747k (£3,930k, 2017). A Deferred Tax Asset of £807k (£647k,
2017) has not been recognised as at 31 December 2018 in respect of the unutilised trading losses. No further Deferred Tax Asset has
been recognised because the Board envisages that a significant period of time will be required to generate sufficient profits to utilise
the trading losses carried forward.
Page 60
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
11. Earnings per Share
Basic Earnings per Share is calculated by dividing the Profit for the period attributable to Equity Holders of the Company by the
weighted average number of Ordinary Shares outstanding during the period (‘Basic Number of Ordinary Shares’).
Diluted Earnings per Share is calculated by dividing the Profit for the period attributable to Equity Holders of the Company by the
weighted average number of Ordinary Shares outstanding during the period plus the weighted average number of Ordinary Shares
that would be issued on conversion of all the potential dilutive Ordinary Shares (‘Diluted Number of Ordinary Shares’), subject to the
effect of anti-dilutive potential shares being ignored in accordance with IAS 33.
Adjusted Earnings per Share is calculated by dividing Adjusted Profit (after adding-back exceptional costs incurred in the period; see
note 27) by Diluted Number of Ordinary Shares.
The calculation of Basic, Diluted and Adjusted Earnings per Share is as follows:
Net Profit attributable to Equity Holders of the Company
Add back: Exceptional Costs
Add back: Share Based Payments
Adjusted Profit
Number of Ordinary Shares (‘000)
Initial Weighted Average
Bonus Issue
Exercise Share Option
IPO Placing
Equity Warrant
Basic Number of Ordinary Shares
Weighted Average Dilutive Shares in Period
Diluted Number of Ordinary Shares
Earnings per Share (pence):
Basic Earnings per Share
Diluted Earnings per Share**
Adjusted Earnings per Share
Year ended
31 December
2018
£’000
Restated*
Year ended
31 December
2017
£’000
(1,238)
120
111
(1,007)
9,047
-
14
-
37
9,098
458
9,556
(13.6)
(13.6)
(11.1)
(3,526)
275
93
(3,158)
8,994
-
-
-
53
9,047
129
9,176
39.0
(39.0)
(34.4)
* The comparative figures have been restated in accordance with Note 4.3
** In accordance with IAS 33, the effect of anti-dilutive potential shares has been ignored
Page 61
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
11. Earnings per Share (continued)
During the year ended 31 December 2018, Ordinary Shares were issued as follows:
• On 27 April 2018, David Mathewson, Non-Executive Chairman exercised his options over 6,411 ordinary shares in the Company
at nil cost per share.
• On 2 May 2018, a former Director exercised options over 8,041 ordinary shares in the Company at nil cost per share.
These share issues were taken into account in calculating the Basic Number of Ordinary Shares.
During the year ended 31 December 2018, the following dilutive events have occurred:
•
• On 7 August 2018, the Company granted options over 185,000 Ordinary Shares to selected employees, of which 180,000 remain
On 18 April 2018, the Company granted options over 200,000 Ordinary Shares to the Non-Executive Directors.
outstanding as at 31 December 2018.
These dilutive events were taken into account in calculating Diluted Number of Ordinary Shares.
12. Intangible Assets
GROUP & COMPANY
Development Costs
Costs
As at 01 January 2017
Additions
As at 31 December 2017
As at 01 January 2018
Additions
As at 31 December 2018
Amortisation
As at 01 January 2017
Additions
As at 31 December 2017
As at 01 January 2018
Additions
As at 31 December 2018
Net Book Value
As at 31 December 2017
As at 31 December 2018
£’000
567
137
704
704
187
891
£’000
204
100
304
304
175
479
400
412
Page 62
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
13. Property, Plant and Equipment
GROUP
Cost
At 01 January 2017
Additions
Disposals
At 31 December 2017
Additions
Disposals
At 31 December 2018
Depreciation
At 01 January 2017
Charge for Period
Disposals
At 31 December 2017
Charge for Period
Disposals
At 31 December 2018
Net Book Value
At 31 December 2017
At 31 December 2018
Leasehold
Property
£’000
Office
Equipment
£’000
Computer
Equipment
£’000
Motor
Vehicles
£’000
Total
£’000
46
53
-
99
4
103
24
10
-
34
14
14
65
55
52
67
-
119
1
120
12
17
-
29
21
21
90
70
249
299
(1)
547
92
639
86
113
-
199
171
171
348
269
82
-
(33)
49
8
57
9
14
(10)
13
11
11
36
33
429
419
(34)
814
105
0
919
131
154
(10)
275
217
0
217
539
427
As at 31 December 2018, assets held under Finance Leases had a Net Book Value of £40k (2017: £61k). The depreciation charge of
the respective assets in the year was £nil (2017: £nil).
Page 63
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
13. Property, Plant and Equipment (continued)
COMPANY
Cost
At 01 January 2017
Additions
Disposals
At 31 December 2017
Additions
Disposals
At 31 December 2018
Depreciation
At 01 January 2017
Charge for Period
Disposals
At 31 December 2017
Charge for Period
Disposals
At 31 December 2018
Net Book Value
At 31 December 2017
At 31 December 2018
Leasehold
Property
£’000
Office
Equipment
£’000
Computer
Equipment
£’000
Motor
Vehicles
£’000
Total
£’000
46
53
-
99
4
103
24
10
-
34
14
14
65
55
52
46
-
98
1
99
12
15
-
27
14
21
71
58
249
264
(1)
512
92
604
86
107
-
193
159
159
319
252
82
-
(33)
49
8
57
9
14
(10)
13
11
11
36
33
429
363
(34)
758
105
0
863
131
146
(10)
267
198
0
198
491
398
As at 31 December 2018, assets held under Finance Leases had a Net Book Value of £40k (2017: £61k). The depreciation charge of
the respective assets in the year was £nil (2017: £nil).
Page 64
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
14. Inventory
GROUP
As at
31 December
2018
£’000
GROUP
As at
31 December
2017
£’000
COMPANY
As at
31 December
2018
£’000
COMPANY
As at
31 December
2017
£’000
Inventory
18
53
18
53
15. Trade Receivables and Other Receivables
Trade Receivables
Other Receivables
Intercompany Receivables
Prepayments
Contract Asset
GROUP
As at
31 December
2018
£’000
GROUP
As at
31 December
2017
£’000
COMPANY
As at
31 December
2018
£’000
COMPANY
As at
31 December
2017
£’000
869
8
-
197
49
1,123
994
10
-
126
-
1,130
869
8
96
172
49
1,194
994
10
100
100
-
1,204
The carrying amount of Trade Receivables and Other receivables approximates to their fair value.
Intercompany Receivables represent loans provided by ECSC Group plc to ECSC Australia Pty Ltd. The loans are repayable on
demand.
16. Cash & Cash Equivalents
Cah & cash Equivalents
GROUP
As at
31 December
2018
£’000
650
GROUP
As at
31 December
2017
£’000
1,597
COMPANY
As at
31 December
2018
£’000
646
COMPANY
As at
31 December
2017
£’000
1,592
Page 65
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
17. Trade Payables and Other Payables
Trade Payables
Other Taxation and Social Security
Accruals
Contract Liabilities
Intercompany Payables
Other Payables
GROUP
As at
31 December
2018
£’000
GROUP
As at
31 December
2017
£’000
COMPANY
As at
31 December
2018
£’000
COMPANY
As at
31 December
2017
£’000
170
345
205
949
-
38
130
327
277
829
-
33
167
343
205
949
50
35
127
321
273
829
39
31
1,707
1,596
1,749
1,620
The carrying amount of Trade Payables and Other Payables approximates to their fair value due to their short term nature.
18. Finance Leases
The Group entered into a Finance Lease in November 2017 to fund investment in IT equipment. Capital repayments under the
Finance Lease are structured as follows:
GROUP
As at
31 December
2018
£’000
GROUP
As at
31 December
2017
£’000
COMPANY
As at
31 December
2018
£’000
COMPANY
As at
31 December
2017
£’000
Payable in one year or less
Payable between one and two years
Payable between one and five years
Payable in five years or more
Finance Lease Balance
20
20
-
-
40
20
20
21
-
61
20
20
-
-
40
Total payments under the Finance Lease are as follows:
Group & Company
Payable in one year or less
Payable between one and two years
Payable between one and five years
Payable in five years or more
Finance Lease Balance
Capital
£’000
Interest
£’000
20
20
40
1
0
1
There have been no cash flows arising from changes in liabilities from financing activities (2017: none).
20
20
21
-
61
Total
£’000
21
20
41
Page 66
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
19. Secured Facilities
The Group has been provided with payments facilities by Barclays Bank plc, including a BACS payment facility and a credit card
facility. These payment facilities are secured by a debenture in favour of Barclays that creates fixed and floating charges over the
assets of the Company.
20. Share Capital
Ordinary Share Capital
During the period ended 31 December 2018, the movement in Share Capital was:
Ordinary Shares
As at 1 January 2017
Increase in Authorised Share Capital
Exercise of Equity Warrant
At at 31 December 2017
As at 1 January 2018
Exercise of Share Options
At at 31 December 2018
Number of
Authorised
Shares
Number of Shares Issued
and Fully
Paid
Ordinary Share Capital
£’000
8,994,131
2,998,000
-
11,992,131
11,992,131
-
11,992,131
8,994,121
-
89,941
9,084,072
9,084,072
14,425
9,098,497
90
-
1
91
91
-
91
On 22 June 2017, the Authorised Share Capital of the Company was increased by 2,998,000 by way of an Ordinary Resolution.
On 9 June 2017, Stockdale Securities Limited exercised its Equity Warrant, subscribing for 89,941 new Ordinary Shares at an exercise
price of 167 pence per share. This resulted in a capital inflow of £150k and a credit to the Share Premium Account of £149k.
On 27 April 2018, David Mathewson, Non-Executive Chairman exercised options over 6,411 Ordinary Shares at nil cost per share.
On 2 May 2018, a former Director exercised options over 8,041 Ordinary Shares at nil cost per share.
Share Premium Account
The balance of the Share Premium Account represents amounts received in excess of the nominal value (1 pence per share) of
Ordinary Shares. This account is non-distributable.
Share Option Reserve
The balance of the Share Option Reserve represents the accumulated amounts charged to the Statement of Comprehensive Income
in respect of Share Based Payments. This reserve is non-distributable.
Retained Earnings
The balance of the Retained Earnings account represents the accumulated retained profits or losses of the Group. This account is a
distributable reserve, provided that the accumulated balance is positive.
Page 67
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades
�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
21. Financial Instruments and Financial Risk Management
The Group’s and Company’s principal financial instruments comprise:
Intercompany Receivables
Trade Payables
Cash and Cash Equivalents
•
•
Trade Receivables
• Other Receivables
•
•
• Accruals
•
• Other Payables
•
Finance Lease Liabilities
Intercompany Payables
The Group’s and Company’s accounting policies, including the criteria for recognition, and the basis on which income and expenses
are recognised in respect of each class of financial asset and financial liability, are set out in note 4.14 to the financial statements.
The information about the extent and nature of these recognised financial instruments, including significant terms and conditions
that may affect the amount, timing and certainty of future cash flows, are disclosed in the respective notes where applicable. The
Group and Company does not use financial instruments for speculative purposes.
The principal financial instruments used by the Group and Company, from which financial instrument risk arises, are as follows:
Financial Assets
Trade Receivables
Other Receivables
Intercompany Receivables
Cash and Cash Equivalents
Total Financial Assets
Financial Liabilities
Trade Payables
Accruals
Intercompany Payables
Other Payables
Finance Leases
Total Financial Liabilities
Fair Values
GROUP
As at
31 December
2018
£’000
GROUP
As at
31 December
2017
£’000
COMPANY
As at
31 December
2018
£’000
COMPANY
As at
31 December
2017
£’000
869
8
-
650
1,527
170
205
-
38
40
453
994
10
-
1,597
2,601
130
277
-
33
61
501
869
8
96
646
1,619
167
205
50
35
40
497
994
10
100
1,592
2,696
127
273
39
31
61
531
The Directors have assessed that the fair values of Cash and Cash Equivalents, Trade Receivables, Trade Payables, Other Payables
and Finance Leases approximate to their carrying amounts largely due to the short-term maturities of these instruments. There are
no fair value adjustments to assets or liabilities charged to the Statement of Comprehensive Income.
Page 68
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
21. Financial Instruments and Financial Risk Management (continued)
Market Risk
Market risk is the risk that the fair value of future cash flows of a financial instrument will fluctuate due to changes in market
prices. Market risk comprises three types of risk – commodity price risk, interest rate risk; and foreign currency risk. The Group and
Company has limited exposure to each of these risks as discussed below.
Capital Management
The Group and Company manages its capital to ensure that it will be able to continue as a going concern while attempting to
maximise the return to stakeholders through the optimisation of the debt and equity structure. The capital structure of the Group and
Company consists of issued Share Capital, Retained Earnings and Finance Leases.
The Group and Company do not generally enter into derivative transactions (such as interest rate swaps and forward foreign currency
contracts) and has been throughout the period covered by these financial statements, the Group’s and Company’s policy that no
trading in financial derivative instruments shall be undertaken.
Credit Risk
Credit risk is the risk that a counterparty will cause a financial loss to the Group by failing to discharge its obligations to the Group.
The Group manages its exposure to this risk by applying limits to the amount of credit exposure to any one counterparty and employs
strict minimum credit worthiness criteria as to the choice of counterparty. The maximum exposure to credit risk for receivables and
other financial assets is represented by their carrying amount. The Group considers credit risk to be low due to its processes and the
nature of its clients, which includes a broad spread of large corporates, SMEs and public sector organisations.
The Group uses an expected credit loss model for impairment that represents its estimate of incurred losses in respect of the Trade
Receivables as appropriate.
The Group applies the IFRS 9 simplified approach to measure expected credit losses using a lifetime expected credit loss provision
for trade receivables and contract assets. The expected loss rates are based on the Group’s historical credit losses experienced over
the two year period prior to the period end.
The historical loss rates are then adjusted for current and forward-looking information on macroeconomic factors affecting the
Group’s customer. Under the expected credit loss model impairment allowance wasn’t material resulting in no provision being made.
A reconciliation of the movement in the impairment allowance for receivables is shown below:
Provision for and doubtful debts as at 31 December 2017
Amount released
Amount provided
Expected credit loss provision as at December 2018
£’000
2
(2)
0
-
Page 69
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
21. Financial Instruments and Financial Risk Management (continued)
Trade Receivables
Trade Receivables, net of impairment provisions, for the Group and Company as at 31 December 2018 were £869k (2017: £994k).
These Trade Receivables are not secured by any collateral or credit insurance. The Group’s standard terms are 30 days from date of
invoice but non-standard terms may be agreed with certain customers. Invoices which remain unpaid for periods greater than agreed
terms are assessed as overdue.
As at 31 December 2018, Trade Receivables past due for the Group and Company total £132k (2017: £139k) of which nil (2017: £2k)
have been impaired.
As at 31 December 2018, Trade Receivables of £132k (2017: £139k) were past due but not impaired, as follows:
GROUP
As at
31 December
2018
£’000
GROUP
As at
31 December
2017
£’000
COMPANY
As at
31 December
2018
£’000
COMPANY
As at
31 December
2017
£’000
131
1
-
132
113
24
2
139
131
1
-
132
113
24
2
139
Up to 3 months
3 months to 6 months
6 months to 12 months
Cash Holdings
The Group only holds cash at mainstream banking institutions to mitigate the credit risk on cash deposits. The credit rating of the
principal banking institution is A (Standard & Poor’s).
Interest Rate Risk
The Company’s exposure to changes in interest rates relates to Cash Holdings and Finance Leases.
Cash is held either on current or short term deposits at a floating rate of interest determined by the relevant bank’s prevailing base
rate.
The outstanding balance of Finance Leases at 31 December 2018 was £40k. This relates to a single facility at a fixed rate of interest.
Interest Rate Sensitivity
When reviewing sensitivity to movement in interest rates, it is noted that interest rates are at historically low levels and that Cash
balances significantly outweigh debt balances.
The Directors consider that any downward movement in interest rates would be immaterial to the Group. The Directors consider
that an upward movement in interest rates would benefit the Group, although the impact of a 1% rise in interest rates would be
immaterial.
Page 70
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
21. Financial Instruments and Financial Risk Management (continued)
Foreign Currency Exchange Risks
Foreign currency risk is the risk that the fair value or future cash flows of an exposure will fluctuate because of the changes in
foreign exchange rates. The Group’s exposure to the risk of changes in foreign exchange rates relates primarily to the Group’s
operating activities when revenue or expenses are denominated in a foreign currency.
The Group does not hedge its foreign currencies. Transactions with customers are mainly denominated in GBP.
The Group has suppliers that invoice in US dollars and Australian dollars. The balances exposed to credit risk at year end were as
follows:
US Dollars
Australian Dollars
Liquidity Risks
As at
31 December
2018
£’000
2
4
6
As at
31 December
2017
£’000
2
5
7
Liquidity risk arises from the Group’s management of working capital. It is the risk that the Group will encounter difficulty in meeting
its financial obligations as they fall due. The Group’s policy is to ensure that it will always have sufficient cash to allow it to meet its
liabilities when they become due.
The maturity profile of the Group’s financial liabilities at the reporting dates, based on contractual undiscounted payments, are
summarised below:
Trade Payables, Other Taxation and Social Security, Accruals, Other Payables
As at
31 December
2018
£’000
758
758
As at
31 December
2017
£’000
767
767
Page 71
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
22. Related Party Transactions
ECSC Australia Pty Ltd
During the year ended 31 December 2018, ECSC Group plc incurred management fees to ECSC Australia Pty Ltd of £330k. As at 31
December 2018, the balance payable by ECSC Group plc to ECSC Australia Pty Ltd in respect of outstanding management fees was
£50k.
During the year ended 31 December 2017, ECSC Group plc provided loans totalling £100k to ECSC Australia Pty Ltd to fund the costs
of establishing a Security Operations Centre in Brisbane, Australia. As at 31 December 2018, the loan balance payable by ECSC
Australia Pty Ltd to ECSC Group plc was £96k. The loan is repayable on demand and attracts interest at the rate of 3% over base rate.
Directors Loans
During the year ended 31 December 2017, there were no new loan advances to Directors.
In January 2018, a loan totalling £20k was granted to one Director (2017: £nil). The loan was interest free and was fully repaid in May
2018.
Page 72
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
23. Share Based Payments
Share Based Payment Schemes
The Company operates a number of equity-settled Share Based Payment schemes, as follows:
Enterprise Management Incentive (‘EMI’) Scheme
Save As You Earn (‘SAYE’) Share Option Scheme
•
•
• Non-Executive Director Remuneration Scheme (‘NED Scheme’)
• Non-Executive Directors Share Options (‘NED1 Scheme’)
EMI Scheme
May-2017
The EMI Scheme provides the opportunity for eligible Directors and employees to buy Ordinary Shares at a future date in accordance
with the scheme rules. The options are subject to the option holder’s continuing employment, are not transferable and have a life of
10 years. All grants under the scheme are subject to approval by the Remuneration Committee.
In May 2017, the Company granted options over 269,824 Ordinary Shares at an exercise price of 167 pence per share, subject to a
three year vesting period, to 31 employees. There were no performance conditions attaching to this grant.
Within this grant, Lucy Sharp, a Director of the Company, was granted options over 69,758 Ordinary Shares.
During the year ended 31 December 2018, options over 15,810 Ordinary Shares (2017:79,524) options have lapsed, such that options
over 174,490 Ordinary Shares remain exercisable in the future.
December-2017
In December 2017 the Company granted options over 148,000 Ordinary Shares at an exercise price of 140 pence per share, subject to
a three year vesting period, to eight employees. There was a performance condition attaching to this grant.
In order for the options to vest, the share price of the Company must grow by at least 10% pa on a compound basis over the three
year vesting period from a start point of 140 pence per share. This is a one-off performance condition that shall be tested at the end
of the vesting period, and does not require 10% growth in individual years of the vesting period. If an event occurs before the expiry of
the vesting period that causes the option to become exercisable under the scheme rules, then the Remuneration Committee, in its
sole discretion, may waive or modify downwards the performance condition at the time of early vesting.
During the year ended 31 December 2018, options over 123,000 Ordinary Shares have lapsed, such that options over 25,000 Ordinary
Shares remain exercisable in the future.
August-2018
In August 2018 the Company granted options over 185,000 Ordinary Shares a an exercise price of 93 pence per share, subject to
a three year vesting period, to 14 employees. In order for the options to vest, the Ordinary Shares must trade at a minimum mid-
market price of 200 pence per share over 30 consecutive trading days during the vesting period.
During the year ended 31 December 2018, options over 5,000 Ordinary Shares have lapsed, such that options over 180,000 Ordinary
Shares remain exercisable in the future.
Page 73
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
23. Share Based Payments (continued)
SAYE Scheme
The SAYE Scheme provides the opportunity for eligible Directors and employees to buy Ordinary Shares at a future date at the end
of a linked savings contract. The options are subject to the scheme rules, are not transferable and have a life of 10 years. All grants
under the scheme are subject to approval by the Remuneration Committee.
In November 2017, the Company granted options over 42,624 Ordinary Shares at an exercise price of 125 pence per share, subject to
a three year vesting period, to 30 employees who applied to join the scheme.
During the year ended 31 December 2018, options over 14,400 (2017: 1,440) Ordinary Shares have lapsed, such that options over
26,784 Ordinary Shares remain exercisable in the future.
Notes to the Financial Statements (continued)
For the year ended 31 December 2018
NED Scheme
In October 2017, the Company agreed to alter the payment of service fees payable to its three Non-Executive Directors from monthly
cash payments to the grant of nil exercise share options. Since the options are in lieu of cash payments, there are no performance
conditions attaching to the grant of these options and they may be exercised on grant.
During the period October 2017 to December 2017, the Company allocated options over 20,836 Ordinary Shares under this scheme.
Within this total, Nigel Payne was allocated 8,014 options, Stephen Vaughan was allocated 6,411 options and David Mathewson was
allocated 6,411 options.
These options were not formally granted during the year ended 31 December 2017 but were granted in March 2018 publication of the
financial results of the Company for the year ended 31 December 2017.
From 1 January 2018, the payment of service fees has returned to monthly cash payments.
In April 2018 options over 14,425 Ordinary Shares were exercised, such that options over 6,411 Ordinary Shares remain exercisable in
the future.
NED 1 Scheme
In April 2018, the Company granted options over 200,000 Ordinary Shares as an exercise price of 78 pence per share, subject to a
three year vesting period. Within this total David Mathewson was allotted 100,000 options and Elizabeth Gooch was allotted 100,000
options. In order for the options to vest, the Ordinary Share must trade at a minimum mid-market price of 200 pence per share over
10 consecutive trading days during the vesting period.
Share Based Payment Charge
In accordance with the requirements of IFRS 2, the Company calculated the fair value of the share options at the date of grant using
a Black Scholes option pricing model for the EMI and SAYE Schemes. For the NED scheme, the fair value of the services rendered
was assessed.
A Share Based Payment charge is recognised by spreading the fair value of the option over the maturity period, with allowance made
for options that have lapsed in the period.
The movement in the number of options during the year, the option pricing assumptions, the option valuation at the grant date and
the Share Based Payment Charge in the year, for each scheme described above, is as follows:
Page 74
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
23. Share Based Payments (continued)
Scheme
Number of Options:
Outstanding at 01 January 2017
Granted during the year
Forfeited during the year
Exercised during the year
Expired during the year
Outstanding at 31 December 2017
Exercisable at 31 December 2017
Outstanding at 01 January 2018
Granted during the year
Forfeited during the year
Exercised during the year
Expired during the year
EMI
(May-17)
EMI
(Dec-17)
EMI
(Aug 17)
SAYE
NED
NED 1
(Apr-17)
Total
-
-
269,824
148,000
(79,524)
-
-
-
-
-
190,300
148,000
-
-
190,300
148,000
-
-
-
-
-
-
-
-
-
-
185,000
-
42,624
(1,440)
-
-
41,184
-
41,184
-
(15,810)
(123,000)
(5,000)
(14,400)
-
-
-
-
-
-
-
-
-
20,836
-
-
-
20,836
20,836
20,836
-
-
(14,425)
-
6,411
6,411
-
-
-
-
-
-
-
-
481,284
(80,964)
-
-
400,320
20,836
400,320
200,000
385,000
-
-
-
(158,210)
(14,425)
0
200,000
612,685
-
6,411
Outstanding at 31 December 2018
174,490
25,000
180,000
26,784
Exercisable at 31 December 2018
Option Pricing Assumptions:
Pricing Model
-
-
-
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Weighted Average share price at grant date (pence)
Weighted average exercise price (pence)
312
167
135
140
93
93
131
125
125
-
Black
Scholes
79
78
Weighted Average contract life
Weighted Average risk free rate
Volatility
Option Valuation:
Option Valuation at grant date (£’000)
Share Based Payments Charge in 2018:
Share Based Payment Charge (£’000)
Weighted Average Exercise Price:
3 years
3 years
3 years
3 years
0 years
3 years
1%
40%
286
90
1%
40%
1%
40%
9
2
47
6
93
1%
40%
10
3
125
1%
40%
1%
40%
8
-
-
45
10
78
603
406
111
At grant date, forfeit date and end of period (pence)
167
140
The volatility assumption, calculated at the standard deviation of expected share price returns, is based on analysis of the share
prices of comparable companies over the last 3-5 years.
Exercise of Stockdale Warrant
On 9 June 2017, Stockdale Securities Limited exercised its Equity Warrant granted in December 2016 over 89,941 shares at an
exercise price of 167 pence per share. The share price on the day of exercise was 445 pence.
Page 75
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements
For the year ended 31 December 2018
24. Commitments
The Group’s future minimum lease payments under non-cancellable operating leases are as follows:
Not later than one year
Later than one year and not later than five years
More than five years
25. Controlling Party
ECSC Group plc does not have an ultimate controlling party.
26. Adjusted Loss before Taxation and Adjusted EBITDA
Adjusted Loss before Taxation
Loss before Taxation
Share Based Payments
Exceptional Items
Adjusted (Loss)/Profit before Taxation
* The comparative figures have been restated in accordance with Note 4.3
As at
31 December
2018
£’000
174
503
478
1,155
Year ended
31 December
2018
£’000
(1,257)
111
120
(1,026)
As at
31 December
2017
£’000
195
520
44
759
Restated*
Year ended
31 December
2017
£’000
(3,555)
93
275
(3,187)
Page 76
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
Adjusted EBITDA:
Operating Loss
Depreciation and Amortisation
EBITDA**
Share Based Payments
Exceptional Items
EBITDA (Adjusted)*
Operating Loss
Share Based Payments
Exceptional Items
Operating Loss (Adjusted)*
Year ended
31 December
2018
£’000
(1,258)
392
(866)
111
120
(635)
Year ended
31 December
2018
£’000
(1,258)
111
120
(1,027)
Restated*
Year ended
31 December
2017
£’000
(3,561)
254
(3,307)
93
275
(2,939)
Restated*
Year ended
31 December
2017
£’000
(3,561)
93
275
(2,939)
Page 77
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
27. Exceptional Costs
During the year ended 31 December 2018, the Company continued to undertake a restructuring exercise to reduce its operating costs
and mitigate its monthly operating losses. In achieving these recurring cost savings, a number of one-off, exceptional costs were
incurred, including payments in lieu of notice and car termination costs. These Exceptional Costs totalled £120k and were charged to
the Statement of Comprehensive Income in the year ended 31 December 2018.
Exceptional Costs are analysed as follows:
Payments in Lieu of Notice
Redundancy Payments
Ex-gratia Payments
Employee Benefit Expense
Taxation & Social Security Costs
Staff Related Costs
Car Termination Costs
Legal Costs
Exceptional Costs
28. Subsidiary Undertakings
As at
31 December
2018
£’000
As at
31 December
2017
£’000
76
76
12
88
11
21
120
185
5
37
227
23
250
18
7
275
ECSC Group plc currently has the following wholly-owned subsidiaries, which are incorporated and registered in England and Wales:
Name of Subsidiary
Registered Office
Date of Incorporation
Principal Activity
ECSC Services Limited
ECSC Labs Limited
ECSC Australia Limited
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
18 April 2017
Dormant
18 April 2017
Dormant
29 September 2016
Intermediary holding company
Page 78
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�Notes to the Financial Statements (cont.)
For the year ended 31 December 2018
ECSC Australia Limited currently has the following wholly-owned subsidiary, which is incorporated and registered in Australia:
Name of Subsidiary
Registered Office
Date of Incorporation
Principal Activity
ECSC Australia Pty Limited
Governor Phillip Tower Level
36
1 Farrer Place
Sydney
NSW 2000
The share capital of each Group entity is as follows:
20 March 2017
Provision of professional cyber
security services
Entity
Ordinary Shares in Issue
Nominal Value
Investment at Cost
ECSC Services Limited
ECSC Labs Limited
ECSC Australia Limited
1 share
1 share
1 share
£1
£1
£1
ECSC Australia Pty Limited
100 shares
AUD 1
Total
* AUD = Australian dollars
£1
£1
£1
AUD 100
£60
Page 79
ECSC Group plcAnnual Report Year ended 31 December 2018Cyber Security ExpertsFor Almost Two Decades�ECSC Group plcAnnual Report Year ended 31 December 2018�