�Contents
3 ECSC COVID-19 Statement
4 Company Information
7 Chairman’s Statement
8 Chief Executive Officer’s Review
11 Chief Operating Officer’s Review
11 Our People
14 What We Do
17 ECSC Story
18 Typical Client Journey
19 Client Challenges
20 Client Perspective
21 Research and Development
22 Evolving Threats
23 Market Opportunities
24 Strategic Report
35 Board of Directors
36 Directors’ Report
“We are delighted to report continued
organic growth for the full year, with
continued emphasis on building our
Managed Services recurring revenue
supported by our Consultancy Services.
The team continues to acquire new
clients, deliver quality service, develop
our technologies and build a solid base for
ongoing growth. We believe we are well
positioned to build on the organic growth
achieved in 2019 and we look forward to
the future with confidence.”
Ian Mann
Chief Executive Officer
42 Remuneration Committee Report
47 Statement of Directors Responsibilities
48 Independent Auditor’s Report to the Members of ECSC Group plc
54 Consolidated Statement of Comprehensive Income
55 Consolidated Statement of Financial Position
56 Company Statement of Financial Position
57 Consolidated Statement of Changes in Equity
58 Company Statement of Changes in Equity
59 Consolidated Cash Flow Statement
60 Company Cash Flow Statement
61 Notes to the Financial Statements
Page 2
Cyber Security ExpertsFor Two Decades�COVID-19 Statement
Throughout this rapidly evolving situation, the Company’s response has been led by the current
medical and science-based advice and guidance from the UK and Australian governments. This
will continue to be the case over the coming months and beyond.
We already have extensive remote and home working options in place, fully tested, supporting a
range of conferencing technologies, all of which maintain our cyber security related certifications,
associated technical standards and policies.
We do not anticipate any disruption in our ability to deliver our full range of services, as all servic-
es can be delivered remotely. Our aim, as always, is to ensure uninterrupted service to our con-
sulting clients and Service Level Agreement (SLA) adherence for our managed security clients.
Additionally, our incident response service remains in full operation. Our Security Operations
Centres will continue to operate 24 hours a day, 7 days a week.
Although not affecting results in Q1, we anticipate some reduction in consulting activity with cli-
ents potentially cancelling, or delaying projects that they prefer to conduct on-site. However, the
management team have extensive plans in place, including making use of the UK Government
employment support, with the aim to reduce costs to a break-even level during any short-term
period of revenue loss. We do not anticipate any reduction within the recurring revenue managed
services.
Further detail regarding COVID-19 is included in the Chairman’s Statement and Financial Review
section of the Strategic Report on page 29.
Page 3
ECSC Group plcAnnual Report Year Ended 31 December 2019�Company Information
Directors
David Mathewson (Non-Executive Chairman)
Ian Mann (Chief Executive Officer)
Lucy Sharp (Chief Operating Officer)
Elizabeth Gooch (Non-Executive Director)
Nominated Advisor & Broker to the Company
Allenby Capital Limited
5 St. Helen’s Place
London
EC3A 6AB
Auditors to the Company
BDO LLP
Central Square
29 Wellington Street
Leeds
LS1 4DL
Solicitors to the Company
Freeths LLP
1 Vine Street
Mayfair
London
W1J 0AH
Registrar
Equiniti Group plc
Aspect House
Spencer Road
Lancing
West Sussex
BN99 6DA
Registered Office
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
Telephone Number
01274 736 223
Company Secretary
David Mathewson
Website
www.ecsc.co.uk
Page 4
Cyber Security ExpertsFor Two Decades�Financial Highlights
10%
23%
Organic revenue
growth to £5.9m
(2018: £5.4m)
Gross profit
increase to £3.3m
(2018: £2.7m)
48%
Managed Services
division revenue up
to £2.5m
(2018:£1.7m)
117
ZERO
New Consulting
Clients
(2018: 95)
EBITDA loss
(adjusted)
(2018:£0.6m)
Page 5
Page 5
ECSC Group plcAnnual Report Year Ended 31 December 2019�18 Years Of Organic Growth
£6,000,000
£5,000,000
£4,000,000
£3,000,000
£2,000,000
£1,000,000
0
00-01 01-02 02-03 03-04 04-05 05-06 06-07 07-08 08-09 09-10 10-11 11-12 12-13 13-14 14-15 2016* 2017
2018
2019
* Adjusted for 12 months
Global Offering
General Office
Security Operations Centre
Incident Response
Page 6
Cyber Security ExpertsFor Two Decades�Chairman’s Statement
These results, which highlight solid growth and a
return to adjusted EBITDA profitability and cash
generation in H2, represent the third full year
of trading since the IPO in December 2016. This
continued organic growth has been driven by
market demand, with increasing awareness of
cyber security within corporate boardrooms, and a
company strategy to deliver cyber security services
to meet the evolving challenges that our clients
face.
Despite the economic uncertainty that dominated
the UK in 2019, ECSC continued to demonstrate
resilience and a quality of delivery to ensure
continued progress.
The announcements in July 2019 of the first multi-
million pound General Data Protection Regulation
(GDPR) related fines by the UK Information
Commission’s Office (ICO) are just the start of what
are likely to be regular announcements regarding
further fines, and reminders to everyone holding
personal data that cyber security should be a priority.
As we move out of our IPO related investments,
and associated losses, we aim to return to the
pre-IPO levels of profitability, combined with
continued organic growth. Following restructuring
and work to control costs, we are pleased to report
such improved financial performance across the
business. This improved performance is the result
of a focussed and motivated team delivering growth,
whilst keeping tight control over costs and cash
management.
The ECSC Kepler Artificial Intelligence (AI)
technology announced in 2018, continues to drive the
expansion of recurring managed service revenues,
delivered through our global Security Operation
Centres (SOCs) in the UK and Australia.
information and maintenance of critical IT systems.
For all but the largest global organisations, the
outsourcing of these critical functions continues to
be the logical choice, and ECSC has the technology,
expertise and processes to deliver.
I was again delighted when ECSC won another
industry award recently for our incident response
service related to the Payment Card Industry Data
Security Standard (PCI DSS).
On behalf of the Board, I would like to thank all of
our clients, staff and advisors for their continued
support and commitment during the year.
ECSC is well positioned in a growing cyber security
marketplace, and we look forward with confidence
to broadening our base of clients and delivering
improved operating results.
The Directors have carried out an evaluation of
financial forecasts ,sensitised to reflect a rational
judgement of the level of risk. Management have
devised a series of mitigating actions designed to
preserve cash resources and to maintain delivery of
our services to clients.
This exercise concluded that adequate financial
resources are available to ensure that the Company
could meet its obligations for a twelve month period
with reasonable certainty. Accordingly the Directors
conclude that it continues to be appropriate to
prepare the Annual Report and Accounts on a going
concern basis, whilst acknowledging an uncertainty
now exists.
Further detail regarding COVID-19 is included in
the Financial Review section of the Strategic Report
below on page 29.
Clients increasingly recognise that 24/7/365 cyber
security breach detection and expert incident
response, is vital to the protection of personal
David Mathewson
Non-Executive Chairman
24 March 2020
Page 7
ECSC Group plcAnnual Report Year Ended 31 December 2019�Chief Executive Officer’s Review
We are very pleased that the record trading in H2
resulted in 10% organic annual revenue growth
following a flat H1, and a return to adjusted EBITDA
profitability. Annual growth in Managed service
recurring revenue of 27% shows the effectiveness
of our strategy of winning consulting clients and
converting them into long-term managed services
clients. The acceleration of new client acquisitions
in 2019 continues to help to build a solid foundation
for future growth.
Managed Services Division
The growth of Managed Services is central to the
Company’s ongoing growth strategy. Managed
Services provide the Group with multi-year, recurring
revenues which enhance the quality and visibility of
earnings.
We are delighted to report revenue growth of 48%
within this division; which includes both recurring
revenues and related incident response activities.
Managed Services had received significant
investment since the IPO, including the
establishment of an additional Security Operations
Centre (SOC) in Brisbane, Australia, allowing us to
deliver true 24/7/365 security breach monitoring and
response. The increase in managed services gross
margin from 53% in 2018 to 68% in 2019 shows the
increasing utilisation of the resources put in place
through the IPO investment.
Furthermore, the investment allows for continued
research and development into the ECSC proprietary
AI software ‘Kepler’. This technology is used
extensively within our security devices to enable the
identification, assessment and alerting of critical
security events to the SOC teams for analysis and
reporting to clients.
leverage the capacity of this division and to ensure
that the Company is well placed to secure additional
Managed Services contracts in the future.
Consulting Division
We are pleased to report that Consulting revenue
recovered from the decline in H1 and returned to
growth and record levels in H2.
Although benefiting from record new client wins, we
also saw 73% of consulting revenue being repeat
purchases from existing clients, a testament to our
focus on building strong client relationships and
delivering excellent service.
Cyber security testing continues to account for the
largest proportion of our Consultancy sales and
is typically the initial starting point for any client
looking to improve their cyber security for the first
time. Commonly, initial testing engagements lead
to further sales across multiple service lines as a
result of the Company’s ‘land and expand’ strategy,
facilitated by our consultative sales approach and
comprehensive breadth of service.
The requirement for companies to assess their
businesses against recognised standards, including
ISO 27001, PCI DSS, and Cyber Essentials, has
continued to grow as organisations are increasingly
required to demonstrate external verification of
their cyber security capabilities to their customers,
partners, and stakeholders.
Vendor Products
As part of our strategy to move sales focus away
from third-party vendor products to concentrate on
our solutions and build the partner programme,
sales of third-party vendor products fell by 29%, and
now represent only 3% of revenues.
The Board continues to see the Managed Services
revenue stream as a priority for growth. With strong
foundations now in place in terms of the technical
infrastructure and in-house expertise, we are able to
Sales & Marketing
Following the extensive changes made in the
previous year, 2019 featured stability in the team,
other than additions for the partner programme, and
Page 8
Cyber Security ExpertsFor Two Decades�Chief Executive Officer’s Review cont.
improved overall performance.
The main focus remains on the management and
ongoing training and development of the sales team,
with monthly training continuing to provide a better
understanding of our services and client needs.
The additional resource introduced into the
marketing team in 2018 has continued to lead to
an increase in marketing activities, allowing for
more effectively targeted campaigns. This additional
resource enables the Company to identify and
respond to new opportunities for growth within
our existing client base and new clients alike. With
sales and marketing activity aligned, we are seeing
continued stronger performance across both teams.
Partner Programme
In Q4 2018, we launched our Partner Programme,
allowing IT Value Added Resellers to directly sell
selected ECSC services whilst referring more
complex projects to the ECSC sales team to deliver.
The recruitment of partners continued as planned
throughout 2019, with circa 100 partners signed up
by the end of the year, generating more than 100
new sales opportunities and delivering 17% of the
additional new clients.
The Board expects the continued expansion of the
Partner Programme to have a positive impact on
client acquisition and future growth.
Technology Development
We have continued to invest in ECSC’s proprietary
software in the year, including continued
development of our Managed Services AI software
that is embedded within many of our managed
devices. The focus remains on delivery of our
technology through Managed Services. This ensures
we can provide end-users with a comprehensive
offering including appropriate in-house resource,
expert management and effective 24/7 monitoring.
Market Prospects & Organic Growth Strategy
The UK cyber security market continues to exhibit
growth, and remains an attractive segment of the
wider IT sector.
Against this backdrop, we are confident that
the organic growth strategy of ECSC remains
appropriate. Managed Services remains the
strategic focus of the Board, to build our recurring
revenue streams and target the fastest growing
segments of the market.
Key Performance Indicators
The Key Performance Indicators on page 10
were established in 2018 to enable meaningful
measurements of the Group’s performance. A
measure of R&D spending has been added this year.
Outlook and COVID-19
We are delighted to report continued organic growth
for the full year, with continued emphasis on building
our Managed Services recurring revenue supported
by our Consultancy Services. The team continues to
acquire new clients, deliver quality service, develop
our technologies and build a solid base for ongoing
growth.
Whilst the current COVID-19 situation has the
potential to impact the global economy, we predict
that as organisations move rapidly to remote and
cloud working, there will be an increase in cyber
security incidents, and therefore potential increases
in demand for some ECSC services.
However we do anticipate some increase in risks
and uncertainty due to COVID-19. Further detail
regarding COVID-19 is included in the Financial
Review section of the Strategic Report below on page
29.
Going Concern
Attention is drawn to Going Concern in the Financial
Review on page 29.
Page 9
ECSC Group plcAnnual Report Year Ended 31 December 2019�Chief Executive Officer’s Review cont.
Rationale
2019
2018
2017
Management Comment
Performance
Indicator
Revenue Growth
Managed Services
Recurring Revenue
Growth
Managed Service
Recurring Revenue
Proportion
Managed Services
Order Book
Measurement of the success
of the organic growth
strategy
Visibility of the success of
increasing the percentage
of revenue from long-term
recurring revenues
Visibility of the success of
increasing the percentage
of revenue from long-term
recurring revenues
Combined measurement of
new client contracts together
with renewals of existing
client contracts
10%
35%
9%*
27%
46%
25%
Despite a challenging H1
with flat growth, H2 reverted
to strong growth with record
revenues
Continued strong growth due
to new contract wins and
contract expansions
34%
29%
27%
In line with the strategy to
increase this proportion
£2.6m
£2.5m
N/A
Managed Services
Gross Margin
Delivery efficiency
measurement
68%
53%
33%
Consulting Repeat
Revenue
Quasi-recurring from longer-
term consulting clients
73%
78%
68%
Consulting Gross
Margin
Delivery efficiency
measurement
54%
57%
50%
Contract Liabilities
(Deferred Income)
Contracted and invoiced
revenue yet to be recognised
£1.2m
£0.9m
£0.8m*
Research and
Development
(of revenue)
Continued investment in
technology and intellectual
property development
13%
8%
N/A
The management team’s
favoured overall measure of
progress in managed services
Indicative of increased
leveraging of IPO investment in
capacity
Indicative of strong client
retention and continued trust
in ECSC quality
A direct result of the H1
decline in consulting revenues
that return to growth in H2
Indicative of growth in long-
term client relationships,
where pre-payment is a feature
A new measure introduced to
show continued investment in
technologies for the future
* Restated for 2017 and showing like-for-like comparison, due to IFRS 15 adoption from 1 January 2018
Ian Mann
Chief Executive Officer
24 March 2020
Page 10
Cyber Security ExpertsFor Two Decades�Chief Operating Officer’s Overview
Our People
We fully understand that we’re
only as good as the people who
work for us. That’s why we place
great emphasis on trying to
ensure that ECSC is an enjoyable
place to work and that our people
are not only recognised for the
value they bring to our Company,
but that recognition manifests
itself in the way we look after the
team of people we work with.
and communication, which are
reflected in our published values.
Resourcing
Our very effective in-house
recruitment strategy ensures we
have methods for attracting and
recruiting the best people across
all teams, guaranteeing the right
mix of skills and diversity that
compliment and enhance the
current team.
Everyone at ECSC, at every level,
has a responsibility to act and
carry out business in the right
way. This means adopting a core
set of values and behaviours that
guide everything we do; how we
work, how we act, and how we
do business with our clients, our
suppliers and our colleagues.
Working in such a fast paced,
ever changing industry like cyber
security means we need to attract,
retain and develop, exceptional
and highly motivated people.
Our teams are inspired and
empowered to deliver excellence
in all that they do, which
underpins our continued success.
In 2019 we saw our employee
headcount increase by 18% to
circa 100 employees across the
organisation. During this time
our retention rate also improved
by 23% to 87%. This is testament
to our continued people focused
strategy, and in turn protects
the strong, positive culture we
have built at ECSC – one of
continual development, learning
Our company and the services we
offer to our clients provides an
exciting, challenging environment
which commands continual
learning and is therefore the
perfect place for inquisitive, bright
and motivated individuals.
By working closely with
universities we have developed
effective student placement and
graduate placement schemes
which ensures an appropriate
pipeline of talent, so we have the
right people in the right positions,
for now and for the future.
People Management
Our approach is to ensure that
people management is ‘built-in’
not a ‘bolt-on’, which is supported
by our continuous performance
management framework. This
ensures all our people have
regular, meaningful conversations
with their Line Manager rather
than the focus being on form
filling. All our people managers
go through our internal people
management training programme
so they are better placed to give
consistent feedback, support
and development their team
members.
Investing in People
We place significant importance
on the need to invest in the
continuing professional
development of our people, so
they feel equipped to be the
best they can be and are on the
front foot in this ever changing
cyber landscape. Keeping up
to date with the latest cyber
threats, vulnerabilities, exploits
and countermeasures is key to
ensuring we are recognised as
experts in our field and are able
to provide up-to-date advice and
guidance to our clients, as well as
driving thought leadership to the
industry.
ECSC employees have wide and
varied experience and knowledge.
We expect our consultants to be
highly qualified. Our minimum
consultant qualification is the well
respected Certified Information
Systems Security Professional
(CISSP). In addition, our PCI
specialists are all Payment
Card Industry Qualified Security
Assessors (PCI QSA) and our ISO
27001 specialists have all passed
the ISO 27001 Lead Auditor
examination.
Page 11
ECSC Group plcAnnual Report Year Ended 31 December 2019�Chief Operating Officer’s Overview cont.
Our testing specialists hold multiple industry specific certifications such as CREST Certified Infrastructure
Tester (CCT) and Offensive Security Certified Professional (OSCP).
Our Security Operation Centre engineers and analysts hold a variety of qualifications and specialist
knowledge in forensics, incident response, networking and threat identification and management.
Employee Engagement
Our aim is to continually embed our culture and improve employee engagement at all levels within ECSC.
We recognise the importance of our people feeling they have a voice, are recognised and rewarded for the
value they add, and see how their contribution goes towards the overall success of the business.
We are extremely proud of the most recent annual employee engagement survey which gives valuable insight
into how our employees feel about management, their team leader/team, their own role, learning and
development opportunities, reward and recognition, and the company’s efforts towards well-being. Year on
year we have seen the results of these surveys improve.
Lucy Sharp
Chief Operating Officer
24 March 2020
Page 12
Cyber Security ExpertsFor Two Decades�Employee Engagement Survey 2019
“I enjoy every single
day here and learn
something new each
day”
“ECSC is one of the
best companies I’ve
worked for”
“The Senior
Management
Team are very
approachable”
97%
94%
96%
enjoy working with
their team
feel proud of ECSC
see themselves
working here in 12
months
Sample response to our latest Employee Engagement Survey
Page 13
ECSC Group plcAnnual Report Year Ended 31 December 2019�What We Do
Incident response
‘emergency’ service
Remotely manage client
cyber security devices
from ECSC’s Security
Operations Centre (SOC)
Cyber security reviews
Consultancy to help
clients achieve ISO 27001
information security
certification
Technical penetration
testing of cyber security
Advise and assess clients
for certification to the
Payment Card Industry
Data Security Standard
(PCI DSS)
Develop Artificial
Intelligence (AI)
Cyber Essentials
Certifications
Page 14
Page 14
Cyber Security ExpertsFor Two Decades�What We Do
For most organisations, understanding their cyber security responsibilities is often complex and
challenging, with new threats discovered daily. The priority given by organisations to cyber security
has changed significantly since we started 20 years ago, helped most recently by the introduction of the
General Data Protection Regulation (GDPR), the mandatory reporting of breaches to the Information
Commissioner’s Office (ICO) and increased fines. Given the legal responsibility now placed on
organisations to protect personal data, the sensible approach for most is to seek external help.
Despite the complexities of cyber security, a consultative approach remains at the heart of ECSC’s offering.
All communications are carried out in a format and language that is easy to understand by all.
ECSC’s range of services can be broken down into three basic categories.
Despite regular scaremongering by certain product vendors, press releases from
organisations that have suffered a breach, and at times the media, all breaches are
preventable. We confidently make this statement based on 20 years experience in
incident response.
Organisation’s primary strategy should be breach prevention. ECSC helps in a number of
ways. The most common is to test cyber security using similar techniques to those used
by hackers. In the industry, this is referred to as penetration testing or ethical hacking.
Finding the vulnerabilities before a hacker does and remedy accordingly.
Although it may be possible to prevent all breaches, it is also sensible to have an ability
to detect breaches. Done correctly, this means that incidents can usually be contained
before expensive data-loss occurs. Additionally, under GDPR, there is a requirement to
be able to detect breaches.
ECSC’s full 24/7/365 cyber security monitoring, alerting, and analysis from the both UK
and Australian Security Operations Centres provides our managed service clients with
peace of mind.
Although it makes little sense for all but the largest organisations to build, and try
and retain, an internal incident response capability, it does makes sense to have a
relationship with external experts that can respond 24/7.
ECSC’s 20 years of incident experience mean that we can assist our clients from
the smallest, and simplest event, to the most complex incident requiring extensive
investigation, an on-site team, and guidance with external stakeholder and regulator
communications.
Page 15
Page 15
ECSC Group plcAnnual Report Year Ended 31 December 2019�Cyber Security Experts
For Two Decades
ECSC is founded by Ian Mann
2000
Creation of the ECSC Secure Platform to enable us
to develop key innovations in IT security
ECSC starts its Managed Services offering
2001
2002
ECSC wins ‘Best New Technology’ Award at the
Yorkshire Internet Awards
Certification of our whole operation to BS 7799
2003
2006
Achieved certification to ISO 27001 within a month of
its release
Certification to ISO 9001, covering our consulting
and security management systems
Payment Card Industry (PCI) Qualified Security
Assessor (QSA) accreditation
2007
2009
Certification to ISO 20000, covering our managed
security services
PCI DSS Level-1 Certified
Managed Security Service Provider
2010
2012
CREST Member Company
ECSC release the first method of blocking the
Heartbleed Bug to the security community, enabling
protection to organisations who have not yet carried
out patching
2014
2015
ECSC SELECT division launched
Cardiff Office Opened
ECSC Group plc is listed on the London Stock
Exchange’s AIM market
2016
ECSC wins a PCI Award for Excellence
2017
Leeds Office Opened
ECSC wins a second PCI Award for Excellence
ECSC is listed within SC Magazine’s Global top 50
companies in the cyber security market
Australia SOC Opened
2018
ECSC wins a third PCI Award for Excellence
2019
ECSC launch Partner Programme
�The ECSC Story
“Thank you so much for getting us to this
monumental point! We certainly wouldn’t
be anywhere near this point today without
your incredible guidance, support and
down-to-earth coaching throughout the
planning, preparation and audit stages”.
Head of Operations
PR and Communications
The ECSC story begins in the
dotcom boom of the late 1990s.
Ian Mann was conducting
government consultancy and
running one of the first UK Cisco
training academies, teaching
the first generation of Internet
engineers. Having just completed
an MBA, as most people do,
Ian was looking to start his
own business. He noticed that
the security element of the
network training was the biggest
challenge for most students and
therefore he concluded that this
would be a growing need for
organisations as they began to
fully utilise the Internet.
With the financial help of his
credit cards, two re-mortgages,
family and friends, and a few
work colleagues, ECSC was
born. ECSC’s second recruit was
Lucy Sharp (now COO) who Ian
employed as a school leaver.
Initially testing the security of
organisations new connections
to the Internet, and responding
to security incidents, very
quickly clients began to enquire
whether ECSC could manage
this critical area. So, in 2001,
managed services began; taking
internally develop technologies
originally developed for ECSC’s
own use, and developing them for
application in client environments.
As the industry began to mature,
and international standards began
to emerge, ECSC then started
supporting clients efforts to
achieve and manage a range of
certifications.
Although focusing fully on ECSC,
Ian continued to do some advisory
work for the UK’s GCHQ, and
more recently trained their new
cyber security recruits in the art of
people hacking (having authored
two books on the subject of social
engineering).
already award winning ECSC
propitiatory technology and
managed services.
The next current senior
management appointments came
in 2007, when Paul Lambsdown
took charge of the sales function,
Gemma Basharan joining the
finance team in 2011, and Clare
Macdonald establishing the
marketing team in 2013.
Despite numerous offers to
buy the business, in 2016
ECSC decided to raise the first
institutional investment via
an initial IPO on the London
Stock Exchange AIM market.
This investment enabled the
establishment of new Security
Operations Centres in the UK and
Australia, giving true 24/7/365
‘eyes on glass’ cyber security
monitoring, without the need for
engineers to work night shifts.
The next significant appointment
was Ian Castle, who joined in
2003 as CTO to co-ordinate the
research and development that
forms the foundation of the
Today, the senior management
team have over 80 years combined
experience within ECSC.
Page 17
ECSC Group plcAnnual Report Year Ended 31 December 2019�Typical Client Journey
A client journey with ECSC tends to start from one of three starting points:
HELP, WE THINK WE’RE
IN THE MIDDLE OF A
BREACH!
THE OWNERS/DIRECTORS
NEED TO KNOW IF WE
ARE SECURE?
WE NEED TO
DEMONSTRATE OUR
CAPABILITY THROUGH
A RECOGNISED
CERTIFICATION
Incident response call-outs can
happen at any time (although
they are more common outside of
business hours).
The priority here is to help contain
the breach, understand how to
prevent re-occurrence and then
deal with any ongoing impact.
Following this, a longer-term
view can be developed to help
prevent a repeat and enable the
organisation to function efficiently
with an appropriate level of
security.
The ECSC Cyber Security Reviews
are often a good place to start, as
they give non-technical managers
and owners a clear picture of
the risks and a pragmatic route
to risk reduction and ongoing
management.
Where a technical person asks
the same question, a more
‘traditional’ penetration test
may be the best solution. By
duplicating the approach of a
hacker, we help a client uncover,
and address, their vulnerabilities
before a breach occurs.
The emergence of a number of
UK and international standards,
means that clients have an
opportunity to demonstrate
competence and develop trust
with the their stakeholders.
Increasingly, this is becoming
essential to doing business in
some sectors, and taking part in
sales tenders.
Although the initial objective may
be ‘get the badge’, the process of
certification usually does lead to
organisational learning, and real
enhanced security.
Although it is rare that a fully 24/7 managed solution is a starting point, it is increasingly the destination.
Clients recognise that it is almost impossible to recruit and retain this level of expertise in-house, but do
require the benefits associated with a 24/7 managed solution.
The ECSC approach has always been to understand the client’s requirements, give honest, practical advice,
and deliver effective solutions that contribute to building long-term partnerships based on trust and value.
Page 18
Cyber Security ExpertsFor Two Decades�Typical Client Challenges
Cyber security brings many and varied new challenges for organisations of all sizes and complexities.
They cut across vertical sectors and traditional competencies.
There are some common features in the challenges that we help our clients to solve:
DIFFICULTY IN RECRUITING
AND RETAINING SPECIALIST
SKILLS IN CYBER SECURITY
THE RATE OF
COMMUNICATION AND
INFORMATION
TECHNOLOGY CHANGE
UNDERSTANDING
THE COMMON MYTHS
PROPAGATED BY SOME
VENDORS AND/OR THE MEDIA
This may be due to the cost of
funding a specialist role, or not
having the right environment
to attract them. With a general
skills shortage, qualified and
experienced people have the
choice of roles. They will tend to
be attracted by the challenge and
chance to further develop their
skills, not just by the money.
However, it can also be a case
that you don’t need some skills
full-time, only at specific times.
For example, it makes little
sense for most organisations to
try and recruit people skilled in
emergency incident response. You
may only need them once a year.
The increasing pace of change can
nearly always be associated with
new cyber security vulnerabilities.
Despite what they say, technology
providers do not make security a
priority over their profits.
For example, in the last
12-months, people migrating
IT systems into the cloud have
accounted for 90% of the breaches
we have been called out to resolve.
These include the belief that you
cannot prevent breaches (in 20
years of incident response, we
have never seen or heard of a
breach that wasn’t preventable).
Another common myth is that
hackers target organisations
because they are looking for
specific targets. The reality is
that most breaches are a result
of organisations making technical
or people mistakes that are then
spotted and exploited by malicious
hackers.
Page 19
ECSC Group plcAnnual Report Year Ended 31 December 2019�Client Perspective
It is fair to say that all ECSC clients want to prevent cyber security breaches. However, they also want
more than this. They usual require a range of services that have some common elements:
EASY TO UNDERSTAND DELIVERY OUTPUTS THAT
EXPLAIN CYBER SECURITY IN A LANGUAGE THEY
UNDERSTAND
Easy to understand delivery outputs that explain
cyber security in a language they understand.
This may be an ECSC Cyber Security Review
that maps and grade technical weaknesses into
a language that non-technical executives can
understand. This custom ECSC approach is now
proven to be the best way for non-technical senior
managers to understand current risks, and measure
progress towards a more defendable position.
Another example is where we summarising complex
penetration testing (ethical hacking) into a simple
Pass/Fail result that managers and business owners
can understand, with prioritised findings - each
graded by risk. This allows clients to address
findings in priority order.
AN ONGOING PARTNERSHIP
BUILT ON TRUST
It is common for our partnership with a client to
develop over many years. Their requirements evolve
as their technology usage changes, new threats
emerge and they experience more value that our
expertise can bring to their organisation.
In most cases, small initial engagements develop,
and in many cases these develop into full 24/7/365
outsourced managed services.
VALUE
EMERGENCY RESPONSE
Delivering the intended outcomes efficiently and
professionally. Clients value the benefits of 20 years
experience across the range of consulting, managed
services and incident response. An unrivalled mix
for any UK provider. This means less risk for clients
than selecting new entrants.
If the worst happens, ECSC clients (and non clients)
benefit from an experienced and calm response
by an expert team. Early expert involvement in
potential breaches means that incidents can usually
be contained before expensive data-loss or system
disruption occurs.
If an incident does escalate, ECSC helps in all
aspects of response management from the
technical response and investigation to stakeholder
and regulator communications.
Page 20
Cyber Security ExpertsFor Two Decades�Research and Development
Our continued investment in Research and Development takes many forms, all of which are of crucial
importance to our continued success:
WHAT THE HACKERS ARE
DOING
MANAGED SYSTEMS
INTERNAL SYSTEMS
Each day, globally, there are about
40 new technical ‘vulnerabilities’
discovered and published.
Keeping track of these, and how
they relate to your IT systems,
is complex. However, in reality
only a small number of these are
critical but extensive experience is
needed to recognise the important
trends and developments.
Within ECSC we formally review
new vulnerabilities formally
every 8 hours, 365 days a year
and relate them to our systems,
systems managed for clients, and
wider IT environments. We do
this, so our clients don’t need to.
Whilst technology continues to
advance, most new offerings
are designed to be pioneering
and functional with security
taking a back-seat. Meaning,
new IT developments, such as
cloud services, have introduced
significant new vulnerabilities,
resulting in an increase in the
need for our incident response
services.
With managed security devices
deployed since 2001, ECSC has a
long track record of intellectual
property development, and
delivering systems that work for
our clients.
The release of our Kepler Artificial
Intelligence (AI) technology is an
example, where we can process
billions of pieces of security
information from client’s IT
systems and allow our Security
Operations Centres to operate
with efficiency and speed.
Although some people over hype
AI, we see this as enhancing the
effectiveness of real experts, but
not yet replacing the need for
skilled, experienced people.
Given the sensitivity of our client
data, ECSC does not allow any
third-parties to store or process
our information. So, continued
development of our internal
systems is as important to
allow us to refine processes and
enhance our effectiveness.
Our integrated management
systems mean that we have
complete process control from the
start of our marketing activities
through to consulting delivery and
fully managed services.
Page 21
ECSC Group plcAnnual Report Year Ended 31 December 2019�Evolving Threats
Cyber security has evolved, as have the risks to every organisation. There is now the recognition that
personal data has value, and with that a legal requirement to keep it secure.
Organisations also recognise that an increasing reliance on information technology means that a breach can
have immense impact on day-to-day operations.
Originally, before the term cyber security was invented, most hacking was conducted by enthusiasts - often
with no malicious intent. For example, the first computer virus was actually an experiment in a university
that worked too well and spread globally.
However, as more and more organisation and individuals became connected to the Internet, criminals
recognised the potential to exploit technology weaknesses, knowing the law enforcement agencies would
have difficulties catching them.
As a result, we have seen huge increases in hacking that results in criminal behaviour. The most common
being:
RANSOMWARE. Where the hacker encrypts data and demands a ransom to give you
access to your own data. For an individual this may be their photo collection, whereas for
an organisation it may be to cripple their whole IT system.
STEALING DATA. Information has value, as it can form the basis of fraud. So, credit card
information and other personal data will always be a target as it can be sold on.
More recently, nation state hackers have gained significant media coverage, and, quite rightly, attention
from the areas of government tasked with protecting critical national infrastructure. However, for most
organisations they aren’t a target for this activity. The reality remains that hacking is not targeted, rather
it exploits mistakes and weaknesses identified by scanning the Internet for known vulnerabilities and also
tricking IT users into causes breaches.
So, organisations need help in keeping up-to-date with the daily changing threat landscape, and
understanding and controlling the potential impact of users being caught out. ECSC remains at the leading
edge of both critical areas.
Page 22
Cyber Security ExpertsFor Two Decades�Market Opportunities
The EU General Data Protection Regulation (GDPR),
enacted in the UK in May 2018 by a new Data
Protection Act (DPA) represents the most significant
legal protection to personal data in more than a
decade. This new legislation has impacts upon the
cyber security market place in three main ways:
In addition, the GDPR states that third-party
‘processors’ must apply cyber security in relation to
the risks present, not in proportion to their charges.
This means all IT outsourcing organisations have to
re-examine their approach to cyber security risk.
1. Mandatory Reporting
Organisations now have to report breaches of
personal data to the Information Commissioner’s
Office (ICO) within 72 hours of being made aware.
This means that breaches can no longer be hidden
and kept ‘in-house’. Organisations also need expert
assistance to ensure that they have responded
appropriately to avoid substantial fines.
2. New Maximum Fines
Increased from the previous £500,000 maximum to
10m Euros or 2% of total worldwide turnover.
3. Direct ICO Liability for Third-Parties
Previously IT providers could hide behind their
agreed terms and conditions, with liability limits, if
they caused a cyber security breach. The advent of
GDPR gives them an independent liability to the ICO
with the same maximum fines.
Other factors are also driving more market
opportunities, including:
• The uptake of cloud IT services, where applying
‘traditional’ cyber controls can be difficult
or impossible, and providers often lack the
expertise to design security into their cloud
offerings.
• Ongoing skills shortages in cyber security
make more clients seek external help, either
to test their security, help implement specific
projects, or to outsource their cyber security
management.
• The pace of IT system changes and new
developments shows no sign of slowing. History
shows that the quicker technology changes,
the more cyber security vulnerabilities are
introduced and the more breaches occur.
UK cyber security market
estimated at over £3 billion
Proliferation of breaches
making cyber security a
strategic governance issue
for company boards
UK legislation (GDPR) now
in force making immediate
breach reporting
mandatory and fines up to
2% of global turnover
Page 23
ECSC Group plcAnnual Report Year Ended 31 December 2019
�Cyber Security Experts
For Two Decades
Page 24
Cyber Security ExpertsFor Two Decades�Financial Review
Principal Activities
The principal activity of the Group during the year continued to be the provision of professional cyber security
services, including Consulting, Managed Services and the sale of Vendor Products.
Comparative Financial Information
The Group has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Comparative
information is not restated (see note 4).
Year ended
31 December
2019
£’000
Year ended
31 December
2018
£’000
Revenue
Consulting
Managed Service
Vendor Products
Other
Gross Profit
Consulting
Managed Service
Vendor Products
Other
EBITDA (Adjusted)*
Other Income
Sales & Marketing Costs
Administration Expenses
EBITDA**
Share Based Payments
Exceptional Items
Depreciation and Amortisation
Adjusted Operating Loss*
Operating Loss
2,922
2,585
162
236
5,905
1,574
1,745
29
12
3,360
263
(1,958)
(1,664)
1
(105)
(6)
(110)
(594)
(593)
(704)
* Adjusted Operating Loss and EBITDA excludes one-off charges and share based charges.
* * EBITDA is defined as Earnings before Interest, Tax, Depreciation and Amortisation.
(As defined in note 25 in the Financial Statement)
3,122
1,745
228
287
5,382
1,783
923
42
(8)
2,740
152
(1,817)
(1,170)
(635)
(111)
(120)
(866)
(392)
(1,027)
(1,258)
Page 25
ECSC Group plcAnnual Report Year Ended 31 December 2019�Financial Review cont.
Revenue & Organic Growth
Total revenue in the year ended
31 December 2019 was £5.91m,
up 10% on the comparable prior
period (revenue in the 12 months
ended 31 December 2018 was
£5.38m). Within this, Consulting
revenue fell by 6% to £2.92m
(2018: £3.12m).
Managed Services division
revenue rose by 48% in the year
to £2.59m (2018: £1.75m). This
includes Incident Response
revenues which rose to £0.60m
(2018: £0.18m).
Vendor Products revenue in the
year fell by 29% to £0.16m (2018:
£0.23m).
Margin Generation
Gross Profit for the year was
£3.36m, yielding a 57% margin
(2018: £2.74m, yielding a 51%
margin). This was due to improved
margins in Managed Service.
The Consulting margin fell to
54% in the year (2018: 57%). This
was due to the flat growth in
consulting in the first six months
The Board expects the Consulting
margin to improve to the prior
year level in the future.
The Managed Services margin
rose to 68% (2018: 53%), with
the increase being a direct result
of new contracts utilising the
capacity built in 2017 and 2018.
EBITDA & Operating Loss
Adjusted EBITDA for the year,
which excludes one-off charges
and share based charges, broke-
even (2018: loss of £0.64m).
EBITDA for the year was a loss of
£0.11m (2018: loss of £0.87m). The
Group saw the second half of the
year EBITDA positive which offset
the loss from the first six months.
Adjusted Operating Loss for
the year, which excludes one-
off charges and share based
charges, was £0.59m (2018: loss
of £1.03m). The Operating Loss in
the year was £0.70m (2018: loss of
£1.26m).
Cash Flow
Cash and cash equivalents
decreased by £0.30m to £0.35m at
31 December 2019 primarily due
to the flat growth in Consulting in
the first half of the year.
Lease payment costs of £0.20m
are not included in EBITDA as they
were in prior years due to IFRS
16 being implemented from 1
January 2019.
Intangible asset costs have
increased to £1.09m (2018:
£0.89m). This is offset by
amortisation of £0.66m. The
Group’s development cost for the
year was £0.19m. The Net Book
Value at 31 December 2019 was
£0.43m (2018: £0.41m). During the
year, the Group received a refund
of £0.15m from HMRC in respect
of a surrender of R&D Tax Credits
from earlier periods.
Property, plant and equipment
(PPE) cost has increased to
£0.95m (2018: £0.92m). This is
offset by depreciation of £0.67m.
The Group’s capital expenditure
for the year was £0.13m. The Net
Book Value at 31 December 2019
was £0.28m (2018: £0.43m).
Trade and other receivables
increased to £1.21m (2018:
£1.12m) at 31 December 2019
which reflects the increase in
trading activity in the second half
of the year.
Trade and other payables
increased to £2.14m (2018:
£1.71m) at 31 December 2019.
This includes £1.19m of deferred
income (2018:£0.95m).
Key Performance Indicators
The Key Performance Indicators
are set out on page 10.
Balance Sheet
The Group’s Balance Sheet
as at 31 December 2019 had
Net Assets of £0.37m (2018:
£1.04m). Retained Earnings and
Distributable Reserves as at 31
December 2019 were a cumulative
loss of £5.67m (2018: cumulative
loss of £4.90m).
Going Concern and COVID-19
The Directors have assessed
the going concern status of the
Group by reference to a number
of factors. In particular, the
Directors have considered the
strong rate of growth in the
cyber security market; the
fact that business continues to
Page 26
Cyber Security ExpertsFor Two Decades�Financial Review cont.
attract new clients and is not
overly dependent on any single
client; the fact that the business
continues to retain key staff, the
fact that the business has no
Corporation Tax liability to HMRC
and that the Group has a secured
invoicing discounting facility of
£0.5m. The facility was agreed for
a minimum 12 months period with
a three month notice period. The
Board expects to renew the facility
for a further 12 months following
the annual review expected in July
2020. The Board are positive about
the future EBITDA trajectory of the
Company and continue to manage
the cash position of the Company
carefully. These factors give the
Directors confidence in relation to
going concern.
In undertaking their review, the
Directors have prepared financial
projections for the years ending 31
December 2020 and 2021, a review
which assumed continued revenue
growth and cost efficiency.
As such, the Directors concluded
that the cash balance at 31
December 2019 is sufficient to
fund the ongoing growth and
development of the Group and
to meet its liabilities as they fall
due for at least the 12 months
from the date of approval of the
financial statements.
In the event that this revenue
and cost performance is not
achieved, the Directors have also
considered a sensitivity analysis
based on lower revenue growth
and have formulated contingency
plans for this scenario, which
enable the Group to preserve its
financial resources. Based on this
scenario, the Directors continue
to conclude that the Going
Concern assumption remains
appropriate. Within the Principle
Risks and Uncertainty section of
the Strategic Report below, we
further comment on the COVID-19
situation and considerations for
our business.
presented for 2018 has not been
restated and is presented, as
previously reported, under IAS 17
and related interpretations.
Further information on the impact
of IFRS 16 is included in Note 4.1
to the Financial Statements.
Dividend
The Board has not declared a
dividend for the year ended 31
December 2019 (2018: £nil).
David Mathewson
Non-Executive Chairman
24 March 2020
It is becoming increasingly clear
that there is now a fundamental
uncertainty in the economic and
health impacts of the current
COVID-19 situation and that, in
varying degrees, this will affect
all businesses in every sector. It
is premature to assess further
impacts over and above those
already considered.
IFRS 16
The Group has adopted IFRS 16
from 1 January 2019. IFRS 16
introduced a single, on-balance
sheet accounting model for
lessees. As a result, the Group, as
a lessee, has recognised right-
of-use assets representing its
rights to use the underlying assets
and lease liabilities representing
its obligation to make lease
payments. Lessor accounting
remains similar to previous
accounting policies.
The Group has applied IFRS 16
using the modified retrospective
approach, therefore the
comparative information
Page 27
ECSC Group plcAnnual Report Year Ended 31 December 2019�Principal Risks and Uncertainties
ECSC Group plc (ECSC or the Company or ‘the Group) is exposed to a number of Macro, Business and
Financial risks. The Directors take a proactive approach to the identification and mitigation of these risks.
Summary of Risks
The most significant risks to the Group are summarised in the table below. These risks are explained in
further detail following the summary. The table does not include all the potential risks associated with Group
activities and are not in any order of priority. We note the fast paced changing environment due to COVID-19
and comment upon this further below.
Principal Risks
Economic conditions
Mitigating Actions/Factors
Expenditure on cyber security has become non-discretionary in nature and
is less sensitive to economic fluctuations
Rapid technological change
Investment in proprietary intellectual property
Competition
Cyber security breach
Reputation
Dependence on key personnel
Ability to recruit and retain skilled personnel
Maintaining a broad, full-service offering
Certifications to ISO 27001, PCI DSS and Cyber Essentials; avoidance of
technologies associated with common security breaches
Consistent focus on legal, financial, regulatory and technological
compliance
Board and Senior Management structure and remuneration is designed to
reduce the risks associated with the loss of any single person
Ongoing development of a wide range of employee benefits and incentives,
career progression and technical development
Reliance on key systems
Disaster recovery and business continuity plans
Client acquisition
Client retention
Future funding requirements
Sale team training and development, partner programme, and expanded
marketing activities.
Expanded service delivery function and service management layer
Flotation on the Alternative Investment Market of the London Stock
Exchange
Macro Risks
Economic Conditions
The Group could be affected by national and international economic factors outside its control, including
an economic slowdown, changes in the monetary and fiscal policies of the Government, exchange rate
fluctuations, commodity price volatility, inflation, increases in interest rates and banking sector conditions.
Any UK economic downturn, either globally or locally, may have an adverse effect on the demand for the
Group’s services. A more prolonged economic downturn may lead to an overall decline in the volume of the
Group’s activities and sales, restricting the Group’s ability to realise a profit.
However, given the proliferation of cyber security breaches and the damage caused, in financial and
reputational terms, expenditure by corporates on cyber security is increasingly of a non-discretionary nature,
such that demand has become less sensitive to general economic fluctuations.
Page 28
Cyber Security ExpertsFor Two Decades�Principal Risks and Uncertainties cont.
Geopolitical Risks
The Group’s operations now or
in the future may be adversely
affected by factors outside the
control of the Group, including
election results, changes in
Government policy, terrorist
activities, labour unrest, civil
disorder and political upheaval,
war, subversive activities and
sabotage, fires, floods, natural
disasters and epidemics.
Brexit
The continued political impasse,
and resulting business uncertainty
is likely to already have had an
impact on decisions regarding
significant investment. For
ECSC, this materialised in delay
in consultancy in the first half
of 2019, and closing managed
service contract wins in the
second half of 2019.
The Board has considered the
impact of leaving the European
Union and concluded since
97% of revenue (see note 6) is
generated in the UK, the impact
of any future potential barriers to
free trade are unlikely to directly
impact the Group. However, there
is potential to impact our clients
and therefore their cyber security
budgets as seen in 2019.
to consultancy, especially on-
site work as businesses reduce
external visits.
The Board has considered ways
to mitigate some of the risk
of COVID-19 on the Group by
extensive remote and home
working options put in place,
that are fully tested, supporting
a range of conferencing
technologies, while maintaining
the Group’s cyber security related
certifications, associated technical
standards and policies.
The Board does not anticipate
any disruption to the Group’s
ability to deliver the full range of
services, but has considered the
potential impact on the Group’s
clients request for a lower
consultancy demand. Sensitivity
analysis has been performed on a
potential decrease in consultancy
income, as at 18 March 2020, to
make an assessment of what
is a reasonably likely impact/
consequence of the current
pandemic together with the
mitigating actions that would
be performed to mitigate this
risk. We also note that certain
cost reductions have taken place
already, in Q1 2020, beyond
original forecasts.
Coronavirus (COVID-19)
The Group is closely monitoring
the impact and changing
situations of the COVID-19. The
Board has discussed the possible
impact on the Group. For ECSC,
this could materialise in delays
The Board remains confident that
there is sufficient headcount to
deliver the current forecasted
figures in the coming year and
that there is flexibility to further
reduce headcount and cost should
the downside consultancy revenue
scenario happen. Additional
cost reductions may need to take
place if a downturn in consulting
continues longer, or impacts
deeper, than has currently been
considered. The Group has a track
record of successfully reducing
costs as required over the last 2
years with a minimal time/cost
to doing so and therefore remain
confident that they can remain
within available headroom during
the forecast period.
Business Risks
Technology
The markets in which the Group
operates are characterised by
rapid technological change,
changes in client requirements,
frequent product and service
introductions employing new
technologies, and the emergence
of new industry standards and
practices that could render the
Group’s existing technology and
services obsolete.
In order to compete successfully,
the Group will need to continue
to improve its services, and to
develop and market new products
that keep pace with technological
change. This may place strain
on the Group’s capital resources,
which may adversely impact the
revenues and profitability of the
Group.
The success of the Group depends
on its ability to anticipate and
respond to technological changes
and client requirements in a
timely and cost-effective manner.
Page 29
ECSC Group plcAnnual Report Year Ended 31 December 2019�Principal Risks and Uncertainties cont.
There can be no assurance
that the Group will be able to
effectively anticipate and respond
to technological changes and
client needs in the future.
Intellectual Property
In order to mitigate Technology
risk and maximise its competitive
advantage, the Group seeks to
protect its intellectual property.
Much of the Group’s intellectual
property is not of a nature
that is capable of registration,
so protection of intellectual
property relies on maintaining
the confidentiality of know-how,
methodologies and processes
which, in turn, are largely
dependent on people. There is a
risk that if the confidentiality of
the Group’s intellectual property
were compromised, this could
lead to a loss of competitive
advantage. To mitigate this risk,
the Group employs strict terms
of confidentiality in its standard
terms of employment.
The Group’s software is largely
developed in-house. However,
some aspects of it are based
on open-source licences such
as the General Public Licence
(a widely used form of licence
within the free and open-source
code software domain), which
oblige ECSC to provide access to
the source code of the relevant
software package if a client
requests it. There is a limited risk
that ECSC could be pursued by
way of enforcement action in this
area, which may have a material
adverse effect on the Group’s
performance.
Competition
There can be no guarantee that
the Group’s current competitors
or new entrants to the market will
not bring superior technologies,
products or services to the
market, or equivalent products
at a lower price, which may have
an adverse effect on the Group’s
business. Such companies may
also have greater financial and
marketing resources than the
Group. These competitive risks
are mitigated by maintaining a full
service offer, spanning Consulting
and Managed Services, with a
strategic focus on expanding
the recurring revenue base from
retained clients, underpinned by
a proactive account management
process.
Cyber Security Breach
As with all providers in this sector,
the potential embarrassment and
reputational impact of a major
cyber security breach for ECSC
itself is significant. However,
ECSC manages this risk in a
number of ways:
does not support Bring Your
Own Device (BYOD) policies
for any company business,
including for Associate
Consultants.
• The Company directs the
same level of security
expertise at its own security
as to that of its clients,
avoiding the common issue
with IT companies that their
own internal IT is managed
by a less capable internal
team than their client-facing
delivery team.
Reputation
The Group’s reputation, in terms
of the services it provides, the
manner in which it conducts
its business and the financial
performance it achieves, are
central to the Group’s success.
The Group’s services, and the
software on which they are based,
are complex and may contain
undetected defects when first
introduced. Such defects could
damage the Group’s reputation,
ultimately leading to an increase
in the Group’s costs or reduction
in its revenues.
• External certification to
international security
standards, such as ISO 27001
and PCI DSS.
• Avoidance of technologies
commonly targeted for attack
– ECSC makes extensive use
of Linux-based technologies,
including all operational
desktop PCs and laptops, and
Other issues that may give rise
to reputational risk include, but
are not limited to, failure to deal
appropriately with legal and
regulatory requirements in any
jurisdiction (which may result in
the issuance of a warning notice
or sanction by a regulator or an
offence being committed by a
member of the Company or any
Page 30
Cyber Security ExpertsFor Two Decades�Principal Risks and Uncertainties cont.
of its employees or Directors),
money-laundering, bribery and
corruption, factually incorrect
reporting, staff disputes,
fraud (including on the part of
clients), technological delays
or malfunctions, the inability to
respond to a disaster, lack of data
privacy, and poor record-keeping.
In addition, failure to meet the
expectations of clients, suppliers,
employees, shareholders,
regulators and other business
partners may have a material
adverse effect on the Group’s
reputation.
To mitigate these varied risks, the
Group has adopted a strict and
thorough approach to compliance,
investing resources to meet
relevant legal, financial, regulatory
and technological standards and
requirements.
Dependence on Directors and
Senior Management
The Group’s performance is
substantially dependent on
the continued services and
performance of its Directors and
senior management. Although
Directors and key personnel have
entered into Service Agreements
or Letters of Appointment with the
Group, there can be no assurance
that the Group will retain their
services. The loss of the services
of any of the Directors or key
personnel may have a material
adverse effect on the business,
operations, relationships and/or
prospects of the Group.
The risk of loss of a Director or
member of senior management
is mitigated by offering market
competitive remuneration for
key roles, including appropriate
levels of equity incentivisation via
the share option schemes of the
Group.
Ability to Recruit and Retain
Skilled Personnel
The Group believes that it has
the appropriate incentivisation
structures to attract and
retain the calibre of employees
necessary to ensure the growth
and development of the Group.
However, any difficulties
encountered in hiring appropriate
employees and the failure to do
so may have a detrimental effect
upon the trading performance
of the Group. The ability to
attract new employees with the
appropriate expertise and skills
cannot be guaranteed.
Reliance on Key Systems
The Group’s dependency
upon technology exposes it to
significant risk in the event that
such technology or the Group’s
systems experience any form of
damage, interruption or failure.
The Group’s systems are
vulnerable to damage or
interruption from events
including:
• power loss and infrastructure
failure;
• fire or physical destruction;
• computer hacking activities;
and
• acts of criminal damage or
terrorism.
Any malfunctioning of the Group’s
technology and systems, or those
of key third parties, even for a
short period of time, could result
in a lack of confidence in the
Group’s services, the termination
of client contracts and potential
claims for damages, with a
consequential material adverse
effect on the Group’s operations
and performance.
The Group has a well considered,
certified and regularly rehearsed
disaster recovery and business
continuity plan to mitigate this
risk.
New Client Acquisition and
Retention of Existing Clients
The Group’s future success
depends on its ability to increase
sales of its services and products
to new clients, increase sales to
its existing clients, and maintain
existing client contractual
relationships.
The rate at which new and
existing clients purchase services
and existing clients renew their
contracts depends on a number
of factors, including the efficacy of
the Group’s services and the utility
of the Group’s new offerings, as
well as factors outside of the
Group’s control, such as clients’
perceived need for security
solutions, the introduction
of services by the Group’s
Page 31
ECSC Group plcAnnual Report Year Ended 31 December 2019�Principal Risks and Uncertainties cont.
competitors that are perceived
to be superior to the Group’s
services, end clients’ IT budgets
and general economic conditions.
A failure to increase sales as a
result of any of the above could
materially adversely affect the
Group’s financial performance and
position.
Failure to Develop, Launch and
Market New Services
The Group’s long-term growth and
profitability is dependent on its
ability to develop and successfully
launch and market new services.
The Group’s revenues and market
share may suffer if it is unable
to successfully introduce new
products in a timely fashion or if
any new or enhanced products
or services are introduced by its
competitors that its customers
find more advanced and/or better
suited to their needs.
While the Group continuously
invests in research and
development to develop products
in line with client demand and
expectations, if it is not able
to keep pace with product
development and technological
advances, including shifts in
technology in the markets in
which it operates, or to meet
client demands, this could have
a material adverse effect on the
Group’s financial performance and
position.
Financial Risks
Future Funding Requirements
Although not presently anticipated
by the Directors, the Group may
need in the future (more than
twelve months) to raise equity
or additional debt capital to fund
future acquisitions, expansion
and/or business development..
There can be no guarantee
that the necessary funds will
be available on a timely basis,
on favourable terms, or at all,
or that such funds, if raised,
would be sufficient. If the Group
is not able to obtain additional
capital on acceptable terms,
or at all, it may be forced to
curtail or abandon acquisition
opportunities, expansion and/
or business development. The
Board anticipates to renew
the £0.5m invoice discounting
facility it currently has with
Barclays in July 2020. However
there is no guarantee that the
Group will be able to renew the
facility. The above could have a
material adverse effect on Group
performance.
This risk is partially mitigated
by the Group’s quotation on the
Alternative Investment Market
of the London Stock Exchange,
which provides a conduit to equity
investors.
Statement by the Directors in
performance of their statutory
duties in accordance with s172(1)
Companies Act 2006.
The Board of Directors of
ECSC Group plc consider that,
individually and together, that
they have acted in the way which
in good faith would be most
likely to promote the success of
the company for the benefit of
its members as a whole (having
regard to the stakeholders and
matters set out in s172(1)(a-
f) of the Act) in the decisions
taken during the year ended 31
December 2019.
The Board looked to promote the
Success of the Company, having
regard to the long term, whilst
taking into account the interests
of all stakeholders. It is designed
to secure the long-term financial
viability of the Company to the
benefit of its members and all
stakeholders, and in doing so have
regard (amongst other matters)
to:
•
•
•
•
•
the likely consequence of any
decisions in the long-term;
the interests of the company’s
employees;
the need to foster the
company’s business
relationships with suppliers,
customers and others;
the impact of the company’s
operations on the community
and environments;
the desirability of the company
maintaining a reputation for
high standards of business
Page 32
Cyber Security ExpertsFor Two Decades�Principal Risks and Uncertainties cont.
•
conduct; and
the need to act fairly as
between shareholders of the
Company.
The following paragraphs
summaries how the Directors
fulfil their duties:
Risk management
We provide business-critical
service to our clients. As we
grow, our business and our risk
environment also become more
complex. It is therefore vital that
we effectively identify, evaluate,
manage and mitigate the risks
we face and that we continue
to evolve our approach to risk
management.
For details on our principal risks
and uncertainties and how we
manage our risk environment,
please see pages 28 to 33.
Our People
The Board recognises that our
employees are fundamental to
the delivery of our plan. We aim
to be a responsible employer
in our approach to the pay and
benefits our employees receive.
The health, safety and well-being
of our employees is of primary
concern in the way we do business
and is monitored extensively by
the Board and taken into account
in all major decision-making.
For further information please see
pages 11 to 13.
Business Relationships
Our strategy prioritises organic
growth, driven by cross-selling
and up-selling services to
existing clients and bringing
new clients into the Group. To
do this we need to continue to
develop and maintain strong client
relationships.
We also aim to act responsibly
and fairly in how we engage
with our clients and suppliers,
co-operate with our regulators
and act on feedback received
from these stakeholders. All of
these considerations are taken
into account by the Board when
making strategic decisions for the
Company.
Community and environment
Our plan considered the impact of
the company’s operations on the
community, the environment and
our wider social responsibilities.
The Group wants to positively
impact the lives of the people we
work with and for, providing long-
term benefits to its employees,
customers, suppliers and
individuals in our local and wider
community. We will do this by
acting in a socially responsible
way; and encouraging our staff
and business partners to strive
for matching performance;
encouraging our staff to be
mindful of the effect of their
actions on any natural resource.
Shareholders
The Board is committed to openly
engaging with our shareholders,
as we recognise the importance
of a continuing effective dialogue,
where with major institutional
investors, private or employee
shareholders. It is important to
us that shareholders understand
our strategy and objectives, so
theses must be explained clearly,
feedback heard and any issues
or questions raised properly
considered.
For further information on how
we engage with out shareholders
please see page 32.
As the Board of Directors, our
intention is to behave responsibly
to all stakeholders and to ensure
that management operate
the business in a responsible
manner, operating within the high
standards of business conduct
and good governance expected for
a business such as ours. Acting
in this way will contribute to the
delivery of our plan and we intend
to maintain our reputation within
the industry for responsible and
compliant behaviour.
As the Board of Directors, our
intention is also to make decisions
which lead to the long-term
success of the company whilst
behaving responsibly toward our
shareholders, treating them fairly
and equally, so they benefit from
the successful delivery of our
strategy and plan.
Page 33
ECSC Group plcAnnual Report Year Ended 31 December 2019�Experienced Management Team
NON-EXECUTIVE DIRECTORS
DAVID MATHEWSON
Non-Executive Chairman
ELIZABETH GOOCH MBE
Non-Executive Director
SENIOR MANAGEMENT TEAM
IAN MANN
CEO
19 Years
LUCY SHARP
COO
19 Years
IAN CASTLE
CTO
16 Years
PAUL LAMBSDOWN
Sales
13 Years
GEMMA BASHARAN
Finance
8.5 Years
CLARE MACDONALD
Marketing
6.5 Years
Page 34
Cyber Security ExpertsFor Two Decades�Board of Directors
The Board of ECSC Group plc comprises two Executive Directors and two Non-Executive Directors. The
Board has considered its independence and effectiveness, and is satisfied to the degree of competence and
efficiency in place.
The Board is responsible for the formulation of business strategy, operational execution, financial
performance and compliance. The Executive Directors are responsible for day-to-day operational and
financial management, whilst the Non-Executive Directors are responsible for delivering effective corporate
governance.
The profile of each Director is as follows:
David Mathewson (age 72) – Non-Executive Chairman
David is a Chartered Accountant who has spent most of
his career in merchant banking and as a non-executive
director. He was an Executive Director of Noble
Grossart Limited, Scotland’s premier merchant bank,
for many years. Previous non-executive roles include
Chairman of Sportech Plc and he was also a Director
of Playtech Group plc. During his tenure at Playtech,
he was appointed Chief Financial Officer and oversaw
the company move from AIM to the Main Market of
the London Stock Exchange. He is currently a Non-
Executive Director of AIM traded SEC SPA, an Italian
company, also traded on AIM, and Chairman of Bioflow
Ltd. The Board has reviewed David’s time commitment
from his other directorships and has concluded that
they average six to seven working days per month. The
Board is therefore comfortable that David has sufficient
available capacity to carry out his duties as a Non-
Executive Chairman of ECSC Group plc.
Ian Mann (age 52) – Chief Executive Officer
Ian has over 20 years of experience in the cyber-
security sector, having founded ECSC. He was
previously an advisor for GCHQ, and established a
Cisco Networking Academy for Dixons City Technology
College. Ian’s professional certifications include CISSP,
PCI QSA, and ISO Lead Auditor. Ian holds a B.Eng.
in Electrical and Electronic Engineering from the
University of Nottingham, and an MBA from the Open
University.
Lucy Sharp (age 40) – Chief Operating Officer
Lucy has over 19 years of experience in the cyber-
security sector, having joined ECSC at its inception.
Lucy worked as an ISO 27001 consultant, leading this
area prior to taking the position of Operations Director
in 2012. Lucy has held a number of professional
certifications, including CISSP, PCI QSA, and ISO Lead
Auditor. Whilst working at ECSC, Lucy completed
a Masters in Business Management at Leeds
Metropolitan University.
Elizabeth Gooch MBE (age 58) – Non-Executive
Director
Elizabeth Gooch is an award-winning UK tech
entrepreneur, having started her career in industry,
joining Forward Trust (a subsidiary of Midland Bank)
and then Birmingham Midshires Building Society,
before establishing eg solutions in 1988. She pioneered
the introduction of industrial production management
methodologies into the service sector and invented the
eg operational intelligence ® software suite to embed
these techniques into businesses. eg was listed on
the Alternative Investment Market and was acquired
by a major US Software Company in 2017. Elizabeth
was named as one of The Telegraph’s Most Disruptive
Entrepreneurs and West Midlands Woman of the
Year for her Outstanding Contribution to Technology.
She was made a Member of the Order of the British
Empire in the Queens Jubilee Birthday Honours
2012, in recognition of her achievements in delivering
significant benefits for clients with the products she
designed. Elizabeth is now CEO of The Tech Growth
Factory; a company she established to assist the
founders of small technology companies achieve their
growth potential.
Page 35
ECSC Group plcAnnual Report Year Ended 31 December 2019�Directors’ Report for the year ended 31 December 2019
The Directors present their report and financial statements for the year ended 31 December 2019.
Principal Activities and Review of the Business
The principal activity of the Group during the year continued to be the provision of professional cyber security
services. Future developments of the Group have been reviewed as part of the Strategic Report.
Principal Risks and Uncertainties
For information on the principal risks and uncertainties of the Group, please see pages 28 to 33 of the
Strategic Report.
Results and Dividends
The loss for the period, after taxation, amounted to £777k (2018: loss of £1,238k). The Board has not declared
a dividend for the year ended 31 December 2019 (2018: £nil).
Going Concern
The Directors are satisfied that the Group has sufficient financial resources to continue to operate for the
foreseeable future, which is considered to be at least the 12 months from the date of approval of the financial
statements. For this reason, the going concern basis is considered appropriate for the preparation of the
financial statements (for more information see note 4.2 to the Financial Statements). We also draw your
attention to the additional information in relation to the current COVID-19 situation which is included in our
opening statement on page 3, [The Chairman’s Statement, The Chief Operating Officer’s Statement, the
Finance Review section and the Principle Risks and Uncertainties section of The Strategic Report.]
Research and Development
Research and development activities are grouped into three broad areas:
• Proprietary software, operating systems, applications, tools and documentation used to provide Managed
Services.
• Proprietary software, tools and techniques used to provide Consulting Services.
• Core internal business systems to support revenue generating activities.
Chairman Corporate Governance
Overview
As Chairman of the Board of Directors of ECSC Group plc it is my responsibility to ensure that ECSC has
both sound corporate governance and an effective Board. As Chairman, my responsibilities include leading
the Board effectively, overseeing the Company’s corporate governance model, communicating with share-
holders, and ensuring that good information flows freely between Executives and Non-Executives in a timely
manner.
ECSC Group plc has adopted the QCA Corporate Governance Code in line with the London Stock Exchange’s
recent changes to the AIM Rules, requiring all AIM-listed companies to adopt and comply or explain non-
compliance with a recognised corporate governance code. The Board considers that the Group complies with
the QCA Code so far as it is practicable having regard to the size, nature and current stage of development
Page 36
Cyber Security ExpertsFor Two Decades�Directors’ Report for the year ended 31 December 2019
of the Company, and will disclose any areas of non-compliance in the text below. The Board believes that
corporate governance is a framework which underpins the core values for running the business in which we
all believe, including a commitment to open and transparent communications with stakeholders. Further
details on Corporate Governance is on the Group’s website at https://investor.ecsc.co.uk/governance/
corporate-governance.html.
QCA Principles
1. Establish a strategy and business model which promotes long-term value for shareholders
The Board has concluded that the highest medium and long-term value can be delivered to its
shareholders by a focused strategy for the Company. Details of the Business strategy can be found on
page 8-9.
2. Seek to understand and meet shareholder needs and expectations
The Group is strongly committed to the maintenance of good investor relations and seeks, wherever
possible, to build a relationship of mutual understanding with both its institutional and private client
investors. The Company communicates how it is governed and is performing through its Annual Report
and Accounts, full-year and half-year announcements, regulatory announcements and its website:
https://investor.ecsc.co.uk/. The Group have a dedicated email address investor@ecsc.co.uk for
shareholder enquiries.
3. Take into account wider stakeholder and social responsibilities and their implications for long-term
success.
The Board recognises that the long-term success of the Group is reliant upon the efforts of the
employees of the Group and its suppliers, regulators and other stakeholders. The Group prepares
an annual strategic plan and detailed budget which considers a wide range of key resources and
stakeholders. Everyone within the Group is a valued member of the team, and our aim is to help every
individual achieve their full potential. We offer equal opportunities regardless of race, gender, gender
identity or reassignment, age, disability, religion or sexual orientation. See employee survey, (page 13).
4. Embed effective risk management, considering both opportunities and threats, throughout the
organisation.
The Board attaches considerable importance to the Company’s system of internal control and risk
management. An ongoing process has been established for identifying, evaluating, and managing the
significant risks faced by the Group. Details of key risks to the business can be found on pages 28-33.
5. Maintain the board as a well-functioning, balanced team led by the Chair.
ECSC is controlled by the Board of Directors. There are two independent Directors; David Mathewson and
Elizabeth Gooch. There time commitment to ECSC are as follows:
• David Mathewson: devotes at least two full working days in each calendar month to perform the
duties of office; and
• Elizabeth Gooch: reasonable endeavours to attend all meetings of the Board and/or committees of
the Board of which she is a member and to attend all general meetings of the Company.
Page 37
ECSC Group plcAnnual Report Year Ended 31 December 2019�Directors’ Report for the year ended 31 December 2019
Details of the Board and the roles can be found on pages 35.
6. Ensure that between them the Directors have the necessary up-to-date experience, skills and
capabilities.
The Directors have both a breadth and depth of skills and experience to fulfil their roles and deliver
the strategy of the Group for the benefit of the shareholders over the medium to long-term. The Group
believes that the current balance of skills in the Board as a whole, reflects a very broad range of
commercial and professional skills. The Directors continue to develop their skill set and keep up to date
with current regulations in their prospective markets.
Details of the Directors’ experience and areas of expertise are outlined on pages 35.
7. Evaluate board performance based on clear and relevant objectives, seeking continuous improvement.
The Board informally review board performance as part of the day to day running of the business. ECSC
Group plc has yet to carry out a formal assessment of board effectiveness and the Board will keep this
under consideration and put in procedures when it is felt appropriate.
The Company has adopted a code for Directors’ and employees’ dealings in securities which is
appropriate for a company whose securities are traded on AIM, and is in accordance with the
requirements of the Market Abuse Regulation which came into effect in 2016.
8. Promote a corporate culture that is based on ethical values and behaviours.
The company has clearly defined values upon which our culture and behaviours are based. These are
outlined in the Chief Operating Officer’s Overview on page 11.
9. Maintain governance structures and processes that are fit for purpose and support good decision-
making by the board.
The Board is committed to, and ultimately responsible for, high standards of corporate governance, and
has chosen to adopt the QCA Code. We review our corporate governance arrangements regularly and
expect to evolve these over time, in line with the Group’s growth. The Board delegates responsibilities
to Committees and individuals as it sees fit, with the Chairman being responsible for the effectiveness
of the Board, and the Executive Directors being accountable for the management of the Company’s
business and shareholder liaison.
10. Communicate how the company is governed and is performing by maintaining a dialogue with
shareholders and other relevant stakeholders.
The Board is strongly committed to the maintenance of good investor relations and to having constructive
dialogue with its shareholders. Executive Directors and Chair seek to meet with shareholders and other
investors/potential investors at regular intervals during the year.
Page 38
Cyber Security ExpertsFor Two Decades�Directors’ Report for the year ended 31 December 2019
Committee Chairman
This report sets out information about the remuneration of the Directors of the Company for the year ended
31 December 2019. As a company admitted to AIM, ECSC Group is not required to prepare a Directors
Remuneration report. However, the board supports the principle of transparency and has prepared this
report in order to provide information to shareholders on Directors remuneration arrangements.
THE REMUNERATION COMMITTEE
Committee Composition
Elizabeth Gooch MBE was appointed chair of the Committee on 16 April 2018. The other member of the
committee is David Mathewson.
Committee Responsibilities
The Remuneration Committee’s primary purpose is to ensure that the remuneration packages of the senior
and most highly rewarded team at ECSC Group are both aligned to the company’s purpose and values and
linked to the successful delivery of the company’s long-term strategy.
Committee Meetings
The Remuneration Committee met at least four times in the period, with other board members in attendance
as appropriate. The Committees main activities during the year included:
• Approved proposals for changes in the remuneration of Directors for the forthcoming period.
• Agreed individual share option awards;
• Agreed targets and performance measures for bonus payments for the forthcoming financial period; and
• Administered the group’s share schemes.
In determining the Directors remuneration for the year, the Committee consulted Ian Mann, Chief Executive
and Lucy Sharp, Chief Operating Officer about its proposals.
Directors’ Interests and Remuneration
The Directors who held office during the period were as follows:
David Mathewson
Ian Mann
Lucy Sharp
Elizabeth Gooch
Page 39
ECSC Group plcAnnual Report Year Ended 31 December 2019�Directors’ Report for the year ended 31 December 2019
Audit Committee
The duties of the Audit Committee are to consider the relationship with the Company’s auditor (appointment,
re-appointment and terms of engagement), to review the integrity of the Company’s financial statements, to
keep under review the appropriateness of the Company’s accounting policies, and to review the effectiveness
and adequacy of the Company’s internal financial controls. In addition, it will receive and review such reports
as it from time to time requests from the Company’s management and auditor. The Audit Committee meets
at least twice a year and has unrestricted access to the Company’s auditor. The Audit Committee comprises
David Mathewson and Elizabeth Gooch and is chaired by David Mathewson.
Nomination Committee
The duties of the Nomination Committee are to consider the structure, size and composition of the Board
and make recommendations to the Board with regard to any changes. It is also responsible for identifying
and nominating candidates to fill Board vacancies as and when they arise. The Nomination Committee also
makes recommendations to the Board concerning, among other things, plans for succession for both Ex-
ecutive and Non-Executive Directors. It meets at least twice a year. The Nomination Committee comprises
Elizabeth Gooch and David Mathewson and is chaired by David Mathewson.
Disclosure Committee
The Disclosure Committee is the first point of contact with the NOMAD for all routine and non-routine mat-
ters which the NOMAD wishes to discuss with the Board and shall carry out duties to ensure the Company’s
compliance with the AIM Rules and Market Abuse Regulations. The Disclosure Committee meets twice a
year and comprises David Mathewson and Elizabeth Gooch and is chaired by David Mathewson.
Attendance at Board and Committee meetings
There were 12 Board meetings held during the year, all of which were attended by Ian Mann, Lucy Sharp and
David Mathewson. Elizabeth Gooch attended 11 Board meetings during the year.
The Audit Committee had two meetings during the year at which both Elizabeth Gooch and David Mathewson
attended.
The following Directors had interests in the ordinary shares of the Company as at 31 December 2019:
David Mathewson
Ian Mann
Lucy Sharp
Elizabeth Gooch
Number of
Ordinary
Shares
35,419
2,248,690
242,635
50,000
% of Issued
Share
Capital
0.39%
24.72%
2.67%
0.55%
Details of the Directors remuneration are included in the Remuneration Report on pages 42-46.
Page 40
Cyber Security ExpertsFor Two Decades�Directors’ Report for the year ended 31 December 2019
Substantial Interests
At 31 December 2019, the Company had been notified, under the Disclosure guidance and Transparency
Rules, of the following major shareholdings and the percentages of voting rights represented by such hold-
ings, excluding the shareholdings and associated voting rights of the Directors noted above, as follows:
Number of
Ordinary
Shares
% of Issued
Share
Capital
Unicorn Asset Management
Ravinder Bahra
Hargreaves Lansdown
Artemis Investment Management
Phil McLear
Malcolm Hoare
John Leach
1,448,946
1,069,068
343,721
294,733
472,290
300,300
283,920
15.93%
11.75%
3.78%
3.24%
5.19%
3.30%
3.12%
Annual General Meeting
The next Annual General Meeting will take place on 30 June.
Statement of Disclosure of Information to Auditor
The Directors of the Company who held office at the date of approval of this Annual Report as set out
above each confirm that:
• so far as each Director is aware, there is no relevant audit information of which the Company’s auditors
are unaware; and
• each Director has taken all the steps that they ought to have taken as a Director in order to make
themselves aware of any relevant audit information and to establish that the Company’s auditors are
aware of that information.
Auditor
BDO LLP has indicated its willingness to continue as auditor. Accordingly a resolution proposing its reap-
pointment as auditor will be put to the members at the next Annual General Meeting.
On behalf of the Board
David Mathewson
Non-Executive Chairman
24 March 2020
Page 41
ECSC Group plcAnnual Report Year Ended 31 December 2019�Remuneration Committee Report
As an AIM listed company ECSC Group plc is not required to comply with schedule 8 of the Large and
Medium-sized Companies and Groups (Accounts and Reports) Regulations 2008. Nor is it required to comply
with the principles relating to Directors remuneration in the UK Corporate Code 2018 (the code). The content
of this report is unaudited unless stated.
Remuneration Policy
The objectives of the remuneration policy are to ensure that the overall remuneration of Executive
Directors is aligned with the performance of the Group and preserves an appropriate balance of reward and
shareholder value.
The Company’s policy is to remunerate Directors appropriately such that they are sufficiently rewarded
and incentivised for their level of responsibility, the complexity of their role and to reflect their skills and
experience. The use of Annual Performance Bonuses and equity-based incentives, linked to Company
performance, helps to align the interests of the Directors and Shareholders.
The Remuneration Committee sets the level of basic pay and other benefits for Executive Directors and
other Senior Managers. It does this in line with its assessment of the appropriate market rate for the roles,
wishing to be able to attract and retain good candidates for these roles. In addition, the Company operates
an Executive Annual Performance Bonus Scheme covering the Executive Directors. The criteria for payment
of bonuses (which are not pensionable if paid) are set by the Remuneration Committee at the beginning of
each financial year. The award of any bonus is decided by the Remuneration Committee at the end of the
year by reference to the objectives set for the year, the corresponding performance of the Company, and by
using its discretion. The Company also operates a share based incentive scheme as outlined below.
The Company’s policy is also that a substantial proportion of the remuneration of the Executive Directors
should be performance related in order to encourage and reward improving business performance and
shareholder returns. In determining remuneration arrangements for Executive Directors, the Committee
is sensitive to pay and employment conditions elsewhere in the Cyber Security and general IT Software and
Services markets, especially when determining base salary increases.
The committee has reviewed the Remuneration Policy for the forthcoming year and has concluded that it
remains appropriate for the forthcoming three year period.
Page 42
Cyber Security ExpertsFor Two Decades�Remuneration Committee Report cont.
Remuneration for Executive Directors.
The main components of the remuneration arrangements for Executive Directors are as follows:
Purpose & Link to Strategy
Operation
Maximum Opportunity
Performance Conditions
Base Salary
To provided fixed competitive
remuneration that will attract
and retain key employees and
reflect their experience and
position in the Group.
Benefits
To provide market levels of
benefits on a cost-effective
basis.
Reviewed annually taking into
account industry-standard
executive remuneration and
pay levels elsewhere within the
sector.
Salaries for the year ended 31
December 2019 are set out
below.
None.
Private health cover for the
executive and their family, life
insurance cover of one-times
salary and a company car.
Private healthcare benefits are
provided through third-party
providers and therefore the
cost to the Company may vary
from year to year.
None.
Pension
Providing post-retirement
benefits.
The Group contributes to
individual’s personal pension
schemes
10% of base salary
None.
Annual incentive
Recognises achievements
of annual objectives which
support the short to medium
term strategy of the Group
Performance targets are set by
the Remuneration Committee
at the start of the year with
input, as appropriate, from the
Executive Directors
Executive Share Options Plan
Setting value creation
through share growth as a
major objective for Executive
Directors and senior
managers. Alignment of option
holder interests with those of
shareholders through delivery
of shares.
There is currently no Executive
Share Option Plan in operation.
The Group intend to introduce
a scheme during 2019. The
Chief Operating Officer, Lucy
Sharp, participates in the EMI
scheme. See below.
The Executive Directors Annual
Performance Bonus Scheme
for 2019 was structured so
as to pay up to 60% of basic
salary for the Chief Executive
and 40% of basic salary for
the Chief Operating Officer
based on the achievement of
stretching targets in certain
key performance indicators
aligned with the Group’s
strategy.
The bonus related Key
Performance Indicators for
this period were Revenue,
EBITDA, Cash and Gross
Margin and they were
appropriately weighted.
N/A
N/A
The committee reviewed the performance of the Executive Directors against the performance for the Annual
Incentive scheme and concluded that the stretching targets agreed for the period had not been met. Howev-
er, in recognition of achievements made with establishing a successful Partner Programme and other key
objectives, the committee recommended payment of modest bonuses as detailed below.
The annual incentive paid to Executive Directors for the year ended 31 December 2019 was 11% of the basic
salary of the Chief Executive and 9% of the basic salary of the Chief Operating Officer.
Page 43
ECSC Group plcAnnual Report Year Ended 31 December 2019�Remuneration Committee Report cont.
The basic salaries of all Directors have been adjusted for the forthcoming period, in line with the bench-
marking exercise undertaken in the prior year. A revised Annual Performance Bonus Scheme for the Exec-
utive Directors has also been introduced for the forthcoming financial period and is structured so as to pay
up to 25% of basic salary for both the Chief Executive and Chief Operating Officer. For the forthcoming period
payment will continue to be based on the achievement of stretching targets in weighted Key Performance
Indicators linked to the Group’s strategy.
The committee intends to introduce a Long-Term Incentive Plan (LTIP) for the Executive Directors during
2020. Details of the scheme will be communicated to shareholders and any awards will be disclosed in next
year’s Remuneration Committee Report.
Remuneration for Non–Executive Directors
Remuneration of the Non-Executive Directors is determined by the Board within the limits set by the Com-
pany’s Articles of Association and is based on fees paid in similar companies, the skills required, and the
expected time commitment required of each individual. Non-Executive Directors are not entitled to pen-
sions, annual bonuses or employee benefits. They are entitled to participate in share option arrangements
relating to the Company’s shares and both were allocated 100,000 options on 20 April 2018. The options had
an exercise price of 78 pence and are subject to a three year vesting period and the performance condition
that the Company’s closing mid-market share price must exceed 200 pence for 10 consecutive business days
following the vesting date. The grant represented 2.2% of the current issued share capital of the company.
Each of the Non-Executive Directors has a letter of appointment stating his/her annual fee and that his/her
appointment is initially for a term of three years, subject to re-appointment at the AGM and renewable for
further periods of three years. Their appointment may be terminated with three months written notice at any
time.
David Mathewson also oversaw the finance function on a part time basis to support the work of Gemma
Basharan, Financial Controller. This arrangement has provided the Group with a cost effective arrangement
whilst improving financial reporting and controls. Additional fees were paid to David Mathewson during the
period to compensate him for these additional duties.
Annual Bonus Payments for 2019
Following the success of the financial year ended 31 December 2019, the committee resolved to pay modest
bonuses (as set out in the table below) in recognition of the performance of the Executive Directors during
the year. The bonuses were paid after the financial year end.
Page 44
Cyber Security ExpertsFor Two Decades
�Remuneration Committee Report cont.
Name of Director
Ian Mann
Lucy Sharp
David Mathewson
Elizabeth Gooch
Total
Salary or
Fees Paid
£’000
Benefit-in-
Kind
£’000
Pension
£’000
Annual
Bonus
£’000
Share Based
Payments
£’000
175
115
81
40
411
1
13
-
14
18
12
-
30
20
10
-
30
-
31
8
8
47
Year ended
31
December
2019
£’000
Year ended
31
December
2018
£’000
214
181
89
48
532
255
163
69
30
517
Notes:
• Benefits-in-Kind includes the provision of Company Cars and Private Medical insurance;
• Share Based Payments are stated at the cost of the award recognised in the financial period.
•
Ian Mann, Chief Executive is the highest paid Director.
Employee Benefit Expense (including Directors) during the periods amounted to:
Wages and Salaries
Social Security Costs
Pension Contributions
Share Based Payments
GROUP
Year ended
31 December
2019
£’000
GROUP
Year ended
31 December
2018
£’000
COMPANY
Year ended
31 December
2019
£’000
COMPANY
Year ended
31 December
2018
£’000
4,091
440
153
105
4,798
4,155
476
112
111
4,854
3,944
392
134
105
4,575
3,971
427
96
111
4,605
Directors Interests
Details of the Directors Shareholdings are included in the Director’s Report on page 40.
Share Incentives
The Company operates an Enterprise Management Incentive (EMI) Scheme. The EMI Scheme provides the
opportunity for eligible Directors and employees to buy ECSC ordinary shares at a future date in accordance
with the scheme rules. The options are subject to the option holder’s continuing employment, are not trans-
ferable, and have a life of 10 years. All grants under the scheme are subject to approval by the Remuneration
Committee.
In July 2019 the Company granted options over 175,000 shares at an exercise price of 78 pence per share,
subject to a 3 year vesting period, to 13 employees. The exercise price was set by reference to the average
mid-market share price being the closing market price on 15 July 2019 in accordance with HMRC guidelines.
There was a performance condition attaching to this grant, ordinary shares trade at a mid-market minimum
price of 200 pence per share over 30 consecutive trading days during the vesting period.
Page 45
ECSC Group plcAnnual Report Year Ended 31 December 2019�Remuneration Committee Report cont.
Outstanding Share Based Awards
The outstanding Share Based Awards of the Directors as at 31 December 2019 are:
Name Of Director
Type Of
Reward
Date Of
Grant
Granted In
Year
Lapsed In
Year
Vested In
Year
Lucy Sharp
Lucy Sharp
Elizabeth Gooch
David Mathewson
Share
Option
Share
Option
Share
Option
Share
Option
19 May
2017
16 July
2019
18 Apr
2018
18 Apr
2018
69,758
50,000
100,000
100,000
-
-
-
-
-
-
-
-
Not Vested
End Of
Year
Market
Price At
Grant
Exercise
Price
69,758
497.5p
167.0p
50,000
78.0p
78.0p
100,000
79.0p
78.0p
100,000
79.0p
78.0p
The closing mid-market price of the Group’s shares at 31 December 2019 was 130.0 pence. During the
financial year the share price reached a high of 152.5 pence and a low of 60.4 pence.
Directors Service Contracts
The Service contracts and letters of appointment of Directors include the following terms:
Executive Directors
Ian Mann
Lucy Sharp
Date of Appointment
1 May 2018
30 November 2016
Non-Executive Directors
Date of Appointment
David Mathewson
Elizabeth Gooch
18 April 2018
16 April 2018
Notice Period
6 months
6 months
Notice Period
3 months
3 months
Statement of Voting at General Meeting
At the Annual General Meeting of the Company held (last years date 19 June 2019), all resolutions were
passed.
Approval
This report was approved by the Directors and signed by order of the Board.
Elizabeth Gooch MBE
Chairman of the Remuneration Committee
24 March 2020
Page 46
Cyber Security ExpertsFor Two Decades�Statement of Directors’ Responsibilities
The Directors are responsible for preparing the Annual Report and the financial statements in accordance
with applicable law and regulations.
Company Law requires the Directors to prepare financial statements for each financial year. Under that law
the Directors have elected to prepare the financial statements in accordance with International Financial
Reporting Standards as adopted by the EU. Under Company Law the Directors must not approve the finan-
cial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Com-
pany and the Group and of the profit or loss of the Group for the reporting period. In preparing these financial
statements, the Directors are required to:
• select suitable accounting policies and then apply them consistently;
• make judgments and estimates that are reasonable and prudent;
• state whether applicable accounting standards have been followed, subject to any material departures
disclosed and explained in the financial statements; and
• prepare the financial statements on the going concern basis unless it is inappropriate to presume that
the Company will continue in business.
The Directors are responsible for keeping adequate accounting records that are sufficient to show and ex-
plain the Company’s transactions and disclose with reasonable accuracy at any time the financial position of
the Company and enable them to ensure that the financial statements comply with the Companies Act 2006.
They are also responsible for safeguarding the assets of the Company and hence for taking reasonable steps
for the prevention and detection of fraud and other irregularities.
Financial information is published on the Company’s website. The maintenance and integrity of this website
is the responsibility of the Directors. The work carried out by the Company’s auditors does not involve con-
sideration of these matters and, accordingly, the auditors accept no responsibility for any changes that may
occur to the financial statements after they are initially presented on the website.
It should be noted that legislation in the United Kingdom governing the preparation and dissemination
of financial statements may differ from legislation in other jurisdictions.
By order of the Board
David Mathewson
Non-Executive Chairman
24 March 2020
Page 47
ECSC Group plcAnnual Report Year Ended 31 December 2019�Cyber Security Experts
For Two Decades
Page 48
Cyber Security ExpertsFor Two Decades�Independent auditor’s report to the members of ECSC Group plc
Opinion
We have audited the financial statements of ECSC Group plc (the ‘Parent Company’) and its subsidiaries
(the ‘Group’) for the year ended 31 December 2019 which comprise the Consolidated Statement of
Comprehensive Income, Consolidated and Company Statements of Financial Position, Consolidated and
Company Statements of Changes in Equity, the Consolidated and Company Cash Flow Statements, and
notes to the financial statements, including a summary of significant accounting policies.
The financial reporting framework that has been applied in the preparation of the financial statements is
applicable law and International Financial Reporting Standards (IFRSs) as adopted by the European Union
and, as regards to the parent company financial statements, as applied in accordance with the provisions of
the Companies Act 2006.
In our opinion:
•
the financial statements give a true and fair view of the state of the Group’s and of the Parent Company’s
affairs as at 31 December 2019 and of the Group’s loss for the year then ended;
the Group financial statements have been properly prepared in accordance with IFRSs as adopted by the
European Union;
the Parent Company financial statements have been properly prepared in accordance with IFRSs as
adopted by the European Union and as applied in accordance with the provisions of the Companies Act
2006; and
the financial statements have been prepared in accordance with the requirements of the Companies Act
2006.
•
•
•
Basis for opinion
We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and
applicable law. Our responsibilities under those standards are further described in the Auditor’s
responsibilities for the audit of the financial statements section of our report. We are independent of the
Group and the Parent Company in accordance with the ethical requirements that are relevant to our audit of
the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we
have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the
audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.
Material uncertainty related to going concern
We draw attention to the disclosures in the front end of the Annual Report and the Accounting Policies
at note 4.2 to the financial statements, which indicates the current uncertainty in respect of the Covid-19
global pandemic and the potential impact of this on the going concern assumption of the Group and Parent
Company. As stated in the disclosures referenced, these events or conditions indicate that a material
uncertainty exists that may cast significant doubt on the company’s ability to continue as a going concern.
Our opinion is not modified in respect of this matter.
We considered going concern to be a key audit matter, because management’s assessment of going concern
involves significant assumptions and judgements which are based on their best estimates and analysis
of the current market conditions together with the Group’s and Parent Company’s historical and forecast
performance.
Page 49
ECSC Group plcAnnual Report Year Ended 31 December 2019�Independent auditor’s report to the members of ECSC Group plc
The Group continued to be loss making for the fourth year running, having made a loss after tax of £776k
(2018: £1,238k). At the reporting date, cash reduced to £351k (2018: £650k). The Group had positive operating
cash flows for the year of £204k (2018: negative £634k).
In addition, the emerging Covid-19 global pandemic was considered regarding the resulting potential impact
on the going concern assumption of the Group and Parent Company.
How our audit addressed the key audit matter
We had a number of discussions with management regarding the appropriate accounting treatment in this
area throughout the audit process.
Our audit procedures included obtaining and examining management’s forecasts for the next two years and
considering these alongside the Board’s own Going Concern paper.
We challenged management’s assumptions used in the forecast period by considering available evidence,
including actual monthly cash generation in 2019, available financing facilities and revenue pipeline for 2020
and beyond, as well as cost performance, to support these assumptions. We considered realistic scenarios
as sensitivities to understand the robustness of the forecast trading model and the headroom available to
the Group and Parent Company. Forecasts were then further sensitised in response to the ever-changing
Covid-19 situation and we considered the potential impact of the measures outlined by the directors in the
front-end disclosures in response to the emerging Covid-19 situation.
We reviewed the disclosures across the Annual Report as a whole and in Note 4.2 to the financial
statements. We assessed whether these adequately and completely disclose the basis of the judgements
taken and the view formed by management with respect to the going concern basis of preparation.
Key audit matters
Key audit matters are those matters that, in our professional judgment, were of most significance in our
audit of the financial statements of the current period and include the most significant assessed risks of
material misstatement (whether or not due to fraud) we identified, including those which had the greatest
effect on: the overall audit strategy, the allocation of resources in the audit; and directing the efforts of the
engagement team. These matters were addressed in the context of our audit of the financial statements as
a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.
Apart from the matter described in the Material uncertainty related to going concern section above, we have
determined that there are no other key audit matters to be communicated in our report.
Our application of materiality
We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of
misstatements. We consider materiality to be the magnitude by which misstatements, including omissions,
could influence the economic decisions of reasonable users that are taken on the basis of the financial
statements. In order to reduce to an appropriately low level the probability that any misstatements exceed
materiality, we use a lower materiality level, performance materiality, to determine the extent of testing
needed.
Page 50
Cyber Security ExpertsFor Two Decades�Independent auditor’s report to the members of ECSC Group plc
Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also
take account of the nature of identified misstatements, and the particular circumstances of their occurrence,
when evaluating their effect on the financial statements as a whole.
The materiality for the Group financial statements was set at £97,000 (2018: £89,000). This was determined
with reference to a benchmark of Revenue, of which this represents 1.65% (2018: 1.65%), which we consider
to be one of the principle considerations for members of the Parent Company in assessing the financial
performance of the business.
The materiality levels applied for the Parent Company was set as £92,000 (2018: £88,000). This has been
limited to the component materiality set for the audit of the Group, which is 95% of Group materiality.
In order to reduce to an appropriately low level the probability that any misstatements exceed materiality,
we use a lower materiality level, performance materiality, to determine the extent of testing needed.
Performance materiality has been set at 75% (2018: 75%) of the above materiality. This has been assessed
on criteria such as historic adjustment levels, complexity and controls of the Group.
We agreed with the Audit Committee that we would report to those charged with governance all individual
audit differences in excess of £3,800 (2018: £3,500). We also agreed to report differences below this threshold
that, in our view, warranted reporting on qualitative grounds.
An overview of the scope of our audit
The scope of the Group audit was determined by obtaining an understanding of the Group structure and the
nature and size of each component. We considered the Group’s system of internal control, and assessed the
risks of material misstatement in the financial statements at the Group level.
Financial information relating to the Parent Company and its non-significant components within the
Group were subject to a full scope (for the Parent Company) and limited procedures (for non-significant
components) audit by the Group audit team where relevant, covering 100% of the revenue and profit of the
Group for the year.
Other information
The Directors are responsible for the other information. The other information comprises the information
included in the Group Strategic Report, Directors’ Report and
Consolidated Financial Statements, other than the financial statements and our auditor’s report thereon.
Our opinion on the financial statements does not cover the other information and, except to the extent
otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon.
In connection with our audit of the financial statements, our responsibility is to read the other information
and, in doing so, consider whether the other information is materially inconsistent with the financial
statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we
identify such material inconsistencies or apparent material misstatements, we are required to determine
whether there is a material misstatement in the financial statements or a material misstatement of
the other information. If, based on the work we have performed, we conclude that there is a material
Page 51
ECSC Group plcAnnual Report Year Ended 31 December 2019�Independent auditor’s report to the members of ECSC Group plc
misstatement of this other information, we are required to report that fact. We have nothing to report in this
regard.
Opinions on other matters prescribed by the Companies Act 2006
In our opinion, based on the work undertaken in the course of the audit:
•
the information given in the strategic report and the Directors’ report for the financial year for which the
financial statements are prepared is consistent with the financial statements; and
the strategic report and the Directors’ report have been prepared in accordance with applicable legal
requirements.
•
Matters on which we are required to report by exception
In the light of the knowledge and understanding of the Group and the Parent Company and its environment
obtained in the course of the audit, we have not identified material misstatements in the strategic report or
the Directors’ report.
We have nothing to report in respect of the following matters in relation to which the Companies Act 2006
requires us to report to you if, in our opinion:
• adequate accounting records have not been kept by the Parent Company, or returns adequate for our
•
audit have not been received from branches not visited by us; or
the Parent Company financial statements are not in agreement with the accounting records and returns;
or
• certain disclosures of Directors’ remuneration specified by law are not made; or
• we have not received all the information and explanations we require for our audit.
Responsibilities of Directors
As explained more fully in the Statement of Directors’ Responsibilities, the Directors are responsible for the
preparation of the financial statements and for being satisfied that they give a true and fair view, and for such
internal control as the Directors determine is necessary to enable the preparation of financial statements
that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Parent
Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern
and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or
the Parent Company or to cease operations, or have no realistic alternative but to do so.
Auditor’s responsibilities for the audit of the financial statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole
are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that
includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit
conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists.
Misstatements can arise from fraud or error and are considered material if, individually or in aggregate,
they could reasonably be expected to influence the economic decisions of users taken on the basis of these
financial statements.
Page 52
Cyber Security ExpertsFor Two Decades�Independent auditor’s report to the members of ECSC Group plc
A further description of our responsibilities for the audit of the financial statements is located on the
Financial Reporting Council’s website at: www.frc.org.uk/auditorsresponsibilities. This description forms
part of our auditor’s report.
Use of our report
This report is made solely to the Parent Company’s members, as a body, in accordance with Chapter 3 of
Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the
Parent Company’s members those matters we are required to state to them in an auditor’s report and for no
other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone
other than the Parent Company and the Parent Company’s members as a body, for our audit work, for this
report, or for the opinions we have formed.
Mark Langford (Senior Statutory Auditor)
For and on behalf of BDO LLP, Statutory Auditor
Leeds, UK
24 March 2020
BDO LLP is a limited liability partnership registered in England and Wales (with registered number OC305127).
Page 53
ECSC Group plcAnnual Report Year Ended 31 December 2019�Consolidated Statement of Comprehensive Income
Revenue
Cost of Sales
Gross Profit
Other Income
Sales & Marketing Costs
Administration Expenses
Operating Loss before Exceptional Items and Share Based Payments
Share Based Payments
Exceptional Items
Operating Loss
Finance Income
Finance Cost
Loss before Taxation
Taxation (Charge)/Credit
Loss for the Year
Other Comprehensive Income
Total Comprehensive Income for the Year
Attributed to Equity Holders of the Company
Loss per Share
Basic Loss per Share
Diluted Loss per Share
Note
6
6
7
23
26
8
25
10
11
Year ended
31 December
2019
£’000
Year ended
31 December
2018
£’000
5,905
(2,545)
3,360
263
(1,958)
(2,369)
(593)
105
6
(704)
-
(46)
(750)
(26)
(776)
-
(776)
(776)
pence
(8.5)
(8.5)
5,382
(2,642)
2,740
152
(1,817)
(2,333)
(1.027)
111
120
(1,258)
1
-
(1,257)
19
(1,238)
-
(1,238)
(1,238)
pence
(13.6)
(13.6)
*The Group has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Compara-
tive information is not restated (see note 4).
The financial statements were approved and authorised for issue by the Board of Directors on 24 March 2020
and were signed on its behalf by:
David Mathewson
Director
24 March 2020
Page 54
Cyber Security ExpertsFor Two Decades
�Consolidated Statement of Financial Position
Note
Year ended
31 December
2019
£’000
Year ended
31 December
2018*
£’000
ASSETS
Non-current Assets
Intangible Assets
Property, Plant and Equipment
Right-of-use Assets
Deferred Tax Asset
Total Non-current Assets
Current Assets
Inventory
Trade and Other Receivables
Corporation Tax Recoverable
Cash and Cash Equivalents
Total Current Assets
TOTAL ASSETS
LIABILITIES
Current Liabilities
Trade and Other Payables
Lease Liability
Total Current Liabilities
Non-current Liabilities
Deferred Tax Liability
Lease Liability
Total Non-current Liabilities
TOTAL LIABILITIES
NET ASSETS
EQUITY
Equity attributable to Owners of the Parent:
Share Capital
Share Premium Account
Share Option Reserve
Retained Earnings
TOTAL EQUITY
12
13
18
10
14
15
7
16
17
18
10
18
20
20
20
20
429
283
896
77
1,685
26
1,210
265
351
1,852
3,537
(2,137)
(150)
(2,287)
(99)
(781)
(880)
(3,167)
370
91
5,661
291
(5,673)
370
412
427
-
4
843
18
1,123
155
650
1,946
2,790
(1,709)
(20)
(1,729)
-
(20)
(20)
(1,749)
1.041
91
5,661
186
(4,897)
1,041
*The Group has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Compara-
tive information is not restated (see note 4).
The financial statements were approved and authorised for issue by the Board of Directors on 24 March 2020
and were signed on its behalf by:
Page 55
ECSC Group plcAnnual Report Year Ended 31 December 2019�Company Statement of Financial Position
Note
Year ended
31 December
2019
£’000
Year ended
31 December
2018*
£’000
ASSETS
Non-current Assets
Intangible Assets
Property, Plant and Equipment
Right-of-use Assets
Deferred Tax Asset
Total Non-current Assets
Current Assets
Inventory
Trade and Other Receivables
Corporation Tax Recoverable
Cash and Cash Equivalents
Total Current Assets
TOTAL ASSETS
LIABILITIES
Current Liabilities
Trade and Other Payables
Lease Liability
Total Current Liabilities
Non-current Liabilities
Deferred Tax Liability
Lease Liability
Total Non-current Liabilities
TOTAL LIABILITIES
NET ASSETS
EQUITY
Equity attributable to Owners of the Parent:
Share Capital
Share Premium Account
Share Option Reserve
Retained Earnings
TOTAL EQUITY
12
13
18
10
14
15
7
16
17
18
10
18
20
20
20
20
429
272
839
77
1,617
26
1,280
265
350
1,921
3,538
(2,199)
(128)
(2,327)
(99)
(744)
(843)
(3,170)
368
91
5,661
291
(5,675)
368
412
398
-
4
814
18
1,194
155
646
2,013
2,827
(1,749)
(20)
(1,769)
-
(20)
(20)
(1,789)
1,038
91
5,661
186
(4,900)
1,038
*The Group has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Comparative information is not
restated (see note 4).
For the year ended 31 December 2019, Loss after Taxation for the Company was £775k (2018:loss of
£1,239k).
Page 56
Cyber Security ExpertsFor Two Decades�Consolidated Statement of Changes in Equity
Balance as at 31 December 2017
Loss and Total Comprehensive Income:
Total Comprehensive Loss for the Year
Transactions with shareholders
Issue of Shares
Share Based Payments
Balance as at 31 December 2018
Loss and Total Comprehensive
Total Comprehensive Loss for the Year
Transactions with shareholders
Issue of shares
Share Based Payments
Share
Capital
£’000
91
Share
Premium
Account
£’000
5,661
-
-
-
-
-
-
91
5,661
-
-
-
-
-
-
Balance as at 31 December 2019
91
5,661
Share
Option
Reserve
£’000
93
-
(18)
111
186
-
-
105
291
Retained
Earnings
£’000
(3,667)
Total
£’000
2,168
(1,238)
(1,238)
18
-
-
111
(4,897)
1,041
(776)
(776)
-
-
(5,673)
-
105
370
Page 57
ECSC Group plcAnnual Report Year Ended 31 December 2019�Company Statement of Changes in Equity
Balance as at 31 December 2017
Loss and Total Comprehensive Income:
Total Comprehensive Loss for the Year
Transactions with shareholders
Issue of Shares
Share Based Payments
Balance as at 31 December 2018
Loss and Total Comprehensive
Total Comprehensive Loss for the Year
Transactions with shareholders
Issue of shares
Share Based Payments
Share
Capital
£’000
91
Share
Premium
Account
£’000
5,661
-
-
-
-
-
-
91
5,661
-
-
-
-
-
-
Balance as at 31 December 2019
91
5,661
Share
Option
Reserve
£’000
93
-
(18)
111
186
-
-
105
291
Retained
Earnings
£’000
(3,679)
Total
£’000
2,166
(1,239)
(1,239)
18
-
-
111
(4,900)
1,038
(775)
(775)
-
-
(5,675)
-
105
368
Page 58
Cyber Security ExpertsFor Two Decades�Consolidated Cash Flow Statement
Cash Flow from Operating Activities
Loss before Taxation
Adjustment for:
Amortisation of Intangibles
Amortisation of risght-of-use assets
Depreciation of Property, Plant and Equipment
Profit on Disposal of Equipment
Finance Costs
Share Based Payments
Cash used up in Operating Activities before changes in Working Capital
Change in Inventory
Change in Trade and Other Receivables
Change in Trade and Other Payables
Change on Other Non Cash Items
Cash Generated from Operating Activities
Corporation Tax received
Net Cash Flow Generated from Operating Activities
Acquisition of Property, Plant and Equipment
Disposal Proceeds
Development Costs capitalised
Net Cash Flow used in Investing Activities
Principal Paid on Lease Liabilities (2018: principle paid on finance leases)
Interest Paid on Loans and Borrowings
Net Cash used in Financial Activities
Net decrease in Cash & Cash Equivalents
Cash & Cash Equivalents at beginning of period
Cash & Cash Equivalents at end of period
Year ended
31 December
2019
£’000
Year ended
31 December
2018*
£’000
Note
(750)
(1,257)
12
18
13
23
14
15
17
4
13
12
18
16
177
200
217
(1)
46
105
(6)
(8)
(349)
428
(13)
52
152
204
(129)
16
(194)
(307)
(195)
(1)
(196)
(299)
650
351
175
-
217
-
-
111
(754)
35
(148)
111
-
(756
122
(634)
(105)
-
(187)
(292)
(21)
-
(21)
(947)
1,597
650
*The Group has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Comparative information is not
restated (see note 4).
Page 59
ECSC Group plcAnnual Report Year Ended 31 December 2019�Company Cash Flow Statement
Cash Flow from Operating Activities
Loss before Taxation
Adjustment for:
Amortisation of Intangibles
Amortisation of risght-of-use assets
Depreciation of Property, Plant and Equipment
Profit on Disposal of Equipment
Finance Costs
Share Based Payments
Cash used up in Operating Activities before changes in Working Capital
Change in Inventory
Change in Trade and Other Receivables
Change in Trade and Other Payables
Change on Other Non Cash Items
Cash Generated from Operating Activities
Corporation Tax received
Net Cash Flow Generated from Operating Activities
Acquisition of Property, Plant and Equipment
Disposal Proceeds
Development Costs capitalised
Net Cash Flow used in Investing Activities
Principal Paid on Lease Liabilities (2018: principle paid on finance leases)
Interest Paid on Loans and Borrowings
Net Cash used in Financial Activities
Net decrease in Cash & Cash Equivalents
Cash & Cash Equivalents at beginning of period
Cash & Cash Equivalents at end of period
Year ended
31 December
2019
£’000
Year ended
31 December
2018*
£’000
Note
(749)
(1,259)
12
18
13
23
14
15
17
4
13
12
18
16
177
178
198
(1)
43
105
(49)
(8)
(348)
450
(13)
32
152
184
(128)
16
(194)
(306)
(173)
(1)
(174)
(296)
646
350
175
-
198
-
-
111
(775
35
(145)
129
-
(756)
122
(634)
(105)
-
(187)
(292)
(21)
-
(21)
(946)
1,592
646
*The Company has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Comparative information is not
restated (see note 4).
Page 60
Cyber Security ExpertsFor Two Decades�Page 61
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements
1. Corporate Information
ECSC Group plc is incorporated in England and Wales and quoted on the London Stock Exchange’s
Alternative Investment Market (AIM: ECSC). Further copies of these financial statements will be available
at the Company’s registered office: 28 Campus Road, Listerhills Science Park, Bradford, West Yorkshire,
BD7 1HR. These financial statements for the year ended 31 December 2019 were approved by the Board of
Directors on 24 March 2020.
2. General Information
These financial statements may contain certain statements about the future outlook of ECSC Group plc.
Although the Directors believe their expectations are based on reasonable assumptions, any statements
about future outlook may be influenced by factors that could cause actual outcomes and results to be
materially different.
3. Basis of Preparation
These financial statements for the year ended 31 December 2019 have been prepared in accordance with
International Financial Reporting Standards, International Accounting Standards and Interpretations
(collectively IFR’) issued by the International Accounting Standards Board (IASB) as adopted by the European
Union (adopted IFRS).
The Company has taken advantage of Section 408 of the Companies Act 2006 and has not included its
individual statement of comprehensive income in these financial statements. The Company’s overall
result for the year is given in the company statement of financial position and statement of changes in
shareholders’ equity.
The financial statements for the period ended 31 December 2019 (and comparative) have been prepared
on a consolidated basis. The consolidated financial statements present the results of the Company and its
subsidiaries (the Group) as if they formed a single entity. The financial statements of the Group and Company
are both prepared in accordance with IFRS.
Alternative performance measures (APM)
In the reporting of financial information, the Directors have adopted the APM ‘Adjusted EBITDA” (APMs were
previously termed ‘Non-GAAP measures’), which is not defined or specified under International Financial
Reporting Standards (IFRS).
This measure is not defined by IFRS and therefore may not be directly comparable with other companies’
APMS, including those in the Group’s industry. APMs should be considered in addition to, and are not
intended to be a substitute for, or superior to, IFRS measurements.
Purpose
The Directors believe that this APM assists in providing additional useful information on the underlying
trends, performance and position of the Group. This APM is also used to enhance the comparability of
information between reporting periods and business units, by adjusting for non-recurring or uncontrollable
factors which affect IFRS measures, to aid the user in understanding the Group’s performance.
Page 62
Cyber Security ExpertsFor Two Decades
�Notes to the Financial Statements cont.
Consequently, APMs are used by the Directors and management for performance analysis, planning,
reporting and incentive setting purposes and this remains consistent with the prior year. Adjusted APMs
are used by the Group in order to understand underlying performance and exclude items which distort
compatibility, as well as being consistent with public broker forecasts and measures (see note 25).
This is the first set of the Group’s financial statements in which IFRS 16 has been applied. Changes to
significant accounting policies are described in Note 4.
The financial statements have been presented in thousands of Pounds Sterling (£’000, GBP) as this is the
currency of the primary economic environment that the Company operates in.
4. Accounting Policies
The principal accounting policies applied in the preparation of the financial statements are set out below.
These policies have been consistently applied to all periods presented, unless otherwise stated.
4.1 Basis of Accounting
The financial statements have been prepared on the historical cost basis except as stated.
New IFRS standards, amendments to and interpretations not applied to published standards
The following new standards, amendments to standards and interpretations will be mandatory for the first
time in future financial years:
New Standards
IFRS 17 Insurance contracts
18-May-2017
01-Jan-2021*
TBC
Issued date
IASB mandatory effective date
EU endorsement status
Amendments to existing standards
Amendments to References to
the Conceptual Framework in
IFRS Standards
Amendments to IFRS 3
Business Combinations –
Definition of a Business
Definition of Material –
Amendments to IAS 1 and IAS
8
Interest Rate Benchmark
Reform (Amendments to IFRS
9, IAS 39 and IFRS 7)
29-May-2018
01-Jan-2020
Endorsed
22-Oct-2018
01-Jan-2020
Expected Q1 2020
31-Oct-2018
01-Jan-2020
Endorsed
26-Sept-2019
01-Jan-2020
Endorsed Jan 2020
Amendments to IAS 1:
Classification of Liabilities as
Current or Non-current
The application of these standards and interpretations is not expected to have a material impact on the
Group’s reporting financial performance or position.
23-Jan-2020
01-Jan-2022
TBC
Page 63
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
IFRS 16 Leases
The Group has adopted IFRS 16 Leases from 1 January 2019. IFRS 16 introduced a single, on-balance
sheet accounting model for lessees. As a result, the Group, as a lessee, has recognised right-of-use assets
representing its rights to use the underlying assets and lease liabilities representing its obligation to make
lease payments.
The Group has applied IFRS 16 using the modified retrospective approach, therefore the comparative
information presented for 2018 has not been restated and is presented, as previously reported, under IAS 17
and related interpretations. The details of the changes in accounting policies are disclosed below.
Definition of a lease
Previously. The Group determined at contract inception whether an arrangement was or contained a lease
under IFRIC 4 Determining Whether an Arrangement contains Lease. The Group now assess whether
a contract is or contains a lease based on the new definition of a lease. Under IFRS 16, a contract is, or
contains, a lease if the contract conveys a right to control the use of an identified asset for a period of time in
exchange for consideration.
The Group has applied IFRS 16 only to contracts that were previously identified as leases. The Group
has elected not to separate non-lease components and will instead account for the lease and non-lease
components as a single lease component.
Initial application of IFRS 16
As a lessee, the Group previously classified leases as operating or finance leases based on its assessment.
On transition, for leases previously accounted for as operating leases with a remaining lease term of
less than 12 months and for leases of low-value assets the Group has applied the optional exemptions to
not recognise right-of-use assets but to account for the lease expense on a straight-line basis over the
remaining lease term.
The right-of-use assets recognised at 1 January 2019 was assessed for impairment. No impairment loss
was identified.
Practical expedients utilised:
• The Group has applied a single discount rate to each portfolio of leases with reasonably similar
characteristic.
• The Group has benefited from the use of hindsight for determining lease term when considering options
to extend and terminate leases.
Initial direct costs have been excluded from the measurement of the right-of-use assets.
•
When measuring lease liabilities for leases that were classified as operating leases, the lessee discounted
lease payments using its incremental borrowing rate at 1 January 2019.
The right-of-use asset is either:
Page 64
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
• Measured as if IFRS 16 had been applied from commencement of the lease, but using the lessee’s
incremental borrowing rate at 1 January 2019 to discount future payments; or
• Measured at the amount of the lease liability recognised in accordance with the measurement set out
above, adjusted for accrued or prepaid operating lease payments at 1 January 2019.
The company has elected to apply the second option.
The amounts recognised for leases at 1 January 2019, have been measured as follows:
‘Low-value’ leases
When the value of the underlying asset (if new) as at 1 January 2019 is £5k or less, the group has continued
to recognise the lease payments associated with those leases.
‘Short-term’ leases
Where the lease term ends before 31 December 2019, the Group has continued to recognised the lease
payments associated with those leases on a straight-line basis over the lease term.
Finance leases under IAS 17
The carrying amounts of the lease liability and right-of-use asset as at 1 January 2019 are measured under
IAS 17.
Significant judgements and major sources of estimation uncertainty
The group has applied judgement in applying the following transition provisions in IFRS 16:
• Determining whether leases have similar characteristics to apply a single discount rate. Lease portfolios
have been grouped between leases of office building, motor vehicles, and IT equipment.
• The office building group are separately grouped into UK and Australia properties.
Impact of transition for the Group
The weighted average incremental borrowing rate applied to lease liabilities by the Group as at 1 January
2019 is 4.66%.
GROUP
Assets
Property, plant and equipment
Prepayments
Accruals
Right-of-use assets
Liabilities
Finance lease
Lease liabilities
31 December
2018
£’000
427
197
205
-
40
-
(a)
(b)
(c)
(d)
(e)
(f)
IRFS16
£’000
(41)
(23)
(9)
1,078
(40)
1,063
01 January
2019
£’000
386
174
196
1,078
-
1,063
Page 65
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
(a) Property, plant and equipment was adjusted to reclassify a lease previously classified as finance type to
right-of-use assets. The adjustment reduced the cost of property, plant and equipment by £61k and accumu-
lated depreciation by £20k resulting in a net adjustment of £41k.
(b) Prepayments was adjusted to reclassify the prepaid rental charges for office building and motor vehicles
to right-of-use assets.
(c) Accruals was adjusted to reclassify the office building rent discounted period prior to 1 January 2019 to
right-of-use assets.
(d) The adjustment to right-of-use assets is as follows:
Adjusted noted in (a) – finance type leases
Adjusted noted in (b) – Prepayments
Adjusted noted in (c) – Accruals
Operating type leases
Right-of-use assets
£’000
41
23
(9)
1,023
1,078
(e) Finance lease was adjusted to reclassify a lease previously classified as finance type to lease liabilities.
(f) The following is a reconciliation of total operating lease commitments at 31 December 2018 to the lease
liabilities recognised at 1 January 2019:
Total operating lease commitments disclosed at 31 December 2018
Recognised inclusion:
•
Lease components
• Adjustments to commitments disclosures
Recognition exemptions:
Leases with remaining lease term of less than 12 months
Operating lease liabilities before discounting
Discounted using incremental borrowing rate
Operating lease liability
Finance lease obligation
Total lease liabilities recognised under IFRS 16 at 1 January 2019
£’000
155
34
(100)
£’000
1,155
89
1,244
(221)
1,023
40
1,063
Page 66
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
Impact of transition for the Company
The weighted average incremental borrowing rate applied to lease liabilities by the Company as 1 January
2019 is 4.66%.
COMPANY
Assets
Property, plant and equipment
Prepayments
Accruals
Right-of-use assets
Liabilities
Finance lease
Lease liabilities
31 December
2018
£’000
398
172
205
-
40
-
(a)
(b)
(c)
(d)
(e)
(f)
IRFS16
£’000
(41)
(23)
9
999
(40)
985
01 January
2019
£’000
357
149
214
999
-
985
(a) Property, plant and equipment was adjusted to reclassify a lease previously classified as finance type to
right-of-use assets. The adjustment reduced the cost of property, plant and equipment by £61k and accumu-
lated depreciation by £20k resulting in a net adjustment of £41k.
(b) Prepayments was adjusted to reclassify the prepaid rental charges for office building and motor vehicles
to right-of-use assets.
(c) Accruals was adjusted to reclassify the office building rent saving to right-of-use assets.
(d) The adjustment to right-of-use assets is as follows:
Adjusted noted in (a) – finance type leases
Adjusted noted in (b) – Prepayments
Adjusted noted in (c) – Accruals
Operating type leases
Right-of-use assets
£’000
41
23
(9)
945
999
(e) Finance lease was adjusted to reclassify a lease previously classified as finance type to lease liabilities.
(f) The following is a reconciliation of total operating lease commitments at 31 December 2018 to the lease
liabilities recognised at 1 January 2019:
Page 67
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
Total operating lease commitments disclosed at 31 December 2018
Recognised inclusion:
•
Lease components
• Adjustments to commitments disclosures
Recognition exemptions:
Leases with remaining lease term of less than 12 months
Operating lease liabilities before discounting
Discounted using incremental borrowing rate
Operating lease liability
Finance lease obligation
Total lease liabilities recognised under IFRS 16 at 1 January 2019
£’000
155
33
(100)
£’000
1,070
88
1,158
(213)
945
40
985
Impacts for the period
As a result of initially applying IFRS 16, in relation to the leases that were previously classified as operating
leases, the Group recognised £896k of right-of-use assets and £931k of lease liabilities as at 31 December
2019, see Note 18.
Also in relation to those leases under IFRS 16, the Group has recognised amortisation and interest costs,
instead of operating lease expense. During the year ended 31 December 2019, the Group recognised £200k
of amortisation charges and £45k of interest costs from these leases, see Note 18.
4.2 Going Concern
The Directors have reviewed whether the Group has adequate resources to continue in operational existence
for the foreseeable future. In conducting this review, the Directors have considered a range of factors,
including the market prospects for cyber security services, client relationships and dependency, supplier
relationships and dependency, actual or potential litigation, staff retention and reliance, relationships with
HMRC and regulators, financing arrangements, historic trading and cash flow performance, current trading
and cash flow performance, and future trading and cash flow expectations. In undertaking their review, the
Directors have prepared financial projections for the years ending 31 December 2020 and 2021, a review
which assumed continued revenue growth and cost efficiency.
In the event that this revenue and cost performance is not achieved, the Directors have also considered a
sensitivity analysis based on lower revenue growth and have formulated contingency plans for this scenario,
which enable the Group to preserve its financial resources.
Based on this review, the Directors have concluded that the Group has adequate resources to meet
its liabilities as they fall due and continue in operational existence for the foreseeable future, which
is considered to be at least the next 12 months from the date of approval of the financial statements.
Consequently, the Directors have adopted the going concern basis in preparing the financial statements.
Page 68
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
Further detail around the risks of COVID-19 and its potential impact on Going Concern are addressed
extensively in the front end Statements of this Annual Report. The Directors draw attention to this extensive
disclosure which indicates the current uncertainty in respect of the COVID-19 global pandemic. This event or
condition indicates that a material uncertainty exists that may cast significant doubt on the Company’s ability
to continue as a Going Concern.
4.3 Revenue Recognition
The core principle is that revenue should only be recognised as the client receives the benefit of the goods
or services provided under a commercial contract, in an amount that reflects the consideration to which the
provider expects to be entitled for the transfer of the goods or services.
Performance obligations and timing of revenue recognition
Revenue comprises the sales value of goods and services supplied during the year, exclusive of Value Added
Tax and trade discounts. Revenue from the provision of Consulting services is recognised as services are
rendered, based on the contracted daily billing rate and the number of days delivered during the period.
Revenue from Pre-paid contracts are deferred in the balance sheet and recognised on utilisation of service
by the client. Pre-paid revenue is included within Consulting in note 6.
Revenue from Managed Services contracts includes:
Hardware – hardware revenue is recognised on delivery and is included within other revenue as set out in
note 6. This is when control of hardware passes to the customer.
Device build - Device build revenue is deferred and recognised on a straight line basis over the term of the
contract.
Licensing - deferred and recognised on a straight line basis over the invoice period, due to the performance
obligation not being considered distinct from management and monitoring performance obligation
Management and monitoring - deferred and recognised on a straight line basis over the invoice period.
Revenue from the sale of products (vendor) is recognised when control passes to the customer, which is
considered to occur when the software or hardware product has been delivered to the client.
Determining the transaction price
The Group’s revenue is derived from fixed price contracts and therefore the amount of revenues to be earned
from each contract is determined by reference to those fixed prices.
Costs of obtaining long-term contracts and costs of fulfilling contracts
Commissions paid to sales staff for work in obtaining the Managed Service contracts are prepaid and
amortised over the terms of the contract on a straight line basis.
Page 69
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
Commissions paid to sales staff for work in obtaining the Prepaid Consultancy are recognised in the month
of invoice.
These costs are recognised in the Consolidated Statement of Comprehensive Income within Sales &
Marketing costs.
Contract Balances
At 1 January
Commission expensed during the period
Commissions paid in advance of contract completion
Recognised as revenue during the period
Invoiced in advance of performance during period
Contract
Assets
2019
£’000
Contract
Assets
2018
£’000
49
(28)
22
-
-
43
-
(13)
62
-
-
49
Contract
Liabilities
2019
£’000
(949)
-
-
2,429
(2,666)
(1,186)
Contract
Liabilities
2018
£’000
(829)
-
-
2,129
(2,249)
(949)
Contract Assets balance of £43k (2018:£49k) is included in the Trade Receivables and Other Receivables
(note 15). Contract Liabilities balance of £1,186k (2018: £949k) is included in Trade Payables and Other
Payables (note 17).
4.4 Finance Income
Finance income is accrued on an annual basis, by reference to the principal outstanding at the applicable
effective credit interest rate.
4.5 Government Grant Income
A government grant is recognised only when there is reasonable assurance that (a) the entity will comply
with any conditions attached to the grant and (b) the grant will be received.
The grant is recognised as income over the period necessary to match them with the related costs, for which
they are intended to compensate, on a systematic basis.
Government Grant Income is recognised in the Statement of Comprehensive Income over the period in which
the Company recognises expenses for the related costs for which the grants are intended to compensate.
Grants relating to income are deducted from the related expense.
Government tax credits available on eligible Research and Development expenditure (R&D Tax Credits) and
not reclaimable through other means are recognised as Other Income (see note 7).
4.6 Operating Profit
Operating Profit is stated after all expenses, including those considered to be exceptional, but before finance
income or expenses. Exceptional items are items of income or expense which, because of their nature or
size, require separate presentation to allow shareholders to better understand the financial performance of
Page 70
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
the period and allow comparison with prior years.
4.7 Foreign Currencies
Financial assets and liabilities in foreign currencies are translated into sterling at the rates of exchange
prevailing at the balance sheet date. Transactions in foreign currencies are translated into sterling at the
rate of exchange prevailing at the date of the transaction. Exchange differences are recognised in Operating
Profit.
On consolidation, the results of overseas operations are translated into Sterling at rates approximating those
prevailing when the transactions took place. All assets and liabilities of overseas entities are translated at
the rate prevailing at the reporting date. Exchange differences arising on translating the opening net assets
at opening rate and the results of overseas operations at actual rate are recognised in Other Comprehensive
Income and accumulated in the foreign exchange reserve.
4.8 Employee Benefits
Short-Term Benefits
Wages, salaries, paid annual leave and sick leave, bonuses and non-monetary benefits are accrued in the
period in which the associated services are rendered by employees of the Company.
Defined Contribution Pension Scheme
The Company operates a defined contribution pension scheme for employees. The assets of the scheme
are held separately from those of the Company. The annual contributions are charged to the Statement of
Comprehensive Income. The Company also contributes to the personal pension plans of the Directors in
accordance with their Service Contracts.
Employee Share Based Payments
Where equity settled share options are granted to employees (including Directors), the fair value of the
options at the date of grant is charged to the Consolidated Statement of Comprehensive Income, as a Share
Based Payment Charge, over the vesting period of the options, with a corresponding movement in the Share
Option Reserve.
Non-market vesting conditions are taken into account by adjusting the number of equity instruments
expected to vest at each reporting date so that, ultimately, the cumulative amount recognised over the
vesting period is based on the number of options that eventually vest. Non-vesting conditions and market
vesting conditions are factored into the fair value of the options granted. As long as all other vesting
conditions are satisfied, a charge is made irrespective of whether the market vesting conditions are satisfied.
Where the terms and conditions of options are modified before they vest, the increase in the fair value of the
options, measured immediately before and after modification, is also charged to the Consolidated Statement
of Comprehensive Income over the remaining vesting period.
4.9 Operating Lease Agreements (2018 only)
Rentals applicable to operating leases where substantially all of the risks and rewards of ownership remain
with the lessor are charged to the Statement of Comprehensive Income on a straight line basis over the full
Page 71
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
period of the lease. Any lease incentives are spread on a straight line basis over the full period of the lease.
4.10 Property, Plant and Equipment
All additions are initially recorded at historic cost. Depreciation is calculated so as to write-off the cost of an
asset, less its estimated residual value, over the useful economic life of that asset as follows:
• Leasehold Property
• Office Furniture and Equipment
• Computer Equipment
• Motor Vehicles
20% reducing balance
20% reducing balance
33% straight line
20% straight line
4.11 Research and Development Expenditure
Expenditure on research activities is recognised as an expense in the period in which it is incurred.
Expenditure on development activities generating an intangible asset is capitalised if all of the criteria set
out in IAS 38 are met. Capitalised assets are amortised over their useful economic life, which is considered
to be five years.
If the criteria set out in IAS 38 are not met, expenditure on development activities is recognised as an
expense in the period in which it is incurred.
4.12 Inventories
Inventories are carried at the lower of cost or net realisable value. Net realisable value is calculated based
on the expected revenue from sale in the normal course of business less any costs to sell. Due allowance is
made for obsolete and slow moving items.
4.13 Financial Instruments
Financial Assets
The Group and Company’s Financial Assets include Cash and Cash Equivalents, Trade Receivables and Other
Receivables.
•
Initial Recognition and Measurement
Financial Assets are classified as amortised cost and initially measured at fair value.
• Subsequent Measurement
Financial assets are subsequently measured at amortised cost, using the effective interest method,
less impairment. Interest is recognised by applying the effective interest method, except for short-term
receivables when the recognition of interest would be immaterial.
The Group has applied the simplified method of the expected credit loss model when calculating
impairment losses on its financial assets measured at amortised cost, such as trade receivables. This
resulted in greater judgement due to the need to factor in forward-looking information when estimating
the appropriate amount to provisions.
Page 72
Cyber Security ExpertsFor Two Decades
�Notes to the Financial Statements cont.
• Derecognition of Financial Assets
The Group and Company derecognises a Financial Asset only when the contractual rights to the cash
flows from the asset expire, or it transfers the Financial Asset and substantially all the risks and rewards
of ownership of the asset to another entity.
•
Invoice Discounting Facility
The Group and Company will continue to retain substantially all the credit risk and therefore will continue
to recognise the receivables.
Financial Liabilities and Equity Instruments
The Group and Company’s Financial Liabilities include Trade Payables, Accruals and Other Payables.
Financial Liabilities are classified at amortised cost.
• Classification as Debt or Equity
Financial Liabilities and Equity Instruments issued by the Company are classified according to the
substance of the contractual arrangements entered into and the definitions of a Financial Liability and an
Equity Instrument.
• Equity Instruments
An Equity Instrument is any contract that evidences a residual interest in the assets of the Company after
deducting all of its liabilities. Equity Instruments are recorded at the proceeds received, net of direct
issue costs.
• Trade Payables, Other Payables and Accruals
Trade Payables, Accruals and Other Payables are initially measured at fair value, net of transaction costs,
and are subsequently measured at amortised cost, where applicable, using the effective interest method,
with interest expense recognised on an effective yield basis.
• Derecognition of Financial Liabilities
The Company derecognises financial liabilities when the Company’s obligations are discharged,
cancelled or expire.
Offsetting of Financial Instruments
Financial Assets and Financial Liabilities are offset, and the net amount reported in the Statement of
Financial Position if there is a currently enforceable legal right to offset the recognised amounts and there is
an intention to settle on a net basis, or to realise the assets and settle the liabilities simultaneously.
4.14 Cash and Cash Equivalents
Cash and Cash Equivalents comprise cash on hand and demand deposits, and other short-term highly liquid
investments which are readily convertible to known amounts of cash and are subject to insignificant risk of
changes in value.
Page 73
ECSC Group plcAnnual Report Year Ended 31 December 2019
�Notes to the Financial Statements cont.
4.15 Impairment of Assets
Non-Financial Assets
The carrying amounts of the Group and Company’s Non-Financial Assets, other than Deferred Tax Assets,
are reviewed at each reporting date to determine whether there is any indication of impairment. If any such
indication exists, then the asset’s recoverable amount is estimated.
The recoverable amount of an asset or cash-generating unit is the greater of its value in use and its fair
value less costs to sell. In assessing value in use, the estimated future cash flows are discounted to their
present value using a pre-tax discount rate that reflects current market assessments of the time value of
money and risk specific to the asset. For the purpose of impairment testing, assets are grouped together into
the smallest group of assets that generates cash inflows from continuing use that are largely independent of
the cash inflows of other assets or groups of assets.
An impairment loss is recognised if the carrying amount of an asset or its cash generating unit exceeds its
estimated recoverable amount. Impairment losses are recognised in profit and loss.
Impairment losses recognised in prior periods are assessed at each reporting date for any indications that
the loss has decreased or no longer exists. An impairment loss is reversed if there has been a change in
the estimates used to determine the recoverable amount. An impairment loss is reversed only to the extent
that the asset’s carrying amount does not exceed the carrying amount that have been determined, net of
depreciation or amortisation, if no impairment loss had been recognised.
4.16 Corporation Tax
Corporation Tax expense represents the sum of the tax currently payable and Deferred Tax.
The tax currently payable is based on taxable profit for the year. Taxable profit differs from profit as reported
in the Statement of Comprehensive Income because it excludes items of income or expense that are taxable
or deductible in other years and it further excludes items that are not taxable or tax deductible.
The Company’s liability for current tax is calculated using tax rates (and tax laws) that have been enacted or
substantively enacted by the end of the financial period.
Government tax credits available on eligible Research and Development expenditure and not reclaimable
through other means are recognised as Other Income and treated as a government grant. This applies when
there are no taxable profits against which to offset the tax credit. The amount receivable by the Group and
Company is shown on the face of the balance sheet within Corporation Tax Recoverable.
4.17 Deferred Tax
Deferred Tax is recognised in respect of all timing differences that have originated but not reversed at the
balance sheet date where transactions or events have occurred at that date that will result in an obligation to
pay more, or a right to pay less or to receive more tax.
Deferred Tax Assets are recognised only to the extent that the Directors consider that it is more likely
than not that there will be suitable taxable profits from which the future reversal of the underlying timing
Page 74
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
differences can be deducted.
Deferred Tax is measured on an undiscounted basis at the tax rates that are expected to apply in the periods
in which timing differences reverse, based on tax rates and laws enacted or substantively enacted at the
balance sheet date.
4.18 Share Capital
Ordinary Share Capital is recorded at nominal value and proceeds received in excess of nominal value of
shares issued, if any, is accounted for in the Share Premium Account. Both Ordinary Share Capital and Share
Premium Account are classified as equity. Costs incurred directly to the issue of shares are accounted
for as a deduction from Share Premium Account; otherwise such costs are charged to the Statement of
Comprehensive Income.
4.19 Operating Segments
An operating segment is a component of the Group and the Company that engages in business activities
from which it may earn revenues and incur expenses, including revenues and expenses that relate to
transactions with any of the Company’s other components.
An operating segment’s operating results are reviewed regularly by the Directors of the Company to assess
performance and make decisions about resource allocation.
The Board considers that the Company’s activity constitutes three operating and three reporting segments
as defined under IFRS 8.
4.20 Related Parties
Parties are considered to be related if one party has the ability (directly or indirectly) to control the other
party or exercise significant influence over the other party in making financial and operating decisions.
Parties are also considered related if they are subject to common control or common significant influence.
Related parties may be individuals or corporate entities.
5. Critical Accounting Judgements, Estimates and Sources of Estimation Uncertainty
In applying the accounting policies, the Directors may at times be required to make critical accounting
judgements and estimates about the carrying amount of assets and liabilities. These estimates and
assumptions, when made, are based on historical experience and other factors that the Directors consider
are relevant.
The key estimates and assumptions concerning the future and other key sources of estimation uncertainty
at the end of the financial year, that have significant risk of causing a material adjustment to the carrying
amounts of assets and liabilities within the next financial year, are stated below.
Judgements
Going Concern
Management apply their judgement in reviewing whether the Group has adequate resources to continue
in operational existence for the foreseeable future, which is considered to be 12 months from the date of
approval of the financial statement. The Group has done sensitivity analysis around a possible COVID-19
Page 75
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
impact especially on consulting revenue, further detail regarding the impact is detail on page 29.
Development Costs Capitalised & Amortised
Management apply their judgement in determining whether an identified intangible software asset meets
the criteria for capitalisation under IAS 38. The carrying value of Intangible Assets as at 31 December 2019
was £429k (2018: £412k).
Management estimate the percentage of development staff time used to enhance and improve the
Company’s intangible software assets in order to capitalise a proportion of salary costs each period. In the
year ended 31 December 2019, the amount of staff time capitalised into Intangible Assets was £194k (2018:
£187k).
Development Costs capitalised into Intangible Assets are amortised over management’s estimate of the
useful economic life of the asset recognised. In the year ended 31 December 2019, the useful economic life
of all Intangible Assets was estimated to be 5 years, resulting in an amortisation charge of £177k (2018:
£175k). If the useful economic life of Intangible Assets was estimated to be 3 years, the amortisation charge
would have been approximately £242k (2018: £235k).
6. Revenue and Segment Information
The Group’s principal revenue is derived from the provision of cyber security professional services.
During this period, the Directors received information on financial performance on a divisional basis. The
Directors consider that there are three reportable operating segments: Consulting (including Remote Sup-
port services), Managed Services, and Vendor Products. There were a small number of other transactions
recorded during each period which are not considered to be part of either of the three reportable operating
segments. These are presented below within the ‘Other’ caption and are not significant.
The Directors do not receive any information on the financial position of each segment, including information
on assets and liabilities. Accordingly, no such information has not been presented.
The Group is not reliant on any single client, with no single client accounting for 10% or more of revenue. All
revenue recognised is derived from external clients.
Page 76
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
The Group has PPE located in the UK (cost of £896k; NBV of £272k) and Australia (cost of £57k; NBV of £11k).
The Group’s revenue and gross profit by operating segment for the year ended 31 December 2019 were as
follows:
Revenue
Consulting
Managed Service
Vendor Products
Other
Total Revenue
Gross Profit
Consulting
Managed Service
Vendor Products
Other
Gross Profit
Operating Loss
Finance Income
Finance Cost
Year ended
31 December
2019
£’000
Year ended
31 December
2018*
£’000
2,922
2,585
162
236
5,905
1,574
1,745
29
12
3,360
(704)
-
(46)
3,122
1,745
228
287
5,382
1,783
923
42
(8)
2,740
(1,258)
1
-
Loss before Taxation
*The Group has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Comparative information is not
restated (see note 4).
(750)
(1,257)
Revenue by country for the year ended 31 December 2019 was as follows:
United Kingdom
Europe
United States
Channel Island
Middle East
Other Countries
Total
Year ended
31 December
2019
£’000
Year ended
31 December
2018
£’000
5,708
116
9
66
2
4
5,214
101
-
67
-
-
5,905
5,382
Page 77
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
The Group’s United Kingdom revenue by operating segment for the year ended 31 December 2019 were as
follows:
Revenue United Kingdom
Consulting
Managed Service
Vendor Products
Other
Total
7. Other Income
Withholding Tax
Gain on sale of Asset
R&D Tax Credits
Total
Year ended
31 December
2019
£’000
Year ended
31 December
2018
£’000
2,760
2,580
144
224
5,708
2,970
1,741
227
276
5,214
Year ended
31 December
2019
£’000
Year ended
31 December
2018
£’000
-
1
262
263
3
-
152
155
A credit has been recognised within Other Income as a result of R&D Tax Credit surrenders. For the year
ended 31 December 2019, the surrender resulted in a credit of £262k, included within Corporation Tax Re-
coverable.
Page 78
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
8. Operating Loss
Operating Loss is stated after charging:
Depreciation of Fixed Assets
Amortisation of Intangibles - Development Costs
Amortisation of leases
R&D expenditure
Short-term and low value lease expense
Auditors Remuneration - Audit Services
Auditors Remuneration - Non-Audit Services
Taxation Compliance Services
Other Taxation and Compliance Services
Exceptional items
Inventories Expensed
Year ended
31 December
2019
£’000
Year ended
31 December
2018
£’000
217
177
200
785
62
42
8
13
6
44
217
175
-
591
-
33
8
14
120
104
The amount charged in respect of Auditors’ Remuneration for the Group and the Company audit was £42k. None of the subsidiaries (see note 27)
of the Group were subject to audit in the year ended 31 December 2019
9. Employee Benefit Expense
Employee Benefit Expense (including Directors) during the periods amounted to:
Wages and Salaries
Social Security Costs
Pension Contributions
Share Based Payments
GROUP
Year Ended
31 December
2019
£’000
GROUP
Year Ended
31 December
2018
£’000
COMPANY
Year Ended
31 December
2019
£’000
COMPANY
Year Ended
31 December
2018
£’000
4,091
440
153
105
4,789
4,155
476
112
111
4,854
3,944
392
134
105
4,575
3,971
427
96
111
4,605
Directors’ remuneration for the Group and Company is as follows:
Salaries, Bonus, Benefits-in-Kind
Pension Contributions
Share Based Payments
Social Security Costs
Year ended
31 December
2019
£’000
Year ended
31 December
2018
£’000
455
30
47
57
589
505
38
33
63
639
Page 79
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
Details of Directors’ remuneration can be found in the Remuneration Report on pages 42-46.
Key management personnel, being those persons having responsibility for planning, directing and
controlling the activities of the Group, are considered to be the Directors listed on pages 35 (Board of
Directors).
Amounts paid to the highest paid director in the period were as follows:
Year ended
31 December
2019
£’000
196
18
214
Year ended
31 December
2018
£’000
210
12
222
Year ended
31 December
2019
Year ended
31 December
2018
4
81
85
4
82
86
Year ended
31 December
2019
£’000
4
77
81
Year ended
31 December
2018
£’000
4
78
82
Salaries, Bonus, Benefits-in-Kind
Pension Contributions
Group
The average monthly number of employees during the year was:
Directors
Operational
Company
The average monthly number of employees during the year was:
Directors
Operational
Page 80
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
10. Taxation
Recognised in the Statement of Comprehensive Income
Corporation Tax Charge/(Credit)
Deferred Tax Charge/(Credit)
Reconciliation of Total Tax Charge/(Credit)
Loss before Tax
UK Corporation At Rate Of 19.0%
Expenses Not Deductible For Tax Purposes
Income Not Taxable For Tax Purposes
Exercise Of Share Options
Difference Between Current And Deferred Tax Rates
Over/Under Provision In Prior Period - Corporation Tax
Over/Under Provision In Prior Period - Deferred Tax
Tax Losses on Which Deferred Tax Not Recognised
Total Tax Charge/(Credit)
Deferred Tax Assets & Liabilities
Deferred Tax Assets
Deferred Tax Liabilities
Deferred Tax - Net Asset/(Liability)
Year ended
31 December
2019
£’000
-
26
26
Year ended
31 December
2019
£’000
(750)
(143)
2
-
-
-
-
26
141
26
Year ended
31 December
2018
£’000
-
(19)
(19)
Year ended
31 December
2018
£’000
(1,257)
(164)
2
-
(14)
-
-
(19)
176
(19)
Year ended
31 December
2019
£’000
77
(99)
(22)
Year ended
31 December
2018
£’000
119
(115)
4
Deferred Tax Assets of £77K is recognised in respect of unutilised trading losses, Share Based Payments
and short-term timing differences. Deferred Tax Liabilities of £99k arise on timing differences in the carrying
value of certain of the Company’s assets for financial reporting purposes and for corporation tax purposes.
These will reverse as the fair value of the related assets are depreciated over time. Deferred Tax balances
have been calculated at the rate of 17%, being the rate of Corporation Tax expected to be in force when the
timing differences reverse.
Page 81
ECSC Group plcAnnual Report Year Ended 31 December 2019
�Notes to the Financial Statements cont.
Unutilised Trading Losses
The Company continues to carry forward unutilised trading losses of £5,666k (2018: £4,941k). A Deferred Tax
Asset of £22k (£83k, 2018) has been recognised as at 31 December 2019 in respect of the unutilised trading
losses. No further Deferred Tax Asset has been recognised because the Board envisages that a significant
period of time will be required to generate sufficient profits to utilise the trading losses carried forward.
11. Earnings per Share
Basic Earnings per Share is calculated by dividing the Profit for the period attributable to Equity Holders
of the Company by the weighted average number of Ordinary Shares outstanding during the period (Basic
Number of Ordinary Shares).
Diluted Earnings per Share is calculated by dividing the Profit for the period attributable to Equity Holders
of the Company by the weighted average number of Ordinary Shares outstanding during the period plus the
weighted average number of Ordinary Shares that would be issued on conversion of all the potential dilutive
Ordinary Shares (Diluted Number of Ordinary Shares), subject to the effect of anti-dilutive potential shares
being ignored in accordance with IAS 33.
Adjusted Earnings per Share is calculated by dividing Adjusted Profit (after adding-back exceptional costs
incurred in the period; see note 25) by Diluted Number of Ordinary Shares.
The calculation of Basic, Diluted and Adjusted Earnings per Share is as follows:
Year ended
31 December
2019
£’000
Year ended
31 December
2018*
£’000
(776)
6
105
(665)
9,098
-
-
-
-
9,098
661
9,759
(8.5)
(8.5)
(7.3)
(1,238)
120
111
(1,007)
9,047
-
14
-
37
9,098
458
9,556
(13.6)
(13.6)
(11.1)
Net Loss Attributable To Equity Holders Of The Company
Add Back: Exceptional Costs
Add Back: Share Based Payments
Adjusted Loss
Number Of Ordinary Shares (‘000)
Initial Weighted Average
Bonus Issue
Exercise Share Option
IPO Placing
Equity Warrant
Basic Number Of Ordinary Shares
Weighted Average Dilutive Shares In Period
Diluted Number Of Ordinary Shares
Earnings Per Share (Pence):
Basic Losses Per Share
Diluted Losses Per Share**
Adjusted Losses Per Share
Page 82
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
* The Group has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Comparative information is not
restated (see note 4).
** In accordance with IAS 33, the effect of anti-dilutive potential shares has been ignored.
During the year ended 31 December 2018, Ordinary Shares were issued as follows:
• On 27 April 2018, David Mathewson, Non-Executive Chairman exercised his options over 6,411 ordinary
shares in the Company at nil cost per share.
• On 2 May 2018, a former Director exercised options over 8,041 ordinary shares in the Company at nil cost
per share.
These share issues were taken into account in calculating the Basic Number of Ordinary Shares.
During the year ended 31 December 2018, the following dilutive events have occurred:
• On 18 April 2018, the Company granted options over 200,000 Ordinary Shares to the Non-Executive
Directors.
• On 7 August 2018, the Company granted options over 185,000 Ordinary Shares to selected employees, of
which 180,000 remain outstanding as at 31 December 2018.
During the year ended 31 December 2019, the following dilutive events have occurred:
• On 16 July 2019, the Company granted options over 175,500 Ordinary Shares to selected employees,
including 50,000 to Director Lucy Sharp, of which 175,500 remain outstanding as at 31 December 2019.
These dilutive events were taken into account in calculating Diluted Number of Ordinary Shares.
Page 83
ECSC Group plcAnnual Report Year Ended 31 December 2019�£’000
704
187
891
891
194
1,085
304
175
479
479
177
656
412
429
Notes to the Financial Statements cont.
12. Intangible Assets
Group & Company
Development Costs
Costs
As at 1 January 2018
Additions
As at 31 December 2018
As at 1 January 2019
Additions
As at 31 December 2019
Amortisation
As at 1 January 2018
Charges for the year
As at 31 December 2018
As at 1 January 2019
Charges for the year
As at 31 December 2019
Net Book Value
As at 31 December 2018
As at 31 December 2019
Page 84
Cyber Security ExpertsFor Two Decades
�Notes to the Financial Statements cont.
13. Property, Plant and Equipment
GROUP
Cost
At 1 January 2018
Additions
Disposals
At 31 December 2018
Reclassification due to IFRS16
Additions
Disposals
At 31 December 2019
Depreciation
At 1 January 2018
Charge for Period
Disposals
At 31 December 2018
Reclassification due to IFRS16
Charge for Period
Disposals
At 31 December 2019
Net Book Value
At 31 December 2018
At 31 December 2019
Leasehold
Property
£’000
Office
Equipment
£’000
Computer
Equipment
£’000
Motor
Vehicles
£’000
Total
£’000
99
4
-
103
-
12
-
115
34
14
-
48
-
15
-
63
55
52
119
1
-
120
-
16
-
136
29
21
-
50
-
25
-
75
70
61
547
92
-
639
(61)
101
-
679
199
171
-
370
(20)
168
-
518
269
161
49
8
-
57
-
-
(34)
23
13
11
-
24
-
9
(19)
14
33
9
814
105
-
919
(61)
129
(34)
953
275
217
-
492
(20)
217
(19)
670
427
283
Page 85
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
COMPANY
Cost
At 1 January 2018
Additions
Disposals
At 31 December 2018
Reclassification due to IFRS16
Additions
Disposals
At 31 December 2019
Depreciation
At 1 January 2018
Charge for Period
Disposals
At 31 December 2018
Reclassification due to IFRS16
Charge for Period
Disposals
At 31 December 2019
Net Book Value
At 31 December 2018
At 31 December 2019
14. Inventory
Leasehold
Property
£’000
Office
Equipment
£’000
Computer
Equipment
£’000
Motor
Vehicles
£’000
Total
£’000
99
4
-
103
-
12
-
115
34
14
-
48
-
15
-
63
55
52
98
1
-
99
-
15
-
114
297
14
-
41
-
17
-
58
58
56
512
92
-
604
(61)
101
-
644
193
159
-
352
(20)
157
-
489
252
155
49
8
-
57
-
-
(34)
23
13
11
-
24
-
9
(19)
14
33
9
758
105
-
863
(61)
128
(34)
896
267
198
-
465
(20)
198
(19)
624
398
272
Inventory
26
18
26
18
GROUP
Year Ended
31 December
2019
£’000
GROUP
As At
31 December
2018
£’000
COMPANY
Year Ended
31 December
2019
£’000
COMPANY
As At
31 December
2018
£’000
Page 86
Cyber Security ExpertsFor Two Decades
�Notes to the Financial Statements cont.
15. Trade Receivables and Other Receivables
Trade Receivables
Other Receivables
Intercompany Receivables
Prepayments
Accrued Income
Contract Asset
GROUP
As At
31 December
2019
£’000
GROUP
As At
31 December
2018
£’000
COMPANY
As At
31 December
2019
£’000
COMPANY
As At
31 December
2018
£’000
973
8
-
182
4
43
869
8
-
197
-
49
973
8
92
160
4
43
869
8
96
172
-
49
The carrying amount of Trade Receivables and Other receivables approximates to their fair value.
1,120
1,123
1,280
1,194
Intercompany Receivables represent loans provided by ECSC Group plc to ECSC Australia Pty Ltd. The loans
are repayable on demand, no expected credit loss is attributed to them.
Cash flow movement:
Group: movement in Trade Receivables and Other Receivables minus £262k R&D tax credit (note 7)
Company: movement in Trade Receivables and Other Receivables minus £262k R&D tax credit (note 7)
16. Cash & Cash Equivalents
Cash & Cash Equivalents
351
650
350
646
GROUP
As At
31 December
2019
£’000
GROUP
As At
31 December
2018
£’000
COMPANY
As At
31 December
2019
£’000
COMPANY
As At
31 December
2018
£’000
Page 87
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
17. Trade Payables and Other Payables
Trade Payables
Other Taxation and Social Security
Accruals
Contract Liabilities
Intercompany Payables
Other Payables
GROUP
As At
31 December
2019
£’000
GROUP
As At
31 December
2018
£’000
COMPANY
As At
31 December
2019
£’000
COMPANY
As At
31 December
2018
£’000
197
436
259
1,186
-
59
2,137
170
347
205
949
-
38
1,709
195
434
258
1,186
72
54
2,199
167
344
205
949
50
34
1,749
The carrying amount of Trade Payables and Other Payables approximates to their fair value due to their short
term nature.
18. Leases
On commencement of a contract (or part of a contract) which gives the group the right to use an asset for a
period of time in exchange for consideration, the group recognises a right-of-use asset and a lease liability
unless the lease qualifies as a ‘short-term’ lease or a ‘low-value’ lease.
All leases are accounted for by recognising a right-of-use and a lease liability except for:
• Leases of low-value assets
Leases where the underlying asset is ‘low-value’, £5k lease payments are recognised as an expense on a
straight-line basis over the lease term. The group has elected to apply the ‘low-value’ lease exemption to
all qualifying leases, but the election can be made on a lease-by-lease basis.
• Short term lease
Where the lease term is twelve months or less and the lease does not contain an option to purchase the
leased asset, lease payments are recognised as an expense on a straight-line basis over the lease term.
The group sometimes negotiates break clauses in its property leases. On a case-by-case basis, the group
will consider whether the absence of a break clause would exposes the group to excessive risk. Typically
factors considered in deciding to negotiate a break clause include:
•
•
•
the length of the lease term;
the economic stability of the environment in which the property is located; and
whether the location represents a new area of operations for the group.
IFRS 16 was adopted 1 January 2019 without restatement of comparative figures. For an explanation of the
transitional requirements that were applied as at 1 January 2019, see Note 4. The following policies apply
subsequent to the date of initial application, 1 January 2019.
Page 88
Cyber Security ExpertsFor Two Decades
�Notes to the Financial Statements cont.
Right-of-use Assets
A right-of-use asset is recognised at commencement of the lease and initially measured at the amount of
the lease liability, plus any incremental costs of obtaining the lease and any lease payments made at or be-
fore the leased asset is available for use by the group.
The right-of-use asset is subsequently measured at cost less accumulated amortisation and any accumu-
lated impairment losses. The amortisation methods applied is on a straight-line basis over the term of the
lease.
Amortisation charge for the year included in ‘administrative expenses’ for right-of-use assets.
GROUP
At 1 January 2019
Additions
Amortisation
NBV at 31 December 2019
COMPANY
At 1 January 2019
Additions
Amortisation
NBV at 31 December 2019
Office
buildings
£’000
981
-
(132)
849
Office
buildings
£’000
902
-
(110)
792
Motor
vehicles
£’000
56
18
(48)
26
Motor
vehicles
£’000
56
18
(48)
26
IT
equipment
£’000
41
-
(20)
21
IT
equipment
£’000
41
-
(20)
21
Total
£’000
1,078
18
(200)
896
Total
£’000
999
18
(178)
839
Lease Liability
The lease liability is initially measured at the present value of the lease payments during the lease term
discounted using the interest rate implicit in the lease, or the incremental borrowing rate if the interest rate
implicit in the lease cannot be readily determined.
The lease term is the non-cancellable period of the lease plus extension periods that the group is reasonably
certain to exercise and termination periods that the group is reasonably certain not to exercise.
The lease liability is subsequently increased for a constant periodic rate of interest on the remaining balance
of the lease liability and reduced for lease payments.
Interest expense for the year on lease liabilities is recognised in ‘finance costs’.
Page 89
ECSC Group plcAnnual Report Year Ended 31 December 2019
�Notes to the Financial Statements cont.
GROUP
At 1 January 2019
Additions
Interest Expense
Lease Payments
At 31 December 2019
COMPANY
At 1 January 2019
Additions
Interest Expense
Lease Payments
At 31 December 2019
Office
buildings
£’000
968
-
42
(121)
889
Office
buildings
£’000
890
-
39
(99)
830
Motor
vehicles
£’000
IT
equipment
£’000
55
18
3
(53)
23
40
-
-
(21)
19
Motor
vehicles
£’000
IT
equipment
£’000
55
18
3
(53)
23
40
-
-
(21)
19
Total
£’000
1,063
18
45
(195)
931
Total
£’000
985
18
42
(173)
872
Group and Company
• Short-term lease expense
• Low value lease expense
£60k
£2k
Lease Payments
Interest Expense
Lease Liabilities
Up To
12 months
£’000
188
(38)
150
1-5
years
£’000
603
(117)
486
more than
5 years
£’000
316
(21)
295
19. Secured Facilities
The Group has been provided with payments facilities by Barclays Bank plc, including a BACS payment
facility and a credit card facility. Barclay’s are also providing an invoice discounting facility of £500,000. These
payment facilities are secured by a debenture in favour of Barclays that creates fixed and floating charges
over the assets of the Company.
Page 90
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
20. Share Capital
Ordinary Share Capital
During the period ended 31 December 2019, the movement in Share Capital was:
Ordinary Shares
As at 1 January 2018
Exercise of Share Options
At at 31 December 2018
As at 1 January 2019
Exercise of Share Options
At at 31 December 2019
Number of
Authorised
Shares
11,992,131
-
11,992,131
11,992,131
-
11,992,131
Number of
Shares Issued
and Fully Paid
Ordinary Share
Capital
£’000
9,084,072
14,425
9,098,497
9,098,497
-
9,098,497
91
-
91
91
-
91
On 27 April 2018, David Mathewson, Non-Executive Chairman exercised options over 6,411 Ordinary Shares
at nil cost per share.
On 2 May 2018, a former Director exercised options over 8,041 Ordinary Shares at nil cost per share.
Share Premium Account
The balance of the Share Premium Account represents amounts received in excess of the nominal value (1
pence per share) of Ordinary Shares. This account is non-distributable.
Share Option Reserve
The balance of the Share Option Reserve represents the accumulated amounts charged to the Statement of
Comprehensive Income in respect of Share Based Payments. This reserve is non-distributable.
Retained Earnings
The balance of the Retained Earnings account represents the accumulated retained profits or losses of the
Group. This account is a distributable reserve, provided that the accumulated balance is positive.
21. Financial Instruments and Financial Risk Management
The Group’s and Company’s principal financial instruments comprise:
Intercompany Receivables
• Cash and Cash Equivalents
• Trade Receivables
• Other Receivables
•
• Trade Payables
• Accruals
•
• Other Payables
Intercompany Payables
Page 91
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
The Group’s and Company’s accounting policies, including the criteria for recognition, and the basis on which
income and expenses are recognised in respect of each class of financial asset and financial liability, are set
out in note 4.14 to the financial statements. The information about the extent and nature of these recognised
financial instruments, including significant terms and conditions that may affect the amount, timing and cer-
tainty of future cash flows, are disclosed in the respective notes where applicable. The Group and Company
does not use financial instruments for speculative purposes.
The principal financial instruments used by the Group and Company, from which financial instrument risk
arises, are as follows:
Financial Assets
Trade Receivables
Other Receivables
Intercompany Receivables
Cash and Cash Equivalents
Total Financial Assets
Financial Liabilities
Trade Payables
Accruals
Intercompany Payables
Other Payables
Total Financial Liabilities
GROUP
As At
31 December
2019
£’000
GROUP
As At
31 December
2018
£’000
COMPANY
As At
31 December
2019
£’000
COMPANY
As At
31 December
2018
£’000
973
8
-
351
1,332
197
259
-
59
515
869
8
-
650
1,527
170
205
-
38
413
973
8
92
350
1,423
195
258
72
54
579
869
8
96
646
1,619
167
205
50
34
456
Fair Values
The Directors have assessed that the fair values of Cash and Cash Equivalents, Trade Receivables, Trade
Payables, Other Payables approximate to their carrying amounts largely due to the short-term maturities of
these instruments. There are no fair value adjustments to assets or liabilities charged to the Statement of
Comprehensive Income.
Market Risk
Market risk is the risk that the fair value of future cash flows of a financial instrument will fluctuate due to
changes in market prices. Market risk comprises three types of risk – commodity price risk, interest rate
risk; and foreign currency risk. The Group and Company has limited exposure to each of these risks as
discussed below. Notes to the Financial Statements (continued)
For the year ended 31 December 2019
Capital Management
The Group and Company manages its capital to ensure that it will be able to continue as a going concern
while attempting to maximise the return to stakeholders through the optimisation of the debt and equity
Page 92
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
structure. The capital structure of the Group and Company consists of issued Share Capital, Retained
Earnings and Finance Leases.
The Group and Company do not generally enter into derivative transactions (such as interest rate swaps
and forward foreign currency contracts) and has been throughout the period covered by these financial
statements, the Group’s and Company’s policy that no trading in financial derivative instruments shall be
undertaken.
Credit Risk
Credit risk is the risk that a counterparty will cause a financial loss to the Group by failing to discharge its
obligations to the Group. The Group manages its exposure to this risk by applying limits to the amount of
credit exposure to any one counterparty and employs strict minimum credit worthiness criteria as to the
choice of counterparty. The maximum exposure to credit risk for receivables and other financial assets
is represented by their carrying amount. The Group considers credit risk to be low due to its processes
and the nature of its clients, which includes a broad spread of large corporates, SMEs and public sector
organisations.
The Group uses an expected credit loss model for impairment that represents its estimate of incurred losses
in respect of the Trade Receivables as appropriate.
The Group applies the IFRS 9 simplified approach to measure expected credit losses using a lifetime
expected credit loss provision for trade receivables and contract assets. The expected loss rates are based
on the Group’s historical credit losses experienced over the two year period prior to the period end.
The historical loss rates are then adjusted for current and forward-looking information on macroeconomic
factors affecting the Group’s customer. Under the expected credit loss model impairment allowance wasn’t
material resulting in no provision being made.
Trade Receivables
Trade Receivables, net of impairment provisions, for the Group and Company as at 31 December 2019 were
£973k (2018: £869k). These Trade Receivables are not secured by any collateral or credit insurance. The
Group’s standard terms are 30 days from date of invoice but non-standard terms may be agreed with certain
customers. Invoices which remain unpaid for periods greater than agreed terms are assessed as overdue.
As at 31 December 2019, Trade Receivables past due for the Group and Company total £391k (2018: £132k) of
which nil (2018: nil) have been impaired.
Page 93
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
As at 31 December 2019, Trade Receivables of £391k (2018: £132k) were past due but not impaired, as
follows:
Up to 3 months
3 months to 6 months
6 months to 12 months
GROUP
As At
31 December
2019
£’000
GROUP
As At
31 December
2018
£’000
COMPANY
As At
31 December
2019
£’000
COMPANY
As At
31 December
2018
£’000
389
2
-
391
131
1
-
132
389
2
-
391
131
1
-
132
Cash Holdings
The Group only holds cash at mainstream banking institutions to mitigate the credit risk on cash deposits.
The credit rating of the principal banking institution is A (Standard & Poor’s).
Interest Rate Risk
The Company’s exposure to changes in interest rates relates to Cash Holdings and Finance Leases.
Cash is held either on current or short term deposits at a floating rate of interest determined by the relevant
bank’s prevailing base rate.
The outstanding balance of Finance Leases at 31 December 2019 was £20k. This relates to a single facility at
a fixed rate of interest.
Interest Rate Sensitivity
When reviewing sensitivity to movement in interest rates, it is noted that interest rates are at historically low
levels and that Cash balances significantly outweigh debt balances.
The Directors consider that any downward movement in interest rates would be immaterial to the Group. The
Directors consider that an upward movement in interest rates would benefit the Group, although the impact
of a 1% rise in interest rates would be immaterial.
Foreign Currency Exchange Risks
Foreign currency risk is the risk that the fair value or future cash flows of an exposure will fluctuate because
of the changes in foreign exchange rates. The Group’s exposure to the risk of changes in foreign exchange
rates relates primarily to the Group’s operating activities when revenue or expenses are denominated in a
foreign currency.
The Group does not hedge its foreign currencies. Transactions with customers are mainly denominated in
GBP.
Page 94
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
The Group has suppliers that invoice in US dollars and Australian dollars. The balances exposed to credit
risk at year end were as follows:
US Dollars
Australian Dollars
As At
31 December
2019
As At
31 December
2018
145
935
1,080
1,566
4,411
5,977
Liquidity Risks
Liquidity risk arises from the Group’s management of working capital. It is the risk that the Group will
encounter difficulty in meeting its financial obligations as they fall due. The Group’s policy is to ensure
that it will always have sufficient cash to allow it to meet its liabilities when they become due. Budgets
and forecasts are agreed and set by the Board in advance to ensure the Group’s cash requirement to be
anticipated.
The maturity profile of the Group’s financial liabilities at the reporting dates, based on contractual
undiscounted payments including lease payments, are summarised below:
Due within 3 months
Trade Payables, Other Taxation ans Social Security, Accruals, Other Payables
As At
31 December
2019
£’000
As At
31 December
2018
£’000
951
951
758
758
The trade receivables as at December 2019 of £973k expected to be collected within 3 months to cover the
£951k financial liabilities.
22. Related Party Transactions
ECSC Australia Pty Ltd
During the year ended 31 December 2019, ECSC Group plc incurred management fees to ECSC Australia Pty
Ltd of £312k (2018: £330k). As at 31 December 2019, the balance payable by ECSC Group plc to ECSC Aus-
tralia Pty Ltd in respect of outstanding management fees was £72k (2018: £50k).
As at 31 December 2019, the loan balance payable by ECSC Australia Pty Ltd to ECSC Group plc was £92k
(2018:£96k). The loan is repayable on demand and attracts interest at the rate of 3% over base rate.
Athene VCS
During the year ended 31 December 2019, Athene VCSa company owned by Elizabeth Gooch (Non-Executive
Director), invoiced ECSC Group plc £5k for strategic review service. This transition was entered into on an
arm’s length basis. The balance payable as at the 31 December 2019 was £nil (2018: £nil).
Page 95
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
Directors Loans
In January 2018, a loan totalling £20k was granted to one Director. The loan was interest free and was fully
repaid in May 2018.
During the year ended 31 December 2019, there were no new loan advances to Directors.
23. Share Based Payments
Share Based Payment Schemes
The Company operates a number of equity-settled Share Based Payment schemes, as follows:
• Enterprise Management Incentive (EMI) Scheme
• Save As You Earn (SAYE) Share Option Scheme
• Non-Executive Director Remuneration Scheme (NED Scheme)
• Non-Executive Directors Share Options (NED1 Scheme)
EMI Scheme
August-2018
In August 2018 the Company granted options over 185,000 Ordinary Shares at an exercise price of 93 pence
per share, subject to a three year vesting period, to 14 employees. In order for the options to vest, the Ordi-
nary Shares must trade at a minimum mid-market price of 200 pence per share over 30 consecutive trading
days during the vesting period.
During the year ended 31 December 2019, options over 10,000 (2018: 5,000) Ordinary Shares have lapsed,
such that options over 170,000 Ordinary Shares remain exercisable in the future.
Jul-2019
In July 2019 the Company granted options over 175,500 Ordinary Shares at an exercise price of 78 pence per
share, subject to a three year vesting period, to 13 employees. In order for the options to vest, the Ordinary
Shares must trade at a minimum mid-market price of 200 pence per share over 30 consecutive trading days
during the vesting period. None have lapsed by the year ended 31 December 2019.
Within this grant, Lucy Sharp, a Director of the Company, was granted 50,000 Ordinary Shares.
None have lapsed by the year ended 31 December 2019, such that options over 175,500 Ordinary Shares
remain exercisable in the future.
NED 1 Scheme
In April 2018, the Company granted options over 200,000 Ordinary Shares as an exercise price of 78 pence
per share, subject to a three year vesting period. Within this total David Mathewson was allotted 100,000
options and Elizabeth Gooch was allotted 100,000 options. In order for the options to vest, the Ordinary Share
must trade at a minimum mid-market price of 200 pence per share over 10 consecutive trading days during
the vesting period.
Page 96
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
None have lapsed by the year ended 31 December 2019, such that options over 200,000 Ordinary Shares
remain exercisable in the future.
Scheme
Number of Options:
EMI
(May-17)
EMI
(Dec’17)
EMI
(Aug’18)
EMI
(Jul’19)
SAYE
NED
NED 1
(Apr’18)
Total
Outstanding at 01 January 2018
190,300
148,000
-
Granted during the year
-
-
185,000
Forfeited during the year
(15,810)
(123,000)
(5,000)
Exercised during the year
Expired during the year
-
-
-
-
-
-
Outstanding at 31 December 2018
174,490
25,000
180,000
Exercisable at 31 December 2018
-
-
-
Outstanding at 01 January 2019
174,490
25,000
180,000
-
-
-
-
-
-
-
-
Granted during the year
Forfeited during the year
Exercised during the year
Expired during the year
-
(21,950)
-
-
-
-
-
-
-
175,500
(10,000)
-
-
-
-
-
41,184
20,836
-
400,320
-
(14,400)
-
-
26,784
-
26,784
-
(7,200)
-
-
-
-
(14,425)
-
6,411
6,411
6,411
-
-
-
-
200,000
385,000
-
-
-
(158,210)
(14,425)
-
200,000
612,685
-
6,411
200,000
-
-
-
-
612,685
175,500
(39,150)
-
-
Outstanding at 31 December 2019
152,540
25,000
170,000
175,500
19,584
Exercisable at 31 December 2019
-
-
-
-
-
6,411
6,411
200,000
749,035
-
6,411
Option Pricing Assumptions:
Pricing Model
Weighted Average share price at
grant date (pence)
Weighted average exercise price
(pence)
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
312
167
135
140
93
93
78
78
131
125
125
-
Black
Scholes
79
78
680
Weighted Average contract life
3 years
3 years
3 years
3 years
3 years
0 years
3 years
1%
40%
1%
40%
1%
40%
1%
40%
1%
40%
1%
40%
Weighted Average risk free rate
Volatility
Option Valuation:
Option Valuation at grant date
(£’000)
Share Based Payments Charge
in 2019:
Share Based Payment Charge
(£’000)
Weighted Average Exercise Price:
At grant date, forfeit date and end
of period (pence)
1%
40%
250
64
9
3
167
140
45
38
15
93
6
78
8
2
125
8
-
-
45
403
105
15
78
Page 97
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
Share Based Payment Charge
In accordance with the requirements of IFRS 2, the Company calculated the fair value of the share options
at the date of grant using a Black Scholes option pricing model for the EMI and SAYE Schemes. For the NED
scheme, the fair value of the services rendered was assessed.
A Share Based Payment charge is recognised by spreading the fair value of the option over the maturity peri-
od, with allowance made for options that have lapsed in the period.
The movement in the number of options during the year, the option pricing assumptions, the option valuation
at the grant date and the Share Based Payment Charge in the year, for each scheme described above, is as
follows:
The volatility assumption, calculated at the standard deviation of expected share price returns, is based on
analysis of the share prices of comparable companies over the last 3-5 years.
24. Controlling Party
ECSC Group plc does not have an ultimate controlling party.
25. Adjusted Loss before Taxation and Adjusted EBITDA
The Group has applied IFRS 16 from 1 January 2019, using the modified retrospective approach. Comparative
information is not restated (see note 4).
Year Ended
31 December
2019
£’000
Year Ended
31 December
2018
£’000
(750)
105
6
(639)
(1,257)
111
120
(1,026)
Adjusted Loss before Taxation
Loss Before Taxation
Share Based Payments
Exceptional Items
Adjusted (Loss) Before Taxation
Page 98
Cyber Security ExpertsFor Two Decades�Notes to the Financial Statements cont.
Adjusted EBITDA:
Operating Loss
Depreciation and Amortisation
EBITDA**
Share Based Payments
Exceptional Items
Adjusted EBITDA*
Operating Loss
Share Based Payments
Exceptional Items
Adjusted Operating Loss*
Year Ended
31 December
2019
£’000
(704)
594
(110)
105
6
1
Year Ended
31 December
2018
£’000
(1,258)
392
(866)
111
120
(635)
Year Ended
31 December
2019
£’000
Year Ended
31 December
2018
£’000
(704)
105
6
(593)
(1,258)
111
120
(1,027)
*Adjusted Operating Loss and EBITDA excludes one-off charges and share based charges.
* * EBITDA is defined as Earnings before Interest, Tax, Depreciation and Amortisation.
26. Exceptional Costs
Exceptional costs for the year included £6k of one-off legal costs relating to EIS advance assurance work
done in the year.
Exceptional Costs are analysed as follows:
Payments in Lieu of Notice
Employee Benefit Expense
Taxation & Social Security Costs
Staff Related Costs
Car Termination Costs
Legal Costs
Exceptional Costs
As At
31 December
2019
£’000
As at
31 December
2018
£’000
-
-
-
-
-
6
6
76
76
12
88
11
21
120
Page 99
ECSC Group plcAnnual Report Year Ended 31 December 2019�Notes to the Financial Statements cont.
27. Subsidiary Undertakings
ECSC Group plc currently has the following wholly-owned subsidiaries, which are incorporated and regis-
tered in England and Wales:
Name of Subsidiary
Registered Office
Date of Incorporation
Principal Activity
ECSC Services Limited
ECSC Labs Limited
ECSC Australia Limited
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
18 April 2017
Dormant
18 April 2017
Dormant
29 September 2016
Intermediary holding company
ECSC Australia Limited currently has the following wholly-owned subsidiary, which is incorporated and reg-
istered in Australia:
Name of Subsidiary
Registered Office
Date of Incorporation
Principal Activity
ECSC Australia Pty Limited
Governor Phillip Tower Level
36
1 Farrer Place
Sydney
NSW 2000
The share capital of each Group entity is as follows:
20 March 2017
Provision of professional cyber
security services
Entity
Ordinary Shares In Issue
Nominal Value
Investment At Cost
ECSC Services Limited
ECSC Labs Limited
ECSC Australia Limited
ECSC Australia Pty Limited
Total
*AUD = Australian Dollaers
1 share
1 share
1 share
100 shares
£1
£1
£1
AUD 1
£1
£1
£1
AUD 100
£60
Page 100
Cyber Security ExpertsFor Two Decades�This page has been left deliberately blank.
Page 101
ECSC Group plcAnnual Report Year Ended 31 December 2019�Who would have believed we would ever get to this point! I know it is silly, but I am sat here
with a huge smile on my face for once!
[ECSC Employee] has just left for his train - and I am the only person in the office to know the
news!
Thanks very much - we’ve a few to go yet, but the support we have had on this long slog has
been first class!
Compliance Manager, Major Train Operator
[ECSC Employee] was extremely helpful and helped us through the certification procedures
and what would be required and expected. However, [ECSC Employee] went over and above at
each opportunity, offering up suggestions on up-skilling our in house teams and gave tips on
things to look out for and improve upon.
[ECSC Employee] ensured he was on hand at all times throughout the process, offering up
several communication methods, and helped us work through issues working with a third
party to ensure we completed the requirement in time to help us achieve certification.
ECSCs professional services have gone over and above expectations. [ECSC Employee] is a
true asset to the company, and I would be more than happy to work with him again on our next
project.
Security and Infrastructure Analyst, Online Retailer
I’ve got to say what a great piece of work your team have produced - really impressed with the
quality of the document and the people.
I am confident that this will be the start of a long and illustrious relationship with [ECSC
Client].
Senior Support Analyst, Major Utilities Supplier
�