ECSC Group plc
Annual Report Year Ended 31 December 2021
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 2
This page has been left deliberately blank.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 3
4
Company Information
5
Company Highlights
7
Chairman’s Statement
8
Chief Executive Officer’s Review
12
Chief Operating Officer’s Review
14
What We Do
17
ECSC Story
18
Typical Client Journey
19
Client Challenges
20
Client Perspective
21
Research and Development
22
Evolving Threats
23
Market Opportunities
24
Strategic Report
36
Board of Directors
38
Directors’ Report
44
Remuneration Committee Report
49
Statement of Directors Responsibilities
50
Independent Auditor’s Report to the Members of ECSC Group plc
59
Consolidated Statement of Comprehensive Income
60
Consolidated Statement of Financial Position
61
Company Statement of Financial Position
62
Consolidated Statement of Changes in Equity
63
Company Statement of Changes in Equity
64
Consolidated Cash Flow Statement
65
Company Cash Flow Statement
66
Notes to the Financial Statements
Contents
“These results show a clear return to growth across
the Group, both within Managed Detection and
Response and Assurance divisions.
It is also pleasing to see that the percentage of
Group revenue from MDR recurring revenue has now
grown to nearly half from being about a quarter at
the IPO.
This confirms the ongoing requirements for all
organisations to maintain their cyber security
defences and breach detection capability. We
continue to emerge from the challenges of the
Covid-19 pandemic in a stronger position”
David Mathewson
Non-Executive Chairman
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 4
Directors
David Mathewson (Non-Executive Chairman)
Ian Mann (Chief Executive Officer)
Lucy Sharp (Chief Operating Officer)
Gemma Basharan (Chief Financial Officer )
Elizabeth Gooch (Non-Executive Director)
Registered Office
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
Telephone Number
01274 736 223
Company Secretary
David Mathewson
Website
www.ecsc.co.uk
Company Information
Nominated Advisor & Broker to the Company
Allenby Capital Limited
5 St. Helen’s Place
London
EC3A 6AB
Auditors to the Company
BDO LLP
Central Square
29 Wellington Street
Leeds
LS1 4DL
Financial Press and Investor Relations
Yellow Jersey PR
ecsc@yellowjerseypr.com
0203 004 9512
Solicitors to the Company
Freeths LLP
1 Vine Street
Mayfair
London
W1J 0AH
Registrar
Equiniti Group plc
Sutherland House
Russell Way
West Sussex
RH10 1UH
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 5
Financial Highlights
Assurance
repeat revenue
(2020: 73%)
Cash at period end
£1.17m
(31 Dec 2020: £1.12m)
MDR revenue up
6% to £2.9m
(2020: £2.7m)
Partner Revenue
Proportion
Increased to 11%
(2020: 4%)
81%
Adjusted EBITDA*
profit £0.2m
(2020: £0.4)
£0.2m
PROFIT
Organic revenue growth
8% increase to £6.14m
(2020: £5.66m)
£6.14m
£1.17m
£2.9m
11%
Page 5
* Adjusted EBITDA excludes one-off charges and share based charges
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 6
Organic Growth Since IPO
Security Operations Centre
General Office
* Restated for IFRS 15
Incident Response
Global Offering
MDR
ASSURANCE
VENDOR
OTHER
0
£1,000,000
2017*
2018
2019
2020
2021
£2,000,000
£3,000,000
£4,000,000
£5,000,000
£6,000,000
£7,000,000
£8,000,000
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 7
These results show a clear return to growth across
the Group, both within Managed Detection and
Response (“MDR”) and Assurance divisions. It is
also pleasing to see that the percentage of Group
revenue from MDR recurring revenue has now
grown to nearly half from being about a quarter at
the IPO. This confirms the ongoing requirements
for all organisations to maintain their cyber
security defences and breach detection capability.
We continue to emerge from the challenges of the
Covid-19 pandemic in a stronger position.
Despite some ongoing impact caused by the
pandemic and the economic risks associated with
Brexit, the Group has continued to demonstrate
resilience and financial progress based on quality
of delivery and unrivalled client reputation and
retention. I am proud of the way the team has
adapted and innovated as business practices
continue to change, affecting both sales and delivery
processes.
The ongoing risk of ransomware and its potentially
catastrophic impact, combined with the multi-
million-pound fines related to the UK General Data
Protection Regulation (UK-GDPR), substantiate that
all organisations must build resilience into their
cyber security protection, detection and response
capabilities. ECSC remains a trusted partner to help
organisations of all sizes achieve this.
The continued growth in 24/7/365 detection services,
delivered through the Security Operations Centres
(SOCs) in the UK and Australia, supported by the
ECSC Kepler Artificial Intelligence (AI), shows the
importance of early breach detection to contain
an incident and limit damaging consequences
such as ransomware. For all but the largest global
organisations, the outsourcing of this critical
function continues to be the logical choice, and ECSC
has the technology, people, and certified processes
to deliver.
The Group’s successful agreement of a £1.0m new
growth loan demonstrates additional confidence in
our operations and results.
On behalf of the board, I would like to thank all of
our clients, partners, team, advisors, and investors
for their continued support throughout a challenging
year for us all.
ECSC continues to be well-positioned in the growing
cyber security marketplace, and we are now firmly
back on our organic growth strategy and related
recruitment activities.
David Mathewson
Non-Executive Chairman
22 March 2022
Chairman’s Statement
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 8
Chief Executive Officer’s Review
The Group made good progress during the 2021
financial year, and we are pleased to report a return
to growth in both divisions, and continued to be
Adjusted EBITDA positive.
The Assurance division has also seen a significant
increase in repeat revenue from existing clients,
confirming the exceptional service quality and value
perceived by clients in their breach prevention and
certification activities.
Post Covid-19 Challenges and Opportunities
The Covid-19 pandemic has demanded changes to
both our sales and delivery processes, presented
the opportunity to challenge existing beliefs and, in
the process, re-engineer operations to reflect new
realities.
A good example of this is our sales process that, pre-
pandemic, relied extensively on multiple face-to-face
meetings. The necessities of our Covid-19 response
meant that we had to rapidly change this approach
and embrace remote, video-based, sales and
scoping processes. As a result, we have completely
re-engineered the sales operation and supporting
functions, reflecting the new working patterns of
our clients and reducing the direct sales headcount,
whilst increasing sales in the process.
We have then extended a wider strategic review of
our core strengths and associated target clients to
facilitate a better fit with more profitable services
lines and client relationships.
Inflationary Pressures
2021 saw significant inflationary pressures and
wage expectations of skilled and experienced
cyber security professionals. As a result, we have
instigated a formal annual pricing review. This
resulted in increases in daily consulting rates
averaging 10% in August 2021. We anticipate this
price pressure to continue with the current global
uncertainties and resulting UK and global inflation.
ECSC’s committed staff policy is to pay in the top
20% of market rates for each role, combined with
industry leading career development.
Current Ukraine Conflict
Many clients are concerned about the potential for
an increase in cyber attacks originating from Russia.
These concerns may be well-placed, and confirm
the importance of achieving and maintaining an
appropriate level of cyber security protection and
breach detection for all organisations.
Growth Strategy
We are confident that the organic growth strategy of
ECSC remains appropriate. Despite the continued
challenges of 2021, we are seeing the results of
process re-engineering and a focus on our core
expertise and delivering value to our clients in
preventing, detecting, and responding to, cyber
security breaches.
Ian Mann
Chief Executive Officer
22 March 2022
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 9
Key Performance Indicator Table
Performance
Indicator
Rationale
2021
2020
2019
Management Comment
Revenue Growth
Measurement of the
success of the organic
growth strategy
8%
(4%)
10%
The Group saw an increase
in Assurance and MDR
revenue due to further
investment in the organic
growth strategy and
recovery from Covid.
Managed Detection
and Response
Recurring Revenue
Growth
Visibility of the success of
increasing the percentage
of revenue from long-term
recurring revenues
7%
22%
27%
Continued growth due to
new contract wins and
contract expansions.
Managed Detection
and Response
Recurring Revenue
Proportion
Visibility of the success of
increasing the percentage
of revenue from long-term
recurring revenues
42%
43%
34%
In line with the strategy to
increase this proportion.
Managed Detection
and Response
Order Book
Combined measurement
of new client contracts
together with renewals of
existing client contracts
£2.2m £2.6m £2.6m
The management team’s
favoured overall measure
of progress in managed
services.
Managed Detection
and Response
Gross Margin
Delivery efficiency
measurement
61%
73%
68%
Indicative of increased
leveraging of IPO
investment in capacity.
Assurance Repeat
Revenue
Quasi-recurring from
longer-term consulting
clients
81%
73%
73%
Indicative of strong client
retention and continued
trust in ECSC quality.
Assurance Gross
Margin
Delivery efficiency
measurement
63%
58%
54%
A reflection on capacity
required for growth and
management of consultant
workload.
Research and
Development
(of revenue)
Continued investment in
technology and intellectual
property development
15%
14%
13%
A new measure introduced
to show continued
investment in technologies
for the future.
Chief Executive Officer’s Review cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 10
Ian Mann, CEO, Security Operations Centre, Yorkshire
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 11
Sample response to our latest Employee Engagement Survey
Employee Engagement Survey 2021
“I am able to have
a work life balance
and it’s a life
changer”
“The Senior
Management Team
gives total respect
and support to
employees’ ideas
and values”
“I LOVE the way
ECSC values it’s
employees”
“I wholly enjoy my
role and see myself
working here for
many years to
come”
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 12
Our primary focus, as always, is that of our people
and their ongoing development. We recognise happy
people are key to providing exceptional service to
our clients. Across the business each and every
individual has been recruited for their ‘A-player’
attitude and constantly goes above and beyond for
each other and our clients. Our people are regularly
recognised by both their peers and clients and are
rewarded consistently for their efforts.
A Thriving Consulting Team
At the start of the pandemic we were able to
swiftly re-engineer all our consulting services to
be delivered remotely. This transformation into
remote delivery has brought about considerable
benefits and more efficient ways of working. In 2021
the reduction in travel to client sites has enabled
a significant increase in diary efficiency when
resourcing consulting engagements, to the extent
that consultant utilisation was consistently over the
targeted 85%* each month even in these challenging
times.
This reduction in travel has helped to improve the
quality of life of our consultants, who no longer need
to be away from home for long periods, thus allowing
more personal and professional development time.
The shift has also enabled the recruitment of talent
from a much broader geographic pool, accelerated
collaboration with our clients due to response times
and all but removed re-chargeable expenses.
Looking to the future we will continue to be
client-led and have a flexible approach to delivery
dependent on our clients’ own circumstances
and remote working practices, as well as gaining
continual feedback from our team on what is
working well.
Maintaining a Strong Culture
As a result of the pandemic more than half our
team now work remotely. We have been very aware
that this new approach, as for many businesses,
could have been a significant challenge for our
culture and team engagement. However, due to the
resilience and hard work of the team, an increased
focus on communication and a strong team spirit,
we are delighted to say that employee engagement
(by reference to a survey in December 2021) has
remained reassuringly high: 94% of respondees
of our recent survey said they were proud of the
Company and its brand, with 98% stating they enjoy
working within their teams.
Internally, throughout the pandemic, we have
ensured the whole team feels included, with regular
check-ins from colleagues and line managers, as
well as face-to-face briefings and updates wherever
possible, with a focus on continued motivation and
wellbeing. We see this more flexible way of working
continuing into the future.
Developing The Team for the Future
Whilst there has been a lot of speculation in the past
few years on the increased movement within the
jobs market and its impact on the technology sector,
with reportedly almost a quarter of workers actively
changing their job post pandemic**, this has not
been our experience; our retention has remained
at a consistently high level at 85% in 2021. We have
put a lot of effort into developing our existing teams,
ensuring professional development and progression
for each and every individual through continued
learning, in order to maximise performance
and build even stronger colleague and client
relationships in these potentially testing times.
Our recruitment efforts have been aligned to our
growth plans and, like most organisations, we have
found it slightly more challenging than pre-pandemic
times to find the right candidates.
Chief Operating Officer’s Overview
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 13
As a result, we have introduced new methods of sourcing talent, such as further cementing our links with
local colleges and universities, holding careers events, targeted campaigns via social media, and working
with a select number of external recruiters for the more challenging roles to fill.
In these changing times we have taken the opportunity to review and update our Employee Value
Proposition (EVP), which now has even more of an emphasis on not only providing learning and development
opportunities in the current role, but actively developing team members in readiness for the next step in
their career, be that in their current team or a different part of the business. In essence, we are building a
talent pipeline for the future and in doing so both retaining and attracting good quality candidates, those we
term our ‘A- Players’; people we would enthusiastically re-hire.
Lucy Sharp
Chief Operating Officer
22 March 2022
Chief Operating Officer’s Overview cont.
STRAIGHT
TALKING
CONTINUALLY
LEARNING
ETHICAL
TEAM
PLAYERS
* to individuals’ consulting utilisation target, typically 16.5 chargeable days per month.
**A survey of 6,000 workers by the recruitment firm Randstad UK
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 14
What We Do
Page 14
Incident response
‘emergency’ service
Remotely manage client
cyber security devices
from ECSC’s Security
Operations Centre (SOC)
Cyber security reviews
Consultancy to help
clients achieve ISO 27001
information security
certification
Technical penetration
testing of cyber security
Advise and assess clients
for certification to the
Payment Card Industry
Data Security Standard
(PCI DSS)
Develop Artificial
Intelligence (AI)
Cyber Essentials
Certifications
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 15
Page 15
For most organisations, understanding their cyber security responsibilities is often complex and
challenging, with new threats discovered daily. The priority given by organisations to cyber security
has changed significantly since we started 20 years ago, helped most recently by the introduction of the
General Data Protection Regulation (GDPR), the mandatory reporting of breaches to the Information
Commissioner’s Office (ICO) and increased fines. Given the legal responsibility now placed on
organisations to protect personal data, the sensible approach for most is to seek external help.
Despite the complexities of cyber security, a consultative approach remains at the heart of ECSC’s offering.
All communications are carried out in a format and language that is easy to be understood by all.
ECSC’s range of services can be broken down into three basic categories.
What We Do
Despite regular scaremongering by certain product vendors, press releases from
organisations that have suffered a breach, and at times the media, all breaches are
preventable. We confidently make this statement based on 20 years experience in
incident response.
An organisation’s primary strategy should be breach prevention. ECSC helps in a
number of ways. The most common is to test cyber security using similar techniques
to those used by hackers. In the industry, this is referred to as penetration testing or
ethical hacking. Finding the vulnerabilities before a hacker does and remedy accordingly.
Although it may be possible to prevent all breaches, it is also sensible to have an ability
to detect breaches. Done correctly, this means that incidents can usually be contained
before expensive data-loss occurs. Additionally, under GDPR, there is a requirement to
be able to detect breaches.
ECSC’s full 24/7/365 cyber security monitoring, alerting, and analysis from the both UK
and Australian Security Operations Centres provides our managed service clients with
peace of mind.
Although it makes little sense for all but the largest organisations to build, and try
and retain, an internal incident response capability, it does makes sense to have a
relationship with external experts that can respond 24/7.
ECSC’s 20 years of incident experience mean that we can assist our clients from
the smallest and simplest event, to the most complex incident requiring extensive
investigation, an on-site team, and guidance with external stakeholder and regulator
communications.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 16
ECSC Group plc, Security Operations Centre, Yorkshire
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 17
The ECSC Story
The ECSC story begins in the
dotcom boom of the late 1990s.
Ian Mann was conducting
government consultancy and
running one of the first UK Cisco
training academies, teaching
the first generation of Internet
engineers. Having just completed
an MBA, as most people do,
Ian was looking to start his
own business. He noticed that
the security element of the
network training was the biggest
challenge for most students and
therefore concluded that this
would be a growing need for
organisations as they began to
fully utilise the Internet.
With the financial help of his
credit cards, two re-mortgages,
family and friends, and a few
work colleagues, ECSC was
born. ECSC’s second recruit was
Lucy Sharp (now COO) who Ian
employed as a school leaver.
Initially testing the security of
organisations new connections
to the Internet, and responding
to security incidents, very
quickly clients began to enquire
whether ECSC could manage
this critical area. So, in 2001,
managed services began; taking
internally developed technologies
originally developed for ECSC’s
own use, and developing them for
application in client environments.
As the industry began to mature,
and international standards began
to emerge, ECSC then started
supporting clients’ efforts to
achieve and manage a range of
certifications. Although focusing
fully on ECSC, Ian continued to do
some advisory work for the UK’s
GCHQ, and more recently trained
their new cyber security recruits in
the art of people hacking (having
authored two books on the subject
of social engineering).
The next significant appointment
was Ian Castle, who joined in 2003
as CTO to co-ordinate the research
and development that forms
the foundation of the already
award winning ECSC propitiatory
technology and managed
services. The next current senior
management appointments came
in 2007, when Paul Lambsdown
took charge of the sales function,
Gemma Basharan joined the
finance team in 2011, and Clare
Macdonald established the
marketing team in 2013.
Despite numerous offers to
buy the business, in 2016
ECSC decided to raise the first
institutional investment via
an initial IPO on the London
Stock Exchange AIM market.
This investment enabled the
establishment of new Security
Operations Centres in the UK
and Australia in 2017, giving true
24/7/365 ‘eyes on glass’ cyber
security monitoring, without the
need for engineers to work night
shifts.
ECSC has continued to go from
strength to strength as a public
company, delivering on its organic
growth strategy and successfully
building its Managed Services and
Consultancy Services divisions.
The Group continues to acquire
new clients, deliver quality service
and develop and enhance its
technologies.
Reflecting the growth of the
business, the Company was listed
as one of SC Magazine’s global
top 50 companies in the cyber
security market in 2018 and went
on to expand its Bradford Head
Office that same year, taking on 3
additional units.
In recent years the Group has
won a number of significant
industry awards, including the
PCI Award for Excellence for AI,
Most Innovative Cyber Security
CEO, Outsourcing Company of the
Year at the National Technology
Awards, and Managed Service
Provider 2021 at the computing
excellence security awards.
Today, the senior management
team have over 80 years combined
experience within ECSC.
“Great communication across the team”.
Information Assurance Specialist
Builders Merchant
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 18
A client journey with ECSC tends to start from one of three starting points:
Incident response call-outs can
happen at any time (although
they are more common outside of
business hours).
The priority here is to help contain
the breach, understand how to
prevent re-occurrence and then
deal with any ongoing impact.
Following this, a longer-term view
can be developed to help prevent
a repeat breach and enable the
organisation to function efficiently
with an appropriate level of
security.
The ECSC Cyber Security Reviews
are often a good place to start, as
they give non-technical managers
and owners a clear picture of
the risks and a pragmatic route
to risk reduction and ongoing
management.
Where a technical person asks
the same question, a more
‘traditional’ penetration test
may be the best solution. By
duplicating the approach of a
hacker, we help a client uncover,
and address, their vulnerabilities
before a breach occurs.
The emergence of a number of
UK and international standards,
means that clients have an
opportunity to demonstrate
competence and develop
trust with their stakeholders.
Increasingly, this is becoming
essential to doing business in
some sectors, and taking part in
sales tenders.
Although the initial objective may
be ‘get the badge’, the process of
certification usually does lead to
organisational learning, and real
enhanced security.
Although it is rare that a fully 24/7 managed solution is a starting point, it is increasingly the destination.
Clients recognise that it is almost impossible to recruit and retain this level of expertise in-house, but do
require the benefits associated with a 24/7 managed solution.
The ECSC approach has always been to understand the client’s requirements, give honest, practical advice,
and deliver effective solutions that contribute to building long-term partnerships based on trust and value.
Typical Client Journey
THE OWNERS/DIRECTORS
NEED TO KNOW IF
THEIR ORGANISATION IS
SECURE?
WE NEED TO
DEMONSTRATE OUR
CAPABILITY THROUGH
A RECOGNISED
CERTIFICATION
HELP, WE THINK WE’RE
IN THE MIDDLE OF A
BREACH!
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 19
Cyber security brings many and varied new challenges for organisations of all sizes and complexities.
They cut across vertical sectors and traditional competencies.
There are some common features in the challenges that we help our clients to solve:
DIFFICULTY IN RECRUITING
AND RETAINING SPECIALIST
SKILLS IN CYBER SECURITY
THE RATE OF
COMMUNICATION AND
INFORMATION
TECHNOLOGY CHANGE
UNDERSTANDING
THE COMMON MYTHS
PROPAGATED BY SOME
VENDORS AND/OR THE MEDIA
This may be due to the cost of
funding a specialist role, or not
having the right environment
to attract them. With a general
skills shortage, qualified and
experienced people have the
choice of roles and will tend to
be attracted by the variety and
challenge, plus the chance to
further develop their skills, not
just by the money.
However, it can also be a case that
organisations won’t need some
skills full-time, only at specific
times. For example, it makes little
sense for most organisations to
try and recruit people skilled in
emergency incident response - an
organisation may only need this
once a year.
The increasing pace of change can
nearly always be associated with
new cyber security vulnerabilities.
Despite what they say, technology
providers do not make security a
priority over their profits.
For example, in the last
12-months, people migrating
IT systems into the cloud have
accounted for 90% of the breaches
we have been called out to resolve.
These include the belief that
breaches cannot be prevented
(in 20 years of incident response,
we have never seen or heard of a
breach that was not preventable).
Another common myth is that
hackers target organisations
because they are looking for
specific targets. The reality is
that most breaches are a result
of organisations making technical
or people mistakes that are then
spotted and exploited by malicious
hackers.
Typical Client Challenges
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 20
It is fair to say that all ECSC clients want to prevent cyber security breaches. However, they also want
more than this. They usually require a range of services that have some common elements:
EASY TO UNDERSTAND DELIVERY OUTPUTS THAT
EXPLAIN CYBER SECURITY IN A LANGUAGE THEY
UNDERSTAND
AN ONGOING PARTNERSHIP
BUILT ON TRUST
Easy to understand delivery outputs that explain
cyber security in a language they understand.
This may be an ECSC Cyber Security Review that
maps and grades technical weaknesses into
a language that non-technical executives can
understand. This custom ECSC approach is now
proven to be the best way for non-technical senior
managers to understand current risks, and measure
progress towards a more defendable position.
Another example is where we summarise complex
penetration testing (ethical hacking) into a simple
Pass/Fail result that managers and business owners
can understand, with prioritised findings - each
graded by risk. This allows clients to address
findings in order of priority.
It is common for our partnership with a client to
develop over many years. Their requirements evolve
as their technology usage changes, new threats
emerge and they recognise the value that our
expertise can bring to their organisation.
In most cases, small initial engagements develop,
and in many cases these evolve into full 24/7/365
outsourced managed services.
VALUE
EMERGENCY RESPONSE
Delivering the intended outcomes efficiently and
professionally. Clients value the benefits of 20 years
experience across the range of consulting, managed
services and incident response. An unrivalled mix
for any UK provider. This means less risk for clients
than selecting new entrants.
If the worst happens, ECSC clients (and non clients)
benefit from an experienced and calm response
by an expert team. Early expert involvement in
potential breaches means that incidents can usually
be contained before expensive data-loss or system
disruption occurs.
If an incident does escalate, ECSC helps in all
aspects of response management from the
technical response and investigation to stakeholder
and regulator communications.
Client Perspective
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 21
Our continued investment in Research and Development takes many forms, all of which are of crucial
importance to our continued success:
WHAT THE HACKERS ARE
DOING
MANAGED SYSTEMS
INTERNAL SYSTEMS
Each day, globally, there are about
40 new technical ‘vulnerabilities’
discovered and published.
Keeping track of these, and how
they relate to an organisation’s
IT system, is complex. In reality
only a small number of these are
critical but extensive experience is
needed to recognise the important
trends and developments.
Within ECSC we review new
vulnerabilities formally every 8
hours, 365 days a year and relate
them to our systems, systems
managed for clients, and wider IT
environments. We do this, so that
our clients do not need to.
Whilst technology continues to
advance, most new offerings
are designed to be pioneering
and functional with security
taking a back-seat. This means,
new IT developments, such as
cloud services, have introduced
significant new vulnerabilities,
resulting in an increased need for
our incident response services.
With managed security devices
deployed since 2001, ECSC has a
long track record of intellectual
property development, and
delivering systems that work for
our clients.
The release of our Kepler Artificial
Intelligence (AI) technology is an
example, where we can process
billions of pieces of security
information from client’s IT
systems and allow our Security
Operations Centres to operate
with efficiency and speed.
Although some people over hype
AI, we see this as enhancing the
effectiveness of real experts, but
not yet replacing the need for
skilled, experienced people.
Given the sensitivity of our client
data, ECSC does not allow any
third-parties to store or process
our information.
Therefore, continued development
of our internal systems is
important to allow us to refine
processes and enhance our
effectiveness.
Our integrated management
systems mean that we have
complete process control from the
start of our marketing activities
through to assurance delivery and
fully managed services.
Research and Development
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 22
Cyber security has evolved, as have the risks to every organisation. There is now the recognition that
personal data has value, and with that comes a legal requirement to keep it secure.
Organisations also recognise that an increasing reliance on information technology means that a breach can
have immense impact on day-to-day operations.
Originally, before the term ‘cyber security’ was invented, most hacking was conducted by enthusiasts - often
with no malicious intent. For example, the first computer virus was actually an experiment in a university
that worked too well and spread globally.
However, as more and more organisations and individuals connected to the Internet, criminals recognised
the potential to exploit technology weaknesses, knowing the law enforcement agencies would have
difficulties catching them.
As a result, we have seen huge increases in hacking that results in criminal behaviour. The most common
being:
More recently, nation state hackers have gained significant media coverage, and, quite rightly, attention
from the areas of government tasked with protecting critical national infrastructure. However, for most
organisations they are not a target for this activity. The reality remains that hacking is not targeted, rather
it exploits mistakes and weaknesses identified by scanning the Internet for known vulnerabilities and also
tricking IT users into causing breaches.
Therefore, organisations need help in keeping up-to-date with the continually changing threat landscape,
and understanding and controlling the potential impact of users being caught out. ECSC remains at the
leading edge of both these critical areas.
Evolving Threats
RANSOMWARE. Where the hacker encrypts data and demands a ransom to give you
access to your own data. For an individual this may be their photo collection, whereas for
an organisation it may be to cripple their whole IT system.
STEALING DATA. Information has value, as it can form the basis of fraud. Therefore,
credit card information and other personal data will always be a target as it can be sold
on.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 23
The EU General Data Protection Regulation (GDPR),
enacted in the UK in May 2018 by a new Data
Protection Act (DPA) represents the most significant
legal protection to personal data in more than a
decade. This new legislation impacts the cyber
security market place in three main ways:
1. Mandatory Reporting
Organisations now have to report breaches of
personal data to the Information Commissioner’s
Office (ICO) within 72 hours of being made aware.
This means that breaches can no longer be hidden
and kept ‘in-house’. Organisations should seek
expert assistance to ensure that they have responded
appropriately to avoid substantial fines.
2. New Maximum Fines
Increased from the previous £500,000 maximum to
10m Euros or 2% of total worldwide turnover.
3. Direct ICO Liability for Third-Parties
Previously IT providers could hide behind their
agreed terms and conditions, with liability limits, if
they caused a cyber security breach. The advent of
GDPR gives them an independent liability to the ICO
with the same maximum fines.
In addition, the GDPR states that third-party
‘processors’ must apply cyber security in relation to
the risks present, not in proportion to their charges.
This means all IT outsourcing organisations have to
re-examine their approach to cyber security risk.
Other factors are also driving more market
opportunities, including:
•
The uptake of cloud IT services, where applying
‘traditional’ cyber controls can be difficult
or impossible, and providers often lack the
expertise to design security into their cloud
offerings.
•
Ongoing skills shortages in cyber security
make more clients seek external help, either
to test their security, help implement specific
projects, or to outsource their cyber security
management.
•
The pace of IT system changes and new
developments shows no sign of slowing. History
shows that the quicker technology changes,
the more cyber security vulnerabilities are
introduced and the more breaches occur.
Market Opportunities
UK cyber security market
estimated at over £8 billion
UK legislation (GDPR) now
in force making immediate
breach reporting
mandatory and fines up to
2% of global turnover
Proliferation of breaches
making cyber security a
strategic governance issue
for company boards
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 24
Cyber Security Experts
Annual Report Year Ended 31 December 2021
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 25
Financial Review
Principal Activities
The principal activity of the Group during the year continued to be the provision of professional cyber security
services, including Assurance, MDR and the sale of Vendor Products.
Comparative Financial Information
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Revenue
Assurance
3,123
2,724
MDR
2,886
2,732
Vendor Products
93
125
Other
42
82
6,144
5,663
Gross Profit
Assurance
1,965
1,576
MDR
1,757
1,994
Vendor Products
15
25
Other
(63)
(47)
3,674
3,548
Adjusted EBITDA*
Other Income
282
297
Sales & Marketing Costs
(2,018)
(1,713)
Administration Expenses
(1,773)
(1,757)
165
375
EBITDA**
Share Based Payments
(100)
(101)
Exceptional Items
(145)
(65)
(80)
(209)
Depreciation and Amortisation
(400)
(480)
Adjusted Operating Loss*
(235)
(105)
Operating Loss
(480)
(271)
* Adjusted Operating Loss and Adjusted EBITDA excludes exceptional charges and share based charges.
* * EBITDA is defined as Earnings before Interest, Tax, Depreciation and Amortisation
(As defined in note 26 in the Financial Statements).
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 26
Revenue & Organic Growth
In the year ended 31 December 2021, total revenue
increased by 8% to £6.14m (2020: £5.66m). Within
this, our Assurance division saw strong sales with
revenue growing by 15% to £3.12m (2020: £2.72m).
The MDR division also saw a growth in revenue of 6%
in the year to £2.89m (2020: £2.73m). This includes
recurring revenue which rose to £2.59m (2020:
£2.42m), workshop and event revenue of £0.02m
(2020: nil) and Incident Response revenue which fell
to £0.28m (2020: £0.31m).
Vendor Products revenue in the year fell by 26% to
£0.09m (2020: £0.13m).
Margin Generation
Gross Profit for the year was £3.67m, yielding a 60%
margin (2020: £3.55m, yielding a 63% margin). This
small margin decrease was a consequence of a fall
in the margin in the MDR division to 61% (2020: 73%)
due to significant investment and significant wage
inflation in that area of the business. The Board
expects the MDR margin to increase in the future.
The Assurance margin rose to 63% in the year (2020:
58%). This was due to cost controls over the period.
The Board expects the Assurance margin to continue
at a similar level in the future.
EBITDA & Operating Loss
Adjusted EBITDA for the year, which excludes one-
off charges and share based charges, was £0.17m
(2020: £0.38m). EBITDA for the year was a loss of
£0.08m (2020: profit of £0.21m). During 2020 the
Group benefited from Government grants of £0.3m
(£2021: nil).
Adjusted Operating Loss for the year, which excludes
one-off charges and share based charges, was
£0.23m (2020: loss of £0.11m). The Operating Loss in
the year was £0.48m (2020: loss of £0.27m).
Cash Flow
Cash and cash equivalents increased by £0.05m
(2020: £0.77m) to £1.17m (2020: £1.12m) as at 31
December 2021 primarily due to increase margin
across the Assurance division and the proceeds from
the £1.0m loan taken on during the year. During
the year £0.40m was repaid of Covid-19 related
government support received in 2020, £0.02m of
government support remains outstanding as at
31 December 2021. The Group continued to invest
in Research and Development during the year,
receiving a refund of £0.21m (2020: £0.29m) from
HMRC in respect of a surrender of R&D Tax Credits
from earlier periods.
Intangible Asset
Intangible asset costs have increased to £1.47m
(2020: £1.28m). This is offset by accumulated
amortisation of £0.99m (2020: £0.82m). The Group’s
development cost for the year was £0.19m. The Net
Book Value of Intangible Assets as at 31 December
2021 was therefore £0.48m (2020: £0.46m).
Tangible Asset
Property, plant and equipment (PPE) cost have
increased to £0.98m (2020: £0.95m). This is offset by
accumulated depreciation of £0.89m (2020: £0.81m).
The Group’s capital expenditure for the year was
£0.03m. The Net Book Value of Tangible Assets as
at 31 December 2021 was £0.09m (2020: £0.15m).
The Group plans to increase investment in tangible
assets in the future.
Trade and other receivables
Trade and other receivables decreased to £0.68m
(2020: £0.81m) as at 31 December 2021. This
includes £0.46m of Trade receivables (2020: £0.61m).
Trade and other payables
Trade and other payables decreased to £1.49m (2020:
£2.09m) as at 31 December 2021. This includes
£0.68m of deferred income (2020: £0.88m).
Financial Review cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 27
Borrowings
In December 2021, the Group entered into a new
five-year Growth loan facility with Growth Lending
Limited. The net proceeds of this facility will be used
for working capital purposes and to support the
Group’s overall organic growth strategy.
The new borrowing facility comprises of an initial
advance upon completion of a £1.0m, with the option
to draw down a further advance of £0.5m after
six months, subject to an agreed level of adjusted
EBITDA being achieved.
The facility term is 60 months with straight-line
amortisation of the loan commencing after six
months. The interest rate on each advance is at the
higher of 9.0% per annum or the monthly average
SONIA plus 7%. There is an arrangement fee of 1.5%
of the facility amount paid on completion, with a 5%
early prepayment charge.
The loan was arranged by Funding Friends Limited
which received a fee of 1% of the loan on completion
in respect of advisory fees. The Loan facility is
secured by a fixed charge over the assets of the
Company.
As at the year end the carrying value of the loan was
£963k (2020: £nil) which is the principal amount of
£1.00m stated after direct fees incurred and interest
accrued to the year end.
Key Performance Indicators
The Key Performance Indicators are set out on page
9.
Capital reduction
On 26 August 2021, the Company completed a
reduction of its share capital, whereby the entire
amount of £6.1 million standing to the credit of the
Company’s share premium account was cancelled
thereby creating distributable reserves, which
will allow the Company to pay dividends or make
distributions to its shareholders and/or undertake a
buyback of its ordinary shares in due course, should
it be appropriate or desirable to do so.
The Capital Reduction has no effect on the overall
net asset position of the Company.
Balance Sheet
The Group’s Balance Sheet as at 31 December 2021
had Net Assets of £0.22m (2020: £0.65m). Retained
Earnings and Distributable Reserves as at 31
December 2021 were a cumulative loss of £0.37m
after the capital reduction (2020: cumulative loss of
£5.94m).
Going Concern
The Directors have assessed the going concern
status of the Group by reference to a number of
factors. In particular, the Directors have considered
the strong rate of growth in the cyber security
market; the fact that business continues to attract
new clients and is not overly dependent on any
single client; the fact that the business continues to
retain key staff, and that the Group has a secured
new loan facility with Growth Lending Limited, the
net proceeds of which will be used for working
capital purposes and to support the Group’s overall
organic growth strategy. The new borrowing facility
comprises of an initial £1.0m term loan received
on 24 December 2021 and a further £0.5m loan to
be drawn down after six months, subject an agreed
level of adjusted EBITDA being achieved. The facility
term is 60 months with an interest rate at the higher
of 9% per annum or the monthly average SONIA plus
7%. The Board is positive about the future EBITDA
trajectory of the Company and continues to manage
the cash position of the Company carefully. These
factors give the Directors confidence in relation to
going concern.
Financial Review cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 28
The Board have included the above factors in determining its financial forecasts for the period through
to December 2023. In those forecasts they have considered the available headroom against the facilities
available to them and considered scenarios under which the level of revenue expected may not be achieved
but taking in to account mitigating actions. The directors are satisfied that under reasonable downside
scenarios they still have financial resources to met liabilities as they fall due.
For further information please see page 65.
Dividend
The Board has not declared a dividend for the year ended 31 December 2021 (2020: £nil).
Gemma Basharan
Chief Financial Officer
22 March 2022
Financial Review cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 29
ECSC Group plc (‘ECSC’ or ‘the Company’ or ‘the Group’) is exposed to a number of Macro, Business and
Financial risks. The Board is responsible for ensuring that the Group has taken a proactive approach to the
identification and mitigation of these risks in a timely manner.
Summary of Risks
The most significant risks to the Group are summarised in the table below. These risks are explained in
further detail following the summary. The table does not include all the potential risks associated with Group
activities and are not in any order of priority.
Principal Risks
Mitigating Actions/Factors
Change in the year
Economic conditions
Expenditure on cyber security has become non-
discretionary in nature and is less sensitive to economic
fluctuations
Increased
Rapid technological change
Investment in proprietary intellectual property
No change
Competition
Maintaining a broad, full-service offering
No change
Cyber security breach
Certifications to ISO 27001, PCI DSS and Cyber
Essentials; avoidance of technologies associated with
common security breaches
No change
Reputation
Consistent focus on legal, financial, regulatory and
technological compliance
No change
Dependence on key personnel
Board and Senior Management structure and
remuneration is designed to reduce the risks associated
with the loss of any single person
No change
Ability to recruit and retain skilled
personnel
Ongoing development of a wide range of employee
benefits and incentives, career progression and
technical development
Increased
Reliance on key systems
Disaster recovery and business continuity plans
No change
Client acquisition
Sale team training and development, partner
programme, and expanded marketing activities.
No change
Client retention
Expanded service delivery function and service
management layer
No change
Future funding requirements
Flotation on the Alternative Investment Market of the
London Stock Exchange and undrawn loan facilities of
£0.5m.
No change
Principal Risks and Uncertainties
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 30
Macro Risks
Economic Conditions and uncertainty including
COVID-19
The Group could be affected by national and
international economic factors outside its control,
including an economic slowdown, changes in the
monetary and fiscal policies of the Government,
exchange rate fluctuations, commodity price
volatility, inflation, increases in interest rates and
banking sector conditions.
Any economic downturn, either globally or locally,
may have an adverse effect on the demand for
the Group’s services. A more prolonged economic
downturn may lead to an overall decline in the
volume of the Group’s activities and sales, restricting
the Group’s ability to realise a profit.
However, given the proliferation of cyber security
breaches and the damage caused, in financial and
reputational terms, expenditure by corporates on
cyber security is increasingly of a non-discretionary
nature, such that demand has become less sensitive
to general economic fluctuations.
The recent COVID-19 global pandemic has brought
additional challenges to the business environment.
However during 2021 UK businesses saw an increase
in cyber attacks and demand for cyber security
services are expected to increase in the future
Geopolitical Risks
The Group’s operations now or in the future may be
adversely affected by factors outside the control of
the Group, including election results, changes in
Government policy, terrorist activities, labour unrest,
civil disorder and political upheaval, war, subversive
activities and sabotage, fires, floods, natural
disasters and epidemics.
The Current conflict with Russia and Ukraine has
brought additional challenges to the business
environment including increase risk in inflation.
Other factors also include increase concerns over
cyber attacks therefore demand for cyber security
services are expected to increase in the near future.
Technology
The markets in which the Group operates are
characterised by rapid technological change,
changes in client requirements, frequent
product and service introductions employing new
technologies, and the emergence of new industry
standards and practices that could render the
Group’s existing technology and services obsolete.
In order to compete successfully, the Group will
need to continue to improve its services, and to
develop and market new products that keep pace
with technological change. This may place strain on
the Group’s capital resources, which may adversely
impact the revenues and profitability of the Group.
The success of the Group depends on its ability to
anticipate and respond to technological changes and
client requirements in a timely and cost-effective
manner. There can be no assurance that the Group
will be able to effectively anticipate and respond to
technological changes and client needs in the future.
Intellectual Property
In order to mitigate Technology risk and maximise
its competitive advantage, the Group seeks to
protect its intellectual property. Much of the Group’s
intellectual property is not of a nature that is capable
of registration, so protection of intellectual property
relies on maintaining the confidentiality of know-
how, methodologies and processes which, in turn,
are largely dependent on people. There is a risk
that if the confidentiality of the Group’s intellectual
property were compromised, this could lead to a loss
of competitive advantage. To mitigate this risk, the
Group employs strict terms of confidentiality in its
standard terms of employment.
The Group’s software is largely developed in-house.
However, some aspects of it are based on open-
Principal Risks and Uncertainties cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 31
source licences such as the General Public License
(a widely used form of license within the free and
open-source code software domain), which oblige
ECSC to provide access to the source code of the
relevant software package if a client requests it.
There is a limited risk that ECSC could be pursued
by way of enforcement action in this area, which
may have a material adverse effect on the Group’s
performance.
Competition
There can be no guarantee that the Group’s current
competitors or new entrants to the market will not
bring superior technologies, products or services
to the market, or equivalent products at a lower
price, which may have an adverse effect on the
Group’s business. Such companies may also have
greater financial and marketing resources than the
Group. These competitive risks are mitigated by
maintaining a full service offer, spanning Consulting
and Managed Services, with a strategic focus
on expanding the recurring revenue base from
retained clients, underpinned by a proactive account
management process.
Cyber Security Breach
As with all providers in this sector, the potential
embarrassment and reputational impact of a major
cyber security breach for ECSC itself is significant.
However, ECSC manages this risk in a number of
ways:
•
External certification to international security
standards, such as ISO 27001 and PCI DSS.
•
Avoidance of technologies commonly targeted
for attack – ECSC makes extensive use of Linux-
based technologies, including all operational
desktop PCs and laptops, and does not support
Bring Your Own Device (BYOD) policies for any
company business, including for Associate
Consultants.
•
The Company directs the same level of security
expertise at its own security as to that of its
clients, avoiding the common issue with IT
companies that their own internal IT is managed
by a less capable internal team than their client-
facing delivery team.
Reputation
The Group’s reputation, in terms of the services
it provides, the manner in which it conducts its
business and the financial performance it achieves,
are central to the Group’s success.
The Group’s services, and the software on which they
are based, are complex and may contain undetected
defects when first introduced. Such defects could
damage the Group’s reputation, ultimately leading to
an increase in the Group’s costs or reduction in its
revenues.
Other issues that may give rise to reputational
risk include, but are not limited to, failure to deal
appropriately with legal and regulatory requirements
in any jurisdiction (which may result in the issuance
of a warning notice or sanction by a regulator or
an offence being committed by a member of the
Company or any of its employees or Directors),
money-laundering, bribery and corruption, factually
incorrect reporting, staff disputes, fraud (including
on the part of clients), technological delays or
malfunctions, the inability to respond to a disaster,
lack of data privacy, and poor record-keeping.
In addition, failure to meet the expectations of
clients, suppliers, employees, shareholders,
regulators and other business partners may have a
material adverse effect on the Group’s reputation.
To mitigate these varied risks, the Group has adopted
a strict and thorough approach to compliance,
investing resources to meet relevant legal, financial,
regulatory and technological standards and
requirements.
Principal Risks and Uncertainties cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 32
Dependence on Directors and Senior Management
The Group’s performance is substantially dependent
on the continued services and performance of its
Directors and senior management. Although certain
Directors and key personnel have entered into
Service Agreements or Letters of Appointment with
the Group, there can be no assurance that the Group
will retain their services. The loss of the services of
any of the Directors or key personnel may have a
material adverse effect on the business, operations,
relationships and/or prospects of the Group.
The risk of loss of a Director or member of senior
management is mitigated by offering market
competitive remuneration for key roles, including
appropriate levels of equity incentivisation via the
share option schemes of the Group.
Ability to Recruit and Retain Skilled Personnel
The Group believes that it has the appropriate
incentivisation structures to attract and retain
the calibre of employees necessary to ensure the
growth and development of the Group. However,
any difficulties encountered in hiring appropriate
employees and the failure to do so may have a
detrimental effect upon the trading performance
of the Group. The ability to attract new employees
with the appropriate expertise and skills cannot be
guaranteed.
Reliance on Key Systems
The Group’s dependency upon technology exposes it
to significant risk in the event that such technology
or the Group’s systems experience any form of
damage, interruption or failure.
The Group’s systems are vulnerable to damage or
interruption from events including:
•
power loss and infrastructure failure;
•
fire or physical destruction;
•
computer hacking activities; and
•
acts of criminal damage or terrorism.
Any malfunctioning of the Group’s technology and
systems, or those of key third parties, even for
a short period of time, could result in a lack of
confidence in the Group’s services, the termination
of client contracts and potential claims for damages,
with a consequential material adverse effect on the
Group’s operations and performance.
The Group has a well-considered, certified and
regularly rehearsed disaster recovery and business
continuity plan to mitigate this risk.
New Client Acquisition and Retention of Existing
Clients
The Group’s future success depends on its ability to
increase sales of its services and products to new
clients, increase sales to its existing clients, and
maintain existing client contractual relationships.
The rate at which new and existing clients purchase
services and existing clients renew their contracts
depends on a number of factors, including the
efficacy of the Group’s services and the utility of the
Group’s new offerings, as well as factors outside of
the Group’s control, such as clients’ perceived need
for security solutions, the introduction of services
by the Group’s competitors that are perceived to
be superior to the Group’s services, end clients’ IT
budgets and general economic conditions. A failure
to increase sales as a result of any of the above could
materially adversely affect the Group’s financial
performance and position.
Failure to Develop, Launch and Market New
Services
The Group’s long-term growth and profitability is
dependent on its ability to develop and successfully
launch and market new services. The Group’s
revenues and market share may suffer if it is unable
to successfully introduce new products in a timely
fashion or if any new or enhanced products or
services are introduced by its competitors that its
customers find more advanced and/or better suited
to their needs.
Principal Risks and Uncertainties cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 33
While the Group continuously invests in research and development to develop products in line with client
demand and expectations, if it is not able to keep pace with product development and technological
advances, including shifts in technology in the markets in which it operates, or to meet client demands, this
could have a material adverse effect on the Group’s financial performance and position.
Financial Risks
Future Funding Requirements
Although not presently anticipated by the Directors, the Group may need in the future (more than twelve
months) to raise equity or additional debt capital to fund future acquisitions, expansion and/or business
development. There can be no guarantee that the necessary funds will be available on a timely basis, on
favourable terms, or at all, or that such funds, if raised, would be sufficient. If the Group is not able to
obtain additional capital on acceptable terms, or at all, it may be forced to curtail or abandon acquisition
opportunities, expansion and/or business development.
This risk is partially mitigated by the Group’s quotation on the Alternative Investment Market of the London
Stock Exchange, which provides a conduit to equity investors and a further £0.5m loan to be drawn down
after six months subject to an agreed level of adjusted EBITDA being achieved.
Principal Risks and Uncertainties cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 34
Statement by the Directors in performance of
their statutory duties in accordance with s172(1)
Companies Act 2006
The Board of Directors of ECSC Group plc consider
that, individually and together, that they have acted
in the way which in good faith would be most likely to
promote the success of the company for the benefit
of its members as a whole (having regard to the
stakeholders and matters set out in s172(1)(a-f) of
the Act) in the decisions taken during the year ended
31 December 2021.
The Board looked to promote the Success of the
Company, having regard to the long term, whilst
taking into account the interests of all stakeholders.
It is designed to secure the long-term financial
viability of the Company to the benefit of its
members and all stakeholders, and in doing so have
regard (amongst other matters) to:
•
the likely consequence of any decisions in the
long-term;
•
the interests of the company’s employees;
•
the need to foster the company’s business
relationships with suppliers, customers and
others;
•
the impact of the company’s operations on the
community and environments;
•
the desirability of the company maintaining
a reputation for high standards of business
conduct; and
•
the need to act fairly as between shareholders of
the Company.
The following paragraphs summarise how the
Directors fulfil their duties:
Risk management
We provide business-critical service to our clients.
As we grow, our business and our risk environment
also becomes more complex. It is therefore vital that
we effectively identify, evaluate, manage and mitigate
the risks we face and that we continue to evolve our
approach to risk management.
For details on our principal risks and uncertainties
and how we manage our risk environment, please
see page 29.
Our People
The Board recognises that our employees are
fundamental to the delivery of our plan. We aim to
be a responsible employer in our approach to the
pay and benefits our employees receive. The health,
safety and well-being of our employees is of primary
concern in the way we do business and is monitored
extensively by the Board and taken into account in all
major decision-making.
For further information please see pages 12-13.
During 2021 the Group entered into a borrowing
facility with Growth Lending Limited. The borrowings
will support the short to medium term health of the
business and improve the ability to drive growth by
investing in existing staff and creating new roles
within the business.
Business Relationships
Our strategy prioritises organic growth, driven by
cross-selling and up-selling services to existing
clients and bringing new clients into the Group. To
do this we need to continue to develop and maintain
strong client relationships.
We also aim to act responsibly and fairly in how we
engage with our clients and suppliers, co-operate
with our regulators and act on feedback received
from these stakeholders. All of these considerations
are taken into account by the Board when making
strategic decisions for the Company.
Community and environment
Our plan considered the impact of the company’s
operations on the community, the environment and
our wider social responsibilities.
Statement by the Directors
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 35
The Group wants to positively impact the lives of the people we work with and for, providing long-term
benefits to its employees, customers, suppliers and individuals in our local and wider community. We will
do this by acting in a socially responsible way; and encouraging our staff and business partners to strive
for matching performance; encouraging our staff to be mindful of the effect of their actions on any natural
resource.
Shareholders
The Board is committed to openly engaging with our shareholders, as we recognise the importance of a
continuing effective dialogue, with major institutional investors, private or employee shareholders. It is
important to us that shareholders understand our strategy and objectives, so these must be explained
clearly, feedback heard and any issues or questions raised properly considered.
For further information on how we engage with our shareholders please see page 39.
As the Board of Directors, our intention is to behave responsibly to all stakeholders and to ensure that
management operate the business in a responsible manner, operating within the high standards of business
conduct and good governance expected for a business such as ours. Acting in this way will contribute to
the delivery of our plan and we intend to maintain our reputation within the industry for responsible and
compliant behaviour.
As the Board of Directors, our intention is also to make decisions which lead to the long-term success of
the company whilst behaving responsibly toward our shareholders, treating them fairly and equally, so they
benefit from the successful delivery of our strategy and plan.
On 26 August 2021, the Company completed a reduction of its share capital, whereby the entire amount
of £6.1 million standing to the credit of the Company’s share premium account will be cancelled thereby
creating distributable reserves, which will allow the Company to pay dividends or make distributions to its
shareholders and/or undertake a buyback of its ordinary shares in due course, should it be appropriate or
desirable to do so.
Gemma Basharan
Chief Financial Officer
22 March 2022
Statement by the Directors cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 36
The Board of ECSC Group plc comprises three Executive Directors and two Non-Executive Directors. The
Board has considered its independence and effectiveness, and is satisfied to the degree of competence and
efficiency in place.
The Board is responsible for the formulation of business strategy, operational execution, financial
performance and compliance. The Executive Directors are responsible for day-to-day operational and
financial management, whilst the Non-Executive Directors are responsible for delivering effective corporate
governance.
Board of Directors
BOARD OF DIRECTORS
DAVID MATHEWSON
Non-Executive Chairman
IAN MANN
CEO
LUCY SHARP
COO
GEMMA BASHARAN
CFO
ELIZABETH GOOCH
Non-Executive Director
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 37
The profile of each Director is as follows:
David Mathewson – Non-Executive Chairman
David is a Chartered Accountant who has spent most of his career in merchant banking and as a non-
executive director. He was an Executive Director of Noble Grossart Limited, Scotland’s premier merchant
bank, for many years. Previous non-executive roles include Chairman of Sportech Plc and he was also a
Director of Playtech Group plc. During his tenure at Playtech, he was appointed Chief Financial Officer
and oversaw the company move from AIM to the Main Market of the London Stock Exchange. He is
currently a Non-Executive Director of AIM traded SEC Newgate SPA, an Italian company, also traded on
AIM, and Chairman of Scram Group Ltd. The Board has reviewed David’s time commitment from his other
directorships and has concluded that they average six to seven working days per month. The Board is
therefore comfortable that David has sufficient available capacity to carry out his duties as a Non-Executive
Chairman of ECSC Group plc.
Ian Mann – Chief Executive Officer
Ian has over 19 years of experience in the cyber-security sector, having founded ECSC. He was previously
an advisor for GCHQ, and established a Cisco Networking Academy for Dixons City Technology College. Ian’s
professional certifications include CISSP, PCI QSA, and ISO Lead Auditor. Ian holds a B.Eng. in Electrical and
Electronic Engineering from the University of Nottingham, and an MBA from the Open University.
Lucy Sharp – Chief Operating Officer
Lucy has over 19 years of experience in the cyber-security sector, having joined ECSC at its inception. Lucy
worked as an ISO 27001 consultant, leading this area prior to taking the position of Operations Director
in 2012. Lucy has held a number of professional certifications, including CISSP, PCI QSA, and ISO Lead
Auditor. Whilst working at ECSC, Lucy completed a Masters in Business Management at Leeds Metropolitan
University.
Elizabeth Gooch MBE – Non-Executive Director
Elizabeth Gooch is an award-winning UK tech entrepreneur, having started her career in industry, joining
Forward Trust (a subsidiary of Midland Bank) and then Birmingham Midshires Building Society, before
establishing eg solutions in 1988. She pioneered the introduction of industrial production management
methodologies into the service sector and invented the eg operational intelligence ® software suite to
embed these techniques into businesses. eg was listed on the Alternative Investment Market and was
acquired by a major US Software Company in 2017. Elizabeth was named as one of The Telegraph’s Most
Disruptive Entrepreneurs and West Midlands Woman of the Year for her Outstanding Contribution to
Technology. She was made a Member of the Order of the British Empire in the Queens Jubilee Birthday
Honours 2012, in recognition of her achievements in delivering significant benefits for clients with the
products she designed. Elizabeth is now CEO of The Tech Growth Factory; a company she established to
assist the founders of small technology companies achieve their growth potential.
Gemma Basharan – Chief Financial Officer
Gemma is a Chartered Accountant who has over 14 years of financial experience both in the private and
charity sector. Gemma joined ECSC in 2011 as a management accountant before taking the position of
Financial Controller in 2016, and to Chief Financial Officer in April 2020.
Board of Directors cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 38
The Directors present their report and financial
statements for the year ended 31 December 2021.
Principal Activities and Review of the Business
The principal activity of the Group during the year
continued to be the provision of professional cyber
security services. Future developments of the Group
have been reviewed as part of the Strategic Report.
Principal Risks and Uncertainties
For information on the principal risks and
uncertainties of the Group, please see pages 29 to 33
of the Strategic Report.
Results and Dividends
The loss for the period, after taxation, amounted to
£0.53m (2020: loss of £0.27m). The Board has not
declared a dividend for the year ended 31 December
2021 (2020: £nil).
Going Concern
The Directors are satisfied that the Group has
sufficient financial resources to continue to operate
for the foreseeable future, which is considered to
be at least the 12 months from the date of approval
of the financial statements. For this reason, the
going concern basis is considered appropriate for
the preparation of the financial statements (for
more information see note 4.2 to the Financial
Statements).
Research and Development
Research and development activities are grouped
into three broad areas:
•
Proprietary software, operating systems,
applications, tools and documentation used to
provide Managed Services.
•
Proprietary software, tools and techniques used
to provide Consulting Services.
•
Core internal business systems to support
revenue generating activities.
Chairman Corporate Governance
Overview
As Chairman of the Board of Directors of ECSC
Group plc it is my responsibility to ensure that
ECSC has both sound corporate governance and an
effective Board. As Chairman, my responsibilities
include leading the Board effectively, overseeing
the Company’s corporate governance model,
communicating with shareholders, and ensuring that
good information flows freely between Executives
and Non-Executives in a timely manner.
ECSC Group plc has adopted the QCA Corporate
Governance Code in line with the London Stock
Exchange’s recent changes to the AIM Rules,
requiring all AIM-listed companies to adopt and
comply or explain non-compliance with a recognised
corporate governance code. The Board considers
that the Group complies with the QCA Code so far as
it is practicable having regard to the size, nature and
current stage of development of the Company, and
will disclose any areas of non-compliance in the text
below. The Board believes that corporate governance
is a framework which underpins the core values
for running the business in which we all believe,
including a commitment to open and transparent
communications with stakeholders. Further details
on Corporate Governance is on the Group’s website
at https://investor.ecsc.co.uk/governance/corporate-
governance.html.
QCA Principles
1. Establish a strategy and business model which
promotes long-term value for shareholders
The Board has concluded that the highest medium
and long-term value can be delivered to its
shareholders by a focused strategy for the Company.
Details of the Business strategy can be found on
page 8-9.
Directors’ Report for the year ended 31 December 2021
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 39
2. Seek to understand and meet shareholder needs
and expectations
The Group is strongly committed to the maintenance
of good investor relations and seeks, wherever
possible, to build a relationship of mutual
understanding with both its institutional and private
client investors. The Company communicates how
it is governed and is performing through its Annual
Report and Accounts, full-year and half-year
announcements, regulatory announcements and its
website: https://investor.ecsc.co.uk/. The Group have
a dedicated email address investor@ecsc.co.uk for
shareholder enquiries.
3. Take into account wider stakeholder and social
responsibilities and their implications for long-term
success.
The Board recognises that the long-term success
of the Group is reliant upon the efforts of the
employees of the Group and its suppliers, regulators
and other stakeholders. The Group prepares an
annual strategic plan and detailed budget which
considers a wide range of key resources and
stakeholders. Everyone within the Group is a valued
member of the team, and our aim is to help every
individual achieve their full potential. We offer equal
opportunities regardless of race, gender, gender
identity or reassignment, age, disability, religion or
sexual orientation. See employee survey, (pages 12-
13) and social responsibility (page 41).
4. Embed effective risk management, considering
both opportunities and threats, throughout the
organisation.
The Board attaches considerable importance to
the Company’s system of internal control and
risk management. An ongoing process has been
established for identifying, evaluating, and managing
the significant risks faced by the Group. Details of
key risks to the business can be found on page 29.
5. Maintain the board as a well-functioning,
balanced team led by the Chair.
ECSC is controlled by the Board of Directors. There
are two independent Directors; David Mathewson
and Elizabeth Gooch. Their time commitment to
ECSC are as follows:
•
David Mathewson: devotes at least two full
working days in each calendar month to perform
the duties of office; and
•
Elizabeth Gooch: reasonable endeavours
to attend all meetings of the Board and/or
committees of the Board of which she is a
member and to attend all general meetings of
the Company.
Details of the Board and the roles can be found on
page 36.
6. Ensure that between them the Directors have
the necessary up-to-date experience, skills and
capabilities.
The Directors have both a breadth and depth of
skills and experience to fulfil their roles and deliver
the strategy of the Group for the benefit of the
shareholders over the medium to long-term. The
Group believes that the current balance of skills in
the Board as a whole, reflects a very broad range of
commercial and professional skills. The Directors
continue to develop their skill set and keep up to
date with current regulations in their prospective
markets.
Details of the Directors’ experience and areas of
expertise are outlined on pages 36/37.
Directors’ Report for the year ended 31 December 2021
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 40
7. Evaluate board performance based on clear
and relevant objectives, seeking continuous
improvement.
The Board informally review board performance as
part of the day to day running of the business. ECSC
Group plc has yet to carry out a formal assessment
of board effectiveness and the Board will keep this
under consideration and put in procedures when it is
felt appropriate.
The Company has adopted a code for Directors’
and employees’ dealings in securities which is
appropriate for a company whose securities are
traded on AIM, and is in accordance with the
requirements of the Market Abuse Regulation which
came into effect in 2016.
8. Promote a corporate culture that is based on
ethical values and behaviours.
The company has clearly defined values upon which
our culture and behaviours are based. These are
outlined in the Chief Operating Officer’s Overview on
pages 12-13.
9. Maintain governance structures and processes
that are fit for purpose and support good decision-
making by the board.
The Board is committed to, and ultimately
responsible for, high standards of corporate
governance, and has chosen to adopt the QCA Code.
We review our corporate governance arrangements
regularly and expect to evolve these over time, in
line with the Group’s growth. The Board delegates
responsibilities to Committees and individuals as
it sees fit, with the Chairman being responsible for
the effectiveness of the Board, and the Executive
Directors being accountable for the management of
the Company’s business and shareholder liaison.
10. Communicate how the company is governed
and is performing by maintaining a dialogue with
shareholders and other relevant stakeholders.
The Board is strongly committed to the maintenance
of good investor relations and to having constructive
dialogue with its shareholders. Executive Directors
and Chair seek to meet with shareholders and other
investors/potential investors at regular intervals
during the year.
Committee Chairman
This report sets out information about the
remuneration of the Directors of the Company for
the year ended 31 December 2020. As a company
admitted to AIM, ECSC Group is not required
to prepare a Directors Remuneration report.
However, the board supports the principle of
transparency and has prepared this report in order
to provide information to shareholders on Directors
remuneration arrangements.
THE REMUNERATION COMMITTEE
Committee Composition
Elizabeth Gooch MBE was appointed chair of the
Committee on 16 April 2018. The other member of
the committee is David Mathewson.
Committee Responsibilities
The Remuneration Committee’s primary purpose
is to ensure that the remuneration packages of the
senior and most highly rewarded team at ECSC
Group are both aligned to the company’s purpose
and values and linked to the successful delivery of
the company’s long-term strategy.
Committee Meetings
The Remuneration Committee met at least four
times in the period, with other board members in
attendance as appropriate. The Committees main
activities during the year included:
•
Directors’ Report for the year ended 31 December 2021
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 41
•
Approved proposals for changes in the
remuneration of Directors for the forthcoming
period.
•
Agreed individual share option awards;
•
Agreed targets and performance measures for
bonus payments for the forthcoming financial
period; and
•
Administered the group’s share schemes.
In determining the Directors remuneration for the
year, the Committee consulted Ian Mann, Chief
Executive about its proposals.
Social Responsibility
ECSC Group plc’s commitment to the continuous
improvement of our Corporate and Social
Responsibility (CSR) strategy is an integral part of
our company’s vision and values. We want ECSC
Group plc to positively impact the lives of the people
we work with and for, providing long-term benefits to
its employees, customers, suppliers and individuals
in our local and wider community. We do this by
acting in a socially responsible way; encouraging our
staff and business partners to strive for matching
performance; and, encouraging our staff to be
mindful of the effect of their actions on any natural
resource.
ECSC is a sponsor of the GiveBradford 100 Club
which is a network of like minded organisations
wanting to address the challenges facing the
district. The GiveBradford scheme have distributed
over £1.5 million in grants in 2020/21 across the
Bradford District, enabling positive change in the
lives of hundreds of thousands of people in our
communities.
As a team we hold regular charity collections such
as the Bradford Christmas Tree appeal and arrange
charity walks.
In support of our local community, both our CEO,
COO and SOC Manager have recently visited local
secondary schools, universities and colleges to
contribute to their careers events, and talked
to students who have expressed an interest in a
potential career in cyber security to give them some
steerage. Our HR Director also acts as a mentor
under the CIPD’s scheme to assist those looking to
return to the workplace, providing career advice, CV
writing support, interviewing techniques, etc.
Charities are given discounted rates when engaging
our services and where practicable we seek to
support charities and/or clients in their CSR efforts
e.g providing prizes for raffles, raising money for
their causes and attending charity functions.
Environmental
ECSC Group plc recognises that it has a
responsibility to the environment above and beyond
regulatory requirements. Action on all parts of
this policy will be the responsibility of all staff. The
Management Team are committed to continuous
improvements in our environmental performance.
Environmental regulations, laws and code of practice
will be followed to ensure the continuous awareness
of environmental issues and to maintain good
practice in our operations.
Monitoring environmental performance will be
part of our yearly board review. We monitor our
energy consumption for improved environmental
performance and monitor our use of paper,
consumables and other office supplies to ensure a
steady reduction in consumption. Employees are
encouraged to move towards electric vehicles.
Directors in place /changes in the year
On 13 July 2021 Ian Castle stepped down from the
Board. Ian will continue his role as Chief Technology
Officer on a part-time basis.
Directors’ Report for the year ended 31 December 2021
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 42
Directors’ Interests and Remuneration
The Directors who held office during the period were as follows:
David Mathewson
Ian Mann
Lucy Sharp
Elizabeth Gooch
Ian Castle (Resigned 13 July 21)
Gemma Basharan
Audit Committee
The duties of the Audit Committee are to consider the relationship with the Company’s auditor (appointment,
re-appointment and terms of engagement), to review the integrity of the Company’s financial statements, to
keep under review the appropriateness of the Company’s accounting policies, and to review the effectiveness
and adequacy of the Company’s internal financial controls. In addition, it will receive and review such reports
as it from time to time requests from the Company’s management and auditor. The Audit Committee meets
at least twice a year and has unrestricted access to the Company’s auditor. The Audit Committee comprises
David Mathewson and Elizabeth Gooch and is chaired by David Mathewson.
Nomination Committee
The duties of the Nomination Committee are to consider the structure, size and composition of the Board
and make recommendations to the Board with regard to any changes. It is also responsible for identifying
and nominating candidates to fill Board vacancies as and when they arise. The Nomination Committee
also makes recommendations to the Board concerning, among other things, plans for succession for both
Executive and Non-Executive Directors. It meets at least twice a year. The Nomination Committee comprises
Elizabeth Gooch and David Mathewson and is chaired by David Mathewson.
Disclosure Committee
The Disclosure Committee is the first point of contact with the NOMAD for all routine and non-routine
matters which the NOMAD wishes to discuss with the Board and shall carry out duties to ensure the
Company’s compliance with the AIM Rules and Market Abuse Regulations. The Disclosure Committee meets
twice a year and comprises David Mathewson and Elizabeth Gooch and is chaired by David Mathewson.
Attendance at Board and Committee meetings
There were 12 Board meetings held during the year, all of which were attended by Ian Mann, David
Matthewson and Elizabeth Gooch. Lucy Sharp and Gemma Basharan attended 11 Board Meetings during the
year.
The Audit Committee had two meetings during the year at which both Elizabeth Gooch and David Mathewson
attended.
The following Directors had interests in the ordinary shares of the Company as at 31 December 2021:
Directors’ Report for the year ended 31 December 2021
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 43
Number of
Ordinary
Shares
% of Issued
Share
Capital
David Mathewson
35,419
0.35%
Ian Mann
2,322,735
23.21%
Lucy Sharp
242,635
2.42%
Elizabeth Gooch
50,000
0.50%
Gemma Basharan
4,214
0.04%
Details of the Directors remuneration are included in the Remuneration Report on pages 43-48.
Substantial Interests
At 31 December 2021, the Company had been notified, under the Disclosure guidance and Transparency
Rules, of the following major shareholdings and the percentages of voting rights represented by such
holdings, excluding the shareholdings and associated voting rights of the Directors noted above, as follows:
Number of
Ordinary
Shares
% of Issued
Share
Capital
Unicorn Asset Management
1,448,946
14.48%
Ravinder Bahra
1,069,068
10.68%
Phil McLear
472,290
4.72%
Malcolm Hoare
300,300
3.00%
Annual General Meeting
The next Annual General Meeting will take place on 30 June 2022.
Statement of Disclosure of Information to Auditor
The Directors of the Company who held office at the date of approval of this Annual Report as set out above
each confirm that:
•
so far as each Director is aware, there is no relevant audit information of which the Company’s auditors
are unaware; and
•
each Director has taken all the steps that they ought to have taken as a Director in order to make
themselves aware of any relevant audit information and to establish that the Company’s auditors are
aware of that information.
Auditor
BDO LLP has indicated its willingness to continue as auditor. Accordingly a resolution proposing its
reappointment as auditor will be put to the members at the next Annual General Meeting.
On behalf of the Board
David Mathewson
Non-Executive Chairman 22 March 2022
Directors’ Report for the year ended 31 December 2021
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 44
As an AIM listed company ECSC Group plc is not required to comply with schedule 8 of the Large and
Medium-sized Companies and Groups (Accounts and Reports) Regulations 2008. Nor is it required to comply
with the principles relating to Directors remuneration in the UK Corporate Code 2018 (“the code”). The
content of this report is unaudited unless stated.
Remuneration Policy
The objectives of the remuneration policy are to ensure that the overall remuneration of Executive
Directors is aligned with the performance of the Group and preserves an appropriate balance of reward and
shareholder value.
The Company’s policy is to remunerate Directors appropriately such that they are sufficiently rewarded for
their level of responsibility, the complexity of their role and to reflect their skills and experience.
The Remuneration Committee sets the level of Total Pay and other benefits for Executive Directors and other
Senior Managers. It does this in line with its assessment of the appropriate market rate for the roles, aiming
to attract and retain good candidates for these roles. The Company does not operate an Executive Annual
Performance Bonus Scheme but does have a share based incentive scheme as outlined below.
The Committee is sensitive to pay and employment conditions elsewhere in the Cyber Security and general
IT Software and Services markets, especially when determining Total Salary levels, and conducts regular
salary benchmarking exercises using external advisers.
The committee has reviewed the Remuneration Policy for the forthcoming year and agreed the following
amendments:
•
to allow the Executive to determine Total Salary levels below £100,000 within the Group without reference
to the Remuneration Committee
•
to implement the policy adopted within the wider group of paying a Total Salary amount instead of a
Basic Salary plus Executive Annual Performance Bonus Scheme.
Total Salary levels for the Executive were determined by calculating the average of the last three year’s basic
salary plus bonus awards to obtain a Total Salary amount and comparing this with external benchmarks.
The benchmarking exercise was conducted by FIT Remuneration Consultants LLP and concluded that no
change was required to the Total salary of the Chief Executive, an increase of £5,000 per annum should be
awarded to the Chief Operating Officer and a £10,000 increase awarded to the Chief Financial Officer. The
salary of the Chief Financial Officer is below market benchmarks and will be increased over time in line with
performance.
The Committee agreed to implement the Total Salary policy adopted by the wider Group moving forwards and
no bonus payments have been awarded for the financial year ended 31 December 2021.
The Committee has concluded that the remainder of the policy is appropriate for the forthcoming three year
period.
Remuneration Committee Report
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 45
Remuneration for Executive Directors
The main components of the remuneration arrangements for Executive Directors are as follows:
Purpose & Link to Strategy
Operation
Maximum Opportunity
Performance Conditions
Base Salary
To provide fixed competitive
remuneration that will attract
and retain key employees and
reflect their experience and
position in the Group.
Reviewed annually taking into
account industry-standard
executive remuneration and
pay levels elsewhere within the
sector.
Salaries for the year ended 31
December 2021 are set out
below.
None.
Benefits
To provide market levels of
benefits on a cost-effective
basis.
Private health cover for the
executive and their family, life
insurance cover of two-times
salary and a company car.
Private healthcare benefits are
provided through third-party
providers and therefore the
cost to the Company may vary
from year to year.
None.
Pension
Providing post-retirement
benefits.
The Group contributes to
individual’s personal pension
schemes
10% of base salary
None.
Executive Share Options Plan
Setting value creation
through share growth as a
major objective for Executive
Directors and senior
managers. Alignment of option
holder interests with those of
shareholders through delivery
of shares.
The Group introduced a Share
Option scheme during 2020.
All the Executive Directors,
participates in the EMI
scheme. See below. No
awards made in 2021.
N/A
N/A
The committee introduced a Long-Term Incentive Plan (“LTIP”) for the Executive Directors during 2020:
Vesting Period
I Year
2 Years
3 Years
4 Years
Total Ordinary
Shares
Target Price
167 Pence
200 Pence
225 Pence
250 Pence
Ian Mann
25,000
25,000
25,000
25,000
100,000
Lucy Sharp
25,000
25,000
25,000
25,000
100,000
Ian Castle
20,000
20,000
20,000
20,000
80,000
Gemma Basharan
20,000
20,000
20,000
20,000
80,000
Remuneration for Non – Executive Directors
Remuneration of the Non-Executive Directors is determined by the Board within the limits set by the
Company’s Articles of Association and is based on fees paid in similar companies, the skills required,
and the expected time commitment required of each individual. Non-Executive Directors are not entitled
to pensions, annual bonuses or employee benefits. They are entitled to participate in share option
arrangements relating to the Company’s shares and both were allocated 100,000 options on 20 April
2018. The options had an exercise price of 78 pence and are subject to a three year vesting period and the
performance condition that the Company’s closing mid-market share price must exceed 200 pence for 10
consecutive business days following the vesting date. The grant represented 2% of the current issued share
capital of the company.
Remuneration Committee Report cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 46
Each of the Non-Executive Directors has a letter of appointment stating his/her annual fee and that his/her
appointment is initially for a term of three years, subject to re-appointment at the AGM and renewable for
further periods of three years. Their appointment may be terminated with three months written notice at any
time.
Name of Director
Salary or Fees
Paid
£’000
Benefit-in-Kind
£’000
Pension
£’000
Share Based
Payments
£’000
Year ended 31
December 2021
£’000
Year ended 31
December 2020
£’000
Ian Mann
225
2
23
16
266
239
Lucy Sharp
135
5
14
21
175
220
Gemma Basharan
90
-
9
16
115
93
Ian Castle*
50
-
5
11
66
156
David Mathewson
63
-
-
3
66
73
Elizabeth Gooch
40
-
-
3
43
48
Total
603
7
51
70
731
829
*Ian Castle resigned as a director 13 July 21
Notes:
•
Benefits-in-Kind includes the provision of Company Cars and Private Medical insurance; and
•
Share Based Payments are stated at the cost of the award recognised in the financial period.
Ian Mann, Chief Executive is the highest paid Director.
Employee Benefit Expense (including Directors) during the periods amounted to:
GROUP
Year ended
31 December
2021
£’000
GROUP
Year ended
31 December
2020
£’000
COMPANY
Year ended
31 December
2021
£’000
COMPANY
Year ended
31 December
2020
£’000
Wages and Salaries - Gross
4,420
4,269
4,237
4,033
Government Grants
-
(292)
-
(203)
Wages and Salaries
4,420
3,977
4,237
3,830
Social Security Costs
550
452
492
404
Pension Contributions
218
179
194
161
Share Based Payments
100
101
100
101
5,288
4,709
5,023
4,496
During 2020 the Group has benefited from £0.2m of Coronavirus Job Retention Scheme (CJRS) and £0.1m of
Australia grants. (see note 4.5). No grants were received in 2021.
Remuneration Committee Report cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 47
Directors Interests
Details of the Directors Shareholdings are included in the Director’s Report on page 43.
Share Incentives
The Company operates an Enterprise Management Incentive (‘EMI’) Scheme. The EMI Scheme provides
the opportunity for eligible Directors and employees to buy ECSC ordinary shares at a future date in
accordance with the scheme rules. The options are subject to the option holder’s continuing employment,
are not transferable, and have a life of 10 years. All grants under the scheme are subject to approval by the
Remuneration Committee.
In August 2020 the Company cancelled over 588,040 Ordinary Share options to 20 employees, following
the cancellation the Company granted options over 588,040 new Ordinary Shares to the same Company
employees, at an exercise price of 65 pence per share. The exercise price was set by reference to the
average mid-market share price being the closing market price on 20 August 2020 in accordance with HMRC
guidelines. There was a performance condition attaching to this grant, ordinary shares trade at a mid-
market minimum price of 167 pence per share over 10 consecutive business days.
In August 2020 the Company also granted over 450,000 new Ordinary Shares to 32 employees, at an exercise
price of 69 pence per share, subject to a 1- 4 year vesting period. The exercise price was set by reference to
the average mid-market share price being the closing market price on 27 August 2020 in accordance with
HMRC guidelines. There was a performance condition attaching to this grant, ordinary shares trade at a
mid-market minimum price of 167 pence per share over 10 consecutive business days.
Outstanding Share Based Awards
The outstanding Share Based Awards of the Directors as at 31 December 2021 are:
Name Of Director
Type Of
Reward
Date Of
Grant
Granted
Cancelled/
Lapsed
In Year
Vested In
Year
Not Vested
End Of Year
Market
Price At
Grant
Exercise
Price
Lucy Sharp
Share Option
Aug 21, 2020
144,758
-
-
144,758
65.0p
65.0p
Lucy Sharp
Share Option
Sep 28, 2020
100,000
-
-
100,000
69.0p
69.0p
Ian Mann
Share Option
Sep 28,2020
100,000
-
-
100,000
69.0p
69.0p
Gemma Basharan
Share Option
Aug 21, 2020
64,651
-
-
64,651
65.0p
65.0p
Gemma Basharan
Share Option
Sep 28,2020
80,000
-
-
80,000
69.0p
69.0p
Elizabeth Gooch
Share Option
Apr 18, 2018
100,000
-
-
100,000
79.0p
78.0p
David Mathewson
Share Option
Apr 18, 2018
100,000
-
-
100,000
79.0p
78.0p
The closing mid-market price of the Group’s shares at 31 December 2021 was 74.0 pence (2020: 67.5 pence).
During the financial year the share price reached a high of 95.0 pence and a low of 67.5 pence (2020: high of
145.0 pence and a low of 60.0 pence).
Remuneration Committee Report cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 48
Directors Service Contracts
The Service contracts and letters of appointment of Directors include the following terms:
Executive Directors
Date of Appointment
Notice Period
Ian Mann
13 April 2018
6 months
Lucy Sharp
02 November 2012
6 months
Gemma Basharan
25 March 2020
6 months
Non-Executive Directors
Date of Appointment
Notice Period
David Mathewson
18 April 2018
3 months
Elizabeth Gooch
16 April 2018
3 months
Statement of Voting at General Meeting
Approval
This report was approved by the Directors and signed by order of the Board.
Elizabeth Gooch MBE
Chairman of the Remuneration Committee
22 March 2022
Remuneration Committee Report cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 49
The Directors are responsible for preparing the Annual Report and the financial statements in accordance
with applicable law and regulations.
Company Law requires the Directors to prepare financial statements for each financial year. Under that law
the Directors have elected to prepare the financial statements in accordance with UK adopted international
accounting standards in conformity with the requirements of the Companies Act 2006. Under Company Law
the Directors must not approve the financial statements unless they are satisfied that they give a true and
fair view of the state of affairs of the Company and the Group and of the profit or loss of the Group for the
reporting period. In preparing these financial statements, the Directors are required to:
•
select suitable accounting policies and then apply them consistently;
•
make judgments and estimates that are reasonable and prudent;
•
state whether applicable accounting standards have been followed, subject to any material departures
disclosed and explained in the financial statements; and
•
prepare the financial statements on the going concern basis unless it is inappropriate to presume that
the Company will continue in business.
The Directors are responsible for keeping adequate accounting records that are sufficient to show and
explain the Company’s transactions and disclose with reasonable accuracy at any time the financial position
of the Company and enable them to ensure that the financial statements comply with the Companies Act
2006. They are also responsible for safeguarding the assets of the Company and hence for taking reasonable
steps for the prevention and detection of fraud and other irregularities.
Financial information is published on the Company’s website. The maintenance and integrity of this website
is the responsibility of the Directors. The work carried out by the Company’s auditors does not involve
consideration of these matters and, accordingly, the auditors accept no responsibility for any changes that
may occur to the financial statements after they are initially presented on the website.
It should be noted that legislation in the United Kingdom governing the preparation and dissemination of
financial statements may differ from legislation in other jurisdictions.
By order of the Board
David Mathewson
Non-Executive Chairman
22 March 2022
Statement of Directors’ Responsibilities
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 50
Cyber Security Experts
Annual Report Year Ended 31 December 2021
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 51
Opinion on the financial statements
In our opinion:
•
the financial statements give a true and fair view of the state of the Group’s and of the Parent Company’s
affairs as at 31 December 2021 and of the Group’s loss for the year then ended;
•
the Group financial statements have been properly prepared in accordance with UK adopted international
accounting standards;
•
the Parent Company financial statements have been properly prepared in accordance with UK adopted
international accounting standards and as applied in accordance with the provisions of the Companies
Act 2006; and
•
the financial statements have been prepared in accordance with the requirements of the Companies Act
2006.
We have audited the financial statements of ECSC Group plc (the ‘Parent Company’) and its subsidiaries (the
‘Group’) for the year ended 31 December 2021 which comprise Consolidated Statement of Comprehensive
Income, the Consolidated and Company Statements of Financial Position, the Consolidated and Company
Cash Flow Statements, the Consolidated and Company Statements of Changes in Equity and notes to
the financial statements, including a summary of significant accounting policies. The financial reporting
framework that has been applied in their preparation is applicable law and UK adopted international
accounting standards and, as regards the Parent Company financial statements, as applied in accordance
with the provisions of the Companies Act 2006.
Basis for opinion
We conducted our audit in accordance with International Standards on Auditing (UK) (ISAsc(UK))
and applicable law. Our responsibilities under those standards are further described in the Auditor’s
responsibilities for the audit of the financial statements section of our report. We believe that the audit
evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.
Independence
We remain independent of the Group and the Parent Company in accordance with the ethical requirements
that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as
applied to listed entities, and we have fulfilled our other ethical responsibilities in accordance with these
requirements.
Conclusions relating to going concern
In auditing the financial statements, we have concluded that the Directors’ use of the going concern basis
of accounting in the preparation of the financial statements is appropriate. Our evaluation of the Directors’
assessment of the Group and the Parent Company’s ability to continue to adopt the going concern basis of
accounting included:
•
Obtaining and examining the Board’s Going concern paper, alongside supporting forecasts for the next
two years.
•
Challenging Director’s assumptions, such as revenue pipeline, as used in the forecast period through
review of the historic forecast accuracy, comparing forecasts to post year end results, cost performance,
current business trends and pipeline/contract analysis.
Independent auditor’s report to the members of ECSC Group plc
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 52
•
Considering the Board’s probable scenarios of sensitivities, to understand the robustness of the forecast
trading model and the headroom available to the Group and Parent Company.
•
Review of the available cash and financing facilities within the Group, and evaluation of management’s
downside sensitivities on cash flow headroom, incorporating a review of financial covenants compliance
and headroom analysis throughout the forecast period.
•
Review of the disclosures made in the financial statements and in the strategic report. We assessed
whether these adequately disclose the basis of the judgements taken and the view formed by the
Directors with respect to going concern.
Based on the work we have performed, we have not identified any material uncertainties relating to events
or conditions that, individually or collectively, may cast significant doubt on the Group and the Parent
Company’s ability to continue as a going concern for a period of at least twelve months from when the
financial statements are authorised for issue.
Our responsibilities and the responsibilities of the Directors with respect to going concern are described in
the relevant sections of this report.
Independent auditor’s report to the members of ECSC Group plc
Overview
Coverage
100% (2020: 100%) of Group loss before tax
100% (2020: 100%) of Group revenue
100% (2020: 100%) of Group total assets
Key audit matters
2021
2020
Capitalised development
costs
P
x
Going concern assessment
x
P
Going concern assessment is no longer considered to be a key audit matter having
regarding to the refinancing that the parent company has undertaken during the
year as set out in the going concern accounting policy in note 4.2 to the financial
statements.
Materiality
Group financial statements as a whole
£123k (2020: £105k) based on 2% (2020: 1.85%) of revenue - refer to ‘Our application of
materiality’ section below for details.
An overview of the scope of our audit
Our Group audit was scoped by obtaining an understanding of the Group and its environment, including
the Group’s system of internal control, and assessing the risks of material misstatement in the financial
statements. We also addressed the risk of management override of internal controls, including assessing
whether there was evidence of bias by the Directors that may have represented a risk of material
misstatement.
Independent auditor’s report to the members of ECSC Group plc
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 53
Financial information relating to the Parent Company was subject to a full scope audit by the Group audit
team, and certain specific procedures were performed in relation to the Australian operating subsidiary by
the Group audit team; covering 100% of the revenue, loss before tax and total assets of the Group for the
year.
Key audit matters
Key audit matters are those matters that, in our professional judgement, were of most significance in our
audit of the financial statements of the current period and include the most significant assessed risks
of material misstatement (whether or not due to fraud) that we identified, including those which had the
greatest effect on: the overall audit strategy, the allocation of resources in the audit, and directing the
efforts of the engagement team. These matters were addressed in the context of our audit of the financial
statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on
these matters.
Our application of materiality
We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of
misstatements. We consider materiality to be the magnitude by which misstatements, including omissions,
could influence the economic decisions of reasonable users that are taken on the basis of the financial
statements.
In order to reduce to an appropriately low level the probability that any misstatements exceed materiality,
we use a lower materiality level, performance materiality, to determine the extent of testing needed.
Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also
take account of the nature of identified misstatements, and the particular circumstances of their occurrence,
when evaluating their effect on the financial statements as a whole.
Based on our professional judgement, we determined materiality for the financial statements as a whole and
performance materiality as follows on page 64.
Independent auditor’s report to the members of ECSC Group plc
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 54
Key audit matter
How the scope of our audit addressed the
key audit matter
Valuation of development costs
The group’s accounting policies on
impairment of internally generated
development costs are shown in notes 4.10
and 5 to the financial statements and related
disclosures are included in note 12.
The Group capitalises internally generated
development costs which are included within
intangible assets.
All intangible assets are tested for
impairment when indicators of impairment
exist. Impairment is determined with
reference to the higher of fair value less
costs to sell or value in use. Significant
assumptions are made in estimating future
cash flows about future events including
future market conditions and future growth
rates.
The Group has continued to make an
operating loss in the current year and
we identified a risk over the potential
impairment of these assets as a result of
this, and accordingly we considered this to
be a key audit matter.
Our audit work included, but was not
restricted to:
•
Considering indicators of impairment
at a Group level by comparing the
market capitalisation of the Group
to the consolidated net assets at 31
December 2021.
•
Performing procedures to assess
and challenge the assumptions
underpinning the Board’s impairment
assessment model over specific
projects capitalised, as detailed below:
•
Enquiry of project managers outside
of the finance function to understand
the commercial purpose of specific
projects capitalised;
•
Testing the mathematical accuracy of
impairment assessment calculations
and the integrity of the underlying data;
•
Agreeing forecast cash flows to Board
approved budgets (as reviewed in the
going concern review) and reviewing
the reasonableness of the assumptions
adopted based upon our knowledge of
the business;
•
Challenging the growth assumptions
adopted by the Directors’ for future
periods by considering whether these
were reasonable against market
expectations;
•
Considering the sensitivity to changes
in the assumptions; and
•
Assessing the discount rate applied,
with reference to an incrementation
borrowing rate relevant to the Group,
and also review of relevant sensitivities.
Key observations
Following the procedures performed as
set out above we are satisfied that for the
assumptions made by the Directors’ in
assessing whether there is an impairment of
internally generated developments costs at
31 December 2021 were reasonable.
Independent auditor’s report to the members of ECSC Group plc
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 55
Our application of materiality
We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of
misstatements. We consider materiality to be the magnitude by which misstatements, including omissions,
could influence the economic decisions of reasonable users that are taken on the basis of the financial
statements.
In order to reduce to an appropriately low level the probability that any misstatements exceed materiality,
we use a lower materiality level, performance materiality, to determine the extent of testing needed.
Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also
take account of the nature of identified misstatements, and the particular circumstances of their occurrence,
when evaluating their effect on the financial statements as a whole.
Based on our professional judgement, we determined materiality for the financial statements as a whole and
performance materiality as follows:
Group financial statements
Parent company financial statements
2021
£’000s
2020
£’000s
2021
£’000s
2020
£’000s
Materiality
123
105
122
104
Basis for determining materiality
2% of revenues
1.85% of revenues
2% of revenues
1.85% of revenues
Rationale for the benchmark applied
We considered revenue to be the most appropriate measure of performance for
users of financial statements, given the volatility in loss before tax.
Performance materiality
86
79
85
78
Basis for determining performance materiality
70% (2020:75%) of materiality, based upon there being a limited number of areas
subject to significant estimation uncertainty and no significant errors identified in
the prior period.
Component materiality
We set materiality for the one significant component of the Group (being the Parent company) based on
a percentage of 98% (2020: 96%) of Group materiality, which is considered aligned with the size and our
assessment of the risk of material misstatement of that component. In the audit of the component, we
further applied performance materiality levels of 70% (2020: 75%) of the component materiality to our
testing to ensure that the risk of errors exceeding component materiality was appropriately mitigated.
Reporting threshold
We agreed with the Audit Committee that we would report to them all individual audit differences in excess of
£5,160 (2020: £4,320). We also agreed to report differences below this threshold that, in our view, warranted
reporting on qualitative grounds.
Other information
The directors are responsible for the other information. The other information comprises the information
included in the Group Strategic Report, Directors’ Report and Consolidated Financial Statements, other
than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does
not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not
Independent auditor’s report to the members of ECSC Group plc
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 56
express any form of assurance conclusion thereon. Our responsibility is to read the other information and,
in doing so, consider whether the other information is materially inconsistent with the financial statements
or our knowledge obtained in the course of the audit, or otherwise appears to be materially misstated. If we
identify such material inconsistencies or apparent material misstatements, we are required to determine
whether this gives rise to a material misstatement in the financial statements themselves. If, based on the
work we have performed, we conclude that there is a material misstatement of this other information, we
are required to report that fact.
We have nothing to report in this regard.
Other Companies Act 2006 reporting
Based on the responsibilities described below and our work performed during the course of the audit, we are
required by the Companies Act 2006 and ISAs (UK) to report on certain opinions and matters as described
below.
Strategic report and Directors’
report
In our opinion, based on the work undertaken in the course of the audit:
•
the information given in the Strategic report and the Directors’ report for the financial
year for which the financial statements are prepared is consistent with the financial
statements; and
•
the Strategic report and the Directors’ report have been prepared in accordance with
applicable legal requirements.
In the light of the knowledge and understanding of the Group and Parent Company
and its environment obtained in the course of the audit, we have not identified material
misstatements in the strategic report or the Directors’ report.
Matters on which we are required
to report by exception
We have nothing to report in respect of the following matters in relation to which the
Companies Act 2006 requires us to report to you if, in our opinion:
•
adequate accounting records have not been kept by the Parent Company, or returns
adequate for our audit have not been received from branches not visited by us; or
•
the Parent Company financial statements are not in agreement with the accounting
records and returns; or
•
certain disclosures of Directors’ remuneration specified by law are not made; or
•
we have not received all the information and explanations we require for our audit.
Responsibilities of Directors
As explained more fully in the Directors’ responsibilities statement, the Directors are responsible for the
preparation of the financial statements and for being satisfied that they give a true and fair view, and for such
internal control as the Directors determine is necessary to enable the preparation of financial statements
that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Parent
Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern
and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or
the Parent Company or to cease operations, or have no realistic alternative but to do so.
Independent auditor’s report to the members of ECSC Group plc
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 57
Auditor’s responsibilities for the audit of the financial statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole
are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that
includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an
audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists.
Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate,
they could reasonably be expected to influence the economic decisions of users taken on the basis of these
financial statements.
Extent to which the audit was capable of detecting irregularities, including fraud.
Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design
procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of
irregularities, including fraud. The extent to which our procedures are capable of detecting irregularities,
including fraud is detailed below:
As part of the audit we gained an understanding of the legal and regulatory framework applicable to the
Group and the industries in which it operates, and considered the risk of acts by the Group that were
contrary to applicable laws and regulations, including fraud. We considered the Group’s compliance with
laws and regulations that have a significant impact on the financial statements to be UK company law, UK
tax legislation, the accounting framework and ISO security standards, and we considered the extent to which
non-compliance might have a material effect on the Group financial statements.
Based on our understanding we designed our audit procedures to identify instances of non-compliance
with such laws and regulations. Our procedures included enquiries of management and of the Directors,
reviewing the financial statement disclosures agreeing to underlying supporting documentation where
necessary, review of Board meeting minutes and review of any applicable correspondence with legal counsel
or tax authorities.
Our assessment of the susceptibility of the financial statements to fraud was through management override
of controls and revenue recognition which was addressed through detailed testing. We addressed the
risk of management override of internal controls, including testing journal entries processed during and
subsequent to the year, testing for inappropriate payments being made, testing of significant estimates
(included capitalised development costs, as set out in the key audit matters section of this report) and
evaluating whether there was evidence of bias in the financial statements by the Directors that represented
a risk of material misstatement due to fraud. We addressed the risk of inappropriate revenue recognition,
including testing a sample of revenue transactions across the year to ensure these are recorded in the
correct period and were not fictitious in nature.
We also communicated relevant identified laws and regulations and potential fraud risks to all engagement
team members and remained alert to any indications of fraud or non-compliance with laws and regulations
throughout the audit.
Independent auditor’s report to the members of ECSC Group plc
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 58
Our audit procedures were designed to respond to risks of material misstatement in the financial
statements, recognising that the risk of not detecting a material misstatement due to fraud is higher
than the risk of not detecting one resulting from error, as fraud may involve deliberate concealment by,
for example, forgery, misrepresentations or through collusion. There are inherent limitations in the audit
procedures performed and the further removed non-compliance with laws and regulations is from the
events and transactions reflected in the financial statements, the less likely we are to become aware of it.
A further description of our responsibilities is available on the Financial Reporting Council’s website at: www.
frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report.
Use of our report
This report is made solely to the Parent Company’s members, as a body, in accordance with Chapter 3 of
Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the
Parent Company’s members those matters we are required to state to them in an auditor’s report and for no
other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone
other than the Parent Company and the Parent Company’s members as a body, for our audit work, for this
report, or for the opinions we have formed.
Neil Ebdon (Senior Statutory Auditor)
For and on behalf of BDO LLP, Statutory Auditor
Leeds, UK
22 March 2022
BDO LLP is a limited liability partnership registered in England and Wales (with registered number
OC305127).
Independent auditor’s report to the members of ECSC Group plc
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 59
Note
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Revenue
6
6,144
5,663
Cost of Sales
(2,470
(2,115)
Gross Profit
6
3,674
3,548
Other Income
7
282
297
Sales & Marketing Costs
(2,018)
(1,713)
Administration Expenses
(2,418)
(2,403)
Operating Loss before Exceptional Items and Share Based Payments
(235)
(105)
Share Based Payments
23
100
101
Exceptional Items
27
145
65
Operating Loss
8
(480)
(271)
Finance Cost
(42)
(48)
Loss before Taxation
26
(522)
(319)
Taxation Charge/(Credit)
10
(5)
50
Loss for the Year
(527)
(269)
Other Comprehensive Income
-
-
Total Comprehensive Income for the Year
(527)
(269)
Attributed to Equity Holders of the Company
(527)
(269)
Loss per Share
11
pence
pence
Basic Loss per Share
(5.3)
(2.7)
Diluted Loss per Share
(5.3)
(2.7)
All operations are continuing. Total comprehensive income being attributable to equity holders of the parent.
The accompanying accounting policies and notes form an integral part of these financial statements.
Details of the exceptional items are included in note 27.
Consolidated Statement of Comprehensive Income
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 60
Note
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
ASSETS
Non-current Assets
Intangible Assets
12
483
455
Property, Plant and Equipment
13
88
148
Right-of-use Assets
18
613
746
Deferred Tax Asset
10
147
118
Total Non-current Assets
1,331
1,467
Current Assets
Inventory
14
9
9
Trade and Other Receivables
15
675
811
Corporation Tax Recoverable
289
216
Cash and Cash Equivalents
16
1,168
1,122
Total Current Assets
2,141
2,158
TOTAL ASSETS
3,472
3,625
LIABILITIES
Current Liabilities
Trade and Other Payables
17
(1,489)
(2,085)
Borrowings
19
(105)
-
Lease Liability
18
(107)
(143)
Total Current Liabilities
(1,701)
(2,228)
Non-current Liabilities
Deferred Tax Liability
10
(124)
(90)
Borrowings
19
(858)
-
Lease Liability
18
(568)
(659)
Total Non-current Liabilities
(1,550)
(749)
TOTAL LIABILITIES
(3,251)
(2,977)
NET ASSETS
221
648
EQUITY
Equity attributable to Owners of the Parent:
Share Capital
20
100
100
Share Premium Account
20
-
6,098
Share Option Reserve
20
492
392
Retained Earnings
20
(371)
(5,942)
TOTAL EQUITY
221
648
The financial statements were approved and authorised for issue by the Board of Directors on 22 March 2022
and were signed on its behalf by:
Gemma Basharan
Director
22 March 2022
Consolidated Statement of Financial Position
ECSC Group plc
Registered Number: 03964848
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 61
Note
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
ASSETS
Non-current Assets
Intangible Assets
12
483
455
Property, Plant and Equipment
13
88
147
Right-of-use Assets
18
600
711
Deferred Tax Asset
10
147
118
Total Non-current Assets
1,318
1,431
Current Assets
Inventory
14
9
9
Trade and Other Receivables
15
743
887
Corporation Tax Recoverable
289
216
Cash and Cash Equivalents
16
1,165
1,119
Total Current Assets
2,206
2,231
TOTAL ASSETS
3,524
3,662
LIABILITIES
Current Liabilities
Trade and Other Payables
17
(1,561)
(2,163)
Borrowings
19
(105)
-
Lease Liability
18
(93)
(119)
Total Current Liabilities
(1,759)
(2,282)
Non-current Liabilities
Deferred Tax Liability
10
(124)
(90)
Borrowings
19
(858)
-
Lease Liability
18
(567)
(645)
Total Non-current Liabilities
(1,549)
(735)
TOTAL LIABILITIES
(3,308)
(3,017)
NET ASSETS
216
645
EQUITY
Equity attributable to Owners of the Parent:
Share Capital
20
100
100
Share Premium Account
20
-
6,098
Share Option Reserve
20
492
392
Retained Earnings
20
(376)
(5,945)
TOTAL EQUITY
216
645
For the year ended 31 December 2021, Loss after Taxation for the Company was £529k (2020: loss of £270k).
The financial statements were approved and authorised for issue by the Board of Directors on 22 March 2022
and were signed on its behalf by:
Gemma Basharan
Director
22 March 2022
Company Statement of Financial Position
ECSC Group plc
Registered Number: 03964848
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 62
Share
Capital
£’000
Share
Premium
Account
£’000
Share
Option
Reserve
£’000
Retained
Earnings/
(Losses)
£’000
Total
£’000
Balance as at 31 December 2019
91
5,661
291
(5,673)
370
Loss and Total Comprehensive
Total Comprehensive Loss for the Year
-
-
-
(269)
(269)
Transactions with shareholders
Issue of shares
9
437
-
-
446
Share Based Payments
-
-
101
-
101
Total transactions with shareholders
9
437
101
-
547
Balance as at 31 December 2020
100
6,098
392
(5,942)
648
Loss and Total Comprehensive
Total Comprehensive Loss for the Year
-
-
-
(527)
(527)
Transactions with shareholders
Share Based Payments
-
-
100
-
100
Reduction of capital (note 4.7)
-
(6,098)
-
6,098
-
Total transactions with shareholders
-
(6,098)
100
-
100
Balance as at 31 December 2021
100
-
492
(371)
221
Consolidated Statement of Changes in Equity
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 63
Share
Capital
£’000
Share
Premium
Account
£’000
Share
Option
Reserve
£’000
Retained
Earnings/
(Losses)
£’000
Total
£’000
Balance as at 31 December 2019
91
5,661
291
(5,675)
368
Loss and Total Comprehensive Income:
Total Comprehensive Loss for the Year
-
-
-
(270)
(270)
Transactions with shareholders
Issue of Shares
9
437
-
-
446
Grant of Share Options
-
-
101
-
101
Total transactions with shareholders
9
437
101
-
547
Balance as at 31 December 2020
100
6,098
392
(5,945)
645
Loss and Total Comprehensive
Total Comprehensive Loss for the Year
-
-
-
(592)
(592)
Transactions with shareholders
Share Based Payments
-
-
100
-
100
Reduction of capital (note 4.7)
-
(6,098)
-
6,098
-
Total transactions with shareholders
-
(6,098)
100
-
100
Balance as at 31 December 2021
100
-
492
(376)
216
Company Statement of Changes in Equity
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 64
Note
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Cash Flow from / (used in) Operating Activities
Loss before Taxation
(522)
(319)
Adjustment for:
Amortisation of Intangibles
12
166
168
Depreciation of Right-Of-Use Assets
18
143
175
Depreciation of Property, Plant and Equipment
13
91
137
Loss/(gain) on Disposal of Tangible Asset
4
(4)
Finance Costs
42
48
Share Based Payments
23
100
101
Cash used up in Operating Activities before changes in Working Capital
24
306
Change in Inventory
14
-
17
Change in Trade and Other Receivables
(146)
(214)
Change in Trade and Other Payables
(624)
268
Cash (Used In)/Generated from Operating Activities
(746)
377
R&D Tax Credit Received
209
343
Net Cash (Used In)/ Generated from Operating Activities
(537)
720
Acquisition of Property, Plant and Equipment
13
(34)
(5)
Disposal Proceeds
-
6
Development Costs capitalised
12
(194)
(194)
Net Cash Flow used in Investing Activities
(228)
(193)
Principal Paid on Lease Liabilities
18
(172)
(195)
Interest Paid on Loans and Borrowings
(2)
(7)
Net Proceeds from Issue of Loan
985
-
Proceeds from Issue of Shares
-
500
Costs of Share Issuance
-
(54)
Net Cash generated from Financing Activities
811
244
Net increase in Cash & Cash Equivalents
46
771
Cash & Cash Equivalents at beginning of period
25
1,122
351
Cash & Cash Equivalents at end of period
16
1,168
1,122
Consolidated Cash Flow Statement
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 65
Note
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Cash Flow from / (used in) Operating Activities
Loss before Taxation
(524)
(320)
Adjustment for:
Amortisation of Intangibles
12
166
168
Amortisation of Right-Of-Use Assets
18
121
153
Depreciation of Property, Plant and Equipment
13
90
127
Loss/(gain) on Disposal of Tangible Asset
4
(4)
Finance Costs
41
46
Share Based Payments
23
100
101
Cash used up in Operating Activities before changes in Working Capital
(2)
271
Change in Inventory
14
-
17
Change in Trade and Other Receivables
(137)
(220)
Change in Trade and Other Payables
(630)
284
Cash (Used In)/Generated from Operating Activities
(769)
352
R&D Tax Credit Received
209
343
Net Cash Flow Generated from Operating Activities
(560)
695
Acquisition of Property, Plant and Equipment
13
(34)
(5)
Disposal Proceeds
-
6
Development Costs Capitalised
12
(194)
(194)
Net Cash Flow used in Investing Activities
(228)
(193)
Principal Paid on Lease Liabilities
18
(149)
(172)
Interest Paid on Loans and Borrowings
(2)
(7)
Net Proceeds from issue of loan
985
-
Proceeds from Issues of Shares
-
500
Costs of Share Issuance
-
(54)
Net Cash generated from Financing Activities
834
267
Net increase in Cash & Cash Equivalents
46
769
Cash & Cash Equivalents at beginning of period
25
1,119
350
Cash & Cash Equivalents at end of period
16
1,165
1,119
Company Cash Flow Statement
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 66
Cyber Security Experts
Annual Report Year Ended 31 December 2021
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 67
1. Corporate Information
ECSC Group plc is incorporated in England and Wales and admitted to trading on the market of the London
Stock Exchange (AIM: ECSC). Further copies of these financial statements will be available at the Company’s
registered office: 28 Campus Road, Listerhills Science Park, Bradford, West Yorkshire, BD7 1HR. These
financial statements for the year ended 31 December 2021 were approved by the Board of Directors on 22
March 2022. The principal activities for the Group are detailed in the Strategic report on pages 24-33.
2. General Information
These financial statements may contain certain statements about the future outlook of ECSC Group plc.
Although the Directors believe their expectations are based on reasonable assumptions, any statements
about future outlook may be influenced by factors that could cause actual outcomes and results to be
materially different.
3. Basis of Preparation
These financial statements for the year ended 31 December 2021 have been prepared in accordance with
UK adopted international accounting standards (collectively ‘UKIAS) and as applied in accordance with the
provisions of the Companies Act 2006. The Company has taken advantage of Section 408 of the Companies
Act 2006 and has not included its individual statement of comprehensive income in these financial
statements. The Company’s overall result for the year is given in the company statement of financial position
and statement of changes in shareholders’ equity.
The financial statements for the period ended 31 December 2021 (and comparative) have been prepared
on a consolidated basis. The consolidated financial statements present the results of the Company and
its subsidiaries (‘the Group’) as if they formed a single entity. The financial statements of the Group and
Company are both prepared in accordance with UKIAS.
Alternative performance measures (APM)
In the reporting of financial information, the Directors have adopted the APM ‘Adjusted EBITDA” (APMs were
previously termed ‘Non-GAAP measures’), which is not defined or specified under International Financial
Reporting Standards (IFRS).
This measure is not defined by UKIAS and therefore may not be directly comparable with other companies’
APMs, including those in the Group’s industry. APMs should be considered in addition to, and are not
intended to be a substitute for, or superior to, UKIAS measurements.
Purpose
The Directors believe that this APM assists in providing additional useful information on the underlying
trends, performance and position of the Group. This APM is also used to enhance the comparability of
information between reporting periods and business units, by adjusting for non-recurring or uncontrollable
factors which affect IFRS measures, to aid the user in understanding the Group’s performance.
Consequently, APMs are used by the Directors and management for performance analysis, planning,
reporting and incentive setting purposes and this remains consistent with the prior year.
Notes to the Financial Statements
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 68
Adjusted APMs are used by the Group in order to understand underlying performance and exclude items
which distort compatibility, as well as being consistent with public broker forecasts and measures (see note
26).
The financial statements have been presented in thousands of Pounds Sterling (£’000, GBP) as this is the
currency of the primary economic environment that the Company operates in.
4. Accounting Policies
The principal accounting policies applied in the preparation of the financial statements are set out below.
These policies have been consistently applied to all periods presented, unless otherwise stated.
4.1 Basis of Accounting
The financial statements have been prepared on the historical cost basis except as stated.
New IFRS standards, amendments to and interpretations not applied to published standards
The following new standards, amendments to standards and interpretations will be mandatory for the first
time in future financial years:
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 69
Issued date
IASB mandatory effective date
(UK mandatory effective date)
UK Adoption status (EU pre 31
December 2020)
New Standards
IFRS 17 Insurance contracts including
Amendments to IFRS 17 (issued on 25
June 2020)
18-May-2017 and
25-June-2020
01-Jan-2023
TBC
Amendments to existing standards
Amendments to IAS 1: Classification of
Liabilities as Current or Non-current
23-Jan-2020
01-Jan-2023
TBC
Amendments to: IFRS 3 Business
Combinations; IAS 16 Property, Plant
and Equipment; IAS 37 Provisions,
Contingent Liabilities and Contingent
Assets
14-May-2020
01-Jan-2022
TBC
Annual Improvements to IFRSs (2018-
2020 Cycle): IFRS 1, IFRS 9, Illustrative
Examples accompanying IDRS 16, IAS
41
14-May-2020
01-Jan-2022
TBC
Amendments to IFRS 16 Leases COVID
19-Related Rent Concessions
28-May-2020
01-Jun-2020
Endorsed
Amendments to IFRS 4 Insurance
Contracts – deferral of IFRS 9
25-June-2020
01-Jan-2021
Adopted by UKEB
Amendments to IFRS 9, IAS 39, IFRS
7, IFRS 4 and IFRS 16 Interest Rate
Benchmark Reform – Phase 2
27-Aug-2020
01-Jan-2021
Adopted by UKEB
Amendments to IAS 8 – Definition of
Accounting Estimates
12-Feb-2021
01-Jan-2023
TBC
Amendments to IAS 1 and IFRS
Practice Statement 2 – Disclosure of
Accounting policies
12-Feb-2021
01-Jan-2023
TBC
Amendments to IFRS 16 Leases COVID
19-Related Rent Concessions beyond
30 June 2021
31-Mar-2021
01-Apr-2021
Adopted by UKEB
Amendments to IAS 12 – Deferred Tax
related to Assets and Liabilities arising
from a single Transaction
07-Feb-2021
01-Jan-2023
TBC
Amendments to IFRS 17 – initial
Application of IFRS 17 and IFRS 9 –
Comparative Information
09-Dec-2021
01-Jan-2023
TBC
The application of these standards and interpretations is not expected to have a material impact on the
Group’s reporting financial performance or position.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 70
4.2 Going Concern
The Directors have reviewed whether the Group has adequate resources to continue in operational existence
for the foreseeable future, being no shorter than 12 months from the date of approving the Annual Report.
In conducting this review, the Directors have considered a range of factors, including the market prospects
for cyber security services, client relationships and dependency, supplier relationships and dependency,
actual or potential litigation, staff retention and reliance, relationships with HMRC and regulators, financing
arrangements, historic trading and cash flow performance, current trading and cash flow performance, and
future trading and cash flow expectations. In undertaking their review, the Directors have prepared financial
projections for the years ending 31 December 2022 and 2023, a review which assumes continued revenue
growth and cost efficiency.
The budget figures are closely monitored against actuals on a monthly basis. Variances that may arise are
discussed a Board level on a monthly basis during a review of the monthly numbers. In the event that this
revenue and cost performance is not achieved, the Directors have also considered a sensitivity analysis
based on lower revenue growth, increase in salaries inflation and have formulated contingency plans for this
scenario, which enable the Group to preserve its financial resources.
In light of the continued COVID-19 pandemic, the Directors have continued to carefully monitor the situation
especially the Group’s going concern position to ensure the Group is in a robust place to manage additional
risks and uncertainties created by the pandemic. During 2021, the Group demonstrated its ability to grow
under these challenging conditions achieving an 8% growth in revenue and maintained a positive adjusted
EBITDA profit. As at 31 December 2021, the Group had an adjusted EBITDA profit of £0.2m (2020: £0.4m), and
an operating loss of £0.5m (2020: £0.3m) due to an increase in Sales and Marketing costs.
In December 2021, the Group entered into a borrowing facility with Growth Lending Limited. The net
proceeds of which will be used for working capital purposes and to support the Group’s overall organic
growth strategy. The new borrowing facility comprises an initial £1.0m term loan received on 24 December
2021 and a further £0.5m loan to be drawn down after six months subject to an agreed level of adjusted
EBITDA being achieved. The facility term is 60 months with an interest rate at the higher of 9% per annum
or the monthly average SONIA plus 7%. The borrowings will support the short to medium term needs of
the business and improve the ability to drive growth. The Loan facility is secured by a fixed charge over the
assets of the Company. As at 31 December 2021, the Group had cash and cash equivalents of £1.17m (2020:
£1.12m).
Based on this review, the Directors have concluded that the Group has adequate resources to meet
its liabilities as they fall due and continue in operational existence for the foreseeable future, which
is considered to be at least the next 12 months from the date of approval of the financial statements.
Consequently, the Directors have adopted the going concern basis in preparing the financial statements.
4.3 Revenue Recognition
The core principle is that revenue should only be recognised as the client receives the benefit of the goods
or services provided under a commercial contract, in an amount that reflects the consideration to which the
provider expects to be entitled for the transfer of the goods or services.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 71
Performance obligations and timing of revenue recognition
Revenue comprises the sales value of goods and services supplied during the year, exclusive of Value Added
Tax and trade discounts. Revenue from the provision of Consulting services is recognised as services are
rendered, based on the contracted daily billing rate and the number of days delivered during the period.
Revenue from pre-paid contracts are deferred in the balance sheet and recognised on utilisation of service
by the client. Pre-paid revenue is included within Assurance in note 6. Revenue from Managed Services &
response (MDR) contracts include multiple performance obligation as set out below:
•
Hardware – hardware revenue is recognised on delivery and is included within other revenue as set out in
note 6. This is when control of hardware passes to the customer.
•
Device build - Device build revenue is deferred and recognised on a straight line basis over the term of
the contract.
•
Licensing - deferred and recognised on a straight line basis over the invoice period, due to the
performance obligation not being considered distinct from management and monitoring performance
obligation
•
Management and monitoring - deferred and recognised on a straight line basis over the invoice period.
•
Revenue from the sale of products (vendor) is recognised when control passes to the customer, which is
considered to occur when the software or hardware product has been delivered to the client.
Determining the transaction price
The Group’s revenue is derived from fixed price contracts and therefore the amount of revenues to be earned
from each contract is determined by reference to those fixed prices.
Costs of obtaining long-term contracts and costs of fulfilling contracts
Commissions paid to sales staff for work in obtaining Managed Service contracts are prepaid and amortised
over the terms of the contract on a straight line basis.
Commissions paid to sales staff for work in obtaining the Prepaid Consultancy contracts are recognised in
the month of invoice.
4.4 Finance Income
Finance income is accrued on an annual basis, by reference to the principal outstanding at the applicable
effective credit interest rate.
4.5 Government Grant Income
A government grant is recognised only when there is reasonable assurance that (a) the entity will comply
with any conditions attached to the grant and (b) the grant will be received.
The grant is recognised as income over the period necessary to match them with the related costs, for which
they are intended to compensate, on a systematic basis.
Government Grant Income is recognised in the Statement of Comprehensive Income over the period in which
the Company recognises expenses for the related costs for which the grants are intended to compensate.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 72
Grants relating to income are deducted from the related expense.
Government tax credits available on eligible Research and Development expenditure (‘R&D Tax Credits’) and
not reclaimable through other means are recognised as Other Income (see note 7).
Coronavirus Job Retention Scheme (CJRS)
Where the Group receive Coronavirus Job Retention Scheme (CJRS) expenditure credits, it is accounted
for as government grant as income and matched with the relevant staff costs in which they are intended to
compensate. The income has been recognised in the period to which the underlying furloughed staff costs
relate to in accordance with IAS20. (see note 9).
Australia Government Grants
Where the Group received the JobKeeper payment (wage subsidy which provided a $1,500 payment per
fortnight per employee from 1st April 2020 until 27 September 2020) and the Cash Flow Boost for Employers,
it is accounted for as government grant as income and matched with the relevant staff costs in which they
are intended to compensate. The income has been recognised in the period to which the underlying grant
staff costs relate to in accordance with IAS20. (see note 9).
4.6 Operating Loss
Operating Loss is stated after all expenses, including those considered to be exceptional, but before finance
income or expenses. Exceptional items are items of income or expense which, because of their nature or
size, require separate presentation to allow shareholders to better understand the financial performance of
the period and allow comparison with prior years.
4.7 Foreign Currencies
Financial assets and liabilities in foreign currencies are translated into sterling at the rates of exchange
prevailing at the balance sheet date. Transactions in foreign currencies are translated into sterling at the
rate of exchange prevailing at the date of the transaction. Exchange differences are recognised in Operating
Profit.
On consolidation, the results of overseas operations are translated into Sterling at rates approximating those
prevailing when the transactions took place. All assets and liabilities of overseas entities are translated at
the rate prevailing at the reporting date. Exchange differences arising on translating the opening net assets
at opening rate and the results of overseas operations at actual rate are recognised in Other Comprehensive
Income and accumulated in the foreign exchange reserve.
4.8 Employee Benefits
Short-Term Benefits
Wages, salaries, paid annual leave and sick leave, bonuses and non-monetary benefits are accrued in the
period in which the associated services are rendered by employees of the Company.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 73
Defined Contribution Pension Scheme
The Company operates a defined contribution pension scheme for employees. The assets of the scheme
are held separately from those of the Company. The annual contributions are charged to the Statement of
Comprehensive Income. The Company also contributes to the personal pension plans of the Directors in
accordance with their Service Contracts.
Employee Share Based Payments
Where equity settled share options are granted to employees (including Directors), the fair value of the
options at the date of grant is charged to the Consolidated Statement of Comprehensive Income, as a Share
Based Payment Charge, over the vesting period of the options, with a corresponding movement in the Share
Option Reserve.
Non-market vesting conditions are taken into account by adjusting the number of equity instruments
expected to vest at each reporting date so that, ultimately, the cumulative amount recognised over the
vesting period is based on the number of options that eventually vest. Non-vesting conditions and market
vesting conditions are factored into the fair value of the options granted. As long as all other vesting
conditions are satisfied, a charge is made irrespective of whether the market vesting conditions are satisfied.
Where the terms and conditions of options are modified before they vest, the increase in the fair value of the
options, measured immediately before and after modification, is also charged to the Consolidated Statement
of Comprehensive Income over the remaining vesting period.
Where options are cancelled and replaced, modification treatment is adopted which results in the recognition
of any incremental fair value but not any reduction in fair value. Any increase in the fair value of the options,
measured immediately at replacement, is charged to the Consolidated Statement of Comprehensive Income.
The cancelled options continue to be charged to the Consolidated Statement of Comprehensive Income over
the remaining vesting period. The share option reserves is released to retained earnings at the point at which
the options are exercised.
4.9 Property, Plant and Equipment
Property, plant and equipment is stated at cost less accumulated depreciation and any impairment losses.
Cost comprises the purchase price of property, plant and equipment together with any directly attributable
costs. Subsequent costs are included in an asset’s carrying value or recognised as a separate asset, when
it is probable that future economic benefits associated with the additional expenditure will flow to the Group
and the cost of the item can be measured reliably. All other costs are charged to the profit or loss when
incurred.
Depreciation is calculated so as to write-off the cost of an asset, less its estimated residual value, over the
useful economic life of that asset as follows:
•
Leasehold Property
20% reducing balance
•
Office Equipment
20% reducing balance
•
Computer Equipment
33% straight line
•
Motor Vehicles
20% straight line
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 74
Methods of depreciation, residual values and useful lives are reviewed and adjusted, if appropriate, at each
balance sheet date. The gain or loss arising from the disposal or retirement of an item of property, plant and
equipment is determined as the difference between the net disposal proceeds and the carrying amount of
the item, and is included in the profit or loss.
4.10 Research and Development Expenditure
Expenditure on research activities is recognised as an expense in the period in which it is incurred.
Development costs incurred on specific projects are capitalised when all the following conditions are
satisfied:
•
completion of the intangible asset is technically feasible so that it will be available for use or sale
•
the Group intends to complete the intangible asset and use or sell it
•
the Group has the ability to use or sell the intangible asset
•
the intangible asset will generate probable future economic benefits. Among other things, this requires
that there is a market for the output from the intangible asset or for the intangible asset itself, or, if it is
to be used internally, the asset will be used in generating such benefits
•
there are adequate technical, financial and other resources to complete the development and to use or
sell the intangible asset, and
•
the expenditure attributable to the intangible asset during its development can be measured reliably.
Development costs not meeting the criteria for capitalisation are expensed as incurred.
The cost of an internally generated intangible asset comprises all directly attributable costs necessary to
create, produce and prepare the asset to be capable of operating in the manner intended by management.
Directly attributable costs include employee (other than directors) costs incurred on development and
directly attributable overheads. The costs of internally generated software developments are recognised as
intangible assets.
Capitalised assets are amortised over their useful economic life, which is considered to be five years.
If the criteria set out in IAS 38 are not met, expenditure on development activities is recognised as an
expense in the period in which it is incurred.
Impairment
At each balance sheet date, the Group assesses whether there is any indication that its assets have
been impaired. If any such indication exists, the recoverable amount of the asset is estimated in order to
determine the extent of the impairment, if any. If it is not possible to estimate the recoverable amount of
the individual asset, the recoverable amount of the cash-generating unit to which the asset belongs is
determined.
The recoverable amount of an asset or a cash-generating unit is the higher of its fair value less costs to sell
and its value in use. The value in use is the present value of the future cash flows expected to be derived
from an asset or cash-generating unit.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 75
This present value is discounted using a pre-tax rate that reflects current market assessments of the time
value of money and of the risks specific to the asset for which future cash flow estimates have not been
adjusted. If the recoverable amount of an asset is less than its carrying amount, the carrying amount of the
asset is reduced to its recoverable amount. That reduction is recognised as an impairment loss.
An impairment loss relating to assets carried at cost less any accumulated depreciation or amortisation is
recognised immediately in the profit or loss.
If an impairment loss subsequently reverses, the carrying amount of the asset is increased to the revised
estimate of its recoverable amount but limited to the carrying amount that would have been determined had
no impairment loss been recognised in prior years. A reversal of an impairment loss is recognised in profit
or loss. Impairment losses on goodwill are not subsequently reversed.
4.11 Inventories
Inventories are carried at the lower of cost or net realisable value. Net realisable value is calculated based
on the expected revenue from sale in the normal course of business less any costs to sell. Due allowance is
made for obsolete and slow moving items.
4.12 Financial Instruments
Financial Assets
The Group and Company’s Financial Assets include Cash and Cash Equivalents, Trade Receivables and Other
Receivables.
•
Initial Recognition and Measurement
Financial Assets are classified as amortised cost and initially measured at fair value.
•
Subsequent Measurement
Financial assets are subsequently measured at amortised cost, using the effective interest method,
less impairment. Interest is recognised by applying the effective interest method, except for short-term
receivables when the recognition of interest would be immaterial.
The Group has applied the simplified method of the expected credit loss model when calculating
impairment losses on its financial assets measured at amortised cost, such as trade receivables. This
assessment is performed on a trade receivables and contract assets basis considering forward-looking
information, including the use of macroeconomic information, around our customer contracts and
payment history. The credit risk of financial instruments has not considered to have changed since initial
recognition.
The group classifies its financial assets as at amortised cost only if both of the following criteria are met:
(i) the asset is held within a business model with the objective of collecting the contractual cash flows; and
(ii) the contractual terms give rise on specified dates to cash flows that are solely payments of principal and
interest on the principal outstanding.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 76
•
De-recognition of Financial Assets
The Group and Company de-recognises a Financial Asset only when the contractual rights to the cash
flows from the asset expire, or it transfers the Financial Asset and substantially all the risks and rewards
of ownership of the asset to another entity.
Financial Liabilities and Equity Instruments
The Group and Company’s Financial Liabilities includes Trade Payables, Accruals, Bank borrowings and
Other Payables. Financial Liabilities are classified at amortised cost.
•
Classification as Debt or Equity
Financial Liabilities and Equity Instruments issued by the Company are classified according to the
substance of the contractual arrangements entered into and the definitions of a Financial Liability and an
Equity Instrument.
•
Equity Instruments
An Equity Instrument is any contract that evidences a residual interest in the assets of the Company after
deducting all of its liabilities. Equity Instruments are recorded at the proceeds received, net of direct
issue costs.
•
Trade Payables, Other Payables, Bank borrowings and Accruals
Trade Payables, Accruals and Other Payables are initially measured at fair value, net of transaction costs,
and are subsequently measured at amortised cost, where applicable, using the effective interest method,
with interest expense recognised on an effective yield basis.
Initial recognition and measurement
Financial liabilities are initially measured at fair value, and, where applicable, adjusted for transaction
costs unless the Group designated a financial liability at fair value through profit or loss.
Subsequent measurement
Subsequently, financial liabilities are measured at amortised cost using the effective interest method
except for financial liabilities designated at FVTPL, which are carried subsequently at fair value with
gains or losses recognised in profit or loss. All interest-related charges are included within finance costs
or finance income.
Borrowings are recorded initially at fair value, net of direct issue costs, and subsequently are recorded at
amortised cost using the effective interest method.
•
De-recognition of Financial Liabilities
The Company de-recognises financial liabilities when the Company’s obligations are discharged,
cancelled or expire.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 77
Offsetting of Financial Instruments
Financial Assets and Financial Liabilities are offset, and the net amount reported in the Statement
of Financial Position if there is a currently enforceable legal right to offset the recognised amounts
and there is an intention to settle on a net basis, or to realise the assets and settle the liabilities
simultaneously.
4.13 Cash and Cash Equivalents
Cash and Cash Equivalents comprise cash on hand and demand deposits, and other short-term highly liquid
investments which are readily convertible to known amounts of cash and are subject to insignificant risk of
changes in value.
4.14 Impairment of Assets
Non-Financial Assets
The carrying amounts of the Group and Company’s Non-Financial Assets, other than Deferred Tax Assets,
are reviewed at each reporting date to determine whether there is any indication of impairment. If any such
indication exists, then the asset’s recoverable amount is estimated.
The recoverable amount of an asset or cash-generating unit is the greater of its value in use and its fair
value less costs to sell. In assessing value in use, the estimated future cash flows are discounted to their
present value using a pre-tax discount rate that reflects current market assessments of the time value of
money and risk specific to the asset. For the purpose of impairment testing, assets are grouped together into
the smallest group of assets that generates cash inflows from continuing use that are largely independent of
the cash inflows of other assets or groups of assets.
An impairment loss is recognised if the carrying amount of an asset or its cash generating unit exceeds its
estimated recoverable amount. Impairment losses are recognised in profit and loss.
Impairment losses recognised in prior periods are assessed at each reporting date for any indications that
the loss has decreased or no longer exists. An impairment loss is reversed if there has been a change in
the estimates used to determine the recoverable amount. An impairment loss is reversed only to the extent
that the asset’s carrying amount does not exceed the carrying amount that have been determined, net of
depreciation or amortisation, if no impairment loss had been recognised.
4.15 Corporation Tax
Corporation Tax expense represents the sum of the tax currently payable and Deferred Tax.
The tax currently payable is based on taxable profit for the year. Taxable profit differs from profit as reported
in the Statement of Comprehensive Income because it excludes items of income or expense that are taxable
or deductible in other years and it further excludes items that are not taxable or tax deductible.
The Group and Company’s liability for current tax is calculated using tax rates (and tax laws) that have been
enacted or substantively enacted by the end of the financial period.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 78
Government tax credits available on eligible Research and Development expenditure and not reclaimable
through other means are recognised as Other Income and treated as a government grant. This applies when
there are no taxable profits against which to offset the tax credit. The amount receivable by the Group and
Company is shown on the face of the balance sheet within Corporation Tax Recoverable.
4.16 Deferred Tax
Deferred Tax is recognised in respect of all timing differences that have originated but not reversed at the
balance sheet date where transactions or events have occurred at that date that will result in an obligation to
pay more, or a right to pay less or to receive more tax.
Deferred Tax Assets are recognised only to the extent that the Directors consider that it is more likely
than not that there will be suitable taxable profits from which the future reversal of the underlying timing
differences can be deducted.
Deferred Tax is measured on an undiscounted basis at the tax rates that are expected to apply in the periods
in which timing differences reverse, based on tax rates and laws enacted or substantively enacted at the
balance sheet date.
4.17 Share Capital
Ordinary Share Capital is recorded at nominal value and proceeds received in excess of nominal value of
shares issued, if any, is accounted for in the Share Premium Account. Both Ordinary Share Capital and Share
Premium Account are classified as equity. Costs incurred directly to the issue of shares are accounted
for as a deduction from Share Premium Account; otherwise such costs are charged to the Statement of
Comprehensive Income.
Share capital reduction
Where the Company enters into a share capital reduction exercise, the share premium of the Company is
cancelled and amounts are transferred to retained earnings.
4.18 Operating Segments
An operating segment is a component of the Group and the Company that engages in business activities
from which it may earn revenues and incur expenses, including revenues and expenses that relate to
transactions with any of the Company’s other components.
An operating segment’s operating results are reviewed regularly by the Directors of the Company to assess
performance and make decisions about resource allocation.
The Board considers that the Company’s activity constitutes three operating and three reporting segments
as defined under IFRS 8.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 79
4.19 Related Parties
Parties are considered to be related if one party has the ability (directly or indirectly) to control the other
party or exercise significant influence over the other party in making financial and operating decisions.
Parties are also considered related if they are subject to common control or common significant influence.
Related parties may be individuals or corporate entities.
4.20 Exceptional Items
The Group seeks to highlight certain items as exceptional operating income or costs. These are considered
to be exceptional in size, frequency and/or nature rather than indicative of the underlying day to day trading
of the Group. These may include items such as acquisition costs, restructuring costs, obsolescence costs,
employee exit and transition costs, legal costs, material profits or losses on disposal of property, plant and
equipment, profits or losses on the disposal of subsidiaries, loan impairment, deferred consideration fair
value or pandemic costs.
All of these items are charged or credited before calculating operating profit or loss. Material profits or
losses on disposal of property, plant and equipment are shown as separate items in arriving at operating
profit or loss whereas other exceptional items are charged or credited within operating costs and highlighted
by analysis.
The Directors apply judgement in assessing the particular items, which by virtue of their size and nature are
disclosed separately in the Statement of Comprehensive Income and the notes to the financial statements as
exceptional items.
The Directors believe that the separate disclosure of these items is relevant to understanding the Group’s
financial performance.
5. Critical Accounting Judgements, Estimates and Sources of Estimation Uncertainty
In applying the accounting policies, the Directors may at times be required to make critical accounting
judgements and estimates about the carrying amount of assets and liabilities. These estimates and
assumptions, when made, are based on historical experience and other factors that the Directors consider
are relevant.
The key estimates and assumptions concerning the future and other key sources of estimation uncertainty
at the end of the financial year, that have significant risk of causing a material adjustment to the carrying
amounts of assets and liabilities within the next financial year, are stated below.
Judgements
Going Concern
Management apply their judgement in reviewing whether the Group has adequate resources to continue
in operational existence for the foreseeable future, which is considered to be 12 months from the date
of approval of the financial statement. The Group have undertaken sensitivity analysis around possible
uncertainties, further detail regarding the impact is detail on page 29.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 80
Development Costs Capitalised & Amortised
Management apply their judgement in determining whether an identified intangible software asset meets
the criteria for capitalisation under IAS 38. The carrying value of Intangible Assets as at 31 December 2021
was £483k (2020: £455k).
Management estimate the percentage of development staff time used to enhance and improve the Group’s
intangible software assets in order to capitalise a proportion of salary costs each period. In the year ended 31
December 2021, the amount of staff time capitalised into Intangible Assets was £194k (2020: £194k).
Development Costs capitalised into Intangible Assets are amortised over management’s estimate of the
useful economic life of the asset recognised. In the year ended 31 December 2021, the useful economic life
of all Intangible Assets was estimated to be 5 years, resulting in an amortisation charge of £166k (2020:
£168k).
All intangible assets and property, plant and equipment are tested for impairment when indicators of
impairment exist. Impairment is determined with reference to the higher of fair value less costs to sell or
value in use. Value in use is estimated using adjusted future cash flows and referenced to WACC/discount
rates of 4.66%. Significant assumptions are made in estimating future cash flows about future events
including future market conditions and future growth rates.
6. Revenue and Segment Information
The Group’s principal revenue is derived from the provision of cyber security professional services.
During this period, the Directors received information on financial performance on a divisional basis. The
Directors consider that there are three reportable operating segments: Assurance (including Remote
Support services), MDR, and Vendor Products. There were a small number of other transactions recorded
during each period which are not considered to be part of either of the three reportable operating segments.
These are presented below within the ‘Other’ caption and are not significant.
The Directors do not receive any information on the financial position of each segment, including information
on assets and liabilities. Accordingly, no such information has not been presented.
The Group is not reliant on any single client, with no single client accounting for 10% or more of revenue. All
revenue recognised is derived from external clients.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 81
Notes to the Financial Statements cont.
The Group has PPE located in the UK (cost of £919k; NBV of £88k) and Australia (cost of £57k; NBV nil).
The Group’s revenue and gross profit by operating segment for the year ended 31 December 2021 were as
follows:
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Revenue
Assurance
3,123
2,724
MDR
2,886
2,732
Vendor Products
93
125
Other
42
82
Total Revenue
6,144
5,663
Gross Profit
Assurance
1,965
1,576
MDR
1,757
1,994
Vendor Products
15
25
Other
(63)
(47)
Gross Profit
3,674
3,548
Operating Loss
(480)
(271)
Finance Cost
(42)
(48)
Loss before Taxation
(522)
(319)
Revenue by country for the year ended 31 December 2021 was as follows:
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
United Kingdom
5,911
5,294
Europe
107
278
United States
36
-
Channel Island
87
89
Other Countries
3
2
Total
6,144
5,663
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 82
The Group’s United Kingdom revenue by operating segment for the year ended 31 December 2021 was as
follows:
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Revenue United Kingdom
Assurance
3,025
2,367
MDR
2,759
2,724
Vendor Products
88
124
Other
39
79
Total
5,911
5,294
Contract Balances
Contract
Assets
2021
£’000
Contract
Assets
2020
£’000
Contract
Liabilities
2021
£’000
Contract
Liabilities
2020
£’000
At 1 January
34
43
(878)
(866)
Commission expensed during the period
(91)
(62)
-
Commissions paid in advance of contract completion
77
53
-
Recognised as revenue during the period
-
3,286
3,390
Cash received in advance of performance during
period
-
(3,091)
(3,402)
At 31 December 2021
20
34
(683)
(878)
7. Other Income
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Gain on sale of Asset
-
4
R&D Tax Credits
282
293
Total
282
297
A credit has been recognised within Other Income as a result of R&D Tax Credit surrenders. For the year
ended 31 December 2020, the surrender resulted in a credit of £212k relating to R&D undertaken in 2020,
included within Corporation Tax Recoverable, and an additional credit received of £81k for additional R&D
expenditure relating to 2018.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 83
8. Operating Loss
Operating Loss is stated after charging:
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Depreciation of Fixed Assets
91
137
Amortisation of Intangibles - Development Costs
166
168
Depreciation of right of use assets
143
175
R&D expenditure
948
786
Short-term and low value lease expense
63
76
Auditors Remuneration - Audit Services
50
45
Auditors Remuneration - Non-Audit Services
Taxation Compliance Services
14
8
Other Taxation and Compliance Services
5
12
Exceptional items (note 27)
145
65
Inventories Expensed
7
8
The amount charged in respect of Auditors’ Remuneration for the Group and the Company audit was £50k (2020: £45k). None of the subsidiaries
(see note 28) of the Group were subject to audit in the year ended 31 December 2021.
9. Employee Benefit Expense
Employee Benefit Expense (including Directors) during the periods amounted to:
GROUP
Year Ended
31 December
2021
£’000
GROUP
Year Ended
31 December
2020
£’000
COMPANY
Year Ended
31 December
2021
£’000
COMPANY
Year Ended
31 December
2020
£’000
Wages and Salaries - Gross
4,420
4,269
4,237
4,033
Government Grants
-
(292)
-
(203)
Wages and Salaries
4,420
3,977
4,237
3,830
Social Security Costs
550
452
492
404
Pension Contributions
218
179
194
161
Share Based Payments
100
101
100
101
5,288
4,709
5,023
4,496
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 84
Directors’ remuneration for the Group and Company is as follows:
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Salaries, Bonus, Benefits-in-Kind
610
662
Pension Contributions
51
47
Share Based Payments
70
120
Social Security Costs
73
78
804
907
Details of Directors’ remuneration can be found in the Remuneration Report on pages 43-48.
Key management personnel, being those persons having responsibility for planning, directing and
controlling the activities of the Group, are considered to be the Directors listed on page 36 (Board of
Directors).
Amounts paid to the highest paid director in the period were as follows:
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Salaries, Bonus, Benefits-in-Kind
243
219
Pension Contributions
23
20
266
239
Group
The average monthly number of employees during the year was:
Year ended
31 December
2021
Year ended
31 December
2020
Directors
6
6
Operational
81
81
87
87
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 85
Company
The average monthly number of employees during the year was:
Year ended
31 December
2021
Year ended
31 December
2020
Directors
6
6
Operational
76
77
82
83
10. Taxation
Recognised in the Statement of Comprehensive Income
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Corporation Tax Charge / (Credit)
-
-
Deferred Tax Charge / (Credit)
5
(50)
Total Tax Charge) /(Credit)
5
(50)
Reconciliation of Total Tax Charge/(Credit)
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Loss before Tax
(522)
(319)
UK Corporation At Rate Of 19.0% (2020: 19.0%)
(99)
(61)
Expenses Not Deductible For Tax Purposes
2
2
Over/Under Provision in Prior Period - Deferred Tax
5
(50)
Tax Losses on Which Deferred Tax Not Recognised
97
59
Total Tax Charge /(Credit)
5
(50)
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 86
Deferred Tax Assets & Liabilities
Deferred tax asset
2021
£’000
2020
£’000
At 1 Jan
118
77
Disallowable provisions
2
3
Profit and loss debit in respect of losses realised
87
13
Share options
(60)
25
At 31 Dec
147
118
Deferred tax liability
2021
£’000
2020
£’000
At 1 Jan
(90)
(99)
Profit and loss credit in request of timing differences
(34)
9
At 31 Dec
(124)
(90)
Deferred Tax Assets of £147k is recognised in respect of unutilised trading losses, Share options of £19k
(2020: £78k) and short-term timing differences of £7k (2020: £5k). Deferred Tax Liabilities of £124k arise on
timing differences in the carrying value of certain of the Company’s assets for financial reporting purposes
and for corporation tax purposes. These will reverse as the fair value of the related assets are depreciated
over time. Deferred Tax balances have been calculated at the rate of 25% (2020: 19%), being the rate of
Corporation Tax expected to be in force when the timing differences reverse.
Unutilised Trading Losses
The Company continues to carry forward unutilised trading losses of £5,448k (2020: £5,111k). A Deferred Tax
Asset of £122k (2019: £35k) has been recognised as at 31 December 2021 in respect of the unutilised trading
losses. No further Deferred Tax Asset has been recognised because the Board envisages that a significant
period of time will be required to generate sufficient profits to utilise the trading losses carried forward.
11. Earnings per Share
Basic Earnings per Share is calculated by dividing the loss for the period attributable to Equity Holders of the
Company by the weighted average number of Ordinary Shares outstanding during the period (‘Basic Number
of Ordinary Shares’).
Diluted Earnings per Share is calculated by dividing the loss for the period attributable to Equity Holders of
the Company by the weighted average number of Ordinary Shares outstanding during the period plus the
weighted average number of Ordinary Shares that would be issued on conversion of all the potential dilutive
Ordinary Shares (‘Diluted Number of Ordinary Shares’), subject to the effect of anti-dilutive potential shares
being ignored in accordance with IAS 33.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 87
Adjusted Earnings per Share is calculated by dividing Adjusted loss (after adding-back exceptional costs
incurred in the period; see note 26) by Diluted Number of Ordinary Shares.
The calculation of Basic, Diluted and Adjusted Earnings per Share is as follows:
Year ended
31 December
2021
£’000
Year ended
31 December
2020
£’000
Net Loss Attributable To Equity Holders Of The Company
(527)
(269)
Add Back: Exceptional Costs
145
65
Add Back: Share Based Payments
100
101
Adjusted Loss
(282)
(103)
Number Of Ordinary Shares (‘000)
Initial Weighted Average
10,007
9,098
Shares Issued in April 2020
-
909
Basic Number Of Ordinary Shares
10,007
10,007
Weighted Average Dilutive Shares In Period
1,160
906
Diluted Number Of Ordinary Shares
11,167
10,913
Earnings Per Share (Pence):
Basic Losses Per Share
(5.3)
(2.7)
Diluted Losses Per Share**
(5.3)
(2.7)
Adjusted Losses Per Share
(2.8)
(1.0)
** In accordance with IAS 33, the effect of anti-dilutive potential shares has been ignored.
During the prior year ended 31 December 2020, the following dilutive events have occurred:
•
On 17 April 2020, 909,091 ordinary shares were issued for £0.45m (net of expenses of £0.05m).
•
On 21 August 2020, the Company granted options over 588,037 Ordinary Shares to selected employees,
including 144,758 to Director Lucy Sharp, 103,602 to Director Ian Castle and 64,651 to Director Gemma
Basharan, of which 587,107 remain outstanding as at 31 December 2020.
•
On 28 August 2020, the Company granted options over 450,000 Ordinary Shares to selected employees,
including 100,000 to Director Ian Mann, 100,000 to Director Lucy Sharp, 80,000 to Director Ian Castle and
80,000 to Director Gemma Basharan, of which 450,000 remain outstanding as at 31 December 2020.
These dilutive events were taken into account in calculating Diluted Number of Ordinary Shares.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 88
12. Intangible Assets
GROUP & COMPANY
Development Costs
Costs
£’000
As at 1 January 2020
1,085
Additions
194
As at 31 December 2020
1,279
As at 1 January 2021
1,279
Additions
194
As at 31 December 2021
1,473
Amortisation
As at 1 January 2020
656
Charges for the year
168
As at 31 December 2020
824
As at 1 January 2021
824
Charges for the year
166
As at 31 December 2021
990
Net Book Value
As at 31 December 2020
455
As at 31 December 2021
483
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 89
13. Property, Plant and Equipment
GROUP
Leasehold
Property
£’000
Office
Equipment
£’000
Computer
Equipment
£’000
Motor
Vehicles
£’000
Total
£’000
Cost
At 1 January 2020
115
136
679
23
953
Additions
-
-
5
-
5
Disposals
-
-
(5)
-
(5)
At 31 December 2020
115
136
679
23
953
Additions
-
-
34
-
34
Disposals
(7)
(4)
-
-
(11)
At 31 December 2021
108
132
713
23
976
Depreciation
At 1 January 2020
63
75
518
14
670
Charge for Period
16
21
95
5
137
Disposals
-
-
(2)
-
(2)
At 31 December 2020
79
96
611
19
805
Charge for Period
16
18
55
2
91
Disposals
(5)
(3)
-
-
(8)
At 31 December 2021
90
111
666
21
888
Net Book Value
At 31 December 2020
36
40
68
4
148
At 31 December 2021
18
21
47
2
88
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 90
COMPANY
Leasehold
Property
£’000
Office
Equipment
£’000
Computer
Equipment
£’000
Motor
Vehicles
£’000
Total
£’000
Cost
At 1 January 2020
115
114
644
23
896
Additions
-
-
5
-
5
Disposals
-
-
(5)
-
(5)
At 31 December 2020
115
114
644
23
896
Additions
-
-
34
-
34
Disposals
(7)
(4)
-
-
(11)
At 31 December 2021
108
110
678
23
919
Depreciation
At 1 January 2020
63
58
489
14
624
Charge for Period
16
18
88
5
127
Disposals
-
-
(2)
-
(2)
At 31 December 2020
79
76
575
19
749
Charge for Period
16
16
56
2
90
Disposals
(5)
(3)
-
-
(8)
At 31 December 2021
90
89
631
21
831
Net Book Value
At 31 December 2020
36
38
69
4
147
At 31 December 2021
18
21
47
2
88
14. Inventory
GROUP
Year Ended
31 December
2021
£’000
GROUP
As At
31 December
2020
£’000
COMPANY
Year Ended
31 December
2021
£’000
COMPANY
As At
31 December
2020
£’000
Inventory
9
9
9
9
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 91
15. Trade Receivables and Other Receivables
GROUP
As At
31 December
2021
£’000
GROUP
As At
31 December
2020
£’000
COMPANY
As At
31 December
2021
£’000
COMPANY
As At
31 December
2020
£’000
Trade Receivables - Gross
459
613
459
613
Allowance for Credit Losses
-
(5)
-
(5)
Trade Receivables
459
608
459
608
Other Receivables
8
9
8
9
Intercompany Receivables
-
-
94
98
Prepayments
161
159
135
137
Contract Asset
47
35
37
35
675
811
743
887
Trade receivables are stated net of impairment for estimated irrecoverable amounts of £nil (2020: £5k). This
impairment has been determined by reference to past default experience and known issues. Write offs are
made when the irrecoverable amount becomes certain. The Directors consider that the carrying amount of
trade and other receivables approximates to their fair value.
An analysis of the trade receivables past due but not impaired is:
GROUP
As At
31 December
2021
£’000
GROUP
As At
31 December
2020
£’000
COMPANY
As At
31 December
2021
£’000
COMPANY
As At
31 December
2020
£’000
60 to 120 days
-
40
-
40
Less provision
-
(5)
-
(5)
Total trade debtors past due but not impaired
-
35
-
35
Add: Less than 60 days
459
573
459
573
Net trade receivables
459
608
459
608
Based on the above, the Directors have not recognised the expected credit loss on grounds of triviality to the
Group. The Directors consider the credit quality of trade and other receivables that are neither past due nor
impaired to be good.
Intercompany Receivables represent loans provided by ECSC Group plc to ECSC Australia Pty Ltd. The loans
are repayable on demand, no expected credit loss is attributed to them. Intercompany balances between
ECSC Group plc and ECSC Australia Pty Ltd are subject to interest charges by the debtor entity at the annual
rate of 3.00% above the Bank of England Base Rate.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 92
16. Cash & Cash Equivalents
GROUP
As At
31 December
2021
£’000
GROUP
As At
31 December
2020
£’000
COMPANY
As At
31 December
2021
£’000
COMPANY
As At
31 December
2020
£’000
Cash & Cash Equivalents
1,168
1,122
1,165
1,119
17. Trade Payables and Other Payables
GROUP
As At
31 December
2021
£’000
GROUP
As At
31 December
2020
£’000
COMPANY
As At
31 December
2021
£’000
COMPANY
As At
31 December
2020
£’000
Trade Payables
190
146
187
146
Other Taxation and Social Security
391
823
388
821
Accruals
192
207
191
206
Contract Liabilities
683
878
683
878
Intercompany Payables
-
-
86
86
Other Payables
33
31
26
26
1,489
2,085
1,561
2,163
The carrying amount of Trade Payables and Other Payables approximates to their fair value due to their short
term nature.
Contract Liabilities arises when a customer pays the Group in advance (in advance is defined at more than
one monthly period) for unfulfilled performance obligations relating to data insight. The entity has contracts
spanning from one to three years at the year end. The Contract Liability will be released to the income
statement as the performance obligations are met. Revenue recognised in the reporting period that was
included in the contract liability balance at the beginning of the period was £878k (2020: £866k). No revenue
has been recognised in the reporting period in respect of performance obligations satisfied in previous
periods
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 93
18. Leases
On commencement of a contract (or part of a contract) which gives the group the right to use an asset for a
period of time in exchange for consideration, the group recognises a right-of-use asset and a lease liability
unless the lease qualifies as a ‘short-term’ lease or a ‘low-value’ lease.
All leases are accounted for by recognising a right-of-use and a lease liability except for:
•
Leases of low-value assets
Leases where the underlying asset is ‘low-value’, £5k lease payments are recognised as an expense on a
straight-line basis over the lease term. The group has elected to apply the ‘low-value’ lease exemption to
all qualifying leases, but the election can be made on a lease-by-lease basis.
•
Short term lease
Where the lease term is twelve months or less and the lease does not contain an option to purchase the
leased asset, lease payments are recognised as an expense on a straight-line basis over the lease term.
•
Short-term lease expense
£61k
•
Low value lease expense
£3k
The group sometimes negotiates break clauses in its property leases. On a case-by-case basis, the group
will consider whether the absence of a break clause would expose the group to excessive risk. Typically
factors considered in deciding to negotiate a break clause include:
•
the length of the lease term;
•
the economic stability of the environment in which the property is located; and
•
whether the location represents a new area of operations for the group.
Right-of-use Assets
A right-of-use asset is recognised at commencement of the lease and initially measured at the amount of
the lease liability, plus any incremental costs of obtaining the lease and any lease payments made at or
before the leased asset is available for use by the group.
The right-of-use asset is subsequently measured at cost less accumulated amortisation and any
accumulated impairment losses. The amortisation methods applied is on a straight-line basis over the term
of the lease.
Amortisation charge for the year is included in ‘administrative expenses’ for right-of-use assets.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 94
Group
Office
buildings
£’000
Motor
vehicles
£’000
IT
equipment
£’000
Total
£’000
At 1 January 2020
849
26
21
896
Additions
-
22
-
22
Variable lease payment adjustment
4
-
(1)
3
Amortisation
(133)
(22)
(20)
(175)
NBV at 31 December 2020
720
26
-
746
At 1 January 2021
720
26
-
746
Additions
-
23
-
23
Disposal
(13)
-
-
(13)
Amortisation
(123)
(20)
-
(143)
NBV at 31 December 2021
584
29
-
613
Company
Office
buildings
£’000
Motor
vehicles
£’000
IT
equipment
£’000
Total
£’000
At 1 January 2020
792
26
21
839
Additions
-
22
-
22
Variable lease payment adjustment
4
-
(1)
3
Amortisation
(111)
(22)
(20)
(153)
NBV at 31 December 2020
685
26
-
711
At 1 January 2021
685
26
-
711
Additions
-
23
-
23
Disposal
(13)
-
-
(13)
Amortisation
(101)
(20)
(121)
NBV at 31 December 2021
571
29
-
600
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 95
Lease Liability
The lease liability is initially measured at the present value of the lease payments during the lease term
discounted using the interest rate implicit in the lease, or the incremental borrowing rate if the interest rate
implicit in the lease cannot be readily determined.
The lease term is the non-cancellable period of the lease plus extension periods that the group is reasonably
certain to exercise and termination periods that the group is reasonably certain not to exercise.
The lease liability is subsequently increased for a constant periodic rate of interest on the remaining balance
of the lease liability and reduced for lease payments.
Interest expense for the year on lease liabilities is recognised in ‘finance costs’.
Group
Office
buildings
£’000
Motor
vehicles
£’000
IT
equipment
£’000
Total
£’000
At 1 January 2020
889
23
19
931
Additions
-
22
-
22
Variable lease payment adjustment
4
-
(1)
3
Interest Expense
37
2
2
41
Lease Payments
(150)
(24)
(21)
(195)
NBV at 31 December 2020
780
23
(1)
802
At 1 January 2021
780
23
(1)
802
Additions
-
23
-
23
Disposal
(12)
-
-
(12)
Interest Expense
31
2
1
34
Lease Payments
(150)
(22)
-
(172)
At 31 December 2021
649
26
-
675
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 96
Company
Office
buildings
£’000
Motor
vehicles
£’000
IT
equipment
£’000
Total
£’000
At 1 January 2020
830
23
19
872
Additions
-
22
-
22
Variable lease payment adjustment
4
-
(1)
3
Interest Expense
35
2
2
39
Lease Payments
(127)
(24)
(21)
(172)
At 31 December 2020
742
23
(1)
764
At 1 January 2021
742
23
(1)
764
Additions
-
23
-
23
Disposal
(12)
-
-
(12)
Interest Expense
31
2
1
34
Lease Payments
(127)
(22)
-
(149)
At 31 December 2021
634
26
-
660
Group and Company
At 31 December 2021
Up To
12 months
£’000
1-5
years
£’000
more than
5 years
£’000
Lease Payments
135
433
213
Interest Expense
(28)
(69)
(9)
Lease Liabilities
107
364
204
19. Borrowings
Current
2021
£’000
2020
£’000
Loan
108
-
Interest
6
-
Direct Fees
(9)
-
Net Borrowings
105
-
Non- Current
2021
£’000
2020
£’000
Loan
892
-
Direct Fees
(34)
-
Net Borrowings
858
-
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 97
The Group has been provided with payments facilities by Barclays Bank PLC, including a BACS payment
facility and a credit card facility.
New borrowing facility
In December 2021, the Group entered into a new borrowing five-year Growth loan facility with Growth
Lending Limited, the net proceeds of which will be used for working capital purposes and to support the
Group’s overall organic growth strategy.
The new borrowing facility comprises an initial advance upon completion of £1.0m and a further advance of
£0.5m to be drawn down after six months subject to an agreed level of adjusted EBITDA being achieved.
The facility term is 60 months with straight-line amortisation of the loan commencing after 6 months. The
interest rate on each advance is set at the higher of 9.0% per annum or the monthly average SONIA plus 7%.
There is an arrangement fee of 1.5% of the facility amount paid on completion with a 5% early prepayment.
The loan was arranged by Funding Friends Limited which received a fee of 1% of the loan on completion in
respect of advisory fees. The Loan facility is secured by a fixed charge over the assets of the Company.
The effective interest rates on the Group’s borrowings were as follows:
2021
%
2020
%
Borrowings - £1m
9.0
-
The Maturity profile of the Group’s non-current borrowing was as follows:
2021
£’000
2020
£’000
Between one and two years
214
-
Between two and fire years
644
-
858
-
The Group’s bank borrowing bear interest at floating rates, which represent prevailing market rates.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 98
20. Share Capital
Ordinary Share Capital
During the period ended 31 December 2021, the movement in Share Capital was:
Ordinary Shares
Number of
Shares Issued
and Fully Paid
Ordinary Share
Capital
£’000
As at 1 January 2020
9,098,497
91
New Shares Issued
909,091
9
At at 31 December 2020
10,007,588
100
As at 1 January 2021
10,007,588
100
New Shares Issued
-
-
At at 31 December 2021
10,007,588
100
On 17 April 2020 909,091 ordinary shares were issued for £0.45m (net of expenses of £0.05m).
Share Premium Account
The balance of the Share Premium Account represents amounts received in excess of the nominal value (1
pence per share) of Ordinary Shares. This account is non-distributable.
Capital reduction
On 26 August 2021, the Company completed a reduction of its share capital, whereby the entire amount
of £6.1 million standing to the credit of the Company’s share premium account will be cancelled thereby
creating distributable reserves, which will allow the Company to pay dividends or make distributions to its
shareholders and/or undertake a buyback of its ordinary shares in due course, should it be appropriate or
desirable to do so
Share Option Reserve
The balance of the Share Option Reserve represents the accumulated amounts charged to the Statement of
Comprehensive Income in respect of Share Based Payments. This reserve is non-distributable.
Retained Earnings
The balance of the Retained Earnings account represents the accumulated retained profits or losses of the
Group. This account is a distributable reserve, provided that the accumulated balance is positive.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 99
21. Financial Instruments and Financial Risk Management
The Group’s and Company’s principal financial instruments comprise:
•
Cash and Cash Equivalents
•
Trade Receivables
•
Other Receivables
•
Intercompany Receivables
•
Trade Payables
•
Accruals
•
Intercompany Payables
•
Other Payables
•
Bank borrowings
The Group’s and Company’s accounting policies, including the criteria for recognition, and the basis on
which income and expenses are recognised in respect of each class of financial asset and financial liability,
are set out in note 4.14 to the financial statements. The information about the extent and nature of these
recognised financial instruments, including significant terms and conditions that may affect the amount,
timing and certainty of future cash flows, are disclosed in the respective notes where applicable. The Group
and Company does not use financial instruments for speculative purposes.
The principal financial instruments used by the Group and Company, from which financial instrument risk
arises, are as follows:
Financial Assets
GROUP
As At
31 December
2021
£’000
GROUP
As At
31 December
2020
£’000
COMPANY
As At
31 December
2021
£’000
COMPANY
As At
31 December
2020
£’000
Trade Receivables
459
608
459
608
Other Receivables
8
9
8
9
Intercompany Receivables
-
-
94
98
Cash and Cash Equivalents
1,168
1,122
1,165
1,119
Total Financial Assets
1,635
1,739
1,726
1,834
Financial Liabilities
Trade Payables
190
146
187
146
Accruals
192
207
191
206
Intercompany Payables
-
-
86
86
Borrowings
966
-
933
-
Other Payables
33
31
26
26
Total Financial Liabilities
1,381
384
1,423
464
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 100
Fair Values
The Directors have assessed that the fair values of Cash and Cash Equivalents, Trade Receivables, Trade
Payables, Other Payables and Bank borrowings approximate to their carrying amounts largely due to the
short-term maturities of these instruments. There are no fair value adjustments to assets or liabilities
charged to the Statement of Comprehensive Income.
Market Risk
Market risk is the risk that the fair value of future cash flows of a financial instrument will fluctuate due to
changes in market prices. Market risk comprises three types of risk – commodity price risk, interest rate
risk; and foreign currency risk. The Group and Company has limited exposure to each of these risks as
discussed below.
Capital Management
The Group’s capital management objectives are to ensure its ability to continue as a going concern and to
provide an adequate return to shareholders by pricing products and services commensurately with the level
of risk.
No supplier financing arrangements or credit insurance is in place.
The Group’s dividend policy is to monitor reserves available for distribution to shareholders.
The Group monitors capital on the basis of carrying amount of equity less cash and cash equivalents as
presented on the face of the balance sheet. Capital for the reporting periods under review is set out below.
GROUP
2021
£’000
GROUP
2020
£’000
COMPANY
2021
£’000
COMPANY
2020
£’000
Cash and cash equivalents
1,168
1,122
1,165
1,119
Trade and receivables
628
776
602
754
Contract assets
47
35
47
35
Total
1,843
1,933
1,814
1,908
Credit risk is the risk that a counterparty will cause a financial loss to the Group by failing to discharge its
obligations to the Group. The Group manages its exposure to this risk by applying limits to the amount of
credit exposure to any one counterparty and employs strict minimum credit worthiness criteria as to the
choice of counterparty. The maximum exposure to credit risk for receivables and other financial assets
is represented by their carrying amount. The Group considers credit risk to be low due to its processes
and the nature of its clients, which includes a broad spread of large corporates, SMEs and public sector
organisations.
The Group uses an expected credit loss model for impairment that represents its estimate of incurred losses
in respect of the Trade Receivables as appropriate.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 101
The Group applies the IFRS 9 simplified approach to measure expected credit losses using a lifetime
expected credit loss provision for trade receivables and contract assets. The expected loss rates are based
on the Group’s historical credit losses experienced over the two year period prior to the period end.
The historical loss rates are then adjusted for current and forward-looking information on macroeconomic
factors affecting the Group’s customer. Under the expected credit loss model impairment allowance wasn’t
material resulting in no provision being made. (see note 15).
Trade Receivables
Trade Receivables, net of impairment provisions, for the Group and Company as at 31 December 2021 were
£459k (2020: £608k). These Trade Receivables are not secured by any collateral or credit insurance. The
Group’s standard terms are 30 days from date of invoice but non-standard terms may be agreed with certain
customers. Invoices which remain unpaid for periods greater than agreed terms are assessed as overdue.
As at 31 December 2021, Trade Receivables past due for the Group and Company total £126k (2020: £196k) of
which nil (2020: £5k) have been impaired.
As at 31 December 2021, Trade Receivables of £126k (2020: £196k) were past due but not impaired, as
follows:
GROUP
As At
31 December
2021
£’000
GROUP
As At
31 December
2020
£’000
COMPANY
As At
31 December
2021
£’000
COMPANY
As At
31 December
2020
£’000
Up to 3 months
126
196
126
196
3 months to 6 months
-
-
-
-
6 months to 12 months
-
-
-
-
126
196
126
196
Cash Holdings
The Group only holds cash at mainstream banking institutions to mitigate the credit risk on cash deposits.
The credit rating of the principal banking institution is A (Standard & Poor’s).
Interest Rate Risk
The Company’s exposure to changes in interest rates relates to Cash Holdings borrowings, Borrowings and
Finance Leases.
Cash is held either on current or short term deposits at a floating rate of interest determined by the relevant
bank’s prevailing base rate.
The Group has minimal cash flow interest rate risk as it external borrowing is expected to remain at 9%
throughout the life of the loan and will never exceed 14.99%.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 102
Foreign Currency Exchange Risks
Foreign currency risk is the risk that the fair value or future cash flows of an exposure will fluctuate because
of the changes in foreign exchange rates. The Group’s exposure to the risk of changes in foreign exchange
rates relates primarily to the Group’s operating activities when revenue or expenses are denominated in a
foreign currency.
The Group does not hedge its foreign currencies. Transactions with customers are mainly denominated in
GBP.
The Group has suppliers that invoice in US dollars and Australian dollars. The balances exposed to credit
risk at year end were as follows:
As At
31 December
2021
000
As At
31 December
2020
000
US Dollars
17
-
Australian Dollars
7
3
24
3
Liquidity Risks
Liquidity risk arises from the Group’s management of working capital. It is the risk that the Group will
encounter difficulty in meeting its financial obligations as they fall due. The Group’s policy is to ensure
that it will always have sufficient cash to allow it to meet its liabilities when they become due. Budgets
and forecasts are agreed and set by the Board in advance to ensure the Group’s cash requirement to be
anticipated.
The maturity profile of the Group’s financial liabilities at the reporting dates, based on contractual
undiscounted payments including lease payments, are summarised below:
At 31 December 2021
Up to 3
months
£’000
Between 3
and 12
months
£’000
Between 1
and
5 years
£’000
Over 5
years
£’000
Trade payables and other payables
769
15
22
-
Borrowings
69
173
1,062
-
Lease Liabilities
37
98
433
317
Total
875
286
1,517
317
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 103
At 31 December 2020
Up to 3
months
£’000
Between 3
and 12
months
£’000
Between 1
and
5 years
£’000
Over 5
years
£’000
Trade payables and other payables
971
216
20
-
Lease Liabilities
38
138
447
317
Total
1,009
354
467
317
22. Related Party Transactions
ECSC Australia Pty Ltd
During the year ended 31 December 2021, ECSC Group plc incurred management fees to ECSC Australia
Pty Ltd of £325k (2020: £204k). As at 31 December 2021, the balance payable by ECSC Group plc to ECSC
Australia Pty Ltd in respect of outstanding management fees was £86k (2020: £86k).
As at 31 December 2021, the loan balance payable by ECSC Australia Pty Ltd to ECSC Group plc was £94k
(2020: £98k). The loan is repayable on demand and attracts interest at the rate of 3% over base rate.
Expandly
During the year ended 31 December 2021, ECSC Group plc invoiced Expandly £6k (2020: £5k) a company that
Elizabeth Gooch (Non-Executive Director) is a Director of, for consultancy work. This transaction was entered
into on an arm’s length basis. The balance payable as at 31 December 2021 was £nil (2020: nil)
Nivo
During the year ended 31 December 2021, ECSC Group plc invoiced Nivo £1k a company that Elizabeth
Gooch (Non-Executive Director) is a Director of, for consultancy work. This transaction was entered into on
an arm’s length basis. The balance payable as at 31 December 2021 was £nil (2020: nil)
23. Share Based Payments
Share Based Payment Schemes
The Company operates a number of equity-settled Share Based Payment schemes, as follows:
•
Enterprise Management Incentive (‘EMI’) Scheme
•
Save As You Earn (‘SAYE’) Share Option Scheme
•
Non-Executive Director Remuneration Scheme (‘NED Scheme’)
•
Non-Executive Directors Share Options (‘NED1 Scheme’)
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 104
EMI Scheme
On 04 February 2020 the Company granted over 65,000 Ordinary Shares at an exercise price of 108 pence per
share, subject to a three year vesting period to the following Directors:
Ordinary Shares
Lucy Sharp
25,000
Ian Castle
20,000
Gemma Basharan
20,000
In order for the options to vest, Ordinary Shares must trade at a minimum mid-market price 200 pence per
share over 30 consecutive trading days during the vesting period.
During the year ended 31 December 2020, option over 65,000 Ordinary Shares were cancelled.
On 21 August 2020 the Company cancelled options over 588,040 Ordinary Shares in the Company as set out
below.
Exercise
Price
(pence)
Cancelled
Ordinary
Shares
EMI Grant Date
May-17
167
152,540
Dec-17
140
25,000
Aug-18
93
170,000
Jul-19
78
175,500
Feb-20
108
65,000
TOTAL
588,040
Following the above cancellation of Ordinary Shares options, on 21 August 2020, the Company granted
options over 588,040 new Ordinary Shares to the same Company employees, at an exercise price of 65 pence
per share. In order for the new Options to vest and become exercisable at any time over a ten-year period
from the date of grant subject to the Company’s closing mid-market price exceeding 167 pence per Ordinary
Share for 10 consecutive business days. Within the grant the following Directors of the Company were
granted the following Ordinary Shares:
Ordinary Shares
Lucy Sharp
144,758
Ian Castle
103,602
Gemma Basharan
64,651
During the year ended 31 December 2021, options over 68,465 (2020: 933) Ordinary Shares have lapsed, such
that options over 518,642 (2020: 587,107) Ordinary Shares remain exercisable in the future.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 105
On 28 September 2020 the Company granted over 450,000 new Ordinary Shares in the Company at an
exercise price of 69 pence per share. Over 90,000 Ordinary Share options were granted to Employees and
become exercisable one year from the date of grant, subject to the Company’s closing mid-market share
price exceeding 167 pence for 10 consecutive business days. All Options expire on the tenth anniversary of
the date of grant.
Within the grant the following Directors of the Company were granted the following Ordinary Shares:
Ordinary Shares
Ian Mann
100,000
Lucy Sharp
100,000
Ian Castle
80,000
Gemma Basharan
80,000
The Director Options are exercisable from the relevant vesting date, subject to the Company’s closing mid-
market share price exceeding certain targets for 10 consecutive business days, being 167 pence for the first
vesting period, 200p for the second vesting period, 225 pence for the third vesting period and 250 pence for
the final vesting period.
During the year ended 31 December 2021, options over 15,400 Ordinary Shares have lapsed, such that
options over 434,600 (2020: 450,000) Ordinary Shares remain exercisable in the future.
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 106
Scheme
EMI
(May-17)
EMI
(Dec’17)
EMI
(Aug’18)
EMI
(Jul’19)
EMI
(Feb 20)
EMI
(Aug 20)
EMI
(Sep 20)
SAYE
NED
NED 1
(Apr’18)
Total
Number of Options:
Outstanding at 01 January 2020
152,540
25,000
170,000
175,500
-
-
-
19,584
6,411
200,000
749,035
Granted during the year
-
-
-
-
65,000
588,040
450,000
-
-
-
1,103,040
Forfeited during the year
(152,540)
(25,000)
(170,000)
(175,500)
(65,000)
(933)
-
-
-
-
(588,973)
Exercised during the year
-
-
-
-
-
-
-
-
-
-
-
Expired during the year
-
-
-
-
-
-
-
(19,584)
-
-
(19.584)
Outstanding at 31 December 2020
-
-
-
-
-
587,107
450,000
-
6,411
200,000
1,243,518
Exercisable at 31 December 2020
-
-
-
-
-
6,411
-
6,411
Outstanding at 01 January 2021
-
-
-
-
-
587,107
450,000
-
6,411
200,000
1,234,518
Granted during the year
-
-
-
-
-
-
-
-
-
-
0
Forfeited during the year
-
-
-
-
-
(68,465)
(15,400)
-
-
-
(83,865)
Exercised during the year
-
-
-
-
-
-
-
-
-
-
-
Expired during the year
-
-
-
-
-
-
-
-
-
-
0
Outstanding at 31 December 2021
-
-
-
-
-
518,642
434,600
-
6,411
200,000
1,159,653
Option Pricing Assumptions:
Pricing Model
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Black
Scholes
Weighted Average share price at
grant date (pence)
312
135
93
78
108
65
69
131
125
79
Weighted average exercise price
(pence)
167
140
93
78
108
65
69
125
-
78
Weighted Average contract life
3 years
3 years
3 years
3 years
3 years
10 years
10 years
3 years
0 years
3 years
Weighted Average risk free rate
1%
1%
1%
1%
1%
1%
1%
1%
1%
1%
Volatility
40%
40%
40%
40%
40%
40%
40%
40%
40%
40%
Option Valuation:
Option Valuation at grant date
(£’000)
-
-
-
-
-
190
155
-
8
45
398
Share Based Payments Charge
in 2020:
Share Based Payment Charge
(£’000)
-
-
5
9
7
-
74
-
-
5
100
Weighted Average Exercise Price:
At grant date, forfeit date and end
of period (pence)
-
-
-
-
-
65
69
-
-
78
Share Based Payment Charge
In accordance with the requirements of IFRS 2, the Company calculated the fair value of the share options
at the date of grant using a Black Scholes option pricing model for the EMI and SAYE Schemes. For the NED
scheme, the fair value of the services rendered was assessed.
A Share Based Payment charge is recognised by spreading the fair value of the option over the maturity
period, with allowance made for options that have lapsed in the period.
The movement in the number of options during the year, the option pricing assumptions, the option valuation
at the grant date and the Share Based Payment Charge in the year, for each scheme described above, is as
follows:
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 107
Notes to the Financial Statements cont.
The volatility assumption, calculated at the standard deviation of expected share price returns, is based on
analysis of the share prices of comparable companies over the last 3-5 years.
Modification treatment
In accordance with the requirements of IFRS 2, the Company adopted the modification treatment with
regards to the cancellation and replacement of options. This resulted in no incremental fair value being
recognised as the fair value at the grant date of the replacement options was lower than the fair value
of the cancelled options. The cancelled options continue to be charged to the Consolidated Statement of
Comprehensive Income over the remaining vesting period.
24. Controlling Party
ECSC Group plc does not have an ultimate controlling party.
25. Supporting statement of cash flows
Cash and cash equivalents comprise:
GROUP
2021
£’000
GROUP
2020
£’000
COMPANY
2021
£’000
COMPANY
2020
£’000
Cash available on demand
1,168
1,122
1,165
1,119
Net cash increase/(decrease) in cash and cash equivalent
46
771
46
769
Cash and cash equivalents at the beginning of the year
1,122
351
1,119
350
1,168
1,122
1,165
1,119
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 108
26. Adjusted Loss before Taxation and Adjusted EBITDA
Adjusted Loss before Taxation
Year Ended
31 December
2021
£’000
Year Ended
31 December
2020
£’000
Loss Before Taxation
(522)
(319)
Share Based Payments
100
101
Exceptional Items
145
65
Adjusted Loss Before Taxation
(277)
(153)
Adjusted EBITDA:
Year Ended
31 December
2021
£’000
Year Ended
31 December
2020
£’000
Operating Loss
(480)
(271)
Depreciation and Amortisation
400
480
EBITDA**
(80)
209
Share Based Payments
100
101
Exceptional Items
145
65
Adjusted EBITDA*
165
375
Year Ended
31 December
2021
£’000
Year Ended
31 December
2020
£’000
Operating Loss
(480)
(271)
Share Based Payments
100
101
Exceptional Items
145
65
Adjusted Operating Loss*
(235)
(105)
* Adjusted Operating Loss and EBITDA excludes exceptional items and share based payments.
* * EBITDA is defined as Earnings before Interest, Tax, Depreciation and Amortisation.
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 109
27. Exceptional Costs
During the year ended 31 December 2021, the Company re-engineered its sales process. During this
process, a number of one-off, exceptional costs were incurred, including payments in lieu of notice,
redundancy payments and consultancy costs. These Exceptional Costs totalled £145k and were charged to
the Statement of Comprehensive Income in the year ended 31 December 2021.
Exceptional Costs are analysed as follows:
As At
31 December
2021
£’000
As At
31 December
2020
£’000
Payments in Lieu of Notice
14
46
Redundancy Payments
18
7
Employee Benefit Expense
32
53
Taxation & Social Security Costs
4
8
Staff Related Costs
36
61
Legal Costs
22
4
Sales restructure costs
87
-
Exceptional Costs
145
65
Notes to the Financial Statements cont.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 110
28. Subsidiary Undertakings
ECSC Group plc currently has the following wholly-owned subsidiaries, which are incorporated and
registered in England and Wales:
Name of Subsidiary
Registered Office
Date of Incorporation
Principal Activity
ECSC Services Limited
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
18 April 2017
Dormant
ECSC Labs Limited
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
18 April 2017
Dormant
ECSC Australia Limited
28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
29 September 2016
Intermediary holding company
ECSC Australia Limited currently has the following wholly-owned subsidiary, which is incorporated and
registered in Australia:
Name of Subsidiary
Registered Office
Date of Incorporation
Principal Activity
ECSC Australia Pty Limited
Governor Phillip Tower
Level 36
1 Farrer Place
Sydney
NSW 2000
20 March 2017
Provision of professional cyber
security services
The share capital of each Group entity is as follows:
Entity
Ordinary Shares In Issue
Nominal Value
Investment At Cost
ECSC Services Limited
1 share
£1
£1
ECSC Labs Limited
1 share
£1
£1
ECSC Australia Limited
1 share
£1
£1
ECSC Australia Pty Limited
100 shares
AUD 1
AUD 100
Total
£60
*AUD = Australian Dollars
Notes to the Financial Statements cont.
ECSC Group plc
Annual Report Year Ended 31 December 2021
Page 111
This page has been left deliberately blank.
Cyber Security Experts
Annual Report Year Ended 31 December 2021
Page 112
Really professional, flexible but with a human and common sense
approach...you have a great team. I would always recommend you to
another organisation if the opportunity came up as my experience has
been really good. Thank you.
Quality Coordinator, Charity
The consultancy was excellent and achieved our goals.
The reporting from the testing was to a very high standard.
Chief Information Security Officer, IT (Software)
From start to finish, all aspects were undertaken in an efficient,
effective and professional manner.
Business Operations, Pharmaceuticals