2
0
1
8
A
n
n
u
a
l
R
e
p
o
r
t
a
n
d
A
c
c
o
u
n
t
s
2018 Annual Report
and Accounts
�Cybersecurity made simple
A world leader in
delivering innovative,
simple and highly
effective cybersecurity
solutions
The Sophos Group is a
leading global provider of
cloud-enabled enduser
and network security
solutions, offering end-to-
end protection against
known and unknown IT
security threats through
products that are easy to
install, configure, update
and maintain.
The Group has more than
30 years of experience in
enterprise security and
has built a portfolio of
products that protect
more than 300,000
organisations and more
than 100 million end
users in 150 countries
across a variety of
industries.
�Highlights
Continued momentum in subscription billings
drives improvement in revenue growth and
cash flow
For more information
www.sophos.com
Contents
Introduction
01 Highlights
02 At a Glance
Billings1
$769M
(FY17: $632m)
Revenue
$641M
(FY17: $530M)
Cash EBITDA1
$194M
(FY17: $150M)
Loss Before Tax
$52M
(FY17: $49M)
Unlevered Free Cash Flow1
$140M
(FY17: $133M)
Net Cash Flow From
Operating Activities
$148M
(FY17: $119M)
1
Definitions and reconciliations of non-GAAP
measures are included in note 4 of the financial
statements and in the glossary
Business Highlights
10
Chairman’s Statement
• Customers now benefiting from
deep learning capabilities,
integrated within Intercept X
12
Investment Proposition
14
Financial Stability and Visibility
• Sophos Central enhanced with
further integration of XG Firewall,
Sophos Mobile and Phish Threat
• Enduser security a key driver of
subscription billings and revenue
• 66,000 customers now using
Sophos Central Platform
• Renewal rates continued to
improve, demonstrating success
of cross-selling strategy
• Recognised for leadership in
technology and channel by
independent industry analysts
Strategic Report
16
Our Markets
18
Our Business Model
20
Focus on Strategic Priorities
21
Key Performance Indicators
22
Chief Executive Officer’s Statement
26
Key Product and Technology
Developments
28
Financial Review
34
Principal Risks and Risk Management
38
Corporate Responsibility Report
Governance
44
Board of Directors
46
Corporate Governance Statement
55
Nomination Committee Report
57
Audit and Risk Committee Report
62
Disclosure Committee Report
63
Annual Statement of the
Remuneration Committee Chairman
64
Remuneration at a Glance
65
Directors’ Remuneration Policy
72
Annual Report on Remuneration
82
Directors’ Report
Financial Statements
88
Independent Auditor’s Report
94
Consolidated Financial Statements
and Notes
140 Company Financial Statements
and Notes
144 Glossary
145 Company Information
/01
Strategic ReportGovernanceFinancial StatementsIntroduction
�At a Glance
A global leader in Network
and Enduser security
Synchronized Security
As the pioneer of synchronized security, Sophos continues
to execute against its vision for a security system where
products can directly share status and threat information,
to automate and improve the time taken to respond to
potential threats. In 2017, Sophos introduced a
synchronized security capability in the XG Firewall that is
able to provide an unprecedented view into the source of
network traffic. Before this breakthrough, less than 50 per
cent of network traffic was identifiable, causing serious
security challenges. As Sophos has enabled more of its
portfolio with the capability to share information directly,
channel partners have embraced this innovation and see
it as a unique market differentiator and a successful
proposition for their customers.
Over
3,300
Employees
Over
Over
300,000
End user customers
39,000
Partners
Platform and Strategy
Next-Gen Firewall
Wireless
Email
Web
In Cloud
CENTRAL
Cloud
Intelligence
Next-Gen Endpoint
Mobile
Server
Encryption
For more information go to
www.sophos.com/central
02/
Cybersecurity made simple�Geographic Footprint
Sophos is a truly global company with more than
40 offices around the world, with major offices in
the UK, USA, Canada, India and Germany.
Billings by Type
Billings by Geography
Enduser
Network
Other
Americas
EMEA
APJ
/03
Strategic ReportGovernanceFinancial StatementsIntroduction�Developments in Deep Learning
Deep learning is better suited to
the massive amounts of cyber-
security data than ‘old school’
machine learning techniques
Deep learning has been
proven to deliver better
detection, fewer false-
positives and has less
of an impact on system
resources. Today, deep
learning has been included
in the Group’s Intercept X
endpoint protection product
introducing ‘predictive
security’ to organisations of
all sizes. Sophos Sandstorm
has been enhanced with
deep learning-based
technology and SophosLabs
has recently accelerated its
automated threat analysis
systems by the adoption of
this technology. Sophos
plans to add the advantage
of artificial intelligence to
other appropriate areas of
its portfolio in due course.
For more information go to
www.sophos.com
04/
Cybersecurity made simple
Cybersecurity made simple�Sophos has
applied advanced
deep learning
neural network
technology to the
cybersecurity
challenge
/05
Strategic ReportGovernanceFinancial StatementsIntroduction�Delivering Financially
Billings and revenue both up over
20 per cent year-on-year driving
strong cash flows
The year-ended 31 March
2018 saw a continuation of
growth in billings, in line with
the Group’s forecast to
deliver annual billings of $1
billion in FY20. As the Group
continues to leverage both
sales and marketing and
general finance and
administration costs, cash
EBITDA margin improved.
Revenue growth accelerated,
as expected, as prior-period
subscription billings were
recognised as revenue in
the current-year. Unlevered
free cash flow, from a high
prior-year base, also
increased at the anticipated
rate as cash flows from
working capital normalised.
For more information see page 28
06/
Cybersecurity made simple
Cybersecurity made simple�Financial
strength
through
visibility of
future revenue
and cash flow
/07
Strategic ReportGovernanceFinancial StatementsIntroduction�Trusted Partner
Sophos puts its partners first
in everything it does, from sales
to marketing to support
With no conflict in sales or
marketing objectives,
Sophos focuses 100 per
cent of its resources on
building products and
programs that are designed
with the needs of channel
partners in mind. Sophos
strives to be the security
vendor of choice for
endpoint and network
security resellers worldwide
and is unwavering in its
commitment to be a trusted
partner with the best
products, support and
programs that actively
enable a reseller to grow
with Sophos. Sophos
continues to be recognised
for this commitment by the
industry and partners alike.
For more information go to
www.sophos.com/partners
08/
Cybersecurity made simple
Cybersecurity made simple�Sophos has one
route to market,
over 39,000
registered
channel partners
/09
Strategic ReportGovernanceFinancial StatementsIntroduction�Chairman’s Statement
Another successful year
for Sophos
We continued the strong momentum in
growth and innovation that have been the
hallmarks of our business in recent years
We are pleased to report that we achieved another year of
strong growth and that from a technology and competitive
standpoint Sophos has never been in a stronger position
than it is today. Our continued success reflects the
significant investments we have made in recent years
in our products, organisation, and people.
Against a strengthening demand backdrop, customer
awareness of the need for effective cybersecurity was
dramatically heightened in the first-half of our financial year
by a number of high-profile ransomware attacks which made
media headlines around the world. Consequently, we are
reporting a strong year for our Enduser security business, but
also broad-based growth across all key products and regions.
As we entered the 2018 financial year, we made a number of
commitments to stakeholders, particularly with respect to
delivering on an ambitious pipeline of innovation, as well as
the medium-term goals that we have set for our business. I
am delighted to say that we achieved a successful financial
result for the year, which clearly demonstrates that we are
on track to meet our growth objectives. Our financial model
is strong, as it is rooted in a large Software as a Service
(“SaaS”) subscription base, which we have continued to
grow in the past year. Indeed, as we enter the 2019 financial
year the total subscription base has exceeded the $1 billion
milestone, and we now have more than 300,000 end user
customers around the world protecting their businesses
with Sophos cybersecurity solutions.
In October we launched a major upgrade to the Sophos XG
Firewall with enhanced performance and compelling new
synchronized security features. We were also able to
rapidly integrate the advanced machine learning
technology, known as “deep learning”, acquired with
Invincea a year ago. In January 2018 we launched a
dramatic upgrade to our already successful Intercept X
next-generation endpoint offering, which now delivers
unrivalled detection of unknown malware based on our
advanced approach to the use of artificial intelligence in
cybersecurity. Additionally, our customers and partners
have benefited from a wide range of new product updates,
features, and functions as well as further significant
investment in our flagship cloud management platform,
Sophos Central, which now offers even more effective
and comprehensive security for customers, and greater
cross-selling opportunities for partners.
10/
Cybersecurity made simple�End User Customers
Partner Growth
300K
30%
Awards
We continued our commitment to support and invest in our
partner channel and it is very encouraging to see that we
added over 9,000 new partners in the year. We offer our
partners the opportunity to build successful and profitable
businesses with Sophos over the long term and we shall
continue to invest in the tools, education, training, and
support they require in order for them to become even
more productive over time.
In summary, during the 2018 financial year, we believe we
have demonstrated that our focused strategy continues to
be effective, backed-up by tight operational and financial
controls and significant investment for the future. As a
result, we feel very encouraged about our ability to deliver
against our medium and long-term objectives, and to
achieve further growth and improvement in profitability
in the current-year. On behalf of our Board, I would like to
thank our Sophos team members all around the world for
their tireless dedication, expertise, and hard work. It is their
commitment and their achievements that make it possible
to deliver value to our customers and returns to our
shareholders. I would also like to thank our customers
and partners for the confidence they continue to place
in Sophos, and you our investors for your continued
confidence and support. We will continue to work hard
to keep earning it.
Peter Gyenes
Non-Executive Chairman
SC Awards Europe
Best UTM Solution – Sophos XG
Firewall
SC Awards Europe
Best Email Security Solution –
Sophos Email on Sophos Central
SC Awards Europe
Best Web Content Management
Solution
CRN Awards 2017
Winner – ARC Awards – Network
Security
Winner – Tech Innovator Awards,
Security Endpoint – Intercept X
GEC Awards 2017
Top Vendor for Endpoint Security
ARN ICT Industry Awards 2017
Security Vendor of the Year
Computing Security Excellence
Awards 2017
Security Innovation of the Year –
Intercept X
Channelnomics
Security Vendor of the Year
eGovernment Computing
Winner – Platinum Award for Sophos
Endpoint Protection
VAR India
Best Security Company in India
/11
Strategic ReportGovernanceFinancial StatementsIntroduction�Investment Proposition
High visibility with substantial
opportunity for growth
1.
Compelling
industry
fundamentals
See Markets
on page 16
for further
information
2.
Differentiated
strategy
See Strategic
Priorities on
page 20
for further
information
3.
Highly stable and
predictable
financial model
See Financial
Review on page
28 for further
information
A large, dynamic, growing market opportunity
• Security is consistently the top priority for corporate IT spend
• The total market is estimated to be worth around $46 billion, growing at around
8% per annum, within which the Group’s products address markets growing
even faster
• The cybersecurity threat environment is constantly evolving in scale and
sophistication, presenting new challenges at a rapid pace to organisations of
all sizes
• Sophos is well-positioned to take advantage of opportunities as a leader in
high growth areas, for example next-generation endpoint, cloud, network and
synchronized security
A clear and compelling strategy
• Sophos is solely focused on cybersecurity and we strive to deliver industry-leading
technology that is simple to deploy, use and manage
• We offer enterprise-grade technology, rated as amongst the best in the industry,
to mid-market organisations
• Our sales strategy is 100% “channel first” and as a result of considerable investment
we now have more than 39,000 global partners
High recurring revenues and renewal rates
• We principally sell our Software as a Service (“SaaS”) via recurring, upfront
subscriptions, which provides significant visibility and stability of future revenues
and cash flows
• We have a proven ability to deliver consistent new customer growth and maintain
strong renewal rates
• Our business generates substantial and growing cash flows which we reinvest in
driving billings growth for the future, via innovation, building brand awareness and
sensible acquisitions
• Our total renewal base has recently exceeded the $1 billion milestone
12/
Cybersecurity made simple�4.
The Sophos brand
Innovative, simple and highly effective security
• We are very proud of our brand and the ethos of simplicity that it represents –
this spans all we do at Sophos
• We employ a highly creative digital marketing approach, utilising educational
in-person events and social media outreach
• With one of the world’s leading threat intelligence operations, SophosLabs, and a
reputation for excellence built over many years, Sophos is a trusted voice in the
world of cybersecurity
We expect to continue to outperform the IT security market
• Differentiation is a key driver of market share gains
• Innovation will remain a key growth driver, with internal investment supplemented
by sensible, disciplined technology acquisitions
• Despite a broad international reach, we see opportunities for further regional expansion
• Our integrated product portfolio, delivered via the cloud in Sophos Central, provides
significant cross-sell and upsell opportunities
• We are focused on continuing to build our partner network and increasing the
productivity of our existing partners
Consistently delivering against strategic goals
• Strongly motivated team with the background and skills to deliver profitable
growth over the long-term
• Extensive experience in running large technology businesses, typically with more
than twenty years of experience in their respective fields
• Completely aligned in driving forward the Sophos vision and strategy of innovative,
simple and highly effective security
5.
Opportunities
for growth
See Markets
on page 16
for further
information
6.
Experienced
management
team
See Board of
Directors on
page 44
for further
information
/13
Strategic ReportGovernanceFinancial StatementsIntroduction�Financial Stability and Visibility
Visibility is underpinned by a
growing SaaS subscription
business and best-in-class
renewal rates
Strong growth in billings and revenue
New billings and hardware sales
Billings are closely aligned with cash flows and are
an indicator of growth in the business. Subscription
contracts represent approximately 84 per cent of total
billings and around 76 per cent of total billings are derived
from existing customers.
The average subscription contract duration, consistent
with the prior-year, is close to 28 months, resulting in the
majority of the contract value being booked to deferred
revenue to be recognised in the income statement over
the term of the contract. This adds to the high levels of
visibility of the renewal book, future revenues and profits.
The growth in subscriptions over recent years is now
feeding an acceleration in revenue growth.
Continued strong growth in new billings, +23 per cent in
FY18 and c.40K net customers added.
This is principally driven by a strong customer proposition,
as well as the increasing productivity of our 39,000 strong
partner channel of which over 7,000 are now “blue chip”;
a designation given to the most productive partners.
The hardware element of billings is associated with the
network security business, and is generally 15–20 per cent
of billings.
High levels of recurring subscriptions, plus
strong growth in new business, underpins
stability and visibility
The nature of our financial model, which is rooted in
predictable subscription revenues, a growing renewal base,
improving renewal rates and increasing productivity in our
channel ecosystem, gives us strong visibility over future
growth in revenue, profitability and cash flow.
Subscription billings drive growth
A productive and growing partner ecosystem
$535M
21%
$632M
19%
81%
79%
$769M
16%
84%
39K
7.0K
32.0K
30K
6.1K
23.9K
20K
4.7K
15.3K
Blue chip partners
Other partners
Hardware & other billings
Subscription billings
FY16
FY17
FY18
FY16
FY17
FY18
14/
Cybersecurity made simple�Due to a consistently strong billings performance in recent years, we have been able to grow
our customer base and deferred revenue balance significantly. The improvements we have
seen in retention and renewal rates reflect our success at cross-selling additional products
to existing customers.
Deferred revenue
Number of customers
$
7
5
6
M
$
5
8
1
M
$
4
9
9
M
3
0
0
K
2
6
0
K
2
2
0
K
Retention and renewal rates
129%
140%
1
0
6
%
1
0
9
%
109%
1
0
2
%
FY16
FY17
FY18
FY16
FY17
FY18
FY16
FY17
FY18
Renewal rate
Retention rate
Operating priorities
• Continue the significant pace of innovation across our product portfolio, enhancing capabilities, ease of use,
protection and differentiation
• Continue our commitment to, and investment in, the cloud to deliver better security, manageability and scalability
• Advance our differentiated synchronized security strategy through further meaningful product integration
• Further improve the productivity of our channel partners, through investment in tools, training and education,
and continue to grow our overall partner network
• Expand Sophos’ brand visibility and awareness
/15
Strategic ReportGovernanceFinancial StatementsIntroduction�Our Markets
The demand for IT security
continues to grow
Threat Landscape
Ransomware and high-profile data breaches continued to
grab the headlines in 2017. According to SophosLabs
researchers, ransomware ubiquitously attacked Windows,
Android, Linux, and MacOS systems.
The volume of attacks targeting Android platforms
continued to grow rapidly and shows no sign of slowing in
2018. Of all ransomware seen, just two strains, WannaCry
and Cerber, were responsible for 90 per cent of all attacks
intercepted by Sophos products deployed worldwide.
WannaCry was the first high-profile attack to use
EternalBlue, an exploit tool stolen from the NSA in 2016.
Sophos expects more of these attack types to surface in
the next 12 months.
ransomware. The commercialisation of cybercrime has
continued to promote a new kind of cybercriminal, who
can launch a ransomware campaign with little need for
technical knowledge. The most successful of these include
customer service guarantees and helpful “how to” videos
with slick marketing.
The growth in cryptocurrency values has also spawned a
new type of attack, cryptojacking, that involves the hijacking
of CPUs on networked devices to generate coins. While
some argue that this is no more than “borrowing” the
unused processing power of a system, security experts
believe the backdoors and exploits used to gain access to
the computer carry a serious risk.
Do-it-yourself exploit kits make it easy for threats like
WannaCry to target Microsoft Office vulnerabilities.
Meanwhile, Ransomware as a Service (“RaaS”) was big
business on the dark web, where criminals sell kits that
buyers can use to make and distribute their own
High-profile data breaches continued to keep pressure on
organisations to review their security strategies. From
Equifax to Uber, the industry saw large organisations admit
to customer data breaches and suffer the economic
consequences. Many organisations are no longer building
strategies for “if” they suffer a breach but “when”.
Expanding
Attack Surface
Growing
Awareness
IT Security Market1
$46B
Vanished
Perimeter
Increased Attack
Sophistication
16/
Cybersecurity made simple�Regulatory Environment
The EU General Data Protection Regulation (“GDPR”) will
take effect on 25 May 2018. GDPR imposes specific
requirements on businesses that will continue to drive the
review of data protection strategies and marketing tactics
of all organisations wishing to conduct business in the EU.
The Group does not expect Brexit to significantly impact the
responsibilities of UK businesses under GDPR legislation as
Sophos expects any subsequent UK legislation to remain
largely in line with GDPR. Sophos anticipates clarification on
domestic data protection legislation within the UK as Brexit
negotiations continue.
The Investigatory Powers Act that was ratified by the UK
Government in December 2016 has recently undergone a
revision to clarify the circumstances under which a law
enforcement or government agency may request access to
an individual’s data records. Further scrutiny of that Act is
expected to continue.
The Group also expects that regulations in other countries
are to be reinforced and therefore drive IT security
strategies in the private sector. The US Security Exchange
Commission recently strengthened its guidelines on data
breach reporting for US-listed companies. The update
includes scrutiny of stock trades made by company
executives at the time of a significant data breach.
Maintaining cybersecurity continues to be a priority for
governments as they move to protect political elections and
critical infrastructures. Organisations of every size must
continue to invest resources to protect data and avoid both
penalties and reputational damage.
IT Security Market1
$46B
7.9% CAGR
Cross-Sell Opportunity with Sophos Central
Corporate Endpoint
Security2
Additional Cross-
Sell Opportunity
Markets
UTM and
Next-Gen Firewall5
Encryption3: $1.7B
Email Security1: $2.2B
Web Security1: $3.0B
Mobile Security4: $2.7B
1
2
3
Worldwide IT Security Products Forecast, 2017–2021:
Comprehensive Security Products Forecast Review (February 2018,
IDC #US43540817) and represents expected market size in 2018
Sophos estimate and represents expected market size in 2018
Worldwide Endpoint Encryption and Key Management
Infrastructure Forecast 2016-2020 (August 2016, IDC
#US41632016) and represents expected market size in 2018
4
5
Worldwide Enterprise Mobility Management Software Forecast
2017-2021 (July 2017, IDC #US41324617) and represents expected
market size in 2018
Worldwide Network Security Forecast 2017-2021 (September 2017,
IDC #US42049017) and represents expected market size in 2018
/17
$11.3B11.1% CAGR$5.5B6.3% CAGRIntroductionGovernanceFinancial StatementsStrategic Report�Our Business Model
Delivering innovative and highly
effective cybersecurity, with a
differentiated approach
What sets
us apart
What drives
our business
S
i
g
n
i
i
f
n
c
i
a
n
n
n
t
o
v
i
n
a
t
v
e
i
s
o
t
n
m
e
n
t
Sophos aims to be the best
in the world at delivering
innovative, simple and
highly-effective
cybersecurity solutions to
IT professionals and the
channel that serves them
We have a track record for
fast-paced innovation and
continue to invest to
ensure a strong future
product pipeline
Sophos is independently
recognised as a leader both
by industry analysts and
channel organisations
Focus on customers with
fewer than 5,000 employees
These small and medium-sized enterprises
(“SMEs”) face the same threats as large
enterprises, but are understandably more
resource-constrained
Sophos Central
The entire Sophos product portfolio
can be managed through Sophos Central,
our single integrated cloud platform,
which provides significant cross-selling
opportunities and enhances renewal rates
Synchronized security,
made simple
Our industrial-strength cybersecurity
products actively communicate with and
enhance each other, spanning our entire
product portfolio
SaaS subscription
financial model
We have a large and growing SaaS
subscription business, with
best-in-class renewal rates
Founded more than 30
years ago, Sophos has
significant experience in
its markets and a track
record of financial success
and stability
Channel-first
We only sell to end users indirectly
through partners, who we have made
a major commitment to, and operate a
100% ‘channel-first’ sales strategy
18/
Cybersecurity made simple
�>60M
SMEs
estimated globally
29%
of subscriptions are
now in the cloud
24%
customers with >1
Sophos product
>$1BN
total subscription
renewal base
>7K
fast-growing and
productive blue-chip
partner base
How this creates value
for our stakeholders
For shareholders
Strong growth in subscriptions
allows for significant investment
in our business and free cash
flow generation
61%
12 month total
shareholder return
For customers
Customers benefit from
comprehensive, integrated,
enterprise-grade security and our
commitment to a strong future
product pipeline
140%
net renewal rate
For partners
We continue to make a
significant investment in our
partner network, providing tools,
training and support to enable
them to succeed
9,000
new Sophos channel
partners in FY18
For employees
We are committed to enabling
our employees to do the best
work of their careers at Sophos,
through active employee
engagement
87%
overall employee
satisfaction
/19
IntroductionGovernanceFinancial StatementsStrategic Report�Focus on Strategic Priorities
Innovative, simple, highly-
effective cybersecurity
solutions, all managed in
the cloud
Strategic Goals
Focus on
cybersecurity
Innovative, simple
and highly effective
solutions
Comprehensive
capabilities
Sophos continues to prioritise its
investment in research and
development as it delivers innovative
new capabilities and products at a
rapid pace in order to maintain its
leadership position. As the Group is
committed to IT security, it believes it
has an advantage over competitors
who often seek to address disparate
and unrelated areas of technology.
The Group’s industry-leading
technologies are amongst the most
innovative, advanced and effective
available in the market, but are simple
and easy to deploy, manage and use.
Sophos believes that simple,
integrated solutions deliver better
security and are easier to manage for
organisations of any size.
Sophos offers comprehensive
cybersecurity, and continues to make
progress on its multi-year strategy to
integrate these different products and
enable a synchronized security
approach for its customers.
Synchronized security delivers added
protection for customers in addition to
enhanced automation.
Strategic
commitment
to the cloud
100% channel
focused
The Group’s customers derive
significant benefits from Sophos
Central, the single integrated cloud-
based management and reporting
platform. Cloud technology underpins
the channel strategy and continues to
enhance Sophos’ partner-centric
management console. This enables
partners to easily manage, update and
configure the Sophos products, and to
drive cross-sell and upsell
opportunities.
Sophos is committed to its channel-only
sales strategy. The Group has grown its
partner ecosystem to more than 39,000
partners during the course of the year. It is
seeing considerable success in helping its
partners to be more productive and to
cross-sell and upsell to existing customers.
Over 7,000 of Sophos’ partners are now
blue-chip, demonstrating higher levels of
activity. Sophos is also helping a growing
number of partners as they develop
Managed Service Provider (“MSP”)
businesses, built around the Sophos
product portfolio.
20/
Cybersecurity made simple�Key Performance Indicators
The Group makes use of a number of Key Performance Indicators (“KPIs”) to measure its performance against
the Group’s strategy, as well as providing key inputs into modelling of future performance. Definitions of KPIs are
included in the Glossary and further explanation and reconciliation of non-GAAP measures are included in Note 4
of the financial statements.
Billings
FY18
FY17
FY16
$768.6M
$632.1M
$534.9M
Revenue
FY18
FY17
FY16
$640.7M
$529.7M
$478.2M
Billings represents the value of goods and services invoiced to
customers and is a key leading indicator of future revenue
performance.
Revenue reflects the element of billings recognised in the period.
The majority of billings are for subscription contracts that are
recognised rateably over the contract term.
Performance
Strong growth in all regions and products, partially aided by the
high-profile global ransomware attacks.
Performance
Growth has trended towards billings growth rates as prior-
period subscription billings are now converting to revenue.
See page 29 for a detailed review of billings.
See page 31 for a detailed review of revenue.
Cash EBITDA
Unlevered Free Cash Flow
FY18
FY17
FY16
$193.7M
$150.1M
$120.9M
FY18
FY17
FY16
$46.4M
$139.6M
$133.4M
Cash EBITDA provides visibility of earnings from the period, even
if the associated revenue for that period’s billings have not yet
been recognised.
Unlevered free cash flow represents the amount of cash
generated by operations after allowing for capital expenditure,
taxation and working capital movements.
Performance
Continued billings growth and leverage of the cost base
contributes to increase in cash EBITDA and cash EBITDA margin.
Performance
After a significant increase in FY17 unlevered free cash flow has
further improved, in line with the Board’s expectations.
Retention Rate
Renewal Rate
FY18
FY17
FY16
109%
106%
102%
FY18
FY17
FY16
140%
129%
109%
Retention rate, after upsell and cross-sell, is a measure of
long-term value of customer agreements and the Group’s ability
to retain end users
Renewal rate, including upsell and cross-sell, measures the
ability of the Group to retain end users in period and expand the
nature or volume of products used by them.
Performance
Growth in retention rate resulting from strong customer billings
and an increase in cross-sell.
Performance
Increase in renewal rate as the Group has successfully renewed
contracts with existing customers and further cross-sold other
products.
Endpoint/UTM Cross-sell
Weighted Average Contract Length
FY18
FY17
FY16
11.2%
9.6%
7.4%
FY18
FY17
FY16
27.6
28.1
27.8
The continued growth of the business partly depends on
successfully selling additional products and services to existing
customers.
The weighted average contract length, measured in months,
gives the Group an indication of the period over which future
revenue will be recognised.
Performance
Continued improvement in cross-sell rate as the Group has
demonstrated the benefit of synergies in management, support
and functionality, primarily through Sophos Central.
Performance
Stable weighted average contract length, with small decrease
due to a material contract previously disclosed in the prior-year.
/21
IntroductionGovernanceFinancial StatementsStrategic Report�Chief Executive Officer’s Statement
Our next-generation
technology and competitive
strength, position us well for
FY19 and beyond
Cybersecurity has never been more important
for enterprises of all sizes, and the demand
environment for our solutions has never
been stronger
Enduser Billings Growth
32%
Cloud Subscriptions Growth
112%
Total Subscription Base
>$1B
22/
Cybersecurity made simple�Commitment to Cloud
Cloud Platform Success
29%
Subscriptions in the cloud
175%
Sophos Central 3-year CAGR
For the fiscal year 2018 Sophos delivered another
successful result. Among the highlights, the Group
delivered 22 per cent growth in billings, a 21 per cent
increase in revenue, a 20 per cent increase in adjusted
operating profit, a 25 per cent increase in cash flow, and
a reduction in the operating loss. Loss before taxation
increased to $52 million, despite the improvement in
operating loss, largely a consequence of currency losses
on debt revaluation.
A key driver of billings growth was Sophos Central, the
company’s integrated cloud-based management platform,
which grew 112 per cent to $186 million. Sophos Central
has experienced dramatic growth from $1 million in FY14
through $9 million, $27 million, and $88 million, to be $186
million in FY18. We posted industry-leading retention rates
and reached the significant milestone of our subscription
renewal base now exceeding $1 billion. Sophos also saw
healthy growth in new customers as well, with our total
customer count now exceeding 300,000 customers,
growing by approximately 10,000 net new customers
per quarter.
“
The need for businesses to secure their
IT infrastructure and data has never been
greater, and the well-publicised cyber-
attacks of the past twelve months have
further raised awareness and
strengthened demand.”
Sophos is a recognised leader in the large and growing IT
security market, where we continue to post billings and
revenue growth rates that exceed the overall market
growth rate. We have a highly differentiated strategy to
deliver advanced, innovative, and highly-effective
cybersecurity solutions that at the same time are simple
and easy to manage by enterprises of any size, and entirely
sold through our global ecosystem of channel partners.
The need for businesses to secure their IT infrastructure
and data has never been greater, and the well-publicised
cyber-attacks of the past twelve months have further
raised awareness and strengthened demand. This was
particularly notable in the first half of our fiscal year when
the WannaCry and NotPetya attacks, among others,
brought into sharp focus the significance of the threat
posed to organisations by ransomware. Consequently,
customers have become especially focused on securing
their endpoints against these sorts of threats, and our
Enduser security business and particularly our next-
generation endpoint solution, Intercept X, have seen
strong growth as a result.
Technology and Innovation
Our focus on innovation continues to fuel our growth
and enabled us to deliver some of the most advanced
cybersecurity technology available in the industry,
consistent with our company mission statement: “To be
the best in the world at delivering innovative, simple, and
highly-effective cybersecurity solutions to IT professionals
and the channel that serves them”. In particular, we focused
on four key pillars that drive our billings performance and
security effectiveness: endpoint, firewall, Sophos Central,
and synchronized security.
“
In FY18 we delivered another successful
result, with 22 per cent growth in
billings, a 21 per cent increase in
revenue, a further improvement in both
adjusted operating profit and cash flow,
and a reduction in the operating loss.”
In FY18 we saw the first full-year contribution from
Intercept X, our next-generation endpoint solution which
is highly effective in protecting customers against
ransomware, exploits, and zero-day threats. We recently
integrated the deep-learning neural network technology
that the Group gained as part of our acquisition of Invincea
into the latest release of Intercept X, providing customers
with advanced artificial intelligence for unmatched
detection of previously unknown malware. Amongst
next-generation endpoint vendors, Sophos is in a unique
position to leverage industry-leading data science
capabilities from Invincea with the expertise and
knowledge built over decades within our SophosLabs
threat research group, in order to deliver best-in-class
detection rates combined with amongst the lowest false
positive rates in the industry. As a result, we are positioned
very attractively to be a leader in the dynamic and high-
growth market for next-generation endpoint solutions.
/23
IntroductionGovernanceFinancial StatementsStrategic Report
�Chief Executive Officer’s Statement continued
In October 2017 we launched Sophos XG Firewall version
17, a major new release offering enhanced performance
and usability and numerous new features and security
improvements, including Synchronized App Control, an
industry first that leverages the endpoint and firewall
working together to dramatically improve network traffic
visibility, reducing the security risks associated with
unidentified traffic.
We continued to invest in Sophos Central, a highly
differentiated platform that enables both more effective
security while simplifying management for our partners
as well as our end user customers. Sophos Central allows
individual Sophos security components including endpoint,
mobile, server, encryption, firewall, web, email, and Wi-Fi
to automatically communicate relevant information
with each other to form the foundation of what we call
synchronized security. Enhancements to Sophos Central
during the period include: management of Intercept X;
deeper integration of XG Firewall; management of Sophos
Mobile, Phish Threat, and device encryption; role-based
administration; improved integration with Microsoft Azure;
and Security Heartbeat for Linux servers. During the year,
we saw further strong adoption of Sophos Central by both
new and existing customers, with more than 66,000
customers using the platform today. Customers see
immediate benefits from the ease of use and efficiency
that Sophos Central brings, enabling them to seamlessly
manage all of their Sophos products through a single cloud
interface. Our channel partners leverage Sophos Central
not only as a differentiated offering to attract brand new
customers, but also to cross-sell and upsell existing
customers. In addition, a growing number of partners are
utilising the Sophos Central platform to offer managed
security services.
Among other notable new products and features, we added
CryptoGuard within Sophos Server Protection, enabling
signature-less detection capabilities as another layer of
protection to combat ransomware. Additionally, our
synchronized security capabilities on Sophos Central
Server Protection Advanced now enable IT administrators
to leverage the Sophos XG Firewall to automatically isolate
infected servers and endpoints and respond to potential
compromises more rapidly.
Channel Progress
One of our continuing strategic priorities is to invest in
developing and supporting our partner channel, building on
our “Channel First” go-to-market strategy, which is a key
differentiator compared to other IT security vendors that may
have mixed, unclear, and conflicting routes to market. Sophos
sells entirely through our channel partners, which allows us to
expand our reach and rapidly scale our business globally in a
cost-effective manner. Our overriding commitment to our
channel partners and their long-term success has been
validated not just by our billings growth and our growth in our
channel ecosystem, but also by numerous global awards,
where Sophos is recognised as the premier channel-focused
cybersecurity vendor.
We successfully grew our overall number of partners to
more than 39,000 partners, compared to 30,000 a year ago.
Encouragingly, the number of “blue chip” Sophos partners, our
most active and productive partners who conducted five or
more transactions in the prior six months, rose to over 7,000,
from 6,100 a year ago.
“
Sophos sells entirely through our
channel partners, which allows us to
expand our reach and rapidly scale
our business globally in a cost-
effective manner.”
The success of our channel strategy is reflected in our
rapid growth in new end user customers. Today, more than
300,000 organisations around the world are protected by
Sophos cybersecurity solutions, compared to 260,000 at the
end of March 2017. This impressive growth in our customer
base is strategically important to our business over the longer
term. When paired with our best-in-class renewal rates, this
steadily growing group of new customers builds upon our
future subscription renewal base and the deferred revenue on
our balance sheet, increasing the visibility we have over
billings and revenues. In turn, this also enables us to better
plan our investment in innovation and expansion, while also
improving margins.
We continue to make progress in our ongoing efforts to
enhance cross-sell and upsell, while we in parallel add new
customers. We ended the year with more than 11 per cent of
customers using both our UTM and Endpoint solutions, up from
under 10 per cent a year ago; and today more than 24 per cent
of our customers have more than one Sophos product, versus
21 per cent in FY17. Customers with more than one product
benefit from Sophos synchronized security, which enables
layers of protection and automation as Sophos products
actively share real-time contextual information. The success
of this strategy is also evident from our best-in-class renewal
rates, including cross-sell and upsell, which rose to 140 per
cent in the period, from 129 per cent in FY17.
24/
Cybersecurity made simple�Future Priorities
Sophos has grown rapidly in recent years, and we plan to
continue prioritising investment in technology and
innovation to deliver future expansion in line with our
objectives. We have a robust pipeline of exciting new
product innovation, especially in our strategic pillars of
next-generation endpoint, next-generation firewall, Sophos
Central, and synchronized security. Likewise, we continue
to invest in our channel-driven go-to-market strategy, with
new channel programs, systems, and marketing initiatives
to enhance Sophos’ brand awareness and visibility. From an
operational perspective, a key ongoing priority is to ensure
that we efficiently scale our business as we continue to
grow through appropriate investment in our people,
products, and channel.
Outlook
FY18 was a strong year for Sophos. Cybersecurity has
never been more important for enterprises of all sizes, and
the demand environment for our solutions has never been
stronger. We continue to take share in the market, as we
execute a differentiated strategy of delivering advanced
and highly-effective cybersecurity solutions designed to be
simple to use, managed in the cloud, and sold 100 per cent
through our channel partners. We have a massive market
opportunity in front of us. Our strong and growing
subscription base, our growth in new customers, our
next-generation technology in endpoint and firewall
combined with our Sophos Central cloud platform position
us well for FY19, and beyond.
Our continued growth and success are only possible
through the dedication and teamwork of our global team
of employees and partners, who work tirelessly every day
to support and protect our customers. Thank you for all you
do to make the world a safer place.
Kris Hagerman
Chief Executive Officer
16 May 2018
/25
IntroductionGovernanceFinancial StatementsStrategic Report�Key Product and Technology Developments
For the first time ever, we
can memorise the entire
observable threat universe
Deep Learning
Only Sophos has this critical combination of Labs Research and Data Science
Optimal
Models
Bi-Directional
Error
Correction
Massive
Data Sets
Accurate
Labels
Deep learning is the latest evolution of machine
learning. It delivers a massively scalable detection
model that is able to learn the entire observable threat
landscape. With the ability to process hundreds of
millions of samples, deep learning can make more
accurate predictions at a faster rate with far fewer
false-positives when compared to traditional machine
learning. Deep learning has less impact to system
performance and the capability to detect malware
within 20 milliseconds. Deep learning technology has
been integrated into the SophosLabs threat analysis
platform to further accelerate and automate the
identification and remediation of threats. Sophos has
also integrated the technology into the next-
generation endpoint protection product Intercept X,
and into Sophos Sandstorm, becoming the first
security company to provide artificial intelligence in
network security protection. The next-generation
sandboxing solution delivers an extra layer of security
against unknown malware and ransomware within
email or file downloads.
26/
DATA SCIENCECreate the most efficient algorithms for solving hard cybersecurity problemsDATA SCIENCE + LABSContinuously incorporate feedback to improve system accuracy and predictive powerLABSUse established Labs systems and processes to ensure labeling precisionLABSSource 100s of millions of samples for the best possible predictionsCybersecurity made simple�Sophos Central
Sophos XG Firewall
The integrated management platform of Sophos
Central continues to support the Group’s
synchronized security strategy and delivers the
promise of security made simple. Customers and
partners are able to seamlessly manage multiple
combinations of critical security services from a
single management screen. The further integration
of Sophos XG Firewall in late 2017 has enabled an
unmatched level of network traffic visibility when
used with Sophos Endpoint Protection or Intercept
X. Features added to Sophos Central include device
encryption and role based administration. The
following products are currently available through
Sophos Central: Sophos Endpoint Security, Sophos
Intercept X, Sophos XG Firewall, Sophos Mobile,
Sophos Server Protection, Sophos Synchronized
Encryption, Sophos Wireless, Sophos Email Security,
Sophos Web Security, and Sophos Phish Threat.
In October 2017, Sophos released the latest version
of its XG Firewall with the industry’s first
Synchronized App Control that enables it to identify
all traffic on the network. Using synchronized
security to obtain information from the endpoint, XG
Firewall can identify, classify and allow the control of
all previously unknown applications active on the
network, including those without signatures or
which are using generic HTTP or HTTPS
connections. Synchronized App Control on XG
Firewall is a significant breakthrough to reduce the
security risks associated with unidentified traffic.
Sophos Intercept X
Sophos for Amazon and Azure
Within 12 months of the acquisition of Invincea,
Sophos introduced the latest version of Intercept X.
This next-generation endpoint security product now
has malware detection powered by an advanced
deep learning neural network. The further inclusion
of new active-hacker mitigation, advanced
application lockdown, and enhanced ransomware
protection has boosted Intercept X to previously
unseen levels of detection and prevention.
Sophos provides server and network security for
hosted environments in Amazon Web Services and
Microsoft Azure. This past year, Sophos added
Sophos Server Protection for Azure. When used with
Sophos XG Firewall on Azure, Sophos synchronized
security technology will coordinate defences against
cyber threats attacking multiple vectors, including
Virtual Machines running in Azure.
Sophos Mobile
Sophos Server Protection
In February, Sophos announced that Sophos Mobile
was now fully available through Sophos Central, and
when used in conjunction with Sophos Endpoint
Protection or Intercept X can provide IT
administrators with a unified endpoint management
capability for Android, iOS, Windows and Mac that
standardises access and permissions, and updates
management for employees, regardless of the
device they choose to access the network.
Sophos closed a critical gap in network security by
preventing ransomware attacks that could come in
through rogue, guest or remote access users by
adding CryptoGuard to Sophos Server Protection.
Servers are high-value targets as they contain
proprietary financials, personally identifiable
information and other key data, and become
vulnerable when compromised devices connect to
the network.
/27
IntroductionGovernanceFinancial StatementsStrategic Report�Financial Review
Another strong performance
across all key metrics
The table below presents the Group’s financial highlights on a reported currency basis:
Billings
Revenue
Cash EBITDA
Loss before taxation
Unlevered free cash flow
Net cash flow from operating activities
FY18
$M
768.6
640.7
193.7
(52.3)
139.6
147.7
FY17
$M
632.1
529.7
150.1
(49.3)
133.4
118.5
Change
%
21.6
21.0
29.0
6.1
4.6
24.6
Definitions and reconciliations of non-GAAP measures are included in note 4 of the financial statements and the glossary
Billings growth was strong in the fnancial
year-ended 31 March 2018 (“FY18”), reflecting
an acceleration in the frst-half and a return
to trend in the second-half of the year at
constant currency
Revenue
$641M
(FY17: $530M)
Loss After Taxation
$66M
(FY17: $47M)
Net Cash Flow From Operating
Activities
$148M
(FY17: $119M)
28/
Cybersecurity made simple�Revenue growth accelerated, as expected, driven by deferred
revenue as prior-period subscription billings were recognised
as revenue. Cash generation remained strong, with cash flow
from operations up 24.6 per cent for the year.
Billings at reported exchange rates increased by 21.6 per cent
to $768.6 million, within which subscription billings grew 25.6
per cent to $644.2 million. Reported revenue grew 21.0 per
cent with subscription revenue growing at 25.5 per cent.
The loss before taxation increased to $52.3 million, from
$49.3 million in the prior-year, being particularly impacted by
foreign exchange losses that amounted to $16.5 million,
compared to a net gain in the prior-year of $3.0 million,
resulting from the strengthening of both sterling and the Euro
against the US Dollar. The Group’s loss for the year increased
by $19.6 million to $66.3 million in the year-ended 31 March
2018 due to changes in both current and deferred tax,
resulting in a net charge in the current-year as opposed to
a net credit in the prior-year.
The deferred revenue balance at 31 March 2018 of $755.7
million compared to $581.0 million at the end of the prior-
year, with the increase primarily reflecting growth in
subscription billings as well as a foreign exchange benefit
of $46.8 million, following the strengthening of sterling and
the Euro against the US Dollar year-over-year. The growth in
deferred revenue provides visibility over future revenues, with
$423.9 million of the balance due to be recognised in less
than one year, an increase of 28.2 per cent over the prior-year.
Billings
The Group’s reported billings increased by $136.5 million
from $632.1 million in the year-ended 31 March 2017 to
$768.6 million in the year-ended 31 March 2018, with
continued growth in all regions and products, as detailed in
the table below. This represented a 21.6 per cent reported
growth rate or 18.5 per cent growth rate on a constant
currency (“CC”) basis.
Billings by Region
Americas
Americas billings increased by $52.4 million to $270.0
million in the year-ended 31 March 2018, representing
24.1 per cent growth on a reported basis and 24.0 per cent
on a constant currency basis, driven by Enduser, including
continued adoption of the Sophos Central platform.
FY18
$M
(Reported)
FY17
$M
(Reported)
Growth
%
(Reported)
Growth
%
(CC)
Billings by Region:
– Americas
– EMEA
– APJ
Billings by Product:
– Network
– Enduser
– Other
Billings by Type:
– Subscription
– Hardware
– Other
270.0
395.1
103.5
768.6
353.4
383.2
32.0
768.6
644.2
113.7
10.7
768.6
217.6
319.5
95.0
632.1
311.5
289.7
30.9
632.1
513.1
105.7
13.3
632.1
24.1
23.7
8.9
21.6
13.5
32.3
3.6
21.6
25.6
7.6
(19.5)
21.6
24.0
18.0
7.5
18.5
9.8
29.6
2.3
18.5
22.5
3.7
(20.8)
18.5
/29
IntroductionGovernanceFinancial StatementsStrategic Report�Financial Review continued
EMEA
EMEA billings increased by $75.6 million to $395.1 million in
the year-ended 31 March 2018, representing 23.7 per cent
growth on a reported basis and 18.0 per cent growth on a
constant currency basis. We continued to see rapid adoption
of the Sophos Central platform in the region and customer
demand for next-generation endpoint was particularly
strong which, along with growth in Network, contributed to
the year-over-year increase.
APJ
APJ billings increased by $8.5 million to $103.5 million in the
year-ended 31 March 2018, representing 8.9 per cent
growth on a reported basis and 7.5 per cent growth on a
constant currency basis, growth in the region being more
balanced between Enduser and Network products.
Billings by Product
Network Products
The Group’s billings attributable to Network products
increased by $41.9 million to $353.4 million in the year-
ended 31 March 2018, representing 13.5 per cent growth on
a reported basis and 9.8 per cent on a constant currency
basis, driven by UTM and Wireless.
Enduser Products
The Group’s billings attributable to Enduser products
increased by $93.5 million to $383.2 million in the year-
ended 31 March 2018, representing 32.3 per cent growth
on a reported basis and 29.6 per cent growth on a constant
currency basis. The continued adoption of Intercept X, the
Group’s next-generation endpoint solution, and the Sophos
Central platform by new customers has supported the
Enduser year-over-year billings growth, which benefited
in the first half of the year from the worldwide impact of
various high-profile ransomware attacks.
Billings by Type
Subscription billings increased by $131.1 million to $644.2
million in the year-ended 31 March 2018, representing a
25.6 per cent growth on a reported basis and 22.5 per cent
growth on a constant currency basis. Sophos Central billings
were a key driver for this growth with billings of $185.6
million, more than doubling on the prior-year, and increasing
to 28.8 per cent of all subscription billings. Hardware billings
increased by 7.6 per cent to $113.7 million and consequently,
following the strong growth in subscription-billings, declined
marginally as a proportion of total Group billings.
Key Billings Metrics
Billings from New Customers
Billings from new customers, excluding OEM, remained
broadly consistent at 24 per cent of total billings (FY17: 25
per cent) with a growth of 23 per cent on a reported basis.
Retention and Renewal Rates
The Group’s net retention and renewal rates include the
impact of cross-selling and upselling, which helps the Group
evaluate the success of its strategy to broaden the sales of
its product portfolio to existing customers. The Group’s net
retention rate improved in the period from 106.3 per cent in
the year-ended 31 March 2017 to 109.2 per cent in the
year-ended 31 March 2018. The Group’s renewal rate
increased to 139.7 per cent from 128.9 per cent, driven by
Enduser products, and Intercept X cross-sell in particular,
with demand further benefiting from high-profile
ransomware attacks in the first half of the financial year.
Billings by Size
Sophos’ products are designed for the Group’s target
market, specifically mid-market enterprises with fewer
than 5,000 employees, although the products are frequently
also bought by larger enterprises. In the current-year, the
proportion of billings derived from the mid-market increased
to 85 per cent from 83 per cent.
Billings by Length of Contract
Subscription agreements sold by the Group are of differing
durations, with the majority of contracts typically of one
to three years duration. The last twelve months weighted
average contract length, which provides an indication of the
period over which future revenue will be recognised, was
27.6 months for the year-ended 31 March 2018, a small
decrease on the 28.1 months for the year-ended 31 March
2017. The reduction was principally due to a material
longer-term contract with an existing customer reported
in the prior-period.
The billings analysis of contracts by subscription length for
each year was as follows:
Constant currency
Under one year
One to two years
Two to three years
Greater than three years
FY18
%
34.4
7.0
47.9
10.7
FY17
%
34.3
7.5
46.0
12.2
30/
Cybersecurity made simple�Revenue Growth
Deferred Revenue Growth
+21.0%
+30.1%
Cross-Sell and Upsell Opportunities
As the threat landscape evolves, and the Group continues
to innovate, there is an opportunity to cross-sell additional
products and services, or to upsell enhanced versions
of products or additional end user licences to existing
customers.
The Group saw a further improvement in the percentage
of customers who own both a Sophos Endpoint and UTM
product. At 31 March 2018, approximately 11.2 per cent of
the Group’s more than 300,000 customers had both a UTM
product and an Endpoint product; this compares to 9.6 per
cent of the Group’s 260,000 customers at 31 March 2017, or
around an additional 9,000 customers with both products in
the year.
Revenue and Deferred Revenue
The Group’s revenue increased by $111.0 million, or 21.0 per
cent, to $640.7 million in the year-ended 31 March 2018. In
constant currency, revenue grew by 18.2 per cent, excluding
the benefit derived from the strengthening of sterling and
the Euro against the US Dollar in the year.
The majority of the Group’s billings relate to subscription
products (FY18: 83.8 per cent; FY17: 81.2 per cent), with
revenue deferred and recognised over the lifetime of the
contract. Revenue in the period of $640.7 million comprised
$341.5 million from the recognition of prior-period deferred
revenues and $299.2 million from in-period billings. The
deferred revenue balance at the end of the year of $755.7
million increased by 30.1 per cent, or $174.7 million. This
was due to a net deferral of billings over the year of $127.9
million and a net currency revaluation of $46.8 million, as a
consequence of the strengthening of the Euro and sterling
against the US Dollar.
Revenue in the Americas increased by 20.4 per cent to
$225.1 million in the year-ended 31 March 2018 due to
growth in Enduser, which has continued to benefit from
the growth in the Sophos Central platform.
EMEA revenue increased by 23.3 per cent to $324.5 million
in the year-ended 31 March 2018, with growth in both
Enduser and Network revenue, the former particularly
benefiting from uptake of the Sophos Central platform.
APJ revenue increased by 14.3 per cent to $91.1 million in
the year-ended 31 March 2018, growth being balanced
between both Enduser and Network products.
FY18
$M
(Reported)
FY17
$M
(Reported)
Growth
%
(Reported)
Growth
%
(CC)
Revenue by Region:
– Americas
– EMEA
– APJ
Revenue by Product:
– Network
– Enduser
– Other
Revenue by Type:
– Subscription
– Hardware
– Other
225.1
324.5
91.1
640.7
315.6
294.7
30.4
640.7
515.3
114.2
11.2
640.7
186.9
263.1
79.7
529.7
271.2
231.6
26.9
529.7
410.7
106.7
12.3
529.7
20.4
23.3
14.3
21.0
16.4
27.2
13.0
21.0
25.5
7.0
(8.9)
21.0
20.2
18.2
13.3
18.2
12.9
25.0
12.3
18.2
22.9
3.2
(10.7)
18.2
/31
IntroductionGovernanceFinancial StatementsStrategic Report�Financial Review continued
Cost of Sales
Amortisation of Intangible Assets
The Group’s cost of sales increased by $22.0 million, or 18.1
per cent, to $143.3 million in the year-ended 31 March 2018.
Growth in cost of sales is substantially driven by growth in
sales of Network products, which have a hardware
component, and natural growth in other costs associated
with supporting the Group’s products and services, which
grow as the Group grows, albeit at a slower rate.
Sales and Marketing
The Group’s sales and marketing expenses increased by
$38.4 million, or 18.2 per cent, to $249.0 million in the
year-ended 31 March 2018. Sales and marketing expenses
are targeted to increase at below the rate of billings growth
to enable them to continue to support the business and
channel whilst also allowing for growth in profitability as the
Group continues to expand.
Research and Development
The Group’s research and development expenses
increased by $28.0 million, or 23.8 per cent, to $145.8
million in the year-ended 31 March 2018. The Group
continues to focus on enhancing its products to address
the evolving threat landscape and the significant market
opportunity that exists. This strategic focus is further
supported by targeted technology acquisitions. Research
and development expenditure is broadly expected to grow
at the rate of billings.
General Finance and Administration
The Group’s general finance and administration expenses,
excluding exceptional items, foreign exchange and the
amortisation of intangible assets, increased by $17.4
million, or 24.2 per cent, to $89.2 million in the year-ended
31 March 2018. The increase was partially due to a higher
share-based payment expense, which increased by $9.8
million to $42.3 million, as the run-rate continued to
stabilise in the three-year period post the initial public
offering of the Company’s shares and as a consequence of
the impact on cash-settled schemes of a higher share
price. The balance of the increase was due to underlying
general finance and administration expenses which
increased by 19.3 per cent to $46.9 million, marginally
decreasing as a proportion of billings.
The Group’s exceptional items, included within general
finance and administration expenses, decreased by $18.2
million to $13.2 million in the year-ended 31 March 2018.
Current-year exceptional items relate primarily to
restructuring and integration costs. Prior-year exceptional
items predominantly related to expenses incurred in
connection with the defence of certain claims brought
against the Group in relation to the intellectual property
litigation case brought by Finjan Inc.
The Group’s amortisation of intangible assets increased
by $5.3 million, or 26.6 per cent, to $25.2 million in the
year-ended 31 March 2018. The increase was due to the
amortisation of intangibles added as part of the acquisition
of Invincea, Inc, which completed on 21 March 2017.
Currency Movements and Impact
The Group’s foreign exchange loss was $6.9 million in the
year-ended 31 March 2018, compared with a loss of $1.2
million in the year-ended 31 March 2017. The loss was due
to the strengthening of the Euro and sterling against the
US Dollar.
Cash EBITDA
Cash EBITDA increased by 29.0 per cent to $193.7 million
in the year-ended 31 March 2018. Cash EBITDA margins
increased year-over-year to 25.2 per cent from 23.7 per cent
in the prior-year due to both the growth of billings and the
planned management of sales and marketing costs. The
reconciliation of Cash EBITDA to operating loss is included
in note 3 of the Financial Statements.
Adjusted Operating Profit
Adjusted operating profit increased by $7.8 million to $46.1
million in the year-ended 31 March 2018. The increase was
driven by strong revenue growth, as prior-period billings
were recognised as revenue and operating leverage as the
business continues to scale. This was partially offset by a
$5.7 million increase in the foreign exchange loss, reflecting
the strengthening of sterling and Euro in the year. The
reconciliation of adjusted operating profit to operating loss
is included in note 3 of the Financial Statements.
Operating Loss
The Group’s operating loss improved to $31.9 million in the
year-ended 31 March 2018, compared to a loss of $44.3
million in the prior-year. This improvement was achieved
because of strong revenue growth, as noted above, and the
decrease in exceptional costs being partly offset by
increases in amortisation, share-based payment expenses,
and foreign exchange.
Net Finance Costs
The Group’s net finance costs increased by $15.4 million to
$20.4 million in the year due to foreign exchange losses on
Euro denominated debt following the weakening of the US
Dollar in the period, resulting in a $9.6 million loss
compared to a $4.2 million gain in the prior-year.
Underlying net interest charges increased to $8.7 million
from $7.8 million in the prior-year, in part due to the
increase in the drawn portion of the revolving credit facility
entered into at the end of the prior-year, which has been
fully repaid during the current-year.
32/
Cybersecurity made simple�Income Taxation
Change in Working Capital
The Group’s tax charge for the year was $14.0 million (FY17: $2.6
million credit) with an effective taxation rate of -26.8 per cent
(FY17: 5.3 per cent). The charge arises against a reported loss for
the Group and includes $5.4 million arising on the enactment of
the US Tax Cuts and Jobs Act rate change being applied to
deferred tax assets on the balance sheet.
Working capital is closely monitored by the Group, the
year-on-year change results from timing of payment of
payable balances offset by a decrease in debtor days
outstanding to 41 days (FY17: 42 days), despite the
growth in billings.
Loss Before Taxation and Loss for the Period
The loss before taxation increased to $52.3 million from
$49.3 million in the prior-year, whilst the Group’s loss for the
year increased by $19.6 million, from a loss of $46.7 million in
the year-ended 31 March 2017, to a loss of $66.3 million in the
year-ended 31 March 2018. This principally reflects the
increase in net finance costs, operating foreign exchange
differences and taxation charge noted above.
Cash Flow
Net cash flow from operating activities increased to $147.7
million from $118.5 million in the prior-year. This strong
performance benefited from a number of factors, including
the growth in billings, planned cost control, a decrease in
exceptional items and a continued focus on working capital
management. Unlevered free cash flow increased modestly on
the prior-year, in line with the Board’s expectation, as working
capital levels normalised.
Cash EBITDA1
FY18
$M
193.7
FY17
$M
150.1
Net deferral of revenue
(127.9)
(102.4)
Foreign exchange
Depreciation
Adjusted operating profit
Net deferral of revenue
Exceptional items 2
Depreciation
Foreign exchange
Change in working capital 1
Corporation tax paid 1
Net cash flow from
operating activities
Exceptional items 2
Net capital expenditure 1
Unlevered free cash flow
(8.1)
(11.6)
46.1
127.9
(13.0)
11.6
8.1
(10.9)
(22.1)
147.7
13.0
(21.1)
139.6
–
(9.4)
38.3
102.4
(31.4)
9.4
–
19.0
(19.2)
118.5
31.4
(16.5)
133.4
1
2
Unlevered free cash flow represented by the sum of the marked rows and has
been presented to enhance understanding of the Group’s cash generation
capability.
Excludes $0.2 million non-cash fair-value adjustment on contingent
consideration
Capital Expenditure
Capital expenditure primarily comprises property, plant and
equipment as well as intangible assets. In the year-ended
31 March 2018, net capital expenditure increased by $4.6
million, mainly as a consequence of investment in the
purchase of intellectual property to strengthen the Group’s
network products.
Cash Taxation
Cash tax remains payable as a consequence of profits in
local subsidiaries. Corporation tax paid of $22.1 million is
higher than in the prior-year (FY17 $19.2 million) due to the
increasing profits in local subsidiaries and in light of changes
in the global tax environment. The Group receives the
benefit of research and development expense credits of
$5.1 million in the UK, US and Canada (FY17 $5.4 million).
Financing
In the prior-year the Group agreed an additional $40.0 million
revolving credit facility with its existing lenders, which at the
end of the prior-year was fully drawn along with $10.0
million from the original revolving credit facility. These
drawings were made to partially finance the acquisition of
Invincea, Inc. at the end of March 2017. During the current-
year both revolving credit facilities have been fully repaid.
Dividends
The Directors propose to pay a final dividend in respect of
the year-ended 31 March 2018 of 3.5 US Cents per share
(FY17: 3.3 US Cents). This, combined with the interim
dividend, gives a total dividend for the year of 4.9 US Cents
(FY17: 4.6 US Cents). Subject to shareholder approval the
final dividend will be paid on 12 October 2018 to all
shareholders on the register on 21 September 2018.
Nick Bray
Chief Financial Officer
16 May 2018
/33
IntroductionGovernanceFinancial StatementsStrategic Report�Principal Risks and Risk Management
Principal risks are identified
through a business wide
risk assessment process
The risk review process encompasses
the identification, management and
monitoring of risks in each area of the
business. This process includes an
assessment of risks to determine the
likelihood of occurrence, potential
impact and the adequacy of the
mitigation or controls already in place.
A review is then undertaken by the Risk
and Compliance Committee (“RCC”),
which evaluates the principal risks of
the Group with reference to its strategy
and the operating environment.
The Audit and Risk Committee
monitors and challenges these
processes, reviewing the Group’s
Consolidated Risk Register and reporting
material risks to the Board. There may be
other risks or uncertainties that could
emerge in the future, however the
Group’s ongoing commitment to risk
management will seek to address and
mitigate the future risks, as and when
they become apparent.
Structure of risk management
RES
P
O
SOPHOS GROUP
PLC BOARD
AUDIT AND RISK
COMMITTEE
L
O
R
T
N
O
C
E
V
I
T
C
E
F
RISK AND
COMPLIANCE
COMMITTEE
INTERNAL AUDIT
BUSINESS
FUNCTIONS
F
E
R
O
F
Y
T
I
L
I
B
INTEGRATED BUSINESS
RISK MANAGEMENT
N
S
I
B
I
L
I
T
Y
F
O
R
R
I
S
K
M
A
N
A
G
E
M
E
N
T
M
A
N
A
G
E
M
E
N
T
T
E
A
M
S
E
N
O
R
I
A
T
N
ACCOU
The Directors consider the following matters to be the principal risks and uncertainties (in no specific order)
affecting the Group:
Risk 1: Recruitment and retention of key personnel
How it impacts us
What we are doing about it
The ongoing success of Sophos is
dependent on attracting and retaining
global high-quality employees at all levels
in the business who can effectively
implement the Group’s strategy.
Failure to attract, retain or develop high
quality employees across the business
could limit the Group’s ability to deliver
its business plan.
Making Sophos a great place to work is central to the Group’s strategy.
Sophos is increasing its commitment to diversity and inclusion
by introducing new programs to attract and develop women in
technology.
Sophos is committed to strong recruitment processes supported
by robust remuneration programs which are benchmarked
appropriately.
Additionally, Sophos has a commitment to all levels of training and
development throughout the organisation.
Reward schemes are continuously evaluated to drive and reward
performance and ensure retention of key talent.
Annual employee engagement surveys enable progress of the
Group’s people actions to be monitored, areas of improvement
identified, and necessary actions performed.
Risk
movement
34/
Cybersecurity made simple
�Risk 2: Defects or vulnerabilities in products or services
How it impacts us
What we are doing about it
Sophos is committed to extensive test cycles and quality
procedures which are subject to continuous improvement.
Sophos employs combinations of internal and external quality
reviews and testing of products, including source code reviews,
public and private 3rd party efficacy testing, automated code tests
and various forms of penetration testing. The Group encourages a
healthy collaboration with the security research community, as
described in the Responsible Disclosure Policy: www.sophos.
com/security
Sophos continues to run a Bug Bounty program to leverage the
skills of thousands of individuals to help make its products and web
properties more secure. The Group sees good activity from the
research community, allowing it to resolve software defects before
they can be exploited by attackers. This and other measures have
allowed the Group to slightly reduce this risk.
Further, Sophos protects the privacy and security of its customers
worldwide through its pledge to never engineer backdoors into its
products as described here: www.sophos.com/nobackdoors.
The Group’s products and services are
complex, and as such they have
contained, and may in the future contain,
design or manufacturing defects or
errors that are not detected until after
their commercial release and
deployment by end customers. These
defects could cause the Group’s
products or services to be vulnerable to
security attacks, cause them to fail to
help security networks, temporarily
interrupt end customers’ networking
traffic, and fail to prevent or detect
viruses or similar threats. Further, due to
the evolving nature of threats and the
continual emergence of new threats, the
Group may fail to identify and update its
threat intelligence or other virus
databases in time to protect its end
customers’ networks and devices.
As a result, actual or perceived defects
or vulnerabilities in the Group’s products
or services, the failure of the Group’s
products or services to prevent a security
threat could harm the Group’s reputation
and divert the Group’s resources.
Risk 3: False detection of threats
How it impacts us
What we are doing about it
Sophos strives for continuous improvement in its world class
SophosLabs threat research operation. The Group invests in
ongoing staff training and process optimisation, as well as
enhancements to testing and quality systems and procedures.
In 2017, Sophos developed and launched a new reputation-based
false positive suppression system to complement the introduction
of its “Deep Learning” artificial intelligence predictive modules in its
products. Additionally, there is proactive focus on improvement of
processes to enable early detection of a false positive event, as well
as applying a ‘lessons learnt’ approach through root cause analysis.
Sophos acknowledges the inherent risk associated with a false
positive incident within the industry and is committed to ensuring
there are mitigating processes in place to manage any incident, large
or small, in order to minimise the impact on the Group’s customers.
The Group’s products may falsely detect
threats or malware that do not actually
exist in applications or content based on
the Group’s classification of application
type, virus, malware, vulnerability
exploits, data or URL categories (known
as ‘false positives’). These false
positives, while inherent in the Group’s
industry, may impair the perceived
reliability of the Group’s products and
may therefore adversely impact market
acceptance of the Group’s products.
If the Group’s products restrict important
files or applications based on falsely
identifying them as malware or some
other item that could be restricted, this
could adversely affect end customers’
systems and cause material system
failures. Any such false identification of
important files or applications could
result in negative publicity, damage to
the Group’s reputation, loss of end
customers and sales, increased costs to
remedy any problem and risk of litigation,
any of which could materially adversely
affect the Group’s financial condition and
operating results.
Risk
movement
Risk
movement
/35
IntroductionGovernanceFinancial StatementsStrategic Report�Risk
movement
Risk
movement
Principal Risks and Risk Management continued
Risk 4: IT security and cyber risk
How it impacts us
What we are doing about it
Sophos has a dedicated cybersecurity team focused on identifying
risks related to cyber-attack and planning appropriate protection,
detection, response and recovery mechanisms. The Group is
focused on day-to-day active monitoring and hunting for threats,
improving response processes and implementing continual
improvements to governance, technology and education and
awareness programs.
Sophos continues to increase its investment in cybersecurity.
As a provider of IT security products, the
Group is a natural cyber-attack target.
The Group’s networks and products may
have vulnerabilities that have from time
to time been, and may in the future be,
targeted by attacks specifically designed
to disrupt the Group’s business and harm
the Group’s reputation.
If an actual or perceived breach of
security occurs in the Group’s internal
systems, it could adversely affect the
market perception of the Group’s
products. In addition, a security breach
could affect the Group’s ability to operate
its business, including the Group’s ability
to provide support services to end
customers.
Risk 5: Product portfolio management
How it impacts us
What we are doing about it
Sophos has an extensive number of
products, enhanced further by acquired
technologies. The extent of investment in
each product needs to be managed and
prioritised taking into account the
expected future prospects. Additionally,
consideration must be given to the ability
to be able to adequately support the
entire product range.
Failure to manage the product portfolio
adequately could result in inappropriate
investment focus in relation to research
and product innovation. This could result
in products that do not meet the
requirements of customers or partners
and the risk they will look to alternative
solutions, resulting in the potential loss of
both new and existing revenue streams.
Failure to protect the Group’s intellectual
property could adversely affect the
ability of the Group to operate in its
markets.
Additionally, insufficient focus on key
research and innovation projects may
damage the long-term growth prospects
of the Group.
Sophos continue to focus on and improve the interaction between
Product Management, Product Development, Sales and Marketing
and all Support functions in an integrated product development
approach.
Internal processes are run to identify opportunities for
standardisation and consistency across product lines. This helps
eliminate redundancies, reduce development and support costs,
and improve partner and customer experiences through a more
predictable and coherent product portfolio.
Sophos is working to bring all products under a single cloud
management platform to deliver a common management
experience for the portfolio and a comprehensive solution that will
encourage existing customers using on premise products to
migrate to cloud management. The Group is also working on the
portability of the cloud infrastructure in order to address any
privacy or data sovereignty issues that its customers/partners
might face.
Additionally, during the current financial year, Sophos have
consolidated the Network Security Group (NSG), Enduser Security
Group (ESG) and the Central Platform Group (CPG) under single
leadership in order to improve synchronized security, cross
business unit interlock and investment efficiencies.
The Group takes all appropriate opportunities to protect its
intellectual property and brands.
Sophos customer and partner communities continue to be
invaluable resources in guiding portfolio management decisions.
They provide immediate and constant feedback on how well
Sophos is meeting its requirements, improvements that Sophos
can make to its current offerings and opportunities for portfolio
consolidation or expansion.
36/
Cybersecurity made simple�Risk 6: Disruption to day-to-day Group operations
How it impacts us
What we are doing about it
Sophos is at risk of disruption to its
day-to-day operations from a disaster
incident which may seriously impact IT
systems or access to office space.
A failure in the operation of the Group’s
key systems or infrastructure on which
the Group relies could cause a failure of
service to its customers and negatively
impact the Sophos brand.
Incident management procedures and escalation processes are in
place as well as maintaining security, business continuity and
disaster recovery plans.
Whilst Sophos continues to make significant investments in the
technology and infrastructure of the Group, the risk has increased
due to the growing demand and reliance on cloud delivery for the
Group’s products.
Risk
movement
In concluding on the risks and uncertainties that are considered to be significant for the Group the Directors assess a wide
range of issues, which included the following that are not considered to be principal risks:
Brexit
Following the decision by the UK population to exit, in due course, from the European Union (“Brexit”), the Directors have
continued to keep under consideration the expected impact of Brexit on the Group. The Group operates internationally with
a diverse geographic spread which results in only 12 per cent of the Group’s revenue being sourced from the UK. Whilst the
fluctuations in the sterling exchange rate impacts on those UK revenues these are, to a degree, balanced with sterling
denominated costs which mitigates the impact on the US Dollar functional currency of the Group. The exact nature of the
trading arrangements between the UK and the EU subsequent to the UK’s exit from the EU currently remains uncertain and
as a consequence the Directors have considered a number of scenarios and the Group’s potential responses to them. This
scenario planning has included anticipating changes to the operations of the Group and its supply chain, which are not
considered to be significant or posing a heightened risk to the Group. The impact of Brexit on the current and future
employees has also been considered and while there may be some disruption or changes in the UK, these are not currently
anticipated to materially affect one of the Group’s principal risks, the ‘Recruitment and retention of key personnel’.
Patent Infringement
In addition, the Directors consider the risk of claims of patent infringement against the Group’s products, which is
considered to be a software industry-wide risk. The risk is not considered to be a standalone principal risk and is instead
factored into the Directors’ consideration of ‘Product portfolio management’, which is a principal risk.
/37
IntroductionGovernanceFinancial StatementsStrategic Report�Corporate Responsibility Report
Sophos is committed to
defending its customers against
criminal activity and acting as a
responsible business
Approach
Identifying Priorities
With over 300,000 customers around the world, Sophos
recognises the responsibility it holds in providing the right
tools to protect its clients and educate them on the
importance of digital security. The Group’s business model
is built on securing its customers from the risks of
cybercrime by offering innovative, simple and highly
effective cybersecurity solutions.
Beyond the impact of Sophos’ own products and services,
the Group recognises the duty it has in conducting its
business activities in a responsible way. With over 3,300
employees across more than 40 offices, it is vital that the
Group maintains the highest standards of conduct. To
achieve this, Sophos focuses on operating openly and
transparently, treating its people fairly, creating a diverse
culture and reducing its environmental impacts.
In the year, the Group further enhanced its commitment to
Corporate Responsibility (“CR”) by undertaking a detailed
materiality assessment. Over the coming year, work will
continue on further establishing the Group’s CR strategy
and improving measurement across key areas of focus.
In 2018, Sophos worked with a third party to undertake
a desk-based materiality exercise. The objective of the
assessment was to rank and prioritise CR issues from the
perspective of business impact and stakeholder interest,
to better understand the areas where the Group can
make a positive difference.
Guided by the Global Reporting Initiative (“GRI”)
Standards and Accountability’s Five-Part Materiality
test, the approach undertaken involved ranking and
assessing a broad range of CR issues before selecting
20 material topics. These topics form the basis of the
Group’s approach to corporate responsibility reporting
and four pillar CR framework. Work will continue into
2018 to develop the Group’s overall CR strategy and
focus areas.
Sophos CR Framework
Securing
customers
Engaging
people
Enhancing
communities
Protecting the
environment
Simplicity
Empowerment
Passion
Innovation
Authenticity
Underpinned by our values
38/
Cybersecurity made simple�Managing Corporate Responsibility
Ultimate responsibility for Sophos CR activities lies with
the Senior Management Team (“SMT”) who set the Group’s
strategic approach, develop key policies and coordinate
activities. The SMT is comprised of the Chief Executive
Officer, Chief Financial Officer and other individuals who
head up key Group functions.
The Group’s functional heads take leading roles in key
strategic CR areas such as Gender, HR and Environmental
Management. The SMT are also responsible for ensuring
global compliance with key internal and external policies
including:
• Anti-human trafficking and slavery policy
• Diversity policy
• Anti-corruption and bribery policy
• Whistleblowing policy
• UK modern slavery act
The SMT support the Audit and Risk Committee and the Risk
and Compliance Committee (“RCC”) in ensuring compliance
with the Code of Conduct, as well as financial compliance
and global risk management (see page 34). Moving forward
the Group aims to implement a CR Steering Committee to
reinforce commitment to corporate responsibility and
promote strategic action across the organisation.
Engaging with Key Stakeholders
Communicating with key stakeholders is vital in helping to
better understand their needs and requirements. The Group
conducted several engagement activities throughout 2017,
to encourage two-way dialogue with key stakeholder
groups. Local offices also play a significant role in forming
lasting relationships with local stakeholders, including
community members.
All of the above policies can be found at:
www.sophos.com
Key
Stakeholders
Channel
Partners
Engagement Channels
Key Activities in the Year
• Channel-best commitment to have channel-
• Partner conferences for Americas, EMEA and APJ
excellence and industry-best at the Group’s core
with CEO and SMT speakers
•
Industry-leading partner program
• Launch of regional partner programs tailored to
• Partner conferences and global events
• Dedicated partner portal
• Partner advisory councils
• Webinars and live online events including product
and threat landscape training
MEA, and Eastern Europe partners
• Partner advisory meetings in key markets
End Customers • Community and support forums
• “Man from Sophos” roadshow in Australia
• Social media engagement
• Customer events across all major US, EMEA and APJ
• Dedicated and targeted product communications
markets
• VIP Newsletter and Sophos News updates
• Daily industry news service – NakedSecurity
• Tour across Central Europe with Sophos truck
• Sophos Home Premium launched
• Free tools for home use (Sophos Home, XG Firewall,
Sophos Mobile)
• Enduser events in key markets
• Webinars and live online events
Employees
•
Intranet site “Sophos Hub” for collaboration,
communication and information
• Annual employee survey
• Access to online training tools and instructor-led
training
•
Investor roadshows
Investors and
Analysts
• Annual kick-off led by CEO
• Quarterly business updates
• Local kick-off events
• Social events run locally
• Capital markets day
• Results presentations and webcasts
• Analyst and investor visits to Abingdon
• Conference calls
• AGM
headquarters
• Participation in investor conferences in US and
•
Investor and analyst 1:1 meetings
Europe
Community
• Employee driven charity and community actions
• Sponsorship of the UK National Computing Museum
in local offices, supported by SMT and local
management
• Charitable and community activities undertaken
around the world supporting a wide range of causes
/39
IntroductionGovernanceFinancial StatementsStrategic Report�Corporate Responsibility Report continued
Securing Customers
Sophos’ mission is to be the best in the world at delivering innovative, simple and highly-
effective cybersecurity solutions. With more than 100 million users across 150 countries
and 300,000 businesses relying on Sophos to protect them against complex threats and
data loss, the Group has a significant duty to protect and secure its customers 24/7.
The issues surrounding digital security and ransomware
continued to be a major challenge across the globe in 2017.
In a survey conducted in late 2017, 54 per cent of mid-sized
organisations across five continents were hit by a
ransomware attack in the last year, with a further 31 per cent
expecting to be victims of an attack in the future*. The cost of
a ransomware attack extends beyond any ransom paid and
includes downtime, work hours, device costs, network costs
and lost opportunities, with the survey finding the median
total cost of an attack to be nearly $133,000.
To tackle these complex challenges, Sophos continued to
deploy product updates and introduce best-practice
innovations to existing products in 2017.
The Group’s suite of encryption, endpoint security, web,
email, mobile and network security solutions are backed
by SophosLabs – a global network of threat intelligence
centres. In 2017, deep learning technology was successfully
integrated and deployed to significantly increase the
efficiency of the SophosLabs automated processes.
As a result, SophosLabs now intelligently processes
over 400,000 files, 150,000 suspicious URLs, 30,000
malware samples and more than five million spam
messages across 20 countries every day.
* The State of Endpoint Security Today, Study, 2017:
www.sophos.com/en-us/medialibrary/Gated-Assets/white-
papers/endpoint-survey-report.pdf
Additional updates to products and
services in 2017 included:
• The launch of Sophos Home Premium, an enterprise-
grade product for home users that goes beyond
traditional antivirus to deliver advanced, real-time
protection from the latest ransomware, malicious
software, and hacking attempts.
• The introduction of market-leading network traffic
visibility in the XG Firewall. The ability of the XG
Firewall to identify all traffic on the network is
enabled through synchronized security.
• The addition of artificial intelligence capacity into
its next-generation endpoint protection product,
Intercept X. The deep learning technology
implemented creates a smarter, more scalable
security solution for Sophos customers.
40/
Helping customers secure their networks
The Roman Catholic Diocese of Brooklyn serves more than
1.5 million people living in Brooklyn and Queens in New York,
USA, within 187 parishes and 90 schools. This complex
organisation turned to Sophos to unify and simplify its
endpoint, firewall, and cloud security; improve system and
network performance; meet compliance requirements; and
provide a wider array of network services to protect its users.
The IT team had previously managed multiple products,
and it often fell on the shoulders of Security and Information
Officer, Gus Garcia to handle the more complicated tasks.
“Now, it’s simple. Our systems run faster, and we have
excellent visibility into endpoint and network activity. I can
just log into my Sophos Central account and easily see which
computers are lacking up-to-date security and modify them
quickly and painlessly,” says Garcia.
“In the past 12 to 18 months, we have not experienced any
serious incidents or outages. Our users stay productive, and
I no longer have to send technicians out to clear up systems
when something bad happens.”
Cybersecurity made simple�Engaging People
Guided by the Group’s core values of simplicity, empowerment, passion, innovation
and authenticity, the Group seeks to promote a culture where its people can thrive.
For Sophos, this means promoting strong business ethics and putting in place
policies and programs to build trust with employees.
Creating an Ethical Culture
As a first priority, Sophos seeks to uphold individual human
rights in its operations, and expects the same from all partners.
The Group’s policies outline the behaviours expected from
employees and suppliers at all times, and set out the Group’s
zero tolerance approach towards any form of modern slavery,
discrimination or unethical behaviour relating to bribery,
corruption or business conduct.
To support its people, the Group makes development
opportunities available to all employees through access to one
of the largest online libraries of e-learning courses in the world
for technical, personal and leadership skills development, as well
as role-specific training and access to Instructor-Led Training.
This training is aligned to personal development initiatives such
as quarterly manager ‘check ins’ and real-time coaching.
Promoting Diversity
The Sophos diversity policy outlines the Group’s commitment to
building an inclusive culture, where people feel able to be their
best at work, irrespective of age, race, sexual orientation, religion,
national origin or gender. Sophos is passionate about creating a
workplace that promotes equal opportunities and prides itself on
recognising and rewarding team members based on merit above
anything else.
At the end of the financial year, the gender breakdown of
employees and Directors was as follows:
In 2017, the UK government introduced new legislation
requiring companies with 250 or more employees to publish
their gender pay gap. Sophos’ median gender pay gap in the
12 months to April 2017 was 23.4 per cent, which is higher
than the UK average pay gap of 18.4 per cent. Despite this,
Sophos is ahead of industry peers in the UK high-tech
sector, who have an average pay gap of 25 per cent.
The Group believes its current pay gap is due to lower female
representation at the higher levels of the organisation, and
a high percentage of men in specialist positions carrying
a higher market premium. Moving forward, Sophos will
continue to enhance gender diversity and ensure equitable
pay for all genders throughout their careers.
In line with this commitment, Sophos continued to promote
gender diversity in FY18 through its actions and activities,
which included:
• Becoming one of the founding organisations of the PWC
“Tech She Can” initiative.
• Supporting the “Women of Silicon Roundabout” project
which enables people and organisations to connect,
learn and take action on gender diversity and inclusion.
• Introducing a new apprenticeship scheme to provide a
route for women to pursue technical careers at Sophos.
• Rolling out unconscious bias training to managers and
setting a target to expand this to all employees in 2018.
31 March
2018
31 March
2017
Female
Male
Female
Male
Executive &
Non-Executive
Directors
Senior Managers*
Employees
2
18
760
7
75
2
17
8
79
2,500
692
2,495
* The Group has defined senior managers as members of the SMT and their
direct reports (excluding executive Directors separately reported) as is set
out in Sophos’ diversity policy.
Sophos Women in Technology
The Sophos Women in Technology forum was launched in late
2017 to promote gender diversity in the technology industry.
There are now dedicated groups running in the UK and
Canada, with the U.S. and India set to follow suit in 2018.
The purpose of the initiative is to make Sophos a great place to
work for women in the technology industry – spanning
technical and non-technical roles. The focus of the group is to
help women develop the skills they need, and create a
supportive environment where they can progress in the
business and enhance their career development at Sophos.
/41
IntroductionGovernanceFinancial StatementsStrategic Report�Corporate Responsibility Report continued
Enhancing Communities
Sophos is committed to helping others and using its resources, expertise and insights to
make a positive difference to the communities where it operates. The Group encourages
local offices around the world to support community projects and initiatives relevant to
them, and participated in many local initiatives to enhance communities in FY18.
UK
India
The Group became a corporate foundation sponsor at the
National Museum of Computing in Bletchley in 2017, where
the history of computing and security can be seen in action
with the world’s largest collection of functioning historical
computers. Sophos has committed to sponsor the museum
until 2020 and will provide expertise and insight to support
the museum’s ongoing development of exhibition space and
visitor experiences.
Canada
Every December for the past several years, Sophos
Canada employees have raised funds for YWCA’s
“Presents of Peace”.
This local initiative focuses on assisting families in need so
that they may have a special Christmas. In 2017, employees
were matched with two families for whom funds were raised
through activities such as bake sales, raffles, auctions and
sporting competitions.
In the end, a total of CAD $3,650 was raised and divided up
between the families, with the excess funds donated back
to YWCA.
Over £33,500
was raised by Sophos employees in the UK to
donate to spinal injury charity Aspire.
Sophos India focuses its community engagement efforts
on improving the infrastructure of a local village near to its
offices. Ropda was selected by employees after extensive
community engagement and recognition of a local need.
With the aim of enhancing the quality of life for people
living in the village, the team identified four key focus
areas to target:
• Education: Despite there only being one school in the
village, the attendance rate was just 25 per cent when
Sophos employees arrived in Ropda. To address this, a
campaign was launched to encourage parents to enrol
their children into school to improve literacy rates. As a
result, the attendance rate increased from 25 per cent to
85 per cent by the end of the year, including 100 per cent
attendance for exams. A water purification plant was also
built at the school, as well as a meal shed to encourage
better health and hygiene.
• Sanitation: As is common in many Indian rural villages,
there was no central sanitation facility or drainage system
in the village. Toilets were built in over 20 houses, and a
drainage system was installed throughout the village to
ensure effective waste management and cleanliness.
• Infrastructure: 60 solar street lights were installed to
reduce the financial burden of villagers and promote
renewable energy. Beyond this, a new road was
constructed to better connect the village to the
surrounding community.
• Health and ftness: Half-yearly health check-ups were
introduced and villagers were put in contact with local
hospitals where they are now able to seek treatment at
a subsidised cost.
Sophos staff pedal their way to fundraising goal
Sophos cycling colleagues, the “Sophos Interceptors”, hit the
road to ride 100 miles in a single day at the end of July to raise
money for Aspire, a charity helping those with spinal cord
injuries, live full and healthy lives.
More than two dozen Sophos employees joined the CEO and
CFO in flying the company colours for the cause. After a
successful 100 mile ride to the finish line, the final amount
raised for the charity was over £33,500.
The Sophos Interceptors also hosted “Wellfest”, a day of fun
and fitness to help raise additional funding for Aspire. Sophos
staff got involved by pedalling on a “smoothie bike” to blend
their own smoothies and taking the “watt challenge” by
cycling to create electricity. Employees were also encouraged
to team up to challenge themselves with cycle sprints or spin
bike and rowing challenges, all in the name of the cause.
42/
Cybersecurity made simple�Protecting the Environment
As an office-based organisation, Sophos is an environmentally low-impact business.
The Group has therefore not adopted a formal environmental policy. Despite this, the
Group recognises the responsibility it has in managing its environmental performance
and conducting local initiatives to reduce its overall carbon footprint, waste profile and
water impact.
Greenhouse Gas Emissions
In line with the Companies Act 2006, Sophos is required to
measure and report on its Greenhouse Gas (“GHG”) emissions
disclosures. These have been calculated for the year-ending
31 March 2018, in line with the Group’s financial year. The
calculation of the disclosures has been performed in
accordance with Greenhouse Gas Protocol Corporate
Standard and using the UK government’s conversion factor
guidance for the year reported.
The Group’s operations that primarily release GHG includes
usage of electricity and gas of owned and leased offices,
business travel and usage of vehicles. The Group keeps its
data capture process under review, seeking to extend the
availability of direct information wherever possible. Where
direct information for certain sites is not available, estimates
have been developed that enable reporting for them. These
estimates are revised if new or improved data is obtained.
The Group will continue to build its GHG reporting capabilities.
The Group’s chosen intensity ratio is ‘tonnes of CO2 equivalent
per million US dollars of billings’ as it aligns with Sophos’
strategic growth ambitions.
Creating an environmentally friendly HQ
In 2017, the Group conducted a greening study at its global
headquarters in Abingdon, Oxfordshire. The purpose of the
study was to benchmark the current environmental, health
and wellbeing performance of the building against current
best-practice and Sophos’ peers. The topics assessed
included everything from indoor air and water quality through
to connection with nature, nourishment and comfort. The
outcomes of the study will set the direction for achieving best
practice in environmental sustainability as well as health and
wellbeing at the Group’s headquarters and global offices.
Year-ended
31 March 2018
tCO2e
Year-ended
31 March 2017
tCO2e
Year-ended
31 March 2016
tCO2e
320.0
4,457.3
5,117.4
9,894.7
12.9
251.8
4,681.9
4,510.9
9,444.6
14.9
207.2
4,819.7
4,025.2
9,052.1
16.9
Scope 1 (Combustion of natural gas
and operation of owned vehicles)
Scope 2 (Electricity consumption in offices)
Scope 3 (Business travel (air and car))
Total
Intensity ratio
tCO2e per $M of billings
Strategic report approval
The strategic report on pages 16 to 43 was approved by the Board on 16 May 2018 and signed on its behalf by:
Kris Hagerman
Chief Executive Officer
16 May 2018
/43
IntroductionGovernanceFinancial StatementsStrategic Report�Board of Directors
PETER GYENES
Non-Executive Chairman
KRIS HAGERMAN
Chief Executive Officer
NICK BRAY
Chief Financial Officer
SANDRA BERGERON
Independent Non-
Executive Director
ROY MACKENZIE
Non-Executive Director
First Election Date
14 September 2016
14 September 2016
14 September 2016
14 September 2016
14 September 2016
Committee Membership
Experience
Peter joined the Sophos Board
in 2006, bringing experience
with corporate growth and
value creation to the Group’s
vision for integrated threat
management leadership. He
has four decades of experience
in technical, sales, marketing
and general management
positions within the computer
systems and software industry
globally, and was most recently
the Chairman and CEO of
Ascential Software Corporation.
He has also served on the
boards of Applix Inc.,
BladeLogic Software, Epicor
Software Corporation, Lawson
Software, EnerNOC Inc.,
Cimpress NV, Intralinks
Holdings, Inc. and webMethods
Qualifications
BA in Mathematics and an MBA,
Columbia University, New York
Kris joined Sophos in 2012 as
Chief Executive Officer. Kris was
most recently CEO of Corel
Corporation, and prior to that,
group president, data centre
management at Symantec,
where he led a business of
more than $1.5 billion that
represented nearly 30 per cent
of Symantec’s global revenue.
Prior to Symantec, Kris was EVP
and GM, storage and server
management at Veritas
Software where, during his
tenure, the company’s revenue
more than doubled, before its
acquisition by Symantec. Earlier
in his career, Kris was founder
and CEO of BigBook and prior to
that, Affinia. Kris also held
positions at Silicon Graphics
and McKinsey & Company
Nick joined Sophos in 2010 as
Chief Financial Officer, bringing
more than 20 years’ experience
in the technology sector,
extensive international
operational skills and significant
public company experience on
both the London Stock
Exchange and Nasdaq. Nick was
most recently CFO at Micro
Focus International plc, where
he was instrumental in the
company tripling revenue and
increasing market capitalisation
from circa £200 million to in
excess of £1 billion. He has also
held Group CFO roles at Fibernet
Group plc and Gentia Software
plc, as well as senior financial
positions at Comshare Inc. and
Lotus Software
Sandra joined the Sophos
Board in 2010. She has more
than 20 years’ security,
operations and board advisory
expertise having previously
served on the boards of
TraceSecurity Inc., Tipping
Point, Netegrity, Nuance
Communications, TriCipher
Inc., and ArcSight Inc. Earlier
in her career Sandra spent
10 years at McAfee, Inc.
holding a number of key
executive positions
Roy joined the Sophos Board in
2010. He is a partner of Apax
Partners’ technology and
telecoms team. He joined Apax
Partners in 2003 and has been
involved in a variety of
technology focussed
investments including Epicor
Software Corporation, NXP
Semiconductors, and King
Digital Entertainment plc.
Previously, Roy worked at
McKinsey & Company, Inc.,
focusing on consulting clients in
the high technology sector and
also held product management
positions at Psion Computers
BA in Russian and Economics,
Dartmouth College, an M.Phil.
in International Relations,
Cambridge University, and an
MBA, Stanford Graduate School
of Business
First class BA in Civil
Engineering, Aston University,
and a qualified Chartered
Accountant
MBA from Xavier University,
Cincinnati, Ohio and a BA in
Business Administration
(Cum Laude), Georgia State
University
MBA, Stanford Graduate
School of Business and an
MA in Engineering, Imperial
College, London
Key External Appointments
Director of Carbonite Inc.,
Information Builders, Inc.,
Pegasystems Inc., RealPage,
Inc. and is trustee emeritus of
the Massachusetts Technology
Leadership Council
None
Non-Executive Director
of De La Rue plc
Director of F5 Networks, Inc.
and Qualys Inc
Director of Duck Creek
Software, Inc. and Exact
Holdings NV
ELEANOR LACEY
Chief Legal Officer
Committee Membership
Experience
Eleanor joined Sophos in 2016
as SVP General Counsel and
Company Secretary. Most
recently, Eleanor had been
SVP, General Counsel and
Corporate Secretary at
SurveyMonkey Inc. Prior to
SurveyMonkey she has held
the roles of General Counsel
and VP of Business
Development at Corel
Corporation, VP of Corporate
Development at SupportSoft,
Inc. and VP and General
Counsel at Niku Corporation,
prior to its acquisition by
Computer Associates
Qualifications
J.D., Yale Law School and
BA in History and English,
University of Massachusetts
at Amherst
Key External Appointments
None
44/
Cybersecurity made simple
�RICK MEDLOCK
Independent Non-
Executive Director
STEVE MUNFORD
Non-Executive Director
VIN MURRIA OBE
Independent Non-
Executive Director
PAUL WALKER
Senior Independent
Director
First Election Date
7 September 2017
14 September 2016
7 September 2017
14 September 2016
Committee Membership
Experience
Rick joined the Sophos Board in
April 2017. Rick has 30 years of
experience in the financial
management of large
international technology
companies. Most recently Rick
was CFO at Worldpay until the
completion of its merger with
Vantiv in February 2018 prior to
which, Rick was CFO of Misys
until December 2013. Before
joining Misys, Rick had spent
nine years as CFO of Inmarsat
plc and seven years as CFO and
company secretary of NDS
Group plc. He was also a
non-executive director and
chairman of the audit
committee of Edwards Vacuum
(Edwards Group Ltd). He spent
the early part of his career in a
variety of roles as CFO of a
number of private equity
backed technology companies
in the UK and the US
Paul joined the Sophos Board in
2015. Paul brings more than 30
years of technology and senior
leadership experience, having
served for 16 years as CEO of
Sage Group plc. Paul has
previously served on the boards
of WANdisco plc, Diageo plc,
and My Travel Group plc
Steve served as Sophos’ CEO
from 2006 to 2012 prior to
which he had been COO, as well
as president of Sophos, North
America. Steve led the
company through a period of
dramatic growth, more than
tripling billings. Previously, he
was President of ActiveState
before its acquisition by Sophos
Vin joined the Sophos Board in
January 2017. She was founder
and CEO at Advanced Computer
Software and CEO of Computer
Software Group. Previously, Vin
was also a non-executive
director of Chime
Communications, Greenko
Group and Concateno. Vin was
named Cisco’s Woman of the
Year and Tech Entrepreneur of
the Year in 2012 and in addition,
Advanced Computer Software
was named Tech Company of
the Year in 2014. Vin received
an OBE for services to the
Digital Economy and the
Empowerment of Women in
Software and Technology in the
2018 New Year’s Honours list
Qualifications
MA in Economics, University
of Cambridge and a qualified
Chartered Accountant
BA in Economics, University of
Western Ontario and MBA from
Queen’s University, Ontario
BSc (Hons), an MBA, and a
Doctorate business
administration (Honorary),
Edinburgh Napier University
BA in Economics, York
University, and a qualified
Chartered Accountant having
trained at Ernst & Young
Key to Committee
Membership:
Audit and Risk Committee
Nominations Committee
Remuneration Committee
Disclosure Committee
BOARD INFORMATION
Independence
(excluding Chairman)
Independent
Non-Independent
Board Nationality
British
Canadian
American
Board Diversity by Gender
22%
female
Key External Appointments
None
Chairman of Carbonite, Inc.
and Elastic Path Software, Inc.,
interim CEO of Absolute
Software Corporation, and
serves on the boards of
Actenum Corporation, Alert
Logic, Inc., Apica, Inc.,
NetMotion, Inc, QuickMobile Inc.
and Teradici Corporation
CHLOE BARRY
Group Company Secretary
Independent Non-Executive
Director at Softcat plc and
Zoopla Property Group plc,
Senior Advisor - Rothschild
Global Advisory team, and
a partner at Elderstreet
Investments
Non-executive chairman of
Halma plc and Perform Group
Ltd, and a Non-Executive
Director of Experian plc
Experience
Chloe joined Sophos in 2016 as
Deputy Company Secretary.
Most recently, Chloe had been
Group Secretariat Manager at
BG Group plc for four years until
its acquisition by Royal Dutch
Shell plc in February 2016.
Prior to BG Group, Chloe has
held roles at a number of UK
listed companies, including
Centrica plc, InterContinental
Hotels Group plc and
Electrocomponents plc
Qualifications
Associate, Institute of
Chartered Secretaries and
Administrators
Key External Appointments
None
/45
IntroductionGovernanceFinancial StatementsStrategic Report
�Corporate Governance – Chairman’s Introduction
Good corporate governance
is critical in helping build a
successful business that is
sustainable over the longer
term, in the dynamic, fast-paced
markets in which we operate
Dear Shareholder,
With the full support of the Board, I am committed to
maintaining a robust governance structure to ensure that
we discharge our duties responsibly in setting our strategy
and long-term objectives, monitoring and providing
oversight to the performance of management and progress
of our business, managing our risks, and carrying out our
business with integrity. Good corporate governance is
critical in helping to build a successful business that is
sustainable over the longer term, in the dynamic, fast-paced
markets in which we operate.
To support fulfilling these responsibilities, the Board hold
formal quarterly meetings with management to review
operating performance and strategic progress, and hold
additional periodic updates and reviews, as well as an annual
comprehensive strategy and objectives review, discussion and
confirmation with the full Senior Management Team (“SMT”).
Corporate Governance Code Compliance
This report aims to provide shareholders and other
stakeholders with an understanding of how Sophos is
managed and the governance and control framework
within which we operate.
The Board and I take seriously our commitment to maintain
the highest standards of corporate governance and this
report sets out on pages 50 to 54 how during the year, we
have continued to apply the principles and provisions of the
UK Corporate Governance Code 2016 (the “Code”).
The Board considers it has complied fully with the Code
throughout FY18, with the exception of the three-month
period following the retirement of Ed Gillis in September
2017, during which time, the Board comprised 44 per cent
independent Non-Executive Directors, excluding the
Chairman. Since the departure of Apax’s Salim Nathoo from
the Board in November 2017, and until the date of this report,
46/
Cybersecurity made simple�UK Corporate Governance Code Compliance
This report, which is available on the Company’s website, explains the key features of the Company’s governance
structure to provide a greater understanding of how the main principles of the UK Corporate Governance Code
(“the Code”) have been applied and to highlight areas of focus during the year. The Code can be found on the FRC’s
website at www.frc.org.uk
During the year, the Company complied with all the principles and provisions of the Code, except for Code provision
B.1.2 which recommends that at least half of the Board of Directors of a UK-listed company, excluding the Chairman,
should comprise independent Non-Executive Directors. For the period from 8 September until 28 November 2017
the Board comprised 44 per cent independent Non-Executive Directors after which, and to the date of this report,
it has comprised 50 per cent independent Non-Executive Directors. The Board is confident that the balance of
independence weighed against, the strong judgement and considerable knowledge that each Non-Executive
Director individually brings, is right and appropriate for Sophos.
the Board has comprised 50 per cent independent Non-
Executive Directors, excluding the Chairman. Full details
of the Board’s independence is set out on page 52.
Throughout the year, the Nominations Committee kept the
composition of the Board and its Committees, including
the chairmanship of each Committee, under close review;
and taking account of the balance of skills, knowledge,
experience, and diversity of our Board, continue to believe
our Board composition is strongly appropriate to our
responsibilities and to the Sophos mission.
Board Composition
As disclosed in the FY17 Annual Report, the Board
welcomed Rick Medlock as a new independent Non-
Executive Director on 3 April 2017. Rick has extensive
experience and a deep understanding, and knowledge
of financial management in the technology industry, and
with global businesses listed in both the UK and the US.
Rick also assumed the role of chairman of the Audit and
Risk Committee following Ed Gillis’s retirement as an
independent Non-Executive Director and chairman of
our Audit and Risk Committee at the conclusion of the
Company’s 2017 Annual General Meeting (“AGM”). Rick and
Vin Murria who joined the Board as an independent Non-
Executive Director in January 2017, have already brought
their considerable experience to bear through their valuable
contributions at Board and Committee meetings.
Salim Nathoo stepped down as a Non-Executive Director
on 28 November 2017, in accordance with the terms of the
Relationship Agreement between the Company and Apax,
which agreement regulates their ongoing relationship, in
accordance with the Listing Rules. Salim had been a
member of the Board for seven years and had provided
invaluable support to Sophos through its Initial Public
Offering (“IPO”) and during the critical early years of its
listing. Further details regarding the Relationship
Agreement are set out on page 83.
The Board also welcomed the promotion of Chloe Barry
from Deputy Company Secretary to Company Secretary,
with effect from 1 April 2018. Eleanor Lacey, our previous
Company Secretary, continues in her capacity as Chief
Legal Officer.
Board Evaluation
In accordance with current best practice and the Code,
the Board undertakes an annual formal evaluation of its
performance and effectiveness and that of each Director
and its Committees. As Chairman, I value this annual
evaluation opportunity and consider that key to my role
in creating an effective Board, is the effective assimilation
of feedback received, and the development and effective
application of germane recommendations.
In March 2018, the Chairman, with the support of the
Company Secretary, facilitated the FY18 evaluation. As
disclosed in the FY17 Annual Report, the FY17 evaluation
was undertaken by Duncan Reed of Condign Board
Consulting Limited. The Board continued to consider the
agreed recommendations for improvement during FY18
and reviewed and measured progress, as they were
implemented. The reviews are discussed in more detail
on pages 49 and 50.
Shareholder Engagement
The Board looks to encourage and maintain an active
dialogue with shareholders throughout the year, listens
to the views of representatives of investors and financial
institutions, and regularly monitors and considers
shareholder sentiment and feedback. We believe that the
design and operation of a robust, yet evolving governance
structure, appropriate for a group of the scale and ambition
of Sophos, remain critical to meeting the needs of our
shareholders. We welcome all opportunities to meet and
answer shareholders’ questions.
Conclusion
Our Board and I continue our commitment to strong
governance as a matter of both strategy and culture.
We work together with our management team to reflect
integrity, excellence, and transparency throughout our
global leadership and operations. We believe this has
contributed to our growth and shareholder value this
past year and will continue to do so going forward.
Peter Gyenes
Non-Executive Chairman
/47
IntroductionGovernanceFinancial StatementsStrategic Report�Corporate Governance Statement
Corporate Governance Structure
The Company’s governance is structured through the Board and a number of committees that support the effective
discharge of its duties, as illustrated below.
BOARD OF DIRECTORS
Audit and Risk
Committee
(Report on pages 57 to 61)
Nominations Committee
(Report on pages 55 and 56)
Remuneration
Committee
(Report on pages 63 to 81)
Disclosure Committee
(Report on page 62)
Risk and Compliance
Committee
Senior Management Team
The various committee reports can be found on pages 55 to 81 of this Report and each committee’s full terms of reference
are available on the Company’s website at: investors.sophos.com. The Senior Management Team (“SMT”) is comprised of
the Chief Executive Officer, Chief Financial Officer and nine individuals who head up the key Group functions and each
report to the Chief Executive Officer, supporting him in the leadership of the business, and responsible for the day to day
management of the Group’s operations.
Attendance at scheduled meetings of the Board and Committees held during the year:
Peter Gyenes1
Kris Hagerman
Nick Bray
Sandra Bergeron
Edwin Gillis (resigned on 7 September 2017)
Salim Nathoo (resigned on 28 November 2017)
Roy Mackenzie
Rick Medlock2
Steve Munford
Paul Walker3
Vin Murria
100%
100%
100%
100%
67%
50%
100%
100%
100%
83%
100%
100%
100%
100%
67%
100%
100%
100%
67%
100%
100%
100%
100%
100%
100%
100%
100%
100%
Board
Audit and Risk Committee
Remuneration Committee
Nominations Committee
Directors who are unable to attend scheduled meetings due to competing engagements or
unforeseen circumstances are encouraged to input offline and ideally, ahead of the meeting.
1
2
3
Peter Gyenes is Chairman of the Board and of the Nominations Committee
Rick Medlock was appointed Chairman of the Audit and Risk Committee, effective from Edwin
Gillis’s resignation on 7 September 2017
Paul Walker is Chairman of the Remuneration Committee
48/
Cybersecurity made simple�Board Focus During FY18
• provided strong oversight of the Group’s strategy
and growth plans, and considered the key risks;
• discussed potential future acquisition opportunities
in support of the Company’s strategy;
• retained focus on the performance of the Company’s
existing portfolio of products, key risks to delivery for
the portfolio, together with the ongoing portfolio
management strategy and different portfolio scenarios;
• reviewed the Company’s operating results and financial
statements with management and the Company’s
external auditor. The Board also reviewed and approved
the operating plan for the fiscal year;
• reviewed the Annual Report including detailed
consideration of the identified principle risks and their
continued effective management to achieve the
Group’s strategic objectives, the ongoing
appropriateness of the adoption of the going concern
basis of accounting, the appropriateness of the
Viability Statement disclosure; and ensured that the
Annual Report was fair, balanced and understandable
and it provided the information necessary to assess
the Group’s position and performance, business
model and strategy;
• retained focus on risk, and in particular cybersecurity;
• oversaw the adoption of new articles of association;
• reviewed the changing corporate governance
landscape and kept under review the Group’s own
corporate governance arrangements including GDPR
preparedness, internal policies relating to share
dealing, inside information and disclosure, whistle
blowing, and publication of the FY17 Modern Slavery
Act Transparency Statement;
• undertook a shareholder engagement programme
with key shareholders;
• retained focus on those areas recommended for
improvement during the FY17 Board evaluation
process and implemented change accordingly; and
• undertook an internal evaluation of its performance
and effectiveness, and that of each Director and
its Committees.
Full biographical details of the SMT can be found on the Company’s website at www.sophos.com.
Board Evaluation
In accordance with current best practice and the Code, the Board undertakes an annual formal evaluation of its
performance and effectiveness and that of each Director and its Committees. It is the Board’s policy to invite external
evaluation every three years. External evaluation last took place in FY17 and was facilitated by Duncan Reed of Condign
Board Consulting Limited. Duncan Reed is independent, his only connection with Sophos is his work on the Board
evaluation. The Board continued to consider the agreed recommendations for improvement during FY18 and reviewed
and measured progress, as they were implemented.
The FY18 evaluation process was facilitated by the Chairman with the support of the Company Secretary, and was
undertaken in March 2018. The final evaluation report and suggested priorities were discussed by the Board and each
Committee at their respective meetings in May 2018. The FY18 evaluation focused on a number of areas, including:
performance against the FY17 evaluation recommendations, the Board and Committees’ structure, composition,
and their operations, the chairmen, induction and training, and strategy, risk management and internal control.
Following the results of the FY18 evaluation, the Board is content that it remains committed, effective and purposeful
in seeking to deliver value to shareholders. The Directors are individual experts in their field, and work well together with
a mutual respect, transparency and authenticity. In addition, the Board remains confident in the committee structure
in place, and level of specialist support and assurance it affords.
/49
IntroductionGovernanceFinancial StatementsStrategic Report�Corporate Governance Statement continued
A review of progress against the FY17 recommendations adopted by the Board for improvement in FY18, together
with an outline of the proposed FY19 initiatives as a result of this year’s FY18 internal evaluation, is set out below:
Actions taken in FY18 following the FY17 Evaluation
Recommendations for FY19 following the FY18 Evaluation
The role of the Board: During the year, the Directors and
Company Secretary evaluated existing Board operations,
including the format, tone and detail of Board materials,
and the schedule for their dissemination. The Board
adopted a number of enhancements that have improved
the information quality and flow, and the allocation of the
Board’s time. The Company Secretary has implemented
a review process to facilitate ongoing refinement of
these processes.
Focused debate at the Board: The Board also introduced
an annual strategic agenda and adopted a revised pattern
of Board and Committee meetings. Together with the
adoption of a consistent approach to Board materials,
this has enhanced agenda planning, facilitated better
use of the Board’s time and expertise, and ultimately
improved the quality of Board discussion.
Support Board and Committee rotation: The
Nominations Committee held detailed discussions
throughout the year concerning planning for future Board
and Committee rotation. Following changes during the
year, the Board’s composition is compliant with the
Code’s provisions for independence. The Board is
confident that it has in place the appropriate range of
value accretive skills, experience and knowledge relevant
to each forum, yet it recognises that this is an ongoing
process and is committed to ensuring the Board and its
Committees remain appropriately constituted.
Ensure understanding of wider shareholder sentiment
on Company matters: The Executive Directors met
regularly with shareholders throughout the year and the
Board received frequent updates concerning shareholder
sentiment and the view of analysts on Company matters,
including its products and performance. In addition, a
number of Directors attended and met with analysts at a
Capital Markets Day held in September 2017. The Board
will invite external advisers or the Company’s brokers to
attend certain meetings to provide an independent view.
Additionally, the Remuneration Committee Chairman
speaks directly with major shareholders and shareholder
advisory groups on executive compensation matters.
Corporate Governance Report
The Company is committed to maintaining a high standard of
corporate governance. This report, which is available on the
Company’s website, including the Audit and Risk Committee
Report, Directors’ Remuneration Report, the Nominations
Committee Report and the Disclosure Committee Report,
details how the Company has applied the main principles and
provisions of the UK Corporate Governance Code (the Code):
leadership, effectiveness, accountability, remuneration and
relations with shareholders.
Board agenda: The Board will continue to shape the annual
strategic agenda and further develop the relevance of
items, and the breadth of subject matter, including
incorporating appropriate external parties each year to
facilitate additional in-depth discussion of the factors
affecting the Company’s opportunities.
Board succession: As the majority of our Non-Executive
Directors enter their second three-year term in June 2018,
the Board will further support the Nominations Committee
to focus on succession planning and ensure at all times
that the Sophos Board operates effectively and retains
membership that consistently combines a detailed
knowledge of: the Group’s operations and history; the
technology industry in which the Group operates;
leadership of a global business; and, being listed on
the London Stock Exchange.
Board development: The Board will introduce a Non-
Executive Director training and development programme
which will bring together a variety of informal briefings,
technical updates and further interaction with the SMT.
Developing stakeholder engagement: While the Board
believes its current plans for ongoing stakeholder
engagement are appropriate and effective, in light of
planned revisions to the Code, the Board will also spend
time considering its communication with employees,
channel partners and wider stakeholders on an ongoing
basis, to ensure the appropriate alignment.
A copy of the Code is available on the Financial Reporting
Council’s website www.frc.org.uk.
The Company’s business model is explained in the Strategic
Report. It is the Board’s view that it has been fully compliant
with the Code throughout the financial year, except for the
period 7 September to 28 November 2017 during which time
membership excluding the Chairman, comprised 44 per
cent independent Non-Executive Directors.
Full details of the Board’s independence are set out on
page 52.
50/
Cybersecurity made simple
�A: Leadership
A.1 The role of the Board
The Board is collectively responsible to Sophos shareholders
for promoting the long-term success of the Company and
the operation of effective governance arrangements. The
steps the Board takes to facilitate this are set out on pages
46 to 87. The Board provides leadership and sets the
Company’s strategic long-term objectives.
A formal schedule of matters reserved for the Board is
published on the Company’s website, which includes:
• overall management of the Group, its strategy and
long-term objectives;
• ensuring that necessary resources and the appropriate
risk management controls, processes and culture are in
place to deliver its strategy and long-term objectives;
• approval of all material corporate transactions;
• approval of the Group’s annual and half-year results,
dividend policy and shareholder distributions;
• succession to the Board and senior management team
• approval of all material policies including Diversity,
Anti-Bribery and Corruption, Modern Slavery, Share
Dealing and Whistle Blowing;
• corporate governance arrangements and Board
evaluation; and
• determining the remuneration policy for the Directors
and the SMT.
The Board held six scheduled Board meetings during the
year and holds additional meetings, as required.
All Directors are expected, wherever possible, to attend
all Board and relevant Committee meetings in addition
to general meetings of the Company, including the AGM.
Details of Board and Committee attendance for the year
are set out on page 48.
All Directors are covered by the Company’s Directors’ and
Officers’ liability insurance.
The Board has a number of committees that support the
effective discharge of its duties. The various committee
reports can be found on pages 55 to 81 of this Report and
each committee’s full terms of reference are available on
the Company’s website at: investors.sophos.com.
A.2 Division of responsibilities
The division of responsibilities between the Chairman
and Chief Executive Officer, and the role of the Senior
Independent Director, are clearly defined and are available
on the Company’s website at: investors.sophos.com.
The Board supports the separation of these roles and the
partnership between Peter Gyenes and Kris Hagerman is
constructive and based on mutual trust.
The separation of authority enhances independent oversight
of the executive management by the Board and helps to
ensure that no one individual has unfettered authority.
A.3 The Chairman
The Chairman leads the Board and is responsible for its
effective operation, for overseeing strategy and for ensuring
each Director contributes to effective decision-making. The
Chief Executive Officer is expected to lead the business, to
develop and deliver the strategy to enable the Company to
achieve its strategic long-term objectives and to develop
the Senior Management Team.
With the Company Secretary, the Chairman sets the
Board’s agenda for the year and ensures sufficient time
is available for the discussion of all items. At, at least one
meeting each year, strategic issues are considered in
depth with members of the SMT invited to attend, where
appropriate. In accordance with the Code, the Chairman
was independent on appointment.
A.4 Non-Executive Directors
Paul Walker was Senior Independent Director for the
duration of the year. The responsibilities of the Senior
Independent Director include meeting with shareholders as
an alternative contact to the Chairman, Chief Executive
Officer or Chief Financial Officer and working closely with
the Chairman, acting as a sounding board and providing
support. The Senior Independent Director is expected to
commit six days per year to the role and will commit
significantly more in exceptional years. This is in addition to
the expected time commitment of a Non-Executive Director.
In accordance with the Code, the Non-Executive Directors are
encouraged to challenge constructively and to help develop
proposals on strategy, scrutinise the performance of
management in meeting agreed goals and objectives, and
monitor the reporting of performance. They should satisfy
themselves on the integrity of financial information and that
financial controls and systems of risk management are
robust and defensible. As part of the FY18 Board Evaluation
Paul Walker and the Non-Executive Directors considered,
without the Chairman present, the Chairman’s performance.
The next performance evaluation will take place during the
FY19 Board Evaluation process. The Chairman meets with
the Non-Executive Directors without the Executive Directors
present after each physical Board meeting, and individually
with each Non-Executive Director at least once a year.
During the year, the Directors had no unresolved concerns
about the running of the Company or any proposed action.
It is Company policy that any such unresolved concern
must be recorded in the Board minutes.
B: Effectiveness
B.1 Board composition
At the date of publication, there are seven Non-Executive
Directors including the Non-Executive Chairman (who, for
the purposes of the Code was independent on appointment)
on the Board and two Executive Directors. The Board
composition is compliant with B.1.2 of the Code, as at least
half of the Board, excluding the Chairman comprises
independent Non-Executive Directors.
/51
IntroductionGovernanceFinancial StatementsStrategic Report�Corporate Governance Statement continued
Independence
During the year, the Board kept under review the overall
balance of skills, experience, independence and knowledge
of Board and Committee members and their diversity,
including gender, and weighed carefully its overall size and
ability to meet the requirements of the business. It is the
Board’s view that its current members have a wide range of
value accretive skills and experience. The Board believes
that crucial to its ability to lead the Company successfully it
requires a membership that combines detailed knowledge
of: the Group’s operations and history; the technology
industry in which the Group operates; leadership of a global
business; and, being listed on the London Stock Exchange.
The Board is confident that the balance of independence
weighed against the strong judgement and considerable
knowledge that each Non-Executive Director brings, is right
and appropriate for Sophos. However, the Board recognises
that this is an ongoing process and is committed to ensuring
the Board and its Committees remain appropriately
constituted. In the spirit of the Code, it is the Board’s intention
to continue to consider candidates as they may be identified,
and the Nominations Committee has identified a number of
technical and personal capabilities which the Board would
value in any new Non-Executive Director.
In accordance with the Code, the Board undertakes an
annual review of the independence of its Non-Executive
Directors taking into account each individual’s professional
characteristics, behaviour and their contribution to unbiased
and independent debate. The Board considers that the
Non-Executive Directors, led by the Senior Independent
Director Paul Walker, have the skills, experience and
knowledge of the Group, and the markets in which we
operate to enable them to discharge their respective duties
and responsibilities effectively. Each Non-Executive Director
is prepared to question and to challenge management.
The Board considers four of its Non-Executive Directors to
be independent for the purposes of the Code; Steve Munford
and Roy Mackenzie are not considered independent.
The Board recognises that Sandra Bergeron’s overall length
of service will be more than eight years after the 2018 AGM
which may lead some investors to question her
independence. The Board considered this issue and agreed
that Sandra continues to maintain and contribute an
independent view in all Board deliberations and brings
invaluable security, operations and board advisory expertise
spanning more than 20 years. In addition, at the 2018 AGM
Sandra will have served on the Board for two years from the
date of her first election, in line with the Code.
Comments have been made regarding Paul Walker’s past
participation in a restricted share arrangement, as noted in
the annual report on Directors’ Remuneration on page 81,
which may have led some investors to question his
independence. The Board are agreed that since his
appointment as Senior Independent Director, Paul, whose
technology and senior leadership experience spans more
than 30 years, has been independent in character and
judgement and remains an active and committed Board
member and Chairman of the Remuneration Committee.
Finally, the Board recognises that Peter Gyenes, the
Chairman, is also a Director of Carbonite Inc. on whose
board Steve Munford is chairman. The Board consider
that Peter was independent upon appointment and
continues to maintain and contribute an independent
view notwithstanding this cross-directorship. Peter
brings valued leadership to the Board and unwavering
commitment to supporting the Company to achieve its
long term strategic objectives.
Conflicts of Interest
The Company has established procedures whereby actual
and potential conflicts of interest arising from current and
proposed roles to be undertaken by Directors of the Board
with other organisations are regularly reviewed in respect of
both the nature of those roles, and their time commitment,
and for proper authorisation to be sought prior to the
appointment of any new Director. The Board consider these
procedures to be working effectively. Directors are required
to notify Sophos when they become aware of any actual or
potential conflict of interest.
The Board deals with each notified conflict of interest, or
potential conflict of interest, on its individual merit and takes
into consideration all the circumstances. The following
conflicts of interest have been authorised by the Board for
the relevant period.
• Salim Nathoo was a partner of Apax Partners, LLP and
Roy Mackenzie is a partner at Apax Partners, LP. Apax
Partners, LP is a wholly owned subsidiary of Apax
Partners, LLP. Both Apax Partners, LP and Apax Partners,
LLP are advisors of the Apax Funds, which wholly own
Pentagon Lock Sarl, Pentagon Lock 6-A Sarl, Pentagon
Lock 7-A Sarl and Pentagon Lock US Sarl, and shares a
common owner with Apax Global Alpha Limited
(collectively “Apax”). It was noted, that:
• following the admission of the Company’s shares to the
London Stock Exchange in 2015, Apax controlled 35.2
per cent of the voting rights in the Company and at 31
March 2018, controlled 11.09 per cent of the voting
rights in the Company; and
• Apax is a shareholder of Global Logic, with whom the
Company maintains an ongoing supplier relationship,
and on whose board Salim Nathoo was also a director.
• Steve Munford is chairman, and Peter Gyenes is a director
of, Carbonite, Inc. which supplies cloud and hybrid data
protection solutions. Steve is also interim chief executive
of Absolute Software Corporation which supplies endpoint
visibility and data protection solutions, and sits on the
board of Alert Logic, Inc. which supplies security and
compliance solutions.
• Sandra Bergeron sits on the boards of F5 Networks and
Qualys, Inc., suppliers of application delivery networking
and cloud security and compliance management
solutions, respectively.
• Vin Murria is a non-executive director of Softcat plc, with
whom the Company maintains an ongoing customer
relationship.
52/
Cybersecurity made simple�B.2 Appointments to the board
Following the appointment of Rick Medlock as a Non-
Executive Director with effect from 3 April 2017, there were
no further appointments to the Board during the year. The
succession and appointment process is led by the
Nominations Committee with strong oversight from the
Board. Further details concerning the succession and
appointment process, and the Company’s policy on diversity
are set out in the Nominations Committee report on pages
55 and 56.
All Non-Executive Directors serve on the basis of letters of
appointment which are available for inspection upon
request. The letters of appointment set out the expected
time commitment of Non-Executive Directors who, on
appointment, undertake that they will have sufficient time to
meet what is expected of them. Non-Executive Directors are
appointed for an initial three-year term and the continuation
of their appointment is conditional on satisfactory
performance and subject to annual re-election at the
Company’s annual general meetings. Executive Directors
serve on the basis of service agreements which are also
available for inspection upon request. Further details on the
Executive Directors’ service agreements are included in the
Directors’ Remuneration Policy, on page 70.
B.3 Commitment
During the year, the Board considered the external
commitments of its Chairman, Senior Independent and
other Non-Executive Directors and is satisfied that these do
not conflict with their duties and time commitments as
Directors of the Company. Executive Directors may accept
external appointments with the prior approval of the
Chairman, provided that such appointments do not prejudice
the executive’s ability to fulfil their duties for the Group.
B.4 Development
The Chairman, with the support of the Company Secretary,
is responsible for the induction of new Directors, and the
ongoing development of all Directors. An induction
programme is provided to all Directors on joining the Board,
designed to provide an understanding of the Group’s
business, governance and key stakeholders. The induction
process continues to evolve and currently includes, the
provision of an induction pack and past Board materials,
meetings with key individuals and the Company’s advisors,
and briefings on the Company’s products, as well as key
business, legal and regulatory issues facing the Group.
As the business environment changes, it is important to
ensure the Directors’ skills and knowledge are refreshed
and updated regularly. Accordingly, the Company Secretary
ensures that updates on corporate governance, regulatory
and technical matters are published to Directors at Board
meetings and by means of communications between
meetings.
The Board’s approach to training and development
opportunities continues to develop and the Company
Secretary (in consultation with the Chairman) works closely
with Directors to ascertain their training and development
needs. Through this process, the Board’s approach
continues to be tailored to address the identified areas for
focus as well as topical corporate governance, regulatory
and technical matters. Each year the Directors are invited to
attend the annual Partner Conferences to support their
familiarity with the Group’s products and operations.
B.5 Information and support
The Directors have full access to the Chief Legal Officer and
Company Secretary, who each advise the Board and the
Board Committees on relevant matters, including
compliance with the Company’s policies and procedures,
relevant legislation and regulation, including the Listing
Rules and the Code and other governance standards. The
Chief Legal Officer and Company Secretary are each
available to provide guidance to the Board and individual
Directors regarding their duties, responsibilities and powers
and the Company Secretary ensures the proper
administration of the proceedings and matters relating to
the Board. The Chief Executive Officer and the Company
Secretary work together to ensure that Board papers are
clear, accurate, delivered in a timely and secure manner to
Directors, and are of sufficient quality to enable the Board to
discharge its duties effectively. Directors may obtain
independent professional advice at the Company’s expense
in the furtherance of their duties, where considered
necessary or advisable.
All Directors have access to an online portal to which Board
materials are published and Board resources, including
information about the Company and helpful guidance
documents for their reference as Directors of a UK listed
company, are available.
B.6 Evaluation
In FY18, performance evaluations of the Board, its
Committees and individual Directors were carried out
internally. External evaluation last took place in FY17 and
will take place again in FY20. The FY18 evaluation
considered performance against the FY17 evaluation
recommendations, the Board and Committees’ structure,
composition, and their operations, the chairmen, induction
and training, and strategy, risk management and internal
control. Further details of the evaluation, together with
recommendations for FY19, can be found on pages 49 to 50.
As part of the internal evaluation, the Non-Executive
Directors evaluated the performance of the Chairman.
Following the evaluation, the Board is satisfied that it
remains committed, effective and purposeful in seeking to
deliver value to shareholders. In addition, the Board remains
confident in the committee structure in place, and level of
specialist support and assurance it affords.
B.7 Election and re-election
In accordance with the Company’s Articles of Association
(the “Articles”) and the Code, each Director is subject to
election at the first AGM following their appointment, and
re-election at each subsequent AGM. The Directors
unanimously recommend the re-election of all other
members of the Board. Full biographical details for all
Directors can be found on pages 44 and 45, and
summarised in the Notice of AGM.
/53
IntroductionGovernanceFinancial StatementsStrategic Report�Corporate Governance Statement continued
C: Accountability
C.1 Financial and business reporting
A statement of the Directors’ responsibilities regarding the
Financial Statements, including the status of the Group as a
going concern, is set out on page 86, with an explanation of
the Group’s strategy and business model, together with
relevant risks and performance metrics, which are set out in
the Strategic Report on pages 16 to 43.
A further statement is set out on page 87, confirming that
the Board considers that the Annual Report and Accounts,
taken as a whole, is fair, balanced and understandable and
provides the information necessary for shareholders to
assess the Company’s position, performance, business
model and strategy.
C.2 Risk management and internal controls
The Board has carried out a robust assessment of the
principle risks facing the Company, including those that
would threaten its business model, future performance,
solvency or liquidity. Further details concerning how they are
being managed or mitigated can be found on pages 34 to 37.
The Board believes that the Company’s current
Remuneration Policy, as approved by shareholders at
the 2016 AGM, remains appropriate and fit for purpose.
D.2 Procedure
The Board has delegated a number of responsibilities to
the Remuneration Committee, including the setting of the
Group’s overall remuneration policy and strategy, as well as
the remuneration arrangements for the Executive Directors
and SMT and their direct reports. Full details are set out in
the terms of reference for the Committee published at
investors.sophos.com.
During FY18, no individual was present when their own
remuneration was being discussed.
E: Relations with Shareholders
E.1 Dialogue with Shareholders
The Board recognises that meaningful engagement with its
shareholders is integral to the continued success of the
Group. Throughout FY18, members of the Board have
sought to actively engage with shareholders on a number of
occasions, through meetings, presentations and roadshows.
The Audit and Risk Committee report explains the process
carried out for the ongoing assessment of the effectiveness
of the Company’s risk management and internal control
systems on pages 57 to 61.
The Board’s assessment of the prospects of the Company,
its expectation that the Company will be able to continue in
operation, and meet its liabilities as they fall due, the viability
statement, is set out on page 86.
Non-Executive Directors are kept informed of the views of
the shareholders through periodic reports from the Chief
Executive Officer and the Chief Financial Officer, including
inputs from the corporate brokers with whom they are in
regular contact. The Non-Executive Directors are invited to
attend meetings in the investor relations programme,
including the Capital Markets Day, and welcome the
opportunity to meet with our major shareholders.
C.3 Audit Committee and Auditors
Annual General Meeting
The AGM will be held on 30 August 2018 at the Company’s
registered office. All shareholders have the opportunity to
attend and vote, in person or by proxy. The Notice of AGM is
sent to all shareholders who have requested to receive hard
copy documentation and can also be found on our website
at investors.sophos.com.
The Notice of AGM sets out the business of the meeting
and explanatory notes on all proposed resolutions. Separate
resolutions are proposed in respect of each substantive
issue. The AGM is the Company’s principal forum for
communication with private shareholders.
By order of the Board
Chloe Barry
Company Secretary
16 May 2018
The Audit and Risk Committee report on pages 57 to 61
sets out the details of the composition of the Committee,
including the expertise of its members, and outlines how
the Committee has discharged its responsibilities in FY18.
The Board has delegated a number of responsibilities to the
Audit and Risk Committee, including: oversight of the Group’s
financial reporting processes; management of the external
auditor; and, management of the internal risk management
processes. Full details are set out in the terms of reference
for the Committee published at investors.sophos.com.
KPMG LLP have expressed their willingness to continue
as the Company’s auditor. Resolutions proposing their
reappointment and to authorise the Committee to determine
their remuneration will be proposed at the 2018 AGM.
D: Remuneration
D.1 Level and components of remuneration
The annual report on Directors’ Remuneration on pages 72 to
81 outlines the activities of the Committee during FY18. The
Company’s Directors’ Remuneration Policy, including relevant
remuneration components and how they support the
achievement of the strategic long-term objectives of the
Company are set out on pages 65 to 71. The annual report on
Directors’ Remuneration sets out the implementation of
remuneration during FY18, including salary, bonus and share
awards, and payments for loss of office paid to Directors.
54/
Cybersecurity made simple�Nomination Committee Report
Dear Shareholder,
During the year, particular time was taken to:
The Committee met three times during the year and
ensures that Board and Committee composition is
appropriate for a company of Sophos’ scale and ambition.
The key aspects of the Committee’s role, together with the
main areas of consideration and the activities undertaken
during the year are set out in this report.
• review the composition of the Board and its Committees;
• consider the implications for Board composition of the
results of the FY18 Board evaluation process and the
retirement of Edwin Gillis, and resignation of Salim
Nathoo, respectively;
Committee Composition and Meeting Attendance
As disclosed in our last report to Shareholders, the
Committee welcomed Rick Medlock as a new member
during the year and said farewell to Edwin Gillis following his
retirement in September 2017. The composition of the
Committee is compliant with the Code, which provides that
a majority of its members should be independent Non-
Executive Directors. The Committee is chaired by the
Chairman of the Board. The Company Secretary is secretary
to the Committee and attends all meetings. Other attendees
at Committee meetings may differ from time to time and,
upon invitation from the Committee, include the Chief
Executive Officer and other members of the SMT.
• consider succession plans for SMT, Board, and
Committee appointments;
• identify a number of technical and personal capabilities
which the Board would value in any new Non-Executive
Director;
• review the Company’s Diversity Policy and consider the
Company’s objectives to deliver against its commitments;
• monitor external commitments of the Board, as they
relate to their time commitments to the Company and
potential conflicts of interest; and,
• review and recommend the election and re-election of
Directors at the Company’s 2017 AGM.
Peter Gyenes (Chairman)
100%
Sandra Bergeron
Roy Mackenzie
Rick Medlock
Vin Murria
Paul Walker
100%
67%
100%
100%
100%
Attended of those eligible
All appointments as at 31 March 2018.
Role and Responsibilities
The Committee is responsible for regularly evaluating the
balance of skills, knowledge, experience and diversity of
the Board and its Committees, as well as the size, structure
and composition of each. It is also responsible for
periodically reviewing the Board, Committees’ and senior
management structure, succession plans, and identifying,
with management, the priorities for succession planning
in respect of each position. On an annual basis, the
Committee considers the re-election of Directors prior
to their recommended approval by shareholders. The full
terms of reference of the Committee can be found on the
Company’s website at: investors.sophos.com.
Main Activities
The Committee has an annual forward agenda developed
from its terms of reference with standing items that the
Committee considers at each meeting, in addition to any
specific matters arising, and topical business or governance
items on which the Committee has chosen to focus.
Board Composition and Independence
Following the resignation of Salim Nathoo on 28 November
2017, excluding the Chairman, the Board is comprised 50
per cent independent Non-Executive Directors (FY17: 44
per cent).
The Board believes that crucial to its ability to lead the
Company successfully it requires a membership that
combines detailed knowledge of: the Group’s operations and
history; the technology industry in which the Group
operates; leadership of a global business; and, being listed
on the London Stock Exchange.
The Board is confident that the balance of independence
weighed against, the strong judgement and considerable
knowledge that each Non-Executive Director brings, is right
and appropriate for Sophos. However, the Board recognises
that this is an ongoing process and in the spirit of the current
Code, and cognisant of the provisions of the proposed new
UK Corporate Governance Code relating to directors’
independence, the Board is committed to ensuring the
Board and its Committees remain appropriately constituted.
Process for Board Appointments
The Committee leads the Board appointment process and
makes recommendations to the Board, as appropriate.
During May 2016, the Company engaged Heidrick &
Struggles, independent executive search consultants, with
whom the Company has no other connection, to assist with
Board searches, when required. Heidrick & Struggles is a
signatory to, and abides by, the voluntary Code of Conduct
on gender diversity and best practice.
/55
IntroductionGovernanceFinancial StatementsStrategic Report�Nomination Committee Report continued
The Company’s current process in relation to Board
appointments is set out below:
Non-Executive Director
The Committee Chairman and consultants submit a
short-list of candidates to the Committee and Chief
Executive Officer for review and inclusion of additional
candidates.
The Committee Chairman, Senior Independent Director,
Chief Executive Officer and Chief Financial Officer each
meet selected candidates. Successful candidates go on
to meet each Board member.
After all Board members have met the candidate, the
Committee make their recommendation to the Board.
Executive Director
The Committee Chairman and the Chief Executive Officer
or, if engaged, search consultants, submit a short-list of
candidates to the Committee.
The Committee Chairman, Senior Independent Director,
Chief Executive Officer and Chief Financial Officer each
meet the selected candidates. Successful candidates go
on to meet some or all of the Committee members.
The Committee’s assessment is reviewed with the
Chairman of the Board and the Chief Executive Officer and
the Committee make their recommendation to the Board.
Succession
During the year, the Committee conducted a review of
succession to SMT roles and those individuals who had been
identified internally who would be suited to take on each
role, as appropriate. Internal successors were categorised
by their relative readiness to assume any such role and
where it was not possible to identify a suitable internal
successor, an external successor would be identified, as
and when appropriate. Management would look at the
implementation of development plans to address any
internal successors relative readiness to assume any such
role. The Committee have kept a watching brief on
succession to Board roles during the year, and would
continue to do so during FY19.
Diversity
At 31 March 2018, the proportion of women on the Board
was 22 per cent (FY17: 20 per cent). The Company’s
Diversity Policy is published on its website at: investors.
sophos.com.
The Company recognises the benefits of diversity in its
broadest sense, including gender and ethnicity, and will
continue to ensure that all forms of diversity are actively
considered when contemplating future appointments to the
Board, and recruitment and promotion to the SMT, and their
direct reports. As set out in the Company’s Diversity, it is the
Board’s intention to be mindful of the recommendations of
the Davies and Hampton-Alexander reviews on Women on
Boards and FTSE Women leaders respectively, when
considering the composition of the Board, SMT and their
direct reports.
Details of a number of diversity initiatives introduced
across the Group during the year are set out in the
Corporate Responsibility Report on page 41, together
with details of diversity within our workforce, including
at Board and senior management level.
The Board’s objectives for achieving diversity on the
Board are set out below:
• all Board appointments will be made on merit, in the
context of the skills, knowledge and experience that are
needed for the Board to be effective;
• ensure long lists of potential Non-Executive Directors
include diverse candidates of appropriate merit;
• encourage the emergence of female candidates and
candidates of diverse backgrounds among the senior
management talent pool; and,
• only engage executive search firms who have signed up
to the voluntary Code of Conduct on gender diversity and
best practice.
In addition to taking into account gender, ethnicity and other
forms of diversity, the Committee seeks to achieve the optimal
balance of skills, experience, independence and knowledge of
Sophos and the industry as a whole amongst the Board and
SMT, and their direct reports in order to support the Company’s
long-term strategic objectives.
The Committee will continue to keep these measurable
objectives under review and will make recommendations
to the Board for their revision, as appropriate. The
Committee is pleased with the Group’s performance
against these objectives to date, but acknowledges that
this is an ongoing process.
Performance Evaluation
The Nominations Committee’s performance was assessed
as part of the Board’s annual effectiveness review. It was
concluded that the Committee operated effectively in FY18.
In response to findings of the review, Committee members
will continue to focus on succession planning as a number
of Non-Executive Directors enter their second three-year
term in June 2018. In addition, the Committee will remain
available to the Company Secretary in relation to the
introduction of a Non-Executive Director training and
development programme.
The Committee also undertakes a review of its terms of
reference and composition each year. Following the most
recent review in January 2018, no changes were proposed.
The full terms of reference of the Committee can be found
on the Company’s website, at: investors.sophos.com.
Peter Gyenes
Chairman of the Nominations Committee
16 May 2018
56/
Cybersecurity made simple�Audit and Risk Committee Report
Dear Shareholder,
The Committee met five times during the year and
welcomed Rick Medlock as its Chairman in September 2017
and Vin Murria as a new Committee member in January
2018. Edwin Gillis stepped down as Chairman after the 2017
AGM. Rick Medlock has a deep understanding and knowledge
of financial management in the technology industry and
extensive experience with globally-oriented UK-listed
companies. Set out here are the key aspects of the
Committee’s role in more detail, together with the main
activities it has undertaken and the significant issues it has
considered during the year.
Committee Composition and Meeting Attendance
Rick Medlock (Chairman)
Sandra Bergeron
Vin Murria
Paul Walker
Attended of those eligible
100%
100%
100%
100%
All appointments stated are as at 31 March 2018
The composition of the Committee is compliant with the
Principles of the Code, which provides that all members
should be independent Non-Executive Directors. In line with
the requirements of the Code and the FRC’s Guidance on
Audit Committees, Rick Medlock, the Committee Chairman,
has recent and relevant financial experience through his
previous employment in senior financial positions at large
companies, including until February 2018, as CFO of
Worldpay Group plc, a UK listed company, and is a qualified
Chartered Accountant.
The Board is also satisfied that all members of the
Committee have extensive experience of the technology
industry in which we operate, sufficient to enable the
Committee to exercise its duties effectively. Full
biographical details are set out on pages 44 and 45.
The Company Secretary is secretary to the Committee and
attends all meetings. Other attendees at Committee
meetings may differ from time to time and, upon invitation
from the Committee, include the Chairman, the Chief
Executive Officer, the Chief Financial Officer, Chief
Information Officer and other members of the SMT. The
Committee will also invite representatives from the internal
auditor (Ernst & Young LLP (“EY”)) and the external auditor
(KPMG LLP (“KPMG”)), as required.
Role and Responsibilities
The Committee has a fundamental role to play in reviewing,
monitoring and challenging the integrity and effectiveness
of the Company’s financial reporting and internal control
processes. The Committee also oversees the relationship
between the Group and its external auditor and makes
recommendations to the Board on their appointment. In
addition, the Committee monitors and reviews the external
auditor’s independence, objectivity and the effectiveness of
the audit process, taking into account relevant legal,
professional and regulatory requirements. The full terms of
reference of the Committee can be found on the Company’s
website, at: investors.sophos.com.
Main Activities
The Committee has an annual forward agenda, developed
from its terms of reference, with standing items that the
Committee considers at each meeting, in addition to any
specific matters arising, and topical business or financial
items on which the Committee has chosen to focus. The
Chairman and the Company Secretary have worked together
to review and, where appropriate, refresh the annual forward
agenda to bring in to greater focus areas of importance for
the Committee, and the Company. Such revisions have
included the introduction of updates from the Chief Legal
Officer and Head of Internal Audit at each meeting.
During the year, the work of the Committee fell in to three
main areas as follows:
Accounting, tax and financial reporting
The Committee has:
• reviewed and approved the quarterly trading updates,
half-year and annual financial statements, the attendant
significant financial reporting judgements and
disclosures, and investor presentations;
• reviewed and approved the going concern and viability
assessment, and the annual external statement thereon;
• reviewed updates on accounting matters, including
consideration of relevant accounting standards and
underlying assumptions, and in particular: the review and
the use of constant currency comparators applied by the
Company and the impact of changing accounting
standards, most notably covering revenue recognition
and leases; and,
• reviewed and approved the interim and full-year dividend
proposals and adjudged them to be in line with the
Company’s Dividend policy.
Risk management and internal controls
The Committee has:
• reviewed and approved the internal audit plan for the year
as well as longer-term objectives and reports and updates
of the work performed by the in-house internal audit team
and EY, as the outsourced internal audit providers
appointed by the Committee in 2015;
• reviewed and approved the risk assessment process and,
in particular the identification and assessment of the
Company’s principal risks and the attendant disclosures;
• received and noted regular updates from the Risk and
Compliance Committee (“RCC”), a management
committee that has a direct reporting line to the
Committee, to provide an additional level of assurance
to the Committee; and,
• received and noted regular updates from the Chief Legal
Officer concerning pending or ongoing litigation, and
statutory or regulatory risks, including General Data
Protection Regulation preparedness and consideration
of the HMRC Corporate Criminal Offence.
/57
IntroductionGovernanceFinancial StatementsStrategic Report�Audit and Risk Committee Report continued
External Auditor
The Committee has:
• supported the new lead audit partner during his first year
working with the Company;
• met with the external auditor, KPMG, to review the annual
audit plan and receive their findings and reports on the
annual audit and interim review; and,
• reviewed and approved the external auditor evaluation
paper prepared by management covering the external
auditor’s independence and objectivity, and evaluation of
the effectiveness of the audit process, together with the
attendant recommendation for reappointment.
Key matters covered by the Committee are reported to the
subsequent meeting of the Board, which also receives
copies of the minutes of each meeting.
Performance Evaluation
The Audit and Risk Committee’s performance was assessed
as part of the Board’s annual effectiveness review. It was
concluded that the Committee operated effectively in FY18.
In response to findings of the review, Committee members
will continue to work closely with management to consider
the Group’s risk profile and review and challenge the
Company’s systems for risk management and internal
control as the Company grows and evolves. The Committee
also undertakes a review of its terms of reference and
composition each year.
Significant Issues
The issues considered by the Committee that are deemed
to be significant to the Group are set out below:
Revenue Recognition
The Group generates revenue from sales of products
through subscriptions, hardware and the rendering of
enhanced support or professional services. There is a risk
that revenue is inappropriately recognised if revenue is
incorrectly apportioned to a product or service or if the
recognition criteria of the product is not correct.
The Group has a revenue recognition policy in place that
details the application of relevant standards to the
products and services sold by the Group. The policy
includes rules for applying fair value to components of
multiple element arrangements and timing of recognition
dependent upon the individual nature of the goods or
services sold. At half-year and year-end management
provide to the Committee an accounting paper on
revenue recognition, any changes arising from updated
standards and a commentary on the revenue recognised.
The Group’s external auditors have reported to the
Committee that they have reviewed the revenue
recognition policy and processes as well as performing
detailed testing of revenue recognition across the year
and found revenue to be appropriately accounted for.
This review last took place in March 2018, and the full terms
of reference of the Committee are on the Company’s
website, at: investors.sophos.com.
Having provided appropriate challenge to management
and the external auditors, the Committee has concluded
that revenue recognition for the Group is appropriate.
Reporting Requirements and Presentation
The Group makes use of certain non-GAAP measures and
discloses certain items separately within the
consolidated statement of profit or loss as exceptional
items which, in the opinion of the Directors, enables an
enhanced understanding of the performance of the
Group. The use of these measures and disclosures is
judgemental in nature.
The use of non-GAAP measures and the classification of
certain income statement items as exceptional by the Group
have been reviewed by the Committee during the year with
reference to authoritative guidance and regulations as well
as through discussions with management and external
advisors. The Committee is satisfied that the use of such
measures is appropriate and enhances the understanding of
the Group’s financial performance and its prospects.
The Committee has also reviewed the disclosures made in
this Annual Report and has discussed them with the
external auditors, so as to ensure that it is comfortable with
the content and presentation made in the Annual Report.
58/
Cybersecurity made simple�Internal Controls and Risk Management
During the year, the Committee has received and reviewed
reports regarding progress on risk management and the
principal risks identified across the Group. The Committee
was satisfied with the risk management process and with
the relevance of the risks identified. It was also satisfied
with the level of assurance provided by the Group’s Internal
Audit and Risk Management function, which is supported
by EY. The Committee has concluded that sound risk
management and internal control systems have been
maintained throughout the year.
Whilst the Board is ultimately responsible for the Group’s
systems of risk management and internal control, each of
the individual functional leaders are recognised as key
drivers of the process through which risks and uncertainties
are identified. The Board recognises that rigorous internal
control systems are critical to managing risks and
fundamental to the achievement of its strategic objectives.
The Board further acknowledges that these systems are
designed to manage rather than eliminate risk in the Group.
The formal process for identifying, evaluating and managing
significant risks faced by the Group is overseen by the RCC
in association with the work performed by the Internal Audit
and Risk Management function. The RCC has designed the
risk framework in order to capture and evaluate control
weaknesses and risks facing the business. Where the Board
defines an identified risk as significant, procedures are
established to ensure that necessary action is taken to
rectify or mitigate as appropriate.
These aforementioned functions provide additional
assurance to the Committee who have ultimate responsibility
for the oversight and review of the adequacy and
effectiveness of the Group’s systems of internal controls.
The external auditors provide a supplementary, independent
and autonomous perspective on those areas of the internal
control system which they assess in the course of their
work. Their findings are regularly reported to both the
Committee and the Board.
Key elements of the control environment are:
• annual budgets and strategic plans performed for all
business units and the Group as a whole
• monitoring of performance against budget and
subsequent forecast with reporting to the Board on a
regular basis
• monthly review of detailed key performance indicators
• all contracts are reviewed at a level of detail appropriate
to the size and complexity of the contract
• timely reconciliations are performed for all significant
balance sheet accounts
• clearly defined organisational structure and
authorisation lines
• the RCC that oversees the risk management process
• the Committee, which approves audit plans and
assesses the overall appropriateness of the Group’s
internal control environment.
The preparation and issue of financial reports is managed by
the Group’s finance department, as delegated by the Board.
The Group’s financial reporting process is controlled using
the Group accounting policies and reporting systems. The
Group’s finance department supports all reporting entities
with guidance on the preparation of financial information.
Each legal entity has a Finance Director or Controller who
has responsibility and accountability for providing
information which is in accordance with agreed policies.
The financial information for each entity is subject to a
review at reporting entity and Group level by the Chief
Financial Officer alongside the Vice President of Finance.
The Annual Report is reviewed by the Committee in advance
of presentation to the Board for approval. Additionally, the
Finance Director or Controller of each significant reporting
entity completes a self-certified quarterly Financial
Reporting Review Questionnaire which is used to identify
control strengths and weaknesses across all financial areas,
with any weaknesses being subsequently addressed.
The Group also maintains a consolidated Risk Register which
sets out the nature and extent of the significant risks facing
the Group. Each of the risks are prioritised according to
likelihood of occurrence and potential impact to the Group
and the register ensures that all risks are identified,
measured, mitigated, and managed by the appropriate owner.
The Directors, through the use of appropriate procedures,
systems and the employment of competent personnel, have
ensured that measures are in place to secure compliance
with the Company’s obligation to keep adequate accounting
records. The accounting records are kept at the registered
office of the Company.
How We Manage Risk
The Sophos Board is ultimately responsible for ensuring
effective identification, assessment and management of
risk across the Group. Central to the risk management
process is the Group’s culture of openness, transparency
and accountability.
The Internal Audit and Risk Management function manage
and drive the risk management framework and operates on
an independent basis providing further assurance to the
Committee and the Board. The risk management framework
enables a robust assessment process to identify risks in line
with the overall achievement of the business strategy. This
function also ensures that all relevant and significant risks
identified across the business are mapped to the Internal
Audit plan for the year. In addition, the Group’s annual
planning and quarterly forecasting cycles include
discussions around business risks identified to ensure
appropriate investment by the Group.
On a quarterly basis, the RCC reviews the status of risk
exposures and risk management throughout the business
as managed by the Internal Audit and Risk Management
function. The RCC is a committee of senior leaders authorised
by the Board to provide an additional level of assurance to
the Committee in overseeing risk management and internal
control activities. On behalf of the Board, the Committee
reviews and challenges the effectiveness of the risk
management process.
/59
IntroductionGovernanceFinancial StatementsStrategic Report�Audit and Risk Committee Report continued
Identify
Re-evaluate
Risk
Management
Process
Analyse &
Evaluate
Develop &
Implement Risk
Management
Plan
The Group takes a two-pronged approach to identifying risks:
Whistleblowing
A bottom-up approach at the business function level
where these risks are managed at the operational level
with an appropriately defined escalation process in place
for those risks rated as high.
A whistleblowing policy is in place in the Group enabling
employees to confidentially report matters of concern
directly to Non-Executive Directors. The Committee
receives details of any matters raised.
1)
2)
A top-down approach at the senior leadership team level
which are the principal risks which could have a serious
impact on the strategic business plan of the Group and
may encompass several of the risks identified in the
bottom-up approach.
A series of risk identification approaches are used, such
as risk identification and horizon scanning workshops,
interviews, and inclusion of risk discussions in team
meetings. Risk registers are fully owned at the business
function level and registers are maintained and reviewed
on a quarterly basis.
All identified risks are assessed against a pre-defined
scoring matrix and prioritised accordingly. Any risks
identified in the bottom-up approach deemed to be rated as
higher risk are escalated in line with pre-defined escalation
procedures for further evaluation.
Following the identification of risks, a risk management plan
is developed and implemented. This is managed by the
assigned risk owner with regular feedback to the RCC.
Regular reporting of risk management ensures each risk is
re-evaluated on a timely basis to ensure that all relevant
risks are identified and managed appropriately and that the
Board is focused on the principal risks identified.
60/
Internal Audit
EY continue to support the Sophos Internal Audit and Risk
Management function. The Group’s Chief Financial Officer
provides oversight and co-ordination of Internal Audit with
support from the RCC. In order to ensure independence,
the Internal Audit function has a direct reporting line to
the Committee and its Chairman.
The nature and scope of the Internal Audit plan using a
risk-based approach, was approved by the Committee,
with any subsequent changes to the plan requiring further
approval. The results of the audits were assessed alongside
responses from management. Any outcomes graded as
requiring improvement were considered in detail by the
Committee along with the appropriateness of mitigation
plans to resolve the issues identified.
At each meeting, the Committee received audit reports and
updates from the Internal Auditors, in order to ascertain
progress in completing the Internal Audit plan and to review
results of the audits. The Internal Audit plan continues to
be developed through a review of formal risk assessments,
together with consideration of the Group’s key business
processes and functions that could be subject to audit.
The Committee monitored and reviewed the scope and
results of the Internal Auditors’ activities as well as the
effectiveness of Internal Audit during the financial year.
Cybersecurity made simple�Review of Effectiveness
The Board, through the Committee, has reviewed and
considered the effectiveness of the risk management and
system of internal controls in operation across the Group.
The main objectives of the Group’s internal control
systems are:
• to ensure its aims and objectives are met;
• to ensure adherence to management policies;
• to ensure compliance with statutory requirements;
• to safeguard assets; and
• to ensure the relevance, reliability and integrity of
information, so ensuring as far as possible the
completeness and accuracy of records.
Any system of control can only ever provide reasonable
and not absolute assurance that control weaknesses or
irregularities do not exist, or that there is no risk of material
errors, losses, fraud, or breaches of laws or regulations.
Accordingly, the Group is continually seeking to improve
the effectiveness of its systems of internal control.
The Committee has concluded that the Group’s risk
management and system of internal controls is deemed
effective. This is informed by a number of sources:
Non-audit fees for the year ended 31 March 2018 were nil,
in the year-ended 31 March 2017 the non-audit fees were
33 per cent of the audit and audit-related fees. During the
year-ended 31 March 2017 the non-audit services provided
by KPMG related primarily to tax compliance activities. Full
details of auditor remuneration is shown in note 9 to the
Financial Statements.
Review of Effectiveness of External Auditor
An important role of the Committee is to assess the
effectiveness of the external audit process. In performing
this assessment, the Committee:
• reviewed the annual audit plan and considered the
auditor’s performance against that plan along with any
variations to it;
• met with the audit engagement partner to review the
audit findings and responses received to questions raised
by the Committee;
• held regular meetings with the audit engagement partner,
including in the absence of executive management;
• considered their length of tenure;
• reviewed the nature and magnitude of non-audit services
provided; and
• reviewed the external auditor’s own independence
confirmation presented to the Committee.
• the audit work undertaken by the Internal Audit function;
• risk management procedures managed and overseen
by the RCC; and
Based on the assessment performed, the Committee has
recommended to the Board that a resolution to reappoint
KPMG LLP be proposed at the 2018 AGM.
Rick Medlock
Chairman of the Audit and Risk Committee
16 May 2018
• reports issued by the Group’s external auditors.
A detailed review of the Group’s management of each
principle risk or uncertainty is explained on pages 34 to 37
External Auditor
The Committee reviews and makes recommendations with
regard to the appointment and reappointment of the
external auditors. In making these recommendations,
consideration is given to auditor effectiveness and
independence, partner rotation and any other factors that
may impact the reappointment of the external auditors.
There are no contractual restrictions on the choice of
external auditors and the Committee considers on an
annual basis the need for a formal tender process in
accordance with the provisions of the UK Corporate
Governance Code.
The Group’s auditors, KPMG LLP, were appointed for the
year-ended 31 March 2001 with the audit engagement
partner rotation last occurring for the current year-end
The external auditors may perform certain non-audit
services for the Group, though above a certain level of
materiality, any such non-audit services require pre-
approval by the Audit and Risk Committee and are
only permitted to the extent allowed by relevant laws
and regulations.
/61
IntroductionGovernanceFinancial StatementsStrategic Report�Disclosure Committee Report
At each Board and SMT meeting, transactions or events
are considered against the disclosure obligations of the
Company and whether any matter is considered to be
price sensitive.
Main Activities
Key issues reviewed by the Disclosure Committee
during the year, included:
• the trading update for the three-months,
and full-year, ended 31 March 2017;
• the preliminary results announcement;
• the trading update for the three-months ended
30 June 2017;
• the Capital Markets Day and trading update on
6 September 2017;
• the proposed final dividend;
• the announcement in respect of the interim results
for the six-months ended 30 September 2017;
• the interim dividend; and
• the trading update for the three-months ended
31 December 2017.
Committee Composition
Kris Hagerman (Chairman)
Nick Bray
Eleanor Lacey
All appointments stated are as at 31 March 2018
The Committee comprises the Chief Executive Officer,
Chief Financial Officer and Chief Legal Officer, and is chaired
by Kris Hagerman, the Chief Executive Officer. A quorum of
two members, including at least one Executive Director is
required for the transaction of business. The Company
Secretary is secretary to the Committee.
Role and Responsibilities
The Committee is responsible for the implementation
and monitoring of systems and controls in respect of the
identification, management and disclosure of inside
information and for ensuring that regulatory
announcements, shareholder circulars, prospectuses and
other documents issued by the Company comply with
applicable legal or regulatory requirements. The primary
responsibilities of the Committee include:
• review of the preliminary results announcement, the
interim management statements, the half-year results
and any other trading statements, and investor
presentations;
• review of information provided to the Committee,
consideration of its potential categorisation as inside
information and determination of the date and time
at which that inside information first existed within
the Company;
• determination of whether any identified inside information
gives rise to an immediate disclosure obligation, or
whether it is permissible to delay disclosure; and,
• review and approval of announcements in respect of
disclosable projects.
62/
Cybersecurity made simple�Annual Statement of the Remuneration
Committee Chairman
Dear Shareholder,
As Chairman of Sophos’ Remuneration Committee, I am
pleased to present the FY18 Directors’ Remuneration
Report which has been prepared by the Committee and
approved by the Board. In line with the UK reporting
regulations, this report is divided into three sections:
• the Annual Statement of the Remuneration Committee
Chairman, which this year includes a ‘Remuneration at
a Glance’ section on page 64;
• the Directors’ Remuneration Policy, which was approved
by shareholders at the 2016 AGM and details Sophos’
remuneration policies and their link to Group strategy,
as well as projected pay outcomes under various
performance scenarios, set out on pages 65 to 71; and,
• the Annual Report on Remuneration, which focuses on
our remuneration arrangements and incentive outcomes
for the year under review and how the Committee intends
to implement the Remuneration Policy in FY19, set out on
pages 72 to 81.
The Annual Report on Remuneration will be put to an
advisory vote at the AGM on 30 August 2018.
The Context for Executive Remuneration
at Sophos
The IT security market is global, as is the market in which
Sophos competes for high calibre executive talent. In order
for Sophos to be able to attract and retain executives in the
relevant geographies with the right skills and experience to
drive the long-term success of the Group, the Committee
believes that remuneration packages need to be
appropriately calibrated to be competitive globally, including
in the UK, where Nick Bray our Chief Financial Officer is
located, and on the US West Coast, where Kris Hagerman
our Chief Executive Officer, and many of the Group’s
executives, are located.
At the 2016 AGM, the Committee implemented a
remuneration policy that was designed to balance this need,
to be competitive globally with accepted UK market and best
practice, and to measure and reward the performance of the
Group’s executives against the best measures of the Group’s
performance given its current size and stage of growth.
As the ‘Remuneration at a Glance’ section overleaf
demonstrates, strong billings and cash EBITDA
performance over the last three years has contributed to
the Group’s significant growth in share price (92 per cent
since Listing) and TSR outperformance of the FTSE250
index. The Committee is comfortable that pay outcomes
are appropriately aligned with Group performance against
its strategic objectives and longer-term shareholder value
creation. The Committee is further confident that the
linkage of executive incentives to the Company’s overall
growth targets for billings and cash EBITDA, remains
appropriate for focusing the Group’s executives on growing
the business and establishing a strong customer base
from which to build on.
However, we are cognisant that a number of features of our
remuneration policy continue to differ from typical UK
market practice and further, that this may have informed
how those shareholders who voted in opposition to our
Annual Report on Remuneration at the 2017 AGM, elected
to cast their votes. In line with the reporting Regulations,
we are required to resubmit the remuneration policy to a
binding shareholder vote at the 2019 AGM. In the intervening
period, the Committee will consider what changes may be
appropriate as Sophos matures as a business and market
practice develops apace. We look forward to a constructive
two-way consultation with our major shareholders on the
evolution of our remuneration policy.
Remuneration Decisions in FY18
Sophos achieved strong results in the year-ended 31 March
2018, with billings of $768.6 million and cash EBITDA of
$193.7 million at actual rates, against stretching targets. As
a result, Kris Hagerman and Nick Bray will receive bonuses
of 88 per cent and 71 per cent of salary respectively.
During the year, Kris Hagerman and Nick Bray were granted
awards of 497 and 388 per cent of salary, respectively, under
the Sophos Group Long-Term Incentive Plan 2015 (“LTIP”).
Performance share units (comprising 75 per cent of the
awards) vest over three years subject to achievement of
annual billings and cash EBITDA targets, and restricted share
units (25 per cent of the awards) vest over four years subject
to continued employment only. Although no performance
share units were due to vest in the year under review, the
awards granted in August 2015 will vest in August 2018
based on performance over the three-year period that
ended on 31 March 2018 (see page 75 for details).
Remuneration for FY19
Following a review of Group performance and their personal
contribution, the salaries of the Executive Directors will be
increased by 2.6 and 2.4 per cent respectively, effective from
1 July 2018. This compares to the average increase expected
for the wider employee population of c.4 per cent. The
Committee will operate the annual bonus on the same basis
as in FY18, and billings and EBITDA targets have been set by
the Committee to require significant stretch performance to
achieve full payout. The bonus will continue to be paid in cash.
In FY19, the Committee intends to grant long-term incentive
awards to Executive Directors in line with the stated
remuneration policy and using the same measures as were
used in FY18 (billings and cash EBITDA). Awards will be made
over performance share units (at least 75 per cent of the total
award) and restricted shares, within the normal policy limits.
The Committee welcomes feedback from our shareholders as
we remain committed to an open and transparent dialogue,
and hope to receive your support at the forthcoming AGM.
On behalf of the Remuneration Committee:
Paul Walker
Chairman of the Remuneration Committee
16 May 2018
This report, prepared by the Remuneration Committee (‘the Committee’) on behalf of the Board, takes account of the UK Corporate Governance Code
and the latest Investment Association, ISS and PLSA guidelines, and has been prepared in accordance with the provisions of the Act, the Listing Rules
of the Financial Conduct Authority and the Large and Medium-Sized Companies and Groups (Accounts and Reports) (Amendment) Regulations 2013.
The Act requires the Auditor to report to the Company’s Shareholders on the audited information within this report and to state whether in their opinion
those parts of the report have been prepared in accordance with the Act. The Auditor’s opinion is set out on pages 88 to 93 and those aspects of the
report that have been subject to audit are clearly marked.
/63
IntroductionGovernanceFinancial StatementsStrategic Report�Remuneration at a Glance
KPI – Performance snapshot
How is performance reflected in our incentives?
Billings
$534.9M
$632.1M
+18.2%
$768.6M
+21.6%
FY16
FY17
FY18
Cash EBITDA
$120.9M
$150.1M
+24.2%
$193.7M
+29.0%
FY16
FY17
FY18
Used as a measure in the annual bonus and PSU
Billings is an important measure that represents the
value of products and services invoiced to customers.
Cash is received at the start of a subscription period
and consequently billings are a key forward indicator
of future performance.
Used as a measure in the annual bonus and PSU
EBITDA (as defined in the scheme rules) provides visibility
of cash earnings during the period, even if the associated
revenue for that period’s billings has not yet been recognised.
TSR since IPO
£250
£100 Invested on Sophos’ IPO
Sophos
FTSE250
£200
£150
£100
£50
Close alignment through significant stock ownership
TSR is a key measure of shareholder value creation.
Although not incorporated as a standalone measure of
performance in the LTIP, the interests of our Executive
Directors are aligned closely with those of shareholders
through their share ownership, as well as through the
denomination of LTIP awards in stock units.
£0
25.06.15
31.03.16
31.03.17
31.03.18
Executive Director remuneration in FY18
Executive Director shareholdings
Salary
Taxable benefits
Pension
Single-year variable
Restricted stock units
Performance stock units
All employee schemes
Total
Kris Hagerman
$000
716
Nick Bray
£000
291
3
8
638
877
6,458
4
8,704
16
15
207
283
2,186
–
2,998
Implementation of Policy in FY19
$11.7m
Kris Hagerman
1,623%
of salary
£0.3m
Nick Bray
101%
of salary
Salary
Increased by 2.6 and 2.4
per cent respectively, c.1
per cent lower than
increases for the wider
workforce. From 1 July
2018, salaries will be
$740,000 for Kris
Hagerman and £300,000
for Nick Bray.
Annual bonus
Opportunities are
unchanged from FY18 at
200 per cent and 160 per
cent of salary for Kris
Hagerman and Nick Bray,
respectively. Payout will be
based 80 per cent on
billings and EBITDA, and 20
per cent on personal
performance. Payable 100
per cent in cash.
LTIP
FY19 awards to be made over
performance share units (at
least 75 per cent of the total
award) and restricted shares,
within normal policy limits.
PSU awards will vest based
on billings and cash EBITDA
performance in FY19, FY20
and FY21. RSU awards vest
over four years from grant.
Benefits
Unchanged from FY18.
64/
Cybersecurity made simple
�Directors’ Remuneration Policy
This section describes the Group’s remuneration policy for Directors which applies for up to three years from approval at
the Annual General Meeting on 14 September 2016. The only amendments to this Policy Report from the version approved
by shareholders in 2016 are to update: (i) the data used in the pay-for-performance scenarios; (ii) references to financial
years; (iii) page references; and (iv) the details of the Non-Executive Directors’ appointment letters.
The overarching principles of the remuneration policy are to provide a competitive package of fixed and variable pay that
will enable the Group to ensure it has executives with the right skills and experience to drive the success of the Company,
and that their remuneration is linked to shareholder interests and the Company’s long-term success. The remuneration
philosophy is:
• to promote the long-term success of the Company, with stretching performance targets which are rigorously applied;
• to provide appropriate alignment between the Company’s strategic goals, shareholder returns and executive reward; and,
• to have a competitive mix of base salary and short and long-term incentives, with an appropriate proportion of the
package determined by stretching targets linked to the Company’s performance.
Executive Directors’ fixed and variable remuneration arrangements have been determined taking into account:
• the role, experience in the role, and performance of the Executive Director;
• the location in which the Executive Director is working;
• remuneration arrangements at UK listed companies of a similar size and complexity;
• remuneration arrangements at US high-technology companies of a similar size and complexity, including companies
with which the Company competes for talent; and,
• best practice guidelines for UK listed companies set by institutional investor bodies.
Purpose and link
to strategy
Fixed pay: Base salary
To attract and retain talent of
the right calibre and with the
ability to contribute to strategy,
by ensuring base salaries are
competitive in the relevant
talent market.
Fixed pay: Pension
Provide post-retirement
benefits for participants in
a cost-efficient manner.
Operation
Maximum opportunity
Performance metrics
Base salaries are reviewed
annually, with reference to
individual performance,
Group performance, market
competitiveness, salary
increases across the Group
and the position holder’s
experience, competence and
criticality to the business.
Any increases are generally
effective from 1 July.
Pension contributions are
provided, with a choice of
funding vehicles: US 401(k)
savings plan for all US
employees or group personal
pension scheme.
Individual and Group
performance is taken into
account when determining
appropriate salary levels.
Executive Directors’ salary
increases will normally be
in-line with those for the wider
employee population. However,
higher salary increases may be
made where there is a change
in role or responsibilities or a
significant market
misalignment.
None.
The CEO currently receives a
matching contribution of up to
3 per cent of salary under his
US 401(k) savings plan, subject
to the applicable maximum
contribution (US$24,500
for FY18).
The CFO receives up to 5 per
cent of salary as a contribution
to a group personal pension
scheme.
Other than in exceptional cases
(such as to replace existing
arrangements for new recruits)
the Committee does not
anticipate pension benefits as
being at a cost to the Company
that would exceed 20 per cent
of base salary.
/65
IntroductionGovernanceFinancial StatementsStrategic Report�Directors’ Remuneration Policy continued
Purpose and link
to strategy
Fixed pay: Benefits
To provide competitive
benefits for each role.
Operation
Maximum opportunity
Performance metrics
Benefits currently include the
provision of medical and dental
insurance, life and disability
insurance, travel insurance,
personal tax return preparation,
and car allowance.
Reasonable relocation, travel
and subsistence allowances
(and, in certain circumstances,
cash allowances in respect of
the associated tax charge) and
other benefits may be provided
based on individual
circumstances.
There is no overall maximum
value set out for benefits.
None.
They are set at a level that is
comparable to market practice
and appropriate for individual
and Company circumstances.
The Committee retains the
discretion to amend benefits in
exceptional circumstances or in
circumstances where factors
outside of the Group’s control
have materially changed (e.g.
increases in insurance
premiums).
Variable pay: Annual bonus
Aims to focus executives on
achieving stretching financial
targets relevant to the business
priorities for the financial period.
Performance measures and
targets are set prior to or shortly
after the start of the relevant
financial period.
The maximum bonus
opportunity for Executive
Directors will be up to 200 per
cent of salary.
At the end of the financial
period, the Remuneration
Committee will determine the
extent to which the targets
have been achieved.
Up to 50 per cent of maximum
will vest for target performance.
The Committee may award up
to 12.5 per cent of maximum for
threshold performance.
Awards are typically delivered in
cash, however the Committee
has discretion to defer awards
in cash or in shares.
The Committee has discretion
to reduce the bonus in the event
of serious financial
misstatement or misconduct. In
extreme cases of misconduct,
the Committee may claw back
annual bonus payments
previously made.
The annual bonus will be based
on achievement of stretching
financial targets (e.g. billings,
EBITDA) and personal
performance. Personal
performance will have a
weighting of no more than a
third.
Details of the measures used
during the period under review
are set out on pages 73 to 74.
The Committee has discretion
to adjust the formulaic bonus
outcome downwards (or
upwards with shareholder
consultation) within the limits
of the plan, to ensure alignment
of pay with the underlying
performance of the business.
66/
Cybersecurity made simple�Purpose and link
to strategy
Operation
Maximum opportunity
Performance metrics
Variable pay: Long-term incentive plan (“LTIP”)
Aligns the interests of
executives with shareholders
in growing the value of the
business over the long-term.
The plan provides for annual
awards of restricted shares,
options and performance
shares to eligible participants.
Other than for restricted shares,
vesting is based on three-year
performance.
The Committee has discretion
to reduce any unvested
long-term incentive awards, or
to vary the opportunities for
future awards, in the case of
serious financial misstatement
or misconduct. In extreme
cases of misconduct, the
Committee may claw back
vested long-term incentive
awards.
Participants are eligible to
receive cash or shares equal
to the value of dividends that
would have been paid over the
vesting period on shares that
vest.
Awards may be made up to a
maximum of 500 per cent of
salary in normal circumstances
and up to 750 per cent in
exceptional circumstances
(including, but not limited to,
recruiting an individual). The
award size is reviewed in
advance of grant.
No performance-based awards
will vest below threshold. Up to
25 per cent of each element
will vest for achievement of
threshold performance under
each metric, then increase on a
straight-line basis to full
vesting for achieving stretch
performance.
It is anticipated that no more
than 25 per cent of aggregate
awards in any one year will be
over restricted shares or
options.
Performance-based awards
will vest on achievement of
financial performance
measures, measured over a
three-year performance period,
which may include profit
measures and billings.
Performance-based awards:
profit will receive a weighting
of at least 50 per cent.
Other measures may be
considered in future years to
help capture the strategic goals
of the business and may be
used in conjunction with these
metrics.
Time-based awards: restricted
shares will begin vesting after
one year, and thereafter vest in
equal instalments on a
quarterly basis until the fourth
anniversary of grant based on
continued employment only.
The Committee has discretion
to adjust the formulaic LTIP
award downwards (or upwards
with shareholder consultation),
within the limits of the plan, to
ensure alignment of pay with
the underlying performance of
the business.
n/a
n/a
Other arrangements: Shareholding guidelines
To align Directors’ interests
with the long-term interests
of shareholders.
Executive Directors are required
to retain a minimum
shareholding in the Company,
and are required to retain at
least 50 per cent of shares
vesting (after tax) under the
LTIP until the shareholding
guideline has been met.
Further details of the level of
shareholding guideline currently
in operation is set out on page 80.
Other arrangements: All-employee schemes
To encourage share ownership
across the workforce.
SAYE and ESPP schemes are
operated by the Company for
eligible employees, in which
Executive Directors may
participate on the same terms.
None.
Participation is capped at the
prevailing approved limit at the
time eligible employees are
invited to participate, or such
lower limit as determined by the
Remuneration Committee.
/67
IntroductionGovernanceFinancial StatementsStrategic Report�Directors’ Remuneration Policy continued
Purpose and link
to strategy
Operation
Maximum opportunity
Performance metrics
Other arrangements: Non-Executive Directors’ fees
To reflect the time commitment
in preparing for and attending
meetings, the duties and
responsibilities of the role and
the contribution expected from
the Non-Executive Directors.
None
Any increases to Non-
Executive Director fees will be
considered as a result of the
outcome of a review process
and taking into account wider
market factors, e.g. inflation.
There is no prescribed individual
maximum fee.
Further details are set out on
page 78.
Annual base fee for Chairman.
Annual base fee for Non-
Executive Directors.
Additional fees paid to the
chairmen of Board Committees.
Additional fees may be paid if
there is a material increase in
time commitment required.
Non-Executive Directors do not
participate in any incentive
schemes, nor do they receive
any pension or benefits (other
than nominal travel expenses
and, in certain circumstances,
cash allowances in respect of
the associated tax charge).
Notes to the Policy Table
This policy is unchanged in substance since approval at the AGM on 14 September 2016. Other than minor text changes
to ensure this policy remains clear for the reader, a few other minor changes have been made to provide additional clarity,
including updated scenario charts shown below.
Performance measure selection and approach to target setting
Billings and EBITDA are considered to be the best measures of the Group’s annual performance given the current size and
stage of growth, and will continue to determine annual bonus vesting. The Committee will keep this under review, and may
select alternative measures as the Group evolves and strategic priorities change.
Annual bonus targets will be set prior to, or shortly after, the start of the financial period. Financial targets will be calibrated with
reference to the Group’s budget for the upcoming financial period and the Group’s performance over the prior financial period.
Threshold and stretch performance levels for performance-based awards under the LTIP will be set at the start of the
three-year performance period. The Committee aims to set stretching but achievable targets, taking account of a range
of reference points, including market consensus and the Group’s strategic plan.
Differences in remuneration policy operated for other employees
Other employee remuneration has the same components as set out in the policy, being base salary, annual bonus,
long-term incentive participation, pension, life assurance and benefit provision. Annual bonus and long-term incentive
arrangements share a similar structure and pay-out arrangement, although the mix between performance-based
and time-based awards, and the maximum award, varies by seniority and role.
Other
In addition to the above elements of remuneration, any commitment made prior to, but due to be fulfilled after, the approval
and implementation of the policy detailed in this report will be honoured, this includes awards made to Directors (both
Executive and Non-Executive) prior to IPO.
Performance scenarios
The graphs below provide estimates of the potential future reward opportunities for Executive Directors, and the potential split
between the different elements of remuneration under three different performance scenarios; ‘Minimum’, ‘Mid’ and ‘Maximum’.
Maximum
11%
22%
Mid
Chief Executive Officer
$000
Maximum
Chief Financial Officer
£000
67%
6,455
15%
22%
63%
2,149
Mid
24%
24%
52%
3,030
31%
22%
47%
1,058
Minimum
45%
55%
1,633
Minimum
53%
47%
609
Fixed
Annual incentive
LTI
68/
Cybersecurity made simple�The potential reward opportunities illustrated are based on the policy approved at the AGM on 14 September 2016, applied to
the base salaries in force at 1 April 2018. The projected value of LTIP amounts excludes the impact of share price movement
or dividend accrual. The assumptions made in illustrating potential reward opportunities are shown in the table below:
Performance scenario
Fixed pay
Minimum
Mid
Maximum
Salary as at most recent
review date
Benefits and pension value
as for the most recent
financial period
Annual bonus
No annual bonus
payable
LTIP (performance-based
awards)
Threshold not achieved
LTIP
(time-based
awards)
On target annual
bonus payable
Performance warrants threshold
vesting
Full vesting
Maximum annual
bonus payable
Performance warrants full vesting
Approach to Remuneration for New Executive Director Appointments
In the cases of hiring or appointing a new Executive Director, the Remuneration Committee may make use of all the existing
components of remuneration, as follows:
Component
Base salary
Pension
Benefits
Annual bonus
LTIP
Approach
Maximum
opportunity
The base salaries of new appointees will be determined based on the experience
and skills of the individual, relevant market data and their current basic salary.
n/a
Membership of pension scheme or salary supplement on a similar basis to other
executives, as described in the policy table. Other than in exceptional cases (such
as to replace existing arrangements for new recruits) the Committee does not
anticipate pension benefits as being at a cost to the Company that would exceed
20 per cent of base salary.
In line with
Policy Table
New appointees will be eligible to receive benefits in line with the policy which
may include (but are not limited to) car allowance, medical insurance and life
insurance.
n/a
The structure described in the policy table will apply to new appointees with the
relevant maximum being pro-rated to reflect the proportion of employment over
the year.
200 per cent of
base salary
New appointees will be granted awards under the LTIP on similar terms as other
executives, as described in the Policy Table.
Up to 750 per cent
of base salary
All-employee schemes
New appointees may be eligible to participate in all-employee schemes on the
same basis as other employees.
In line with
Policy Table
In determining appropriate remuneration for a new Executive Director, the Committee will take into consideration all
relevant factors to ensure that arrangements are in the best interests of the Group and its shareholders. In addition to the
remuneration arrangements set out above, the Committee may make an award in respect of a new appointment to ‘buy
out’ incentive arrangements forfeited on leaving a previous employer, using Listing Rule 9.4.2 R if necessary. In doing so,
the Committee will take account of relevant factors including any performance conditions attached to these awards, the
likelihood of those conditions being met, and the proportion of the vesting period remaining. The fair value of any buy out
will not exceed that of the award being foregone.
In cases of appointing a new Executive Director by way of internal promotion, the approach will be consistent with the
policy for external appointees detailed above. Where an individual has contractual commitments made prior to their
promotion to Board level, the Group will continue to honour these arrangements. Incentive opportunities for below Board
employees are no higher than for Executive Directors, but measures may vary.
In recruiting a new Non-Executive Director, the Committee will use the policy as set out in the table on page 68.
/69
IntroductionGovernanceFinancial StatementsStrategic Report�Directors’ Remuneration Policy continued
Service Contracts and Exit Payment Policy
Non-Executive Directors
The appointments of each of the Chairman and the Non-Executive Directors are for a fixed term of three years and subject
to annual re-election by the Company at the AGM. Their letters of appointment set out the terms of their appointment and
are available for inspection upon request. They are not eligible to participate in the annual bonus, nor do they receive any
additional pension or benefits (other than nominal travel expenses) on top of the fees disclosed on page 78. Non-Executive
Directors appointments may be terminated at any time upon written notice or in accordance with the Articles and receive
no compensation on termination.
Non-Executive Director
Role
Appointment date
Term of appointment
Peter Gyenes
Paul Walker
Steve Munford
Sandra Bergeron
Roy Mackenzie
Vin Murria
Rick Medlock
Chairman
11 June 20151
Senior Independent Director
11 June 20151
Non-Executive Director
11 June 20151
Independent Non-Executive Director
11 June 20151
Non-Executive Director
11 June 20151
Independent Non-Executive Director
3 January 2017
Independent Non-Executive Director
3 April 2017
Three years
Three years
Three years
Three years
Three years
Three years
Three years
1.
At the May 2018 meeting of the Board, Directors approved a second term of appointment in respect of those Directors whose first terms end on 10 June 2018.
Executive Directors
On 11 June 2015, each of the Executive Directors entered into a service agreement with the Company, which are available
for inspection upon request.
Executive Director
Role
Appointment date
Term of appointment
Kris Hagerman
Nick Bray
Chief Executive Officer
11 June 2015
Chief Financial Officer
11 June 2015
12 months
12 months
The Employer is entitled to terminate an Executive Director’s employment by payment of a cash sum in lieu of notice, equal
to (i) the basic salary that would have been payable, and (ii) the cost that would have been incurred in providing the
Executive Director with medical insurance benefits for any unexpired portion of the notice period (the ‘‘Payment in Lieu’’).
The Company can alternatively choose to continue providing the medical insurance benefits under item (ii) instead of
paying a cash sum representing their cost. The Payment in Lieu will be paid in monthly instalments over the notice period.
In specified circumstances (not involving a change of control, in which case the severance payment applicable is as
described below), each Executive Director is entitled to terminate his employment without notice and receive a severance
payment. The severance payment will be equal to the Payment in Lieu and paid in a single lump sum. The specified
circumstances are where either: (a) the employer terminates or gives notice to terminate the Executive Director’s
employment without cause; or (b) the Executive Director terminates his employment in response to: a material diminution
of his authority, duties, responsibilities or status in a manner inconsistent with his service agreement; a breach of a
fundamental term of his service agreement; a material reduction in his annual basic salary or target bonus opportunity;
or being required to relocate his place of work beyond a specified distance (each a ‘‘Good Leaver Reason’’).
Each Executive Director is entitled to a severance payment, paid in a single lump sum, in the event of a termination of his
employment by his Employer without cause or by the Executive Director for a Good Leaver Reason at any time during a
period ending 18 months after any change of control of the Company (whether by way of a general offer or a scheme of
arrangement or compromise) and beginning three months prior to the announcement of such general offer or scheme
of arrangement or compromise. The severance payment will be equal to the sum of: (i) 150 per cent of the Executive
Director’s annual basic salary; (ii) 150 per cent of the Executive Director’s target bonus for the Company’s financial year
in which the termination occurs; and (iii) the total cost of providing the Executive Director with the benefits (including
pension contributions) to which he is entitled under his service agreement for a period of 12 months.
70/
Cybersecurity made simple�The Group’s change of control provisions are standard practice in the US (where many of the SMT, including the CEO, are
located) and to renegotiate contracts would likely represent an increased cost for the Company (where this provision may
never be triggered). For future hires, the Committee will consider the appropriateness of the contractual provisions at that
time, taking into account prevailing market practice in the geography that the executive is located.
The Company’s policy on termination payments is to consider the circumstances on a case-by-case basis, taking into
account the executive’s contractual terms, the circumstances of termination and any duty to mitigate. The table below
summarises how incentives are typically treated in different circumstances:
Reason for leaving
Treatment
Bonus
Summary dismissal, resignation
Awards lapse.
Good leaver
Change of control
Eligible for an award to the extent that performance conditions have been satisfied, pro-rated
for the proportion of the financial year served, with Committee discretion to treat otherwise.
Eligible for an award to the extent that performance conditions have been satisfied up to the
change of control, pro-rated for the proportion of the financial year served, with Committee
discretion to treat otherwise.
Executives may be eligible for an enhanced bonus payment in the case of termination of
employment within 18 months of a change of control, as described above.
Long-term incentives
Summary dismissal, resignation
Awards lapse.
Good leaver
Change of control
Outstanding awards will normally be pro-rated to the date of leaving, with Committee discretion
to treat otherwise and with discretion to either test at the end of relevant performance periods, or
immediately assess, whether or not relevant performance criteria have been met.
Outstanding awards will normally vest and be tested for performance over the period to change of
control, and be pro-rated for time based on the proportion of the period served, with Committee
discretion to treat otherwise.
Executives may be eligible for additional vesting in the case of termination of employment within
18 months of a change of control.
All-employee schemes
Treated in line with applicable scheme rules
External appointments of Executive Directors
Executive Directors may accept external appointments with the prior approval of the Chairman, provided that such
appointments do not prejudice the executive’s ability to fulfil their duties for the Group. Any fees for outside appointments
would normally be retained by the Director.
Consideration of employment conditions elsewhere in Group
The Committee takes into account the general basic salary increase being offered to employees elsewhere in the Group
when annually reviewing the salary increases and remuneration for the Executive Directors. Employees have not been
consulted in respect of the design of the Group’s senior executive remuneration policy.
Consideration of shareholder views
The Committee takes shareholder feedback into careful consideration when reviewing remuneration and regularly reviews
the Remuneration policy in the context of key institutional shareholder guidelines and best practice. It is the Committee’s
policy to consult with major shareholders prior to making any major changes to its executive remuneration structure.
/71
IntroductionGovernanceFinancial StatementsStrategic Report�Annual Report on Remuneration
Main Activities
The Committee has an annual forward agenda, developed
from its terms of reference, with standing items that the
Committee considers at each meeting, in addition to any
specific matters arising, and topical business or
governance items on which the Committee has chosen
to focus. The work of the Committee undertaken during
the year is summarised throughout this report.
External Advisers
Mercer Kepler, independent remuneration consultants
appointed by the Committee in FY16 after consultation
with the Board, continued to act as the remuneration
adviser to the Committee during the year. Mercer Kepler
reports directly to the Committee Chairman and is a
signatory to and abides by the Code of Conduct for
Remuneration Consultants (which can be found at
www.remunerationconsultantsgroup.com).
The fees paid to Mercer Kepler in respect of work carried
out for the Remuneration Committee in FY18 totalled
£52,168 (FY17: £41,621). In addition, a separate and
distinct department of Mercer (also part of the MMC Group
of companies), provided independent verification and
consultation services to Sophos during FY18 in relation to
the Company’s UK Gender Pay Gap and Pay Programme
analysis, and reported directly to the Chief Human
Resources Officer. The Committee Chairman undertook due
diligence to ensure that Mercer Kepler remains independent
of the Company and that the advice provided is impartial
and objective. The Committee is satisfied that the advice
provided by Mercer Kepler is independent, and will continue
to undertake such due diligence periodically.
Performance Evaluation
The Remuneration Committee’s performance was
assessed as part of the Board’s annual effectiveness
review. It was concluded that the Committee operated
effectively in FY18. In response to findings of the review,
Committee members will continue to give significant
weight to shareholder sentiment whilst balancing this
with the recruitment and retention needs of the business
and in particular, in their consideration of the Company’s
remuneration policy as it is reviewed for renewed
shareholder vote at the 2019 AGM.
The Committee also undertakes a review of its terms of
reference and composition each year. Following the most
recent review in January 2018, no changes were proposed.
The full terms of reference of the Committee can be found
on the Company’s website, at: investors.sophos.com.
The following section provides details of remuneration
outcomes for the financial year ended 31 March 2018 for
Directors who served on the Board during the year, and how
the Remuneration policy will be implemented in FY19.
The Remuneration Committee
The Committee met three times during the year.
Committee composition and meeting attendance
Paul Walker (Chairman)
Sandra Bergeron
Peter Gyenes
Rick Medlock
Vin Murria
100%
100%
100%
100%
100%
100%
Attended of those eligible
All appointments stated are as at 31 March 2018
Committee Composition and Meeting Attendance
The composition of the Committee is compliant with the
Provisions of the Code, which provides that its members
should comprise at least three independent Non-Executive
Directors and that the Chairman of the Group may be a
member, but not chair, of the Committee due to his
independence at the time of his appointment. The
Committee is chaired by Paul Walker, the Senior
Independent Director. The Company Secretary is secretary
to the Committee and attends all meetings. Other
attendees at Committee meetings may differ from time
to time and, upon invitation from the Committee, include
the Chief Executive Officer, Chief Human Resources
Officer and other senior executives, but they are not
present when their own remuneration is set.
Role and Responsibilities
The Committee is responsible for overseeing the Group’s
Remuneration policy and practices having regard for relevant
legal and regulatory requirements, the provisions and
recommendations of the Code and associated guidance.
The key responsibilities of the Committee include, to:
• determine and monitor the remuneration policy for
the Chairman, Executive Directors and the senior
management team it is designated to consider;
• ensure that the remuneration policy and reward decisions
support the Sophos business strategy and sustainable
long-term performance;
• set specific remuneration packages which include salary,
annual bonus, share incentives, pension and benefits;
• review the Executive Directors’ service contracts;
• review remuneration trends across the Group and in
the market in which Sophos operates; and,
• approve employee share-based incentive plans and
associated performance conditions and targets.
72/
Cybersecurity made simple�Single Total Figure of Remuneration for Executive Directors (Audited)
The table below sets out the total single figure of remuneration received by each Executive Director who served during
the year-ended 31 March 2018 and the prior-year:
Kris Hagerman ($000)
Nick Bray (£000)
Salary1
Taxable benefits2
Pension3
Single-year variable4
Restricted stock units5
Performance stock units6
All employee schemes
Total
1 Amount earned in respect of the year
FY18
716
3
8
638
877
6,458
4
8,704
FY17
695
3
8
772
842
n/a
2
2,322
FY18
291
16
15
207
283
2,186
–
2,998
FY17
282
12
14
250
267
n/a
4
829
2
Taxable benefits include: Kris Hagerman: medical and dentail, life and disability insurance and reimbursement of up ot $10,000 per annum for the
preparation of his tax returns; Nick Bray: Car allowance (FY18: £14K, FY17: £10K), life, private medical and critical illness insurances, travel and personal
accident insurances, and employee assistance programme arrangements.
3 The Company’s pension contributions during the year of up to 3 per cent and 5 per cent of salary for Kris Hagerman and Nick Bray, respectively
4 Bonus payment for performance during the year
5 RSUs: The face value at grant, using market price on day of issue, of time-based RSUs.
6
PSUs: The estimated value at vesting of PSUs for which the performance period ends at the end of the relevant financial year. For FY18, reflects the
number of FY16 PSUs vesting in FY19 subject to performance over the 3-year period ended 31 March 2018, valued using the average middle market
quotation of the shares on the main market of the London Stock Exchange (“MMQ”) over the three-months to 31 March 2018 (converted at daily US Dollar
rates for Kris Hagerman), and including the estimated value of dividends accruing over the vesting period on this award.
Base Salary
During FY18, the Remuneration Committee reviewed the salaries of Kris Hagerman and Nick Bray, who were each awarded
an increase of 2.6 per cent and 2.4 per cent respectively, effective 1 July 2018, as follows:
Executive Director
Kris Hagerman
Nick Bray
1 July 2018
1 July 2017
Increase %
$740,000
£300,000
$721,000
£293,000
2.6
2.4
Pension and Benefits
Kris Hagerman receives medical and dental insurance, travel insurance, life and disability insurance, a reimbursement
of up to $10,000 per annum for the preparation of his tax returns and, under his employer’s standard US 401(k) savings
plan for all US employees, is entitled to receive a matching contribution of up to three per cent of his salary, subject to
any annual maximum contribution applicable to US 401(k) savings plans from time to time. For 2018, this annual
maximum is $24,500.
Nick Bray is entitled to receive up to five per cent of his base salary as a contribution to a group personal pension scheme.
In FY18 he also received an annual car allowance of £14,000 (paid monthly), life insurance, private medical and critical
illness insurance, travel insurance, personal accident insurance and employee assistance programme arrangements.
Incentive Outcomes for FY18
Annual bonus
The Group operates an annual performance-related bonus scheme for a number of senior executives including Executive
Directors. Bonus opportunities for FY18 were 200 per cent of salary for Kris Hagerman and 160 per cent of salary for Nick
Bray. Target bonus was 50 per cent of the maximum opportunity.
The level of annual bonus earned in any one year is based on Group performance against predetermined financial targets
for the year and personal performance. In FY18, the bonus was based 80 per cent on billings and EBITDA, as defined by the
scheme rules, with 12.5 per cent of maximum vesting for threshold performance and 50 per cent for target performance.
The remaining 20 per cent of the bonus opportunity is based on personal performance. No bonus is awarded for
performance below the threshold. The financial element payout is based on the lower of the implied payouts for billings
and EBITDA, so to achieve any vesting of this element, executives were required to perform on both billings and EBITDA.
/73
IntroductionGovernanceFinancial StatementsStrategic Report�Annual Report on Remuneration continued
Financial performance
The financial targets for the FY18 annual bonus are no longer considered commercially sensitive, and are disclosed in full,
alongside performance against these targets, below:
Performance measure
Threshold
(12.5% payout)
Target
(50% payout)
Stretch
(100% payout)
Achievement
Implied vesting
(% of element)
Billings
EBITDA
$686M
$172M
$750M
$188M
$899M
$226M
$738M
$185M
43%
43%
Performance was measured using constant currency exchange rates. For levels of performance between the points set out in
the table above, bonus payout was determined on a straight-line, pro-rata basis. The overall bonus payout was based on the
lower of the implied payouts for billings and EBITDA, and was therefore 43 per cent of maximum for the financial element.
Personal performance
Following the end of FY18, the Committee assessed each Executive Director’s performance against personal objectives
set at the start of the year. Performance of the Executive Directors in respect of FY18 was assessed to warrant a payout of
48 per cent for the personal element. An overview of the FY18 objectives, and each Director’s performance against these,
is set out below:
Kris Hagerman
FY18 objectives
In support of the continued effective execution of the Group’s long-term strategic
objectives, the Chief Executive Officer:
• Delivered strong performance against the Group’s FY18 Plan
• Led a detailed Group strategic review by the SMT, established a five-year financial plan, and
defined a clear company strategy to support it
• Led the evolution of product-specific strategies, including the potential role for M&A, each in
support of the five-year financial plan
•
Continued to build a high-quality, high-performing organisation through key appointments and
strong employee engagement results
Nick Bray
FY18 objectives
In support of the continued effective execution of the Group’s long-term strategic
objectives, the Chief Financial Officer:
• Delivered strong performance against the Group’s FY18 Plan
• Established a five-year financial plan, including appropriate targets for the Group, and
continued to align cost growth with billings growth and ensure an efficient capital structure
• Continued to build new, and strengthen existing, relationships with the Group’s investors
Led key programs relating to the Group’s business continuity planning, and systems
implementation and improvement
•
• Continued to strengthen financial controls, processes, risk identification and mitigation
across the Group
Annual bonus outcomes
Outcome warranted
by peformance
(% of element)
Weighting
20%
48%
Outcome warranted
by peformance
(% of element)
Weighting
20%
48%
Based on the above assessments of performance during FY18, Kris Hagerman and Nick Bray will receive bonuses of
88 per cent and 71 per cent of salary, respectively. The entire bonus in respect of FY18 will be paid in cash. The bonus
calculations for FY18 are illustrated below:
Executive
Director
Kris
Hagerman
Nick Bray
Maximum
bonus
opportunity
(% of salary)
Weighting
on financial
performance
(% of bonus)
Weighting
on personal
performance
(% of bonus)
Financial
measure
outcome (% of
element)
Personal
performance
outcome (%
of element)
Overall bonus
vesting
(% of
maximum)
FY18 bonus
award (000)
200%
160%
80%
80%
20%
20%
43%
43%
48%
48%
44%
44%
$638
£207
74/
Cybersecurity made simple�Long-Term Incentive Plan
FY16 PSU awards vesting (audited)
PSU awards were granted to Kris Hagerman and Nick Bray in FY16 (calendar year 2015), shortly after Listing (and before
our remuneration policy took effect after the 2016 AGM). These awards are subject to performance against annual billings
and cash EBITDA targets set for each of the financial years FY16, FY17 and FY18. Performance against each of these
measures over the completed performance period is summarised in the table below:
Performance
period
Weighting
(of max.)
Performance
measure
Initial Vesting
Accelerator Vesting
Threshold
(25%
vesting)
Stretch
(100%
vesting)
Super
Stretch
(1 x
multiplier)
Maximum
(1.25 x
multiplier)
Financial
year outcome
Vesting
outcome
(out of 125%)
FY16
FY17
FY18
One-third
Billings
$448M
$498M
$519M
Cash EBITDA
$99M
$110M
$118M
One-third
Billings
Cash EBITDA
One-third
Billings
Cash EBITDA
$508M
$114M
$577M
$133M
$565M
$597M
$127M
$143M
$641M
$687M
$147M
$172M
$560M
$127M
$644M
$155M
$741M
$185M
$535M
$121M
$632M
$150M
$769M
$194M
110%
108%
119%
115%
125%
125%
Average of the lowest vesting outcomes in FY16, FY17 and FY18
116.11%
Overall vesting (based on the aggregate of the lowest vesting outcome for each performance period)
For each performance year, the vesting outcome is based on the lower of that warranted by billings performance and cash
EBITDA performance. Based on the performance outcomes set out above, 116.11 per cent of the FY16 PSU awards will
vest, representing 92.88 per cent of the maximum opportunity. Details of the awards vesting to Executive Directors are set
out in the table below:
Executive
Director
Kris Hagerman
Nick Bray
Interests
held
716,292
337,079
% vesting
116.11%
116.11%
Interests
vesting
Date of
vesting
Share price
at vesting1
831,687
7 Aug 2018
391,382
7 Aug 2018
552.6p
552.6p
Value
(£000)
4,596
2,163
1
The estimated value of vested awards is calculated using the MMQ over the three-months to 31 March 2018. The estimated value of dividends accruing
over the vesting period on these awards for Kris Hagerman and Nick Bray are $65K (£49K) and £23K respectively, and will be paid in cash.
LTIP awards granted in FY18 (audited)
On 16 June 2017, Kris Hagerman and Nick Bray were granted awards under the LTIP in the form of RSUs and PSUs. Details
are provided in the table below:
Executive Director
Date of award
Type of award
Awards made
during the year
Reference price
of award1
Face value
of award (£000)
Kris Hagerman
Nick Bray
16 June 2017
1 The MMQ between 14 June 2017 and 16 June 2017.
2 Based on salary as at 1 July 2017.
RSU
PSU
RSU
PSU
159,424
478,272
64,995
194,985
436.94p
436.94p
436.94p
436.94p
697
2,090
284
852
Face value of
award2
(% of salary)
124
373
97
291
/75
IntroductionGovernanceFinancial StatementsStrategic Report
�Annual Report on Remuneration continued
The RSU awards are not subject to future performance conditions, and will vest over four years, subject to continued
employment, with 25 per cent of the awards vesting on 1 June 2018 and the remainder vesting on a quarterly basis
thereafter until 1 June 2021.
The PSU awards vest subject to the vesting outcome implied by performance against annual targets over the three
years to the financial year ending 31 March 2020, with the award vesting (to the extent that targets are met) on the third
anniversary of grant. Targets for the three years are set at the start of the performance period. Vesting is based on the
lower of the implied payouts for billings and cash EBITDA, with 25 per cent vesting for threshold performance, 100 per
cent for stretch performance, and 125 per cent vesting for maximum performance. The table on page 75 sets out the
face value of awards granted in FY18 which can vest, subject to performance set out above, and in the table below.
No awards will vest for performance below the threshold.
Performance Targets for Outstanding PSU Awards
The Committee believes that disclosing the individual annual financial performance targets for FY19 and FY20 in this
report would put the Company at a competitive disadvantage to its international and privately held competitors, that
are not subject to similar disclosure requirements. However, the Committee remains committed to disclosing (on a
retrospective basis) the annual financial targets attaching to outstanding PSU awards, and performance against these.
FY17 PSU awards
Performance
period
Weighting
(of max.)
Performance
measure
Initial Vesting
Accelerator Vesting
Threshold
(25%
vesting)
Stretch
(100%
vesting)
Super
Stretch
(1 x
multiplier)
Maximum
(1.25 x
multiplier)
Two-year
performance
to 31 March
2018
Vesting
outcome
(out of 125%)
FY17
FY18
FY19
One-third
Billings
$554M
$615M
Cash EBITDA
One-third
Billings
$127M
$637M
$142M
$707M
Cash EBITDA
$150M
$166M
$655M
$157M
$766M
$189M
$706M
$169M
$826M
$204M
$632M
$150M
$769M
$194M
100%
100%
101%
107%
One-third
Billings
Cash EBITDA
To be disclosed in the FY19 Annual Report on Remuneration
Note: actual vesting is dependent on the performance against targets for each of the financial years FY17 to FY19 and is based on the lower of the implied
payouts for billings and cash EBITDA (i.e. the measures are equally weighted); sliding scale vesting applies between threshold and stretch, and super stretch
and maximum. The final total vesting percentage will not be known until the end of the three-year performance period).
FY18 PSU awards
Initial Vesting
Accelerator
Vesting
Performance
period
Weighting
(of max.)
Performance
measure
Threshold
(25% vesting)
Stretch (100%
vesting)
Maximum (1.25
x multiplier)
One-year
performance to
31 March 2018
Vesting
outcome
(out of 125%)
FY18
FY19
FY20
One-third
Billings
Cash EBITDA
One-third
Billings
Cash EBITDA
One-third
Billings
Cash EBITDA
$663M
$164M
$736M
$182M
$825M
$204M
$769M
$194M
109%
113%
To be disclosed in the FY19 Annual Report on Remuneration
To be disclosed in the FY20 Annual Report on Remuneration
Note: Following the publication of the Company’s external billings targets during the year, the structure for the LTIP PSU awards’ performance conditions has
been simplified. The gap between the previous Stretch and Super Stretch targets has been removed for all PSU awards made from FY18 onwards. Actual
vesting is dependent on the performance against targets for each of the financial years FY18 to FY20 and is based on the lower of the implied payouts for
billings and cash EBITDA (i.e. the measures are equally weighted). Vesting on a sliding scale between 25 and 100 per cent applies between threshold and
stretch, and a 1.25 multiplier applies up to the maximum 125 per cent vesting for performance above stretch. The final total vesting percentage will not be
known until the end of the three-year performance period.
76/
Cybersecurity made simple�Dilution Limits
Sophos will continue to manage dilution within the context of maintaining award levels within a 10 per cent limit over
five years, the limit that has applied since the equity incentive plans were approved at IPO. The Committee is aware that this
is higher than the limit adopted by many UK companies and preferred by many institutional investors of 5 per cent over 10
years in respect of discretionary awards and 10 per cent over 10 years in respect of all schemes. The Committee believes
the higher limit we operate is necessary in part because of the broad based nature of our equity incentive plans, under
which shares are provided to a large proportion of our employees (including SAYE and ESPP schemes open to most
employees). The equity incentive plans are a key part of the Group’s employee compensation package, and reflects the
need to be able to compete with other US and international companies for the high-calibre employees and executives
required to secure Sophos’ future success.
At 31 March 2018, dilution under all our incentive schemes was c.6.7 per cent, and continues to reflects the front-loaded
approach to equity incentive grants following the IPO.
Single Total Figure Of Remuneration For Non-Executive Directors (Audited)
The table below sets out the total single figure of remuneration received by each Non-Executive Director who served
during the year-ended 31 March 2018 and the prior-year:
Base fee ($000)
Additional fees1 ($000)
Other ($000)
Total ($000)
FY18
FY17
FY18
FY17
FY18
FY17
FY18
FY17
Peter Gyenes
Sandra Bergeron
Edwin Gillis2
Roy Mackenzie
Rick Medlock3
Steve Munford
Vin Murria
Salim Nathoo4
Paul Walker
250
150
66
–
150
150
150
–
150
250
150
150
–
–
150
37
–
150
5
–
7
–
8
–
–
–
5
–
15
–
–
–
–
–
25
25
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
255
150
73
–
158
150
150
–
175
255
150
165
–
–
150
37
–
175
1 Additional fees relate to fees for chairing Board Committees.
2 Edwin Gillis retired on 7 September 2017. His fees for 2017 reflect the period from 1 April 2017 to this date.
3
Rick Medlock joined the Board on 3 April 2017, and additional fees relate to his appointment as Chairman of the Audit and Risk Committee from
8 September 2017.
4 Salim Nathoo resigned on 28 November 2017.
Exit Payments Made In Year (Audited)
No exit payments were made to Directors in FY18.
Payments To Past Directors (Audited)
No payments were made to past Directors in FY18.
External Directorships
In FY18 Nick Bray received £57.8K as a Non-Executive Director of De La Rue plc (FY17: £39.5K).
Remuneration for FY19
Base salary
Salaries for Kris Hagerman and Nick Bray, effective from 1 July 2018, will be $740,000 and £300,000, respectively.
This equates to increases of 2.6 and 2.4 per cent respectively, which is approximately 1.5 per cent lower than increases
awarded to the broader employee population of c.4 per cent.
Pension and benefits
In line with the Remuneration Policy, the Executive Directors will continue to receive pension contributions of 3 to 5 per
cent of salary. They will also continue to receive benefits in line with the policy.
/77
IntroductionGovernanceFinancial StatementsStrategic Report�Annual Report on Remuneration continued
Annual bonus
For the year ending 31 March 2019, the Committee will operate the annual bonus using the same framework and measures
as used in FY18. Billings and EBITDA targets have been set by the Committee and will require Executive Directors to deliver
significant stretch performance to achieve full payout. Given the close link between these targets and Sophos’ competitive
strategy, these financial targets are considered commercially sensitive and will not be disclosed in advance, but will be
disclosed on a retrospective basis in next year’s Annual Report on Remuneration to the extent that the Committee
determines that the targets are no longer commercially sensitive.
All of bonus will be paid in cash. Bonus payments are subject to malus and clawback provisions.
Long-Term Incentive Plan
In FY19, the Committee intends to grant long-term incentive awards to Executive Directors in line with the stated
remuneration policy and using the same measures as were used in FY18. Awards will be made over performance share
units (at least 75 per cent of the total award) and restricted shares, within the normal policy limits. Full details of the awards
will be set out in the Annual Report for the year ending 31 March 2019. LTIP awards are subject to malus and clawback
provisions.
Non-Executive Director Fees (Including The Chairman)
With effect from IPO, the fees payable to the Chairman of the Board and other Non-Executive Directors (“NEDs”) are as
follows:
Chairman of the Board
NED base fee
Additional fees:
Audit and Risk Committee Chairman
Remuneration Committee Chairman
Nominations Committee Chairman
Senior Independent Director
Fee p.a.
$250,000
$150,000
$15,000
$10,000
$5,000
$15,000
There will be no change to the NED fee policy set out above for FY19.
Percentage Change in CEO Remuneration
The table below shows the percentage change in the CEO’s remuneration from the prior-year compared to the average
percentage change in remuneration for all other employees. To provide a meaningful comparison, the analysis is based on a
consistent set of employees, i.e. the same individuals appear in the FY17 and FY18 populations.
Base salary
Taxable benefits
Single-year variable
% change FY17 to FY18
CEO
3%
–
-17%
Other employees
5%
–
-2%
Relative Importance of Spend on Pay
The following table shows, for FY18 and FY17, the actual expenditure and percentage change in total employee costs and
percentage change in distributions to shareholders.
Shareholder distributions – dividends1
Total employee expenditure2
1 Represents dividends paid in each financial year.
FY18
$M
21.8
370.9
FY17
$M
10.9
304.6
Change
%
100%
22%
2
Total employee expenditure includes wages and salaries, social security costs, pension and other costs and share-based payments, see note 10 of the
financial statements.
78/
Cybersecurity made simple�Pay for Performance
In line with the reporting regulations, Sophos is required to provide a graph showing the Company’s Total Shareholder
Return (“TSR”) performance (share price plus dividends paid) compared with the performance of a relevant comparator
group since IPO, assuming a nominal £100 investment in both the Company and the comparator group at the start of the
timeframe. Companies are also required to show the CEO’s single figure of remuneration and actual variable pay outcomes
over the same period.
Sophos has chosen to compare its performance against the FTSE250 Index, as the Company became a constituent of the
index on IPO. The table below details the Chief Executive’s single figure of remuneration and actual variable pay outcomes
over the same period. As Sophos completed its IPO in July 2015, TSR data and pay disclosure is available from this date to
31 March 2018 only.
£100 Invested on Sophos’ IPO
Sophos
FTSE250
£250
£200
£150
£100
£50
£0
25.06.15
31.03.16
31.03.17
31.03.18
Incumbent
Kris Hagerman
Kris Hagerman
Kris Hagerman
CEO single figure of remuneration ($000)
Annual bonus outcomes (% of maximum)
PSU vesting outcome (% of maximum)
$18,627
59%
n/a
$2,322
55%
n/a
$8,704
44%
93%
FY16
FY17
FY18
Statement of Shareholder Voting
The following table shows the result of the advisory vote on the 2017 Annual Report on Remuneration at the 2017 AGM, and
the binding vote on the Remuneration Policy at the 2016 AGM.
Remuneration Policy (2016 AGM)
279,603,831
2017 Annual Report on Remuneration
271,042,033
For
Number
%
72.15%
70.18%
Against
Withheld
Number
%
Number
107,903,661
115,160,183
27.85%
29.82%
4,904,177
2,602,369
We are aware that a number of features of our remuneration policy continue to differ from typical UK market practice and
further, that this may have informed how those shareholders who voted in opposition to our Annual Report on Remuneration
at the 2017 AGM, elected to cast their votes.
During FY18 the Company published an interim statement in response to notification of its inclusion in the Investment
Association’s Public Register of listed companies who received opposition of more than 20 per cent on any resolution in a
General Meeting (the ‘2017 Interim Statement’).
It is the Committee’s belief that the Group’s remuneration policy (the ‘Policy’) measures and rewards the performance of
the Group’s executives against the best measures of the Group’s performance given its current size and stage of growth,
and further that these metrics are appropriate now for focusing the Group’s executives on growing the business and
establishing a strong customer base from which to build on. However, as already noted, the Committee is committed to
keeping this under review and recognises that as Sophos matures as a business, it may become appropriate to look at a
different, possibly broader, selection of metrics with which to focus the Group’s executives on delivering in additional areas.
The Policy is next due for shareholder approval in 2019 and the Committee will continue to review developments in market
practice in advance of its renewal.
See the Annual Statement of the Remuneration Committee Chairman on page 63 for further details on the Committee’s
response to the vote on the Annual Report on Remuneration at the 2017 AGM. The 2017 Interim Statement is available at:
investors.sophos.com
/79
IntroductionGovernanceFinancial StatementsStrategic Report�Annual Report on Remuneration continued
Directors’ Share Ownership (Audited)
The table below shows the shareholding of each Director against their respective shareholding requirement as at
31 March 2018.
Share and option awards
Beneficially
owned
Subject to
performance
Subject to
continued
employment
only
Vested
but
not yet
exercised
Kris Hagerman
1,927,330
1,471,875
2,270,267
4,408,352
Nick Bray1
68,497
642,729
1,019,107
Peter Gyenes
286,631
Sandra
Bergeron
Roy Mackenzie
Rick Medlock
214,974
–
–
Steve Munford
1,986,059
Vin Murria
Paul Walker
307,272
127,129
–
–
–
–
–
–
–
–
–
–
–
–
–
63,565
-
–
–
–
–
–
–
–
Shareholding
required
(% of salary)
Current
shareholding
(% of salary)
Requirement
met
200
200
1,623
101
Yes
No
1
Awards will vest on 21 May 2018, and Nick Bray’s beneficially owned shareholding will be 125,547 shares, equivalent to 237 per cent of salary based on the
MMQ over the three months to 31 March 2018.
There have been no changes to shareholdings between 1 April 2018 and 16 May 2018. None of the Directors had an interest
in the shares of any subsidiary undertaking of the Company or in any significant contracts of the Group, with the exception
of Vin Murria who is also a Non-Executive Director of Softcat plc, with whom the Company maintains an ongoing customer
relationship.
Summary of Outstanding Share Awards
The interests of the Directors in the Company’s share schemes as at 31 March 2018 are summarised in the table below.
Date of
award
Awards
held at
1 Apr 17
Granted
during
the year
Exercised
during
the year
Forfeited
during
the year
Awards
held at
31 Mar 18
Exercise
price
Market
price at
grant
Performance
period
Vesting
period/
date
Expiry
date
Director
Kris
Hagerman
Pre-IPO
Options
Pre-IPO
Options
10 Oct 12
2,312,285
10 Oct 12
2,420,174
LTIP – RSU
7 Aug 15
1,376,405
LTIP – RSU
7 Aug 15
149,228
LTIP – PSU
7 Aug 15
716,292
LTIP – RSU 14 Jun 16
331,201
LTIP – PSU 14 Jun 16
993,603
LTIP – RSU 16 Jun 17
LTIP – PSU 16 Jun 17
–
–
159,424
478,272
–
–
–
–
–
–
–
(162,053)
(162,054)
(294,944)
(44,768)
–
(124,200)
–
–
–
–
–
–
–
–
–
–
–
–
2,150,232
$0.598
$0.598
n/a
1 Aug 13
– 1 Aug 17
10 Oct 22
2,258,120
$0.598
$0.598
Exit event
1 Jul 15
10 Oct 22
1,081,461
104,460
716,292
207,001
993,603
159,424
478,272
–
–
–
–
–
–
–
265p
265p
265p
179p
179p
436p
436p
n/a
n/a
7 Aug 16
– 7 Aug 20
7 Aug 16
– 7 Aug 19
6 Aug 25
6 Aug 25
1 Apr 15
– 31 Mar 18
7 Aug 18
6 Aug 25
n/a
14 Jun 17
– 14 Jun 20
13 Jun 26
1 Apr 16
– 31 Mar 19
14 Jun 19
13 Jun 26
n/a
16 Jun 18
– 16 Jun 21
15 Jun 27
1 Apr 17
– 31 Mar 20
16 Jun 20
15 Jun 27
ESPP
ESPP
ESPP
1 Jan 17
1 Jul 17
1 Jan 18
1,574
–
–
–
2,176
1,629
(1,497)
(2,087)
(77)
(89)
–
–
–
–
1,629
223p
262p
376p
TBD*
442p
567p
n/a
n/a
n/a
30 Jun 17
30 Jun 17
31 Dec 17
31 Dec 17
30 Jun 18
30 Jun 18
80/
Cybersecurity made simple�Date of
award
Awards
held at
1 Apr 17
Granted
during
the year
Exercised
during
the year
Forfeited
during
the year
Awards
held at
31 Mar 18
Exercise
price
Market
price at
grant
Performance
period
Vesting
period/
date
Expiry
date
Director
Nick Bray
LTIP – RSU
7 Aug 15
589,888
LTIP – RSU
7 Aug 15
70,225
LTIP – PSU
7 Aug 15
337,079
LTIP – RSU 14 Jun 16
149,248
LTIP – PSU 14 Jun 16
447,744
–
–
–
–
–
LTIP – RSU 16 Jun 17
LTIP – PSU 16 Jun 17
–
–
64,995
194,985
SAYE
24 Jun 16
11,111
–
(126,404)
(21,067)
–
(55,968)
–
–
–
–
Steve
Munford
Pre-IPO
Options
22 Oct 10
153,457
–
(153,437)
–
–
–
–
–
–
–
–
–
463,484
49,158
337,079
93,280
447,744
64,995
194,985
–
–
–
–
–
–
–
265p
265p
265p
179p
179p
436p
436p
n/a
n/a
7 Aug 16
– 7 Aug 20
7 Aug 16
– 7 Aug 19
6 Aug 25
6 Aug 25
1 Apr 15
– 31 Mar 18
7 Aug 18
6 Aug 25
n/a
14 Jun 17
– 14 Jun 20
13 Jun 26
1 Apr 16
– 31 Mar 19
14 Jun 19
13 Jun 26
n/a
16 Jun 18
– 16 Jun 21
15 Jun 27
1 Apr 17
– 31 Mar 20
16 Jun 20
15 Jun 27
11,111
162p
202p
n/a
8 Aug 19
8 Feb 20
–
$0.019
$0.476
n/a
22 Oct 10
22 Oct 20
* Under Group scheme rules exercise price is to be not less than 85 per cent of the lesser of market value on date of grant and market value on date of exercise.
As outlined in the IPO prospectus, Kris Hagerman continues to hold share options granted under the Pentagon Holdings
Management Equity Plan (“MEP”) that were issued prior to IPO. Nick Bray’s (until exercised under the JOE agreement in
FY16) and Steve Munford’s (until exercised under the JOE agreement in FY17) MEP options (a “Linked Option”) were linked
to a parallel award under a JOE Agreement. Awards under a JOE agreement entitle the participant to call for the transfer to
him by the Trustee of the JOE agreement of that part of the beneficial interest in any jointly owned shares which vest, upon
payment by the participant of a price specified in the JOE Agreement. Rights under a JOE Agreement may only be exercised
to the extent that a Linked Option has not been exercised and vice versa.
The rules of the MEP provide that 50 per cent of a MEP option is subject to time vesting and 50 per cent is subject to
performance vesting. On Admission, 66.2 per cent of the awards subject to performance vested. Depending on the length
of service of a MEP participant, the Company may require that a portion of an option which is vested as to performance may
only be exercised at a later date. Steve Munford additionally held vested share options granted under an option deed with
Pentagon Holdings SARL on 22 October 2010 until exercised in FY18.
The interests of the Directors in pre-IPO restricted shares as at 31 March 2018 are summarised in the table below:
Restricted
awards
held at
1 Apr 17
Restriction
lifted
during year
Restricted
awards
held at 31
Mar 18
Exercise
price
Market
price at
grant
date
Date of
award
Performance
period
Vesting
period/
date
Expiry
date
27 Mar 15
127,129
(63,564)
63,565
– $1.5575
27 Mar 16
– 27 Mar 18
n/a
n/a
Director
Paul Walker
Pre-IPO
Restricted
Shares
As outlined in the IPO prospectus certain of the Non-Executive Directors held Restricted Shares, the majority of which have
now vested. Paul Walker entered into a restricted share agreement on 27 March 2015 (the “Acquisition Date”) pursuant to
which he acquired 300,000 A shares in Pentagon Holdings SARL. The Restricted Shares shall vest in three equal tranches
on the first, second and third anniversaries of the Acquisition Date or as soon as reasonably practicable thereafter, in
accordance with the provisions of the EU Market Abuse Regulation (596/2014), subject to Paul Walker remaining a Director
until that date. All Restricted Shares in Pentagon Holdings SARL were exchanged for new shares in Sophos Group plc as
part of the reorganisation of the Group immediately prior to the IPO.
On behalf of the Board:
Paul Walker
Chairman of the Remuneration Committee
16 May 2018
/81
IntroductionGovernanceFinancial StatementsStrategic Report�Directors’ Report
The Directors of Sophos Group plc (the “Company”) present their Annual Report on the affairs of the Group, together with
the Consolidated Financial Statements and Auditor’s Report on the Group for the year-ended 31 March 2018. There are a
number of legal and regulatory requirements with which the Company must comply, such as the Companies Act 2006
(the “Act”), the Listing Rules and the Disclosure Guidance and Transparency Rules (the “DTRs”), which are addressed in
this section.
Strategic Report
The Strategic Report, which forms part of this report and is presented on pages 16 to 43 of this Annual Report, includes
a fair review of the business, a description of the principal risks and uncertainties facing the Group and an indication of
likely future developments.
Corporate Governance
The Corporate Governance Statement set out on pages 46 to 54 and Committee Reports on pages 55 to 81 have been
incorporated into the Directors’ Report by cross-reference.
The majority of the disclosures required under LR 9.8.4 R are not applicable to the Group. The table below sets out the
location of the disclosures for those requirements that are applicable:
Applicable sub-paragraph
Publication of unaudited financial information
Disclosure provided
Financial Review
Details of long-term incentive schemes
Annual Report on Remuneration
Allotment of equity securities
Contracts of significance
Agreements with controlling shareholders
Note 28 to the Financial Statements
Directors’ Report
Directors’ Report
Articles of Association and Constitution
Sophos Group plc is domiciled in England and incorporated in England and Wales under Company Number 09608658.
The Articles of Association of the Company (the “Articles”) may only be amended by a special resolution at a meeting of
the shareholders. The current Articles can be found on the Group’s website at investors.sophos.com.
Directors and Directors’ Interests
The Directors who held office during the year and up to the date of the signing of this report:
Peter Gyenes
Kris Hagerman
Nick Bray
Sandra Bergeron
Edwin Gillis
Roy Mackenzie
Rick Medlock
Steve Munford
Vin Murria
Salim Nathoo
Paul Walker
Non-Executive Director and Chairman
Chief Executive Officer
Chief Financial Officer
Non-Executive Director
Non-Executive Director (retired 7 September 2017)
Non-Executive Director
Non-Executive Director (appointed 3 April 2017)
Non-Executive Director
Non-Executive Director
Non-Executive Director (resigned 28 November 2017)
Non-Executive Director
A summary of the Directors’ remuneration, employment contracts and interests in the shares of the Company are set out
in the Remuneration Report.
None of the Directors had an interest in any significant contracts of the Group or its subsidiaries, with the following exceptions:
(i) Vin Murria is also a Non-Executive Director of Softcat plc, with whom the Company maintains an ongoing customer
relationship; and
(ii) Salim Nathoo is also a Non-Executive Director of Global Logic, with whom the Company maintains an ongoing supplier
relationship.
82/
Cybersecurity made simple�Directors’ Indemnity and Insurance
Throughout the year, the Company has purchased and maintained Directors’ and Officers’ liability insurance in respect
of itself and its Directors, and the Directors of Group subsidiary companies. The Directors also have the benefit of the
indemnity provision contained in the Articles. The Company has entered into qualifying third-party indemnity
arrangements for the benefit of all its Directors in a form and scope which comply with the requirements of the
Companies Act 2006 and which were in force throughout the year and remain in force.
Relationship Agreement
Pentagon Lock Sarl, Pentagon Lock 6-A Sarl, Pentagon Lock 7-A Sarl and Pentagon Lock US Sarl (collectively “Apax”)
previously held more than 30 per cent of the issued ordinary share capital of the Company and still hold more than 10 per
cent of the issued ordinary share capital as at 31 March 2018. On 26 June 2015, the Company and Apax entered into a
Relationship Agreement which regulates the ongoing relationship between the Company and Apax (as the “controlling
shareholder”) in accordance with the Listing Rules. The Board can confirm that throughout the period:
• the Company has complied with the agreement’s independence provisions;
• as far as the Company is aware, the controlling shareholder and its associates have complied with the agreement’s
independence provisions; and,
• as far as the Company is aware, the controlling shareholder has procured the compliance of non-signing controlling
shareholders with the agreement’s independence provisions.
Significant Agreements
The following significant agreements are in place as at 31 March 2018, which include provisions that would enable the
counterparties to alter or terminate the agreements upon a change of control of the Company following a takeover bid:
• a syndicated secured term loan (“Facility A”) of $235.0 million entered into on 1 July 2015;
• a syndicated secured term loan (“Facility B”) of €60.0 million entered into on 1 July 2015;
• a revolving credit facility agreement (“RCF 1”) of $30.0 million entered into on 1 July 2015; and,
• a revolving credit facility agreement (“RCF 2”) of $40.0 million entered into on 6 February 2017.
Further details of financing agreements in place are included in note 23 of the Financial Statements.
Share Capital and Substantial Shareholders
The share capital of the Company is set out in note 26 of the Financial Statements; ordinary shares of three pence each are
the only class of share in issue. As at 31 March 2018 and 16 May 2018 the Company was notified under DTR 5 of the
following significant holdings of voting rights in its shares set out in the table below. No change in voting interests in the
ordinary share capital of the Company, disclosable under the DTRs, has been notified to the Company between 31 March
2018 and 16 May 2018.
Name
Apax
Jan Hruska
Peter Lammer
Franklin Templeton Institutional, LLC
Standard Life Investments (Holdings) Limited
Old Mutual plc
ODDO Meriten Asset Management
As at 31 March 2018
Ordinary
shares held
Percentage of
total ordinary shares
51,936,344
42,543,360
42,543,360
23,376,977
22,724,690
19,821,783
13,633,922
11.09
9.08
9.08
4.99
4.85
4.23
2.91
/83
IntroductionGovernanceFinancial StatementsStrategic Report�Directors’ Report continued
Voting Rights
All of the issued and outstanding ordinary shares of the
Company have equal voting rights, with one vote per share.
There are no special control rights attaching to them.
Transfer of Shares
The transfer of shares is governed by the Articles which
allows any member to transfer certificated shares in any
usual form or in any other form for which the Board may
approve. The Board may, in its absolute discretion, refuse to
register a transfer of a certificated share that is not fully
paid, provided that the refusal does not prevent dealings in
the Company from taking place on an open and proper basis.
The Board may also refuse to register the transfer of a
certificated share unless the instrument of transfer is (i)
lodged, duly stamped (if stampable), at the office or at
another place appointed by the Board, accompanied by the
certificate for the shares to which it relates and such other
evidence as the Board may reasonably require to show the
right of the transferor to make the transfer; (ii) in respect of
only one class of shares; and (iii) in favour of not more than
four transferees.
Appointment and Retirement of Directors
Unless otherwise determined by ordinary resolution, the
number of Directors shall be no less than three but is not
subject to any maximum number. The Board may appoint a
person who is willing to act to be a Director, either to fill a
vacancy or as an additional Director and in either case
whether or not for a fixed term.
At every AGM all the Directors at the date of the notice
convening the AGM shall retire from office, if the Company
does not fill the vacancy at the meeting the retiring Director
shall, if willing to act, be deemed to have been re-appointed
unless at the meeting it is resolved not to fill the vacancy or
unless a resolution for the re-appointment of the Director is
put to the meeting and lost.
A person ceases to be a Director as soon as:
(i)
notification is received by the Company from the
Director that they are resigning or retiring from office;
(ii)
(iii)
that person has been absent for more than six
consecutive months without permission of the Board
and the Board resolves that their office be vacated;
the person has become physically or mentally
incapable of acting as a Director and may remain so for
more than three months;
(iv) a bankruptcy order is made against that person;
(v)
a composition is made with that person’s creditors
generally in satisfaction of that person’s debts;
(vi)
that person ceases to be a Director by virtue of any
provision of the Act or is prohibited from being a
Director by law; or,
(vii) that person is removed from office pursuant to the
Articles.
Powers of the Board
Subject to provisions of the Companies Act 2006, the
Articles, and to any directions given by special resolution,
the business of the Company shall be managed by the Board
who may exercise all the powers of the Company.
Dividends
The Directors have recommended that the Company pay a
final dividend in relation to the year-ended 31 March 2018 of
3.5 US Cents per share. Subject to shareholder approval,
combined with the interim dividend announced of 1.4 US
Cents per share, this gives a total dividend for the year of 4.9
US Cents per share. The Directors continue to adopt a
progressive dividend policy targeting approximately
mid-single digit per cent growth per annum, reflecting the
cash-generative nature of the Group.
Sophos Group plc is the parent company of the Group and
is a non-trading investment company for the Group,
holding investments in subsidiaries financed by Group
companies. Sophos Group plc has retained earnings of
$946.1 million, which approximates the distributable
reserves. At the end of the prior-year Sophos Group plc had
retained earnings of $977.1 million, after paying dividends
in that year totalling $10.9 million, the distributable
reserves thereby having significant cover for the dividends
being proposed. The Group is strongly cash generative with
trading activities continuing to support the dividends made
and proposed, details of cash on hand is included in note
20 of the Financial Statements.
The dividend policy and availability of distributable reserves
or cash to make future dividend payments is influenced by
the principal risks, and their mitigations, discussed on pages
34 to 37 which are factored into the Group’s viability review
and statement disclosed on page 86. Prior to the proposal of
a dividend the Directors review both the distributable
reserves and cash available on hand as well as the impact of
the proposed dividend on each of them in light of other cash
commitments and investment intentions. On the basis of
the latest review the Directors consider the current dividend
policy to be appropriate and sustainable.
84/
Cybersecurity made simple�Annual General Meeting
Share Option Plans
The notice of the Annual General Meeting (“AGM”) which sets
out the resolutions to be proposed at the 2018 AGM
accompanies this Annual Report and Accounts. The 2018
AGM will be held at 3.00pm on 30 August 2018 at: The
Pentagon, Abingdon Science Park, Abingdon, OX14 3YP.
The Group operates a number of share option plans to
motivate and retain staff and align their interests with
shareholders. Details of these schemes are set out in note
28 to the Financial Statements.
Branches
The Group, through various subsidiaries, has established
branches in a number of different countries in which the
business operates.
Financial Instruments
Details of the Group’s financial risk management policies
and risks are set out in note 25 to the Financial Statements.
Authority to Issue Shares and Authority to
Purchase Own Shares
The Company was authorised by shareholders at the 2017
AGM to allot shares and also to make market purchases of
up to 10 per cent of the Company’s issued share capital, as
permitted under the Company’s Articles. The Company did
not repurchase shares during the year or make any shares
the subject of a charge. The Company will seek to renew
these authorities at the 2018 AGM, within the limits set out
in the AGM Notice.
Shares Held in the Employee Benefit Trust
The Trustees of the Employee Benefit Trust will abstain from
voting or exercising any other rights in respect of any shares
held by them and in which no beneficial interest is held by
any beneficiary unless otherwise directed by the Company.
Greenhouse Gas Emissions
The Greenhouse Gas Emissions (“GHG”) disclosures for the
Group, as well as environmental considerations, have been
included in the Corporate Responsibility Report, see page 43.
Employees
The Group continues to invest to drive future growth. A key
objective of the Group is to achieve a shared commitment by
all employees to the success of the business. Throughout
the Group, there is consultation between employees and
management on matters of mutual interest and information
is disseminated through team and Company briefings.
Updates on the operations of the Group and its performance
are shared with all employees via quarterly all-hands which
are led by the CEO and SMT and are recorded and made
available on the Group’s intranet site. Employees are
encouraged to promote and participate in the progress and
profitability of the Group through the share option plans and
other incentive schemes.
The Group provides full consideration to applications for
employment from disabled persons where the requirements
of the role can be adequately fulfilled by a disabled person.
Where existing employees become disabled it is the Group’s
policy, wherever practicable, to provide continuing
employment under normal terms and conditions and to
provide training and career development to disabled
employees wherever appropriate.
Research and Development
The Group continues to undertake research and
development activity relating to its principal activities.
In the year-ended 31 March 2018, the Group spent 19.0 per
cent of its billings on research and development (FY17:
18.6 per cent). Development expenditure is capitalised if
the requirements of IAS 38 have been met, further details
are included in note 3 of the Financial Statements.
Political Donations
The Group’s policy is not to make any political donations.
Accordingly, no political donations were made in the
year-ended 31 March 2018 (FY17: no political donations
were made).
/85
IntroductionGovernanceFinancial StatementsStrategic Report�Directors’ Report continued
Going Concern
Post Balance Sheet Events
There have been no material events from 31 March 2018
to the date of this report.
Auditors
KPMG LLP has expressed their willingness to continue in
office as auditors of the Company and accordingly a
resolution for the re-appointment of KPMG LLP as auditors
of the Company is to be proposed to the shareholders at
the 2018 AGM.
Disclosure of Information to Auditors
The Directors who held office at the date of approval of
this Directors’ Report confirm that, so far as they are each
aware, there is no relevant audit information of which the
Company’s auditors are unaware and each Director has taken
all the steps that he or she ought to have taken as a Director
to make them aware of any relevant audit information.
Statement of Directors’ Responsibilities in
Respect of the Annual Report and the Financial
Statements
The Directors are responsible for preparing the Annual Report
and the Group and parent Company financial statements in
accordance with applicable law and regulations.
Company law requires the Directors to prepare Group and
parent company financial statements for each financial year.
Under that law they are required to prepare the Group
financial statements in accordance with International
Financial Reporting Standards as adopted by the European
Union (IFRSs as adopted by the EU) and applicable law. As
explained in note 3 to the Group financial statements, the
Group, in addition to complying with its legal obligation to
apply IFRSs as adopted by the EU, has also applied IFRSs as
issued by the International Accounting Standards Board
(“IASB”). Under company law the Directors have elected to
prepare the parent company financial statements in
accordance with UK accounting standards, including FRS
102 The Financial Reporting Standard applicable in the UK
and Republic of Ireland.
Having made appropriate enquiries and considered the
Group’s forecasts, the Directors consider that the Group
has sufficient resources to continue for the foreseeable
future. Accordingly, they continue to adopt the going
concern basis in preparing the Financial Statements.
Further details regarding the adoption of the going concern
basis can be found in the viability statement below.
Viability Statement
The Directors have assessed the viability of the Group over
a three-year period, taking into account the Group’s current
position and the potential impacts of the principal risks
documented on pages 34 to 37 of the Annual Report. Based
on this assessment, the Directors confirm that they have a
reasonable expectation that the Company will be able to
continue to operate and to meet its liabilities as they fall
due over the three years to 31 March 2021.
The Group prepares annually, and on a rolling basis, a
strategic plan, which is predicated on a detailed year one
budget and higher-level forecasts thereafter. The output of
this plan is used to perform debt and associated covenant
headroom profile analysis, which includes sensitivity to
business as usual risks such as billings and EBITDA impacts.
A bottom-up operating plan is prepared on an annual basis
for presentation to the Board.
Following assessment of the planning process, the Directors
have determined that a three-year period is an appropriate
period over which to assess the Group’s viability. Whilst the
Directors have no reason to believe that the Group will not be
viable over a longer period; the period of three years has
been chosen as this matches the term of the majority of the
Group’s sales (typically one to three years in duration, with a
weighted average contract life of around twenty eight
months) which therefore aids the accuracy of forecasting
with a single renewal cycle, thereby providing a greater
degree of certainty and, in the view of the Directors, still
provides an appropriate long-term outlook.
In making this viability statement, the Board carried out a
robust assessment of the principal risks facing the Group,
including those that would threaten its business model,
future performance, solvency or liquidity. Where individual
principal risks did not impact the future viability of the
Group, consideration was given to potential principal risk
combinations. The process of identifying, assessing and
managing principal risks is set out in the Audit and Risk
Committee Report on pages 57 to 61.
86/
Cybersecurity made simple�Responsibility Statement of the Directors in
Respect of the Annual Financial Report
We confirm that to the best of our knowledge:
• the financial statements, prepared in accordance with the
applicable set of accounting standards, give a true and fair
view of the assets, liabilities, financial position and profit
or loss of the company and the undertakings included in
the consolidation taken as a whole; and
• the strategic report includes a fair review of the
development and performance of the business and the
position of the issuer and the undertakings included in
the consolidation taken as a whole, together with a
description of the principal risks and uncertainties that
they face.
We consider the annual report and accounts, taken as a
whole, is fair, balanced and understandable and provides the
information necessary for shareholders to assess the Group’s
position and performance, business model and strategy.
By order of the Board
Chloe Barry
Company Secretary
16 May 2018
Under company law the Directors must not approve the
financial statements unless they are satisfied that they give
a true and fair view of the state of affairs of the Group and
parent company and of their profit or loss for that period. In
preparing each of the Group and parent company financial
statements, the Directors are required to:
• select suitable accounting policies and then apply them
consistently;
• make judgements and estimates that are reasonable,
relevant, reliable and prudent;
• for the Group financial statements, state whether they
have been prepared in accordance with IFRSs as adopted
by the EU;
• for the parent company financial statements, state
whether applicable UK accounting standards have been
followed, subject to any material departures disclosed and
explained in the parent company financial statements;
• assess the Group and parent company’s ability to
continue as a going concern, disclosing, as applicable,
matters related to going concern; and
• use the going concern basis of accounting unless they
either intend to liquidate the Group or the parent company
or to cease operations, or have no realistic alternative but
to do so.
The Directors are responsible for keeping adequate
accounting records that are sufficient to show and explain
the parent company’s transactions and disclose with
reasonable accuracy at any time the financial position of the
parent company and enable them to ensure that its financial
statements comply with the Companies Act 2006. They are
responsible for such internal control as they determine is
necessary to enable the preparation of financial statements
that are free from material misstatement, whether due to
fraud or error, and have general responsibility for taking such
steps as are reasonably open to them to safeguard the
assets of the Group and to prevent and detect fraud and
other irregularities.
Under applicable law and regulations, the Directors are also
responsible for preparing a Strategic Report, Directors’
Report, Directors’ Remuneration Report and Corporate
Governance Statement that complies with that law and
those regulations.
The Directors are responsible for the maintenance and
integrity of the corporate and financial information included
on the company’s website. Legislation in the UK governing
the preparation and dissemination of financial statements
may differ from legislation in other jurisdictions.
/87
IntroductionGovernanceFinancial StatementsStrategic Report�Independent
Auditor’s Report
to the members of Sophos Group plc only
1. Our opinion is unmodified
We have audited the financial statements of Sophos
Group plc (“the Company”) for the year ended 31 March
2018 which comprise the Consolidated Statements of
Profit and Loss, Comprehensive Income, Financial
Position, Changes in Equity, and Cash Flows, and the
Company Only Statements of Financial Position and
Changes in Equity and the related notes, including the
accounting policies in note 3.
In our opinion:
• the financial statements give a true and fair view of
the state of the Group’s and of the parent Company’s
affairs as at 31 March 2018 and of the Group’s loss for
the year then ended;
• the Consolidated financial statements have been
properly prepared in accordance with International
Financial Reporting Standards as adopted by the
European Union (IFRSs as adopted by the EU);
• the parent Company financial statements have been
properly prepared in accordance with UK accounting
standards, including FRS 102 The Financial Reporting
Standard applicable in the UK and Republic of Ireland;
and
• the financial statements have been prepared in
accordance with the requirements of the Companies
Act 2006 and, as regards the Consolidated financial
statements, Article 4 of the IAS Regulation.
Additional opinion in relation to IFRSs as issued
by the IASB
As explained in note 3 to the Consolidated financial
statements, the Group, in addition to complying with
its legal obligation to apply IFRSs as adopted by the EU,
has also applied IFRSs as issued by the International
Accounting Standards Board (IASB).
In our opinion the Consolidated financial statements
have been properly prepared in accordance with IFRSs
as issued by the IASB.
Basis for opinion
We conducted our audit in accordance with International
Standards on Auditing (UK) (“ISAs (UK)”) and applicable
law. Our responsibilities are described below. We believe
that the audit evidence we have obtained is a sufficient
and appropriate basis for our opinion. Our audit opinion
is consistent with our report to the audit committee.
We were appointed as auditor on 25 January 2001.
The period of total uninterrupted engagement is for
the 18 financial years ended 31 March 2018. We have
fulfilled our ethical responsibilities under, and we remain
independent of the Group in accordance with, UK ethical
requirements including the FRC Ethical Standard as
applied to listed public interest entities. No non-audit
services prohibited by that standard were provided.
Overview
Materiality:
Consolidated
financial
statements as
a whole
$6.3m (2017: $5.5m)
1% (2017: 1%) of group revenue
Coverage
99% (2017: 98%) of group revenue
Risks of material misstatement
vs 2017
Recurring risks
Revenue recognition
Exceptional items
& alternative
performance
measures
Recoverability of
parent company’s
investment in
subsidiaries
88/
Cybersecurity made simple�2. Key audit matters: our assessment of risks of material misstatement
Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the
financial statements and include the most significant assessed risks of material misstatement (whether or not due to
fraud) identified by us, including those which had the greatest effect on: the overall audit strategy; the allocation of
resources in the audit; and directing the efforts of the engagement team. We summarise below the key audit matters
in decreasing order of audit significance, in arriving at our audit opinion above, together with our key audit procedures
to address those matters and, as required for public interest entities, our results from those procedures. These matters
were addressed, and our results are based on procedures undertaken, in the context of, and solely for the purpose of,
our audit of the financial statements as a whole, and in forming our opinion thereon, and consequently are incidental
to that opinion, and we do not provide a separate opinion on these matters:
Revenue
recognition
($640.7m;
2017: $529.7m)
Refer to page 58
(Audit Committee
Report), page 102
(accounting policy)
and page 114
(financial
disclosures).
The risk
Accounting treatment:
As the Group expands and product portfolios evolve,
there is considerable risk associated with
recognising revenue on contracts containing
multiple elements. Judgement is required in
determining each element of the arrangement and
estimating their respective fair values. The Group
makes reference to the list prices of individual
elements and discounts given on the total contract.
This judgement could materially affect the timing
and quantum of revenue recognised in each period.
Our response
Our procedures included:
• Controls design: We evaluated the design and
implementation of the control ensuring review
and approval of non standard contract terms
which may impact revenue recognition;
• Control operation: We evaluated the operating
effectiveness of IT controls over the establishment
of list prices in the sales order system which
directly impact the fair value calculation;
• Tests of details: We selected a sample of Group
billings from throughout the year and with
reference to list prices and discounts given, we
recalculated the relative fair values of each
element to assess whether the determination of
relative fair values of each separable element was
in line with Group Policy. We also reviewed a
sample of contracts in the year, assessing the
impact of contract terms on revenue recognition;
• Accounting analysis: We assessed the Group’s
policy in respect of fair value allocation and revenue
recognition against relevant accounting standards;
and
• Assessing transparency: We assessed the
adequacy of the Group’s disclosure regarding the
determination of fair values of multiple element
arrangements.
Our results
• We found the amount of revenue recognised in the
year as at 31 March 2018 to be acceptable (2017:
acceptable).
/89
IntroductionGovernanceFinancial StatementsStrategic Report�Independent Auditor’s Report continued
to the members of Sophos Group plc only
The risk
Presentation appropriateness:
The Group presents Alternative
Performance Measures (APMs) to operating
loss for the period within the consolidated
income statement and throughout the
Annual Report. The Directors believe that
the separate identification of exceptional
items and the presentation of specified
APMs provides clear and useful information
on the Group’s underlying trading
performance. However, when improperly
used and presented, these kind of measures
might prevent the Annual Report from being
fair and balanced by focusing on only part of
the performance. The determination of
whether an item should be separately
disclosed as an exceptional item requires
judgement on its nature and incidence, and
its use along with presentation of APMs
requires judgement as to whether they
provide a better understanding of the
Group’s underlying trading performance.
Exceptional items
& alternative
performance
measures
Exceptional items:
($13.2m; 2017:
$31.4m)
Billings $768.6m
(2017: $632.1m),
Cash EBITDA
$193.7m (2017:
$150.1m),
Adjusted operating
profit $46.1m
(2017: $38.3m)
Unlevered Free
Cash Flow $139.6m
(2017: $133.4m)
Refer to page 58
(Audit Committee
Report), page 109
(accounting policy)
and pages 109-111
(financial
disclosures).
Recoverability
of parent
company’s
investment in
subsidiaries
($1,099.1m;
2017: $1,068.4m)
Refer to page 59
(Audit Committee
Report), page 142
(accounting
policy) and page
143 (financial
disclosures).
Forecast based valuation:
The carrying amount of the parent
company’s investments in subsidiaries is
significantly in excess of the net assets
of the Group as a whole, and is assessed
for recoverability using a discounted
cash flow model to calculate value in use
(“VIU”). Due to the inherent uncertainty
involved in forecasting and discounting
future cash flows for a VIU model, this is
one of the key judgemental areas that our
audit concentrates on.
Our response
Our procedures included:
• Assessing principles: We assessed the accounting policy to
determine whether, in judging what to include in exceptional
items, the Directors took appropriate regard to guidance
issued by the Financial Reporting Council on the reporting
of exceptional items and the requirement to separately
disclose material or unusual transactions under relevant
accounting standards;
• Assessing application: We assessed whether the application
of the accounting policy was consistent, including whether
it was applied to both gains and losses; whether the same
category of material items are treated consistently each
year; and whether the tax effects of exceptional items are
explained, by using our knowledge of the Group’s transactions
throughout the audit;
• Assessing balance: We assessed whether the disclosure
of APMs and related commentary of exceptional items and
APMs placed disproportionate emphasis on those measures
over the related GAAP measure; whether the APMs were given
meaningful labels that are not GAAP terms; whether they were
clearly described and explained; whether the APMs provided
meaningful measures of trading performance; whether their
presentation are in line with guidance issued by the FRC and
European Securities and Markets Authority with respect to
APMs; and whether the underlying financial information is
otherwise misleading; and
• Assessing transparency: We also assessed the adequacy of
the disclosure of the definition and composition of APMs and
exceptional items, including whether APMs were appropriately
reconciled to GAAP terms with sufficient prominence given to
that reconciliation.
Our results
• We found the presentation of exceptional items and APMs to
be acceptable (2017: acceptable).
Our procedures included:
• Our sector experience: Challenging the assumptions used
in the cash flows included in the discounted cash flow
model by using our sector experience through evaluating
the current level of trading, including identifying any
indications of a downturn in activity, by examining the
post year end management accounts and considering
our knowledge of the Group and the market;
• Benchmarking assumptions: Assessing the
reasonableness of key external inputs, such as projected
long term economic growth and discount rates, by
benchmarking these against those used by comparable
listed companies;
• Historical comparison: Assessing the reasonableness
of the budgets by considering the historical accuracy of
the previous forecasts; and
• Comparing valuations: Comparing the sum of the
discounted cash flows to the Group’s market capitalisation
to assess the reasonableness of those cash flows.
Our results
• We found the resulting estimate of the recoverability of
the carrying amount of the parent company’s investment
in subsidiaries to be acceptable (2017: acceptable).
90/
Cybersecurity made simple�3. Our application of materiality and an overview
of the scope of our audit
Group Revenue
$640.7m (2017: $529.7m)
Group Materiality
$6.3m (2017: $5.5m)
Materiality for the Consolidated financial statements as
a whole was $6.3m (2017: $5.5m), determined with
reference to a benchmark of Group revenue of which it
represents 1% (2017: 1%). We consider Group revenue
to be the most appropriate benchmark as it provides a
more stable measure year on year than Group loss
before tax.
Materiality for the parent company financial statements
as a whole was set at $5.9m (2017: $3.9m) determined
with reference to a benchmark of total assets of which
is represents 0.6% (2017: 0.3%).
We agreed to report to the Audit Committee all
corrected or uncorrected misstatements exceeding
$0.31m (2017: $0.25m), in addition to other identified
misstatements that warranted reporting on qualitative
grounds.
Of the Group’s 27 (2017: 28) reporting components,
we subjected 7 (2017: 10) to audits for Group reporting
purposes and 2 (2017: 2) to specified risk–focused audit
procedures over tax. The latter were not individually
significant enough to require an audit for Group
reporting purposes, but did present specific individual
risks that needed to be addressed.
The components within the scope of our work
accounted for the percentages illustrated opposite.
For the residual components, we performed our
analysis at an aggregated Group level to re-examine
our assessment that there were no significant risks
of material misstatement within these.
The Group team instructed component auditors as
to the significant areas to be covered, including the
relevant risks detailed above and the information to
be reported back. The Group team approved the
component materialities, which ranged from $4.4m to
$5.9m having regard to the mix of size and risk profile
of the Group across the components. The work on 5 of
the 7 components (2017: 6 of the 10 components)
was performed by component auditors and the rest,
including the audit of the parent company, was
performed by the Group team.
The Group team visited 2 (2017: 1) component locations
in Germany and India (2017: Germany) to assess the
audit risk and strategy. Video and telephone conference
meetings were also held with these component auditors
and the majority of the others that were not physically
visited. At these visits and meetings, the findings
reported to the Group team were discussed in more
detail, and any further work required by the Group team
was then performed by the component auditor.
$6.3m
Whole financial statements
materiality (2017: $5.5m)
$4.4m
Range of materiality at
9 components
$4.4m-$5.9m
(2017: $1m to $3.9m
at 12 components)
$0.31m
Misstatements reported
to the audit committee
(2017: $0.25m)
Group revenue
Group materiality
Group revenue
Group billings
1%
2%
99%
2017: 98%
98%
99%
1%
100%
2017: 99%
99%
100%
Group total assets
Group loss before tax
5%
5%
80%
2017: 89%
89%
80%
7%
14%
73%
2017: 70%
70%
73%
Full scope for group audit purposes 2018
Specified risk-focused audit procedures 2018
Full scope for group audit purposes 2017
Specified risk-focused audit procedures 2017
Residual components
/91
IntroductionGovernanceFinancial StatementsStrategic Report
�Independent Auditor’s Report continued
to the members of Sophos Group plc only
4. We have nothing to report on going concern
Disclosures of principal risks and longer-term viability
We are required to report to you if:
• we have anything material to add or draw attention
to in relation to the Directors’ statement in note 3.2
to the financial statements on the use of the going
concern basis of accounting with no material
uncertainties that may cast significant doubt over
the Group and Company’s use of that basis for a
period of at least twelve months from the date of
approval of the financial statements; or
•
the related statement under the Listing Rules set
out on page 86 is materially inconsistent with our
audit knowledge.
We have nothing to report in these respects.
5. We have nothing to report on the other
information in the Annual Report
The Directors are responsible for the other information
presented in the Annual Report together with the
financial statements. Our opinion on the financial
statements does not cover the other information and,
accordingly, we do not express an audit opinion or,
except as explicitly stated below, any form of assurance
conclusion thereon.
Our responsibility is to read the other information and,
in doing so, consider whether, based on our financial
statements audit work, the information therein is
materially misstated or inconsistent with the financial
statements or our audit knowledge. Based solely on that
work we have not identified material misstatements in
the other information.
Strategic report and Directors’ report
Based solely on our work on the other information:
• we have not identified material misstatements in the
strategic report and the Directors’ report;
•
•
in our opinion the information given in those reports
for the financial year is consistent with the financial
statements; and
in our opinion those reports have been prepared in
accordance with the Companies Act 2006.
Directors’ remuneration report
In our opinion the part of the Directors’ Remuneration
Report to be audited has been properly prepared in
accordance with the Companies Act 2006.
Based on the knowledge we acquired during our
financial statements audit, we have nothing material
to add or draw attention to in relation to:
•
•
•
the Directors’ confirmation within the Directors’
Viability Statement (page 86) that they have carried
out a robust assessment of the principal risks facing
the Group, including those that would threaten its
business model, future performance, solvency
and liquidity;
the Principal Risks disclosures describing these risks
and explaining how they are being managed and
mitigated; and
the Directors’ explanation in the Directors’ Viability
Statement of how they have assessed the prospects
of the Group, over what period they have done so and
why they considered that period to be appropriate,
and their statement as to whether they have a
reasonable expectation that the Group will be able
to continue in operation and meet its liabilities as
they fall due over the period of their assessment,
including any related disclosures drawing attention
to any necessary qualifications or assumptions.
Under the Listing Rules we are required to review the
Directors’ Viability Statement. We have nothing to report
in this respect.
Corporate governance disclosures
We are required to report to you if:
• we have identified material inconsistencies between
the knowledge we acquired during our financial
statements audit and the Directors’ statement that
they consider that the annual report and financial
statements taken as a whole is fair, balanced and
understandable and provides the information
necessary for shareholders to assess the Group’s
position and performance, business model and
strategy; or
•
the section of the annual report describing the
work of the Audit Committee does not appropriately
address matters communicated by us to the
Audit Committee;
We are required to report to you if the Corporate
Governance Statement does not properly disclose a
departure from the eleven provisions of the UK
Corporate Governance Code specified by the Listing
Rules for our review.
We have nothing to report in these respects.
92/
Cybersecurity made simple�6. We have nothing to report on the other
Irregularities –ability to detect
matters on which we are required to report
by exception
Under the Companies Act 2006, we are required to
report to you if, in our opinion:
• adequate accounting records have not been kept
by the parent Company, or returns adequate for our
audit have not been received from branches not
visited by us; or
•
the parent Company financial statements and the
part of the Directors’ Remuneration Report to be
audited are not in agreement with the accounting
records and returns; or
• certain disclosures of Directors’ remuneration
specified by law are not made; or
• we have not received all the information and
explanations we require for our audit.
We have nothing to report in these respects.
7. Respective responsibilities
Directors’ responsibilities
As explained more fully in their statement set out on
page 86, the Directors are responsible for: the
preparation of the financial statements including being
satisfied that they give a true and fair view; such internal
control as they determine is necessary to enable the
preparation of financial statements that are free from
material misstatement, whether due to fraud or error;
assessing the Group and parent Company’s ability to
continue as a going concern, disclosing, as applicable,
matters related to going concern; and using the going
concern basis of accounting unless they either intend to
liquidate the Group or the parent Company or to cease
operations, or have no realistic alternative but to do so.
Auditor’s responsibilities
Our objectives are to obtain reasonable assurance about
whether the financial statements as a whole are free
from material misstatement, whether due to fraud or
other irregularities (see below), or error, and to issue our
opinion in an auditor’s report. Reasonable assurance is a
high level of assurance, but does not guarantee that an
audit conducted in accordance with ISAs (UK) will
always detect a material misstatement when it exists.
Misstatements can arise from fraud, other irregularities
or error and are considered material if, individually or in
aggregate, they could reasonably be expected to
influence the economic decisions of users taken on
the basis of the financial statements.
A fuller description of our responsibilities is
provided on the FRC’s website at
www.frc.org.uk/auditorsresponsibilities.
We identified areas of laws and regulations that could
reasonably be expected to have a material effect on the
financial statements from our sector experience, and
through discussion with the Directors (as required by
auditing standards).
We had regard to laws and regulations in areas that
directly affect the financial statements including
financial reporting (including related company
legislation) and taxation legislation. We considered the
extent of compliance with those laws and regulations
as part of our procedures on the related financial
statement items.
We communicated identified laws and regulations
throughout our team and remained alert to any
indications of non-compliance throughout the audit.
This included communication from the Group to
component audit teams of relevant laws and regulations
identified at Group level, with a request to report on any
indications of potential existence of non-compliance
with relevant laws and regulations (irregularities) in
these areas, or other areas directly identified by the
component team.
As with any audit, there remained a higher risk of
non-detection of non-compliance with relevant laws
and regulations (irregularities)/ irregularities, as these
may involve collusion, forgery, intentional omissions,
misrepresentations, or the override of internal controls.
8. The purpose of our audit work and to whom
we owe our responsibilities
This report is made solely to the Company’s members,
as a body, in accordance with Chapter 3 of Part 16 of the
Companies Act 2006 and the terms of our engagement
by the company. Our audit work has been undertaken so
that we might state to the Company’s members those
matters we are required to state to them in an auditor’s
report, and the further matters we are required to state
to them in accordance with the terms agreed with the
company, and for no other purpose. To the fullest extent
permitted by law, we do not accept or assume
responsibility to anyone other than the Company and
the Company’s members, as a body, for our audit work,
for this report, or for the opinions we have formed.
Robert Seale (Senior Statutory Auditor)
for and on behalf of KPMG LLP, Statutory Auditor
Chartered Accountants
15 Canada Square
London
E14 5GL
16 May 2018
/93
IntroductionGovernanceFinancial StatementsStrategic Report
�Consolidated Statement of Profit or Loss
For the year-ended 31 March 2018
Revenue
Cost of sales
Gross profit
Sales and marketing
Research and development
Note
6
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
640.7
(143.3)
497.4
(249.0)
(145.8)
529.7
(121.3)
408.4
(210.6)
(117.8)
General finance and administration:
(134.5)
(124.3)
– Underlying
– Share-based payments
– Exceptional items
– Amortisation of intangible assets
– Foreign exchange loss
Operating loss
Finance income
Finance expense
Loss before taxation
Income tax (charge) / credit
Loss for the year
Earnings per share ($ cents)
Basic and diluted EPS
Adjusted operating EPS
Diluted adjusted operating EPS
(46.9)
(42.3)
(13.2)
(25.2)
(6.9)
(31.9)
0.3
(20.7)
(52.3)
(14.0)
(66.3)
(14.4)
10.0
9.5
(39.3)
(32.5)
(31.4)
(19.9)
(1.2)
(44.3)
0.1
(5.1)
(49.3)
2.6
(46.7)
(10.3)
8.5
8.1
7
12
12
13
14
14
14
All of the loss for the year is attributable to equity holders of the parent company.
The notes on pages 99 to 139 form an integral part of these financial statements
94/
Cybersecurity made simple
�Consolidated Statement of Comprehensive Income
For the year-ended 31 March 2018
Loss for the period
Other comprehensive gains / (losses) :
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
(66.3)
(46.7)
Items that will not be reclassified subsequently to profit or loss:
–
–
Items that may be reclassified subsequently to profit or loss:
- Exchange differences arising on translation of foreign operations
Total other comprehensive (losses) / gains
Comprehensive loss for the year
(4.0)
(4.0)
(70.3)
2.8
2.8
(43.9)
All of the comprehensive loss for the year is attributable to equity holders of the parent company.
The notes on pages 99 to 139 form an integral part of these financial statements
/95
IntroductionGovernanceFinancial StatementsStrategic Report
�Consolidated Statement of Financial Position
At 31 March 2018
Company registered number: 09608658
Note
31 March 2018
$M
31 March 2017
$M
Non-current assets
Intangible assets
Property, plant and equipment
Deferred tax asset
Other receivables
Current assets
Tax assets
Inventories
Trade and other receivables
Cash and cash equivalents
Total assets
Current liabilities
Trade and other payables
Deferred revenue
Tax liabilities
Financial liabilities
Provisions
Non-current liabilities
Trade and other payables
Deferred revenue
Financial liabilities
Provisions
Deferred tax liabilities
Total liabilities
Net assets
Represented by:
Share capital
Share premium
Merger reserve
Retained earnings
Share-based payment reserve
Translation reserve
Total equity
15
17
13
19
18
19
20
21
22
23
24
21
22
23
24
13
26
869.9
25.4
125.8
1.3
1,022.4
8.2
16.0
177.8
120.0
322.0
856.0
23.4
105.3
1.3
986.0
7.7
16.2
145.2
68.1
237.2
1,344.4
1,223.2
134.1
423.9
23.0
17.4
–
598.4
8.2
331.8
306.8
1.4
6.0
107.3
330.6
21.0
71.1
0.4
530.4
3.9
250.4
296.3
1.1
14.4
654.2
1,252.6
566.1
1,096.5
91.8
126.7
22.0
122.3
(200.9)
60.0
121.8
(33.4)
91.8
21.6
118.4
(200.9)
148.1
68.9
(29.4)
126.7
These Consolidated Financial Statements were approved by the Board of Directors on 16 May 2018 and were signed on its
behalf by:
Nick Bray
Chief Financial Officer
The notes on pages 99 to 139 form an integral part of these financial statements
96/
Cybersecurity made simple
�Consolidated Statement of Changes in Equity
For the year-ended 31 March 2018
Share
Capital
$M
Share
Premium
$M
Merger
Reserve
$M
Other
Reserves1
$M
Retained
Earnings
$M
21.3
115.9
(200.9)
(0.1)
Share options exercised
0.3
2.5
At 31 March 2016
Loss for the period:
Other comprehensive
profit or loss:
Total comprehensive loss
Disposal of EBT treasury shares
Share-based
payments expense
Share-based payments
deferred tax
Cash dividend (note 27)
At 31 March 2017
Loss for the period:
Other comprehensive
profit or loss:
Total comprehensive loss
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
21.6
118.4
(200.9)
Share options exercised
0.4
3.9
Share-based payments
expense
Share-based payments
taxation
Cash dividends (note 27)
–
–
–
–
–
–
At 31 March 2018
22.0
122.3
(200.9)
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Share-Based
Payment
Reserve
$M
Translation
Reserve
$M
Total
$M
36.2
(32.2)
145.9
–
–
–
–
–
31.3
1.4
–
68.9
–
–
–
–
39.6
13.3
–
121.8
–
(46.7)
2.8
2.8
–
–
–
–
–
2.8
(43.9)
2.8
0.1
31.3
1.4
(10.9)
(29.4)
126.7
–
(66.3)
(4.0)
(4.0)
(4.0)
(70.3)
–
–
–
–
4.3
39.6
13.3
(21.8)
(33.4)
91.8
205.7
(46.7)
–
(46.7)
–
–
–
–
(10.9)
148.1
(66.3)
–
(66.3)
–
–
–
(21.8)
60.0
–
–
–
–
0.1
–
–
–
–
–
–
–
–
–
–
–
–
1 At 31 March 2018 other reserves comprise an insignificant number of own shares held in an Employment Benefit Trust.
The notes on pages 99 to 139 form an integral part of these financial statements
/97
IntroductionGovernanceFinancial StatementsStrategic Report�Consolidated Statement of Cash Flows
For the year-ended 31 March 2018
Loss for the year
Adjusted for:
Depreciation
Amortisation of intangible assets
Amortisation of fair value adjustment on deferred income
Fair value adjustment on contingent consideration
Foreign exchange expense
Share-based payments expense
Finance income
Finance expense
Income tax charge / (credit)
Decrease in inventories
Increase in trade and other receivables
Increase in trade and other payables
Increase in deferred revenue
(Decrease) / Increase in provisions
Cash generated from continuing operations
Income taxes paid
Net cash flow from operating activities
Investing activities
Purchase of property, plant and equipment
Acquisition of subsidiaries net of cash acquired
Purchase of intangible assets
Finance income
Net cash flow from investing activities
Financing activities
Proceeds from issue of shares
Transaction costs related to the issue of shares
Dividends paid
Proceeds from borrowings
Repayment of borrowings
Transaction costs related to borrowings
Finance lease payments
Finance costs
Net cash flow from financing activities
Increase in cash and cash equivalents
Net foreign exchange differences
Cash and cash equivalents at the start of the period
Cash and cash equivalents at the end of the period
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
Note
(66.3)
(46.7)
11.6
25.2
1.0
0.2
8.1
39.6
(0.3)
20.7
14.0
53.8
1.7
(22.9)
10.4
127.0
(0.2)
169.8
(22.1)
147.7
(10.0)
(4.9)
(11.1)
0.3
(25.7)
4.2
–
(21.8)
–
(50.0)
(0.1)
(0.1)
(9.1)
(76.9)
45.1
6.8
68.1
120.0
9.4
19.9
(1.0)
–
–
31.3
(0.1)
5.1
(2.6)
15.3
1.1
(20.5)
37.1
104.4
0.3
137.7
(19.2)
118.5
(11.4)
(101.7)
(5.1)
0.1
(118.1)
2.8
–
(10.9)
50.0
(25.0)
(0.9)
(0.1)
(8.8)
7.1
7.5
(6.2)
66.8
68.1
28
12
12
17
32
15
12
32
32
32
20
The notes on pages 99 to 139 form an integral part of these financial statements
98/
Cybersecurity made simple
�Notes to the Consolidated Financial Statements
For the year-ended 31 March 2018
1 General Information
Reporting Entity
Sophos Group plc (“the Company”) is a company domiciled in the United Kingdom. The Company’s registered office is
Sophos Group plc, The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP, United Kingdom. The
Consolidated Financial Statements of the Company as at and for the year-ended 31 March 2018 comprise the Company
and its subsidiaries (together referred to as “the Group”). The Group is a leading provider of cloud-enabled enduser and
network security solutions.
2 Application of New and Revised International Financial Reporting Standards (“IFRSs”)
The Group has not applied the following new and revised IFRSs that have been issued but are not yet effective. Other than
as set out below, the Directors do not anticipate that the IFRSs will have a significant effect on the Group’s consolidated
financial information:
Effective for annual periods beginning on or after January 2018:
IFRS 9 – Financial Instruments;
IFRIC 22 – Foreign Currency Transactions and Advance Consideration;
Amendments to IFRS 2 – Share-based Payment Transactions;
Amendments to IFRS 4 – Insurance Contracts;
Amendments to IAS 40 – Investment Property;
Amendments to IFRS 1 – First time adoption of IFRS; and,
Amendments to IAS 28 – Investments in Associates and Joint Ventures
Effective for annual periods beginning on or after January 2019:
IFRIC 23 – Uncertainty over Income Tax Treatments
Effective for annual periods beginning on or after January 2021:
IFRS 17 – Insurance Contracts
IFRS 15 – Revenue from Contracts with Customers
IFRS 15 “Revenue from contracts with customers” is effective for annual periods beginning on or after 1 January 2018 and
will therefore be adopted by the Group in the year-ending 31 March 2019. The review of IFRS15 is ongoing and the Group is
cognisant of industry practice, which is constantly evolving, that could impact the Group in its implementation; however,
based on the current position the Directors have updated their assessment of the impact of the standard on the Group
based on the issued version of the standard and the latest authoritative guidance and have confirmed that there will be a
material impact on the Group’s consolidated financial information. This will primarily be as a result of a) the earlier
recognition of revenue on certain software products where they are adjudged to have a distinct performance obligation
element that transfers the benefit of ownership at the point of sale rather than entirely over the life of the licence; b) the
deferral of commissions and other direct costs in line with the recognition of revenue and c) an immaterial impact of
recognising rebates in line with the recognition of revenue over an average term of the licences sold.
The estimate of this impact on results, had it been effective for the reported periods, is a decrease in revenue in FY18 of
$1.8 million as a consequence of more revenue being recognised in earlier periods than would be recognised in FY18 from
the deferred revenue balance at the start of the period (FY17: $3.1 million increase, benefiting from the earlier recognition
of deferred revenue outweighing the amount now recognised in earlier periods). In addition operating expenses would
decrease by $9.1 million (FY17: $3.0 million) both as a consequence of the net recognition in later periods. Other receivables
are estimated to increase by $45.7 million (FY17: 36.6 million) while deferred revenue would decrease by $27.1 million
(FY17: $27.2 million). The estimated tax impact of IFRS 15, had it been effective for FY18 and earlier periods, is a decrease
in the recognised deferred tax asset at 31 March 2018 of $13.6 million with a corresponding total increase in the deferred
tax charge over the periods. The development of these estimates has been performed outside of the Group’s underlying
financial systems, to avoid the need of running parallel systems. As a result, on full transition in the year-ending 31 March
2019 the actual impact may differ from the amounts disclosed once individual transactions have been processed, though
this impact is not expected to be material. The Group’s underlying financial systems have already been updated to ensure
that they will recognise transactions in accordance with IFRS 15 from 1 April 2018. The Directors will continue to monitor
industry practice and experience of implementation and update its assessment of the impact for the Group as appropriate.
/99
IntroductionGovernanceFinancial StatementsStrategic Report�2 Application of New and Revised International Financial Reporting Standards (“IFRSs”) continued
In implementing IFRS 15, the Directors intend to apply the retrospective approach such that in the accounts for the
year-ended 31 March 2019 the comparatives (for the year-ended 31 March 2018) will be restated on an IFRS 15
compliant basis. In applying this approach, the Directors will make use of certain practical expedients, primarily that
contracts that have completed as of the start of the earliest period presented will not be restated as they have no
impact upon the results presented.
IFRS 16 – Leases
IFRS 16 – Leases, which was issued in January 2016 and becomes effective for reporting periods beginning on or after
1 January 2019, will become effective for the Group for the year-ending 31 March 2020.
IFRS 16 replaces existing guidance on leases, including IAS 17 Leases, IFRIC 4 – Determining whether an Arrangement
contains a Lease, ISC-15 Operating Leases – Incentives and SIC27 Evaluating the Substance of Transactions Involving
the Legal Form of a Lease. IFRS 16 introduces a single, on-balance sheet lease accounting model whereby the lessee
recognises a right-of-use (“ROU”) asset and a corresponding financial liability to the lessor, representing the obligation to
make lease payments. The standard includes two recognition exemptions for lessees; “low value assets” (e.g. personal
computers) and short-term leases with a term of less than 12 months.
The Directors have completed an initial assessment of the potential impact on its Consolidated Financial Statements, but
has not yet completed a detailed assessment of the numerical impact of IFRS 16, which will depend on future economic
conditions including the Group’s borrowing rate on 1 April 2019 and the extent to which the Directors choose to use the
available practical expedients and recognition exemptions.
It is currently anticipated that the most significant impact will be that the Group will recognise ROU assets and liabilities for
its operating leases of offices and certain plant and equipment items. As at 31 March 2018, the Group’s future minimum
lease payments under non-cancellable operating leases amounted to $68.5M on an undiscounted basis. See note 33.
In the Consolidated Statement of Profit or Loss, the operating lease expenditure will be replaced by depreciation of the ROU
asset together with a finance expense. Alternative performance measures which exclude depreciation, will benefit from the
adoption of IFRS 16 through the removal of the operating lease charge. In the Consolidated Statement of Cash Flows, “Net
cash flow from operating activities” will see an improvement because of the depreciation adjustment, with a corresponding
increased outflow in “Net cash flow from financing activities”.
The adoption of IFRS 16 is not expected to have an impact on the Group’s ability to comply with loan covenants under the
Senior Facilities Agreement dated 6 February 2017; as that agreement is drafted on a “frozen GAAP” basis.
3 Significant Accounting Policies
3.1 Statement of Compliance
The Consolidated Financial Statements have been prepared using International Financial Reporting Standards as adopted
by the European Union (“EU”) as they apply to the Group. In addition to complying with its legal obligation to apply IFRSs as
adopted by the EU, the Group has also applied IFRSs as issued by the International Accounting Standards Board;
collectively “IFRS”.
3.2 Going Concern
The Group has considerable financial resources together with contracts with a large number of customers and across
different geographic areas and industries. As a consequence, the Directors believe that the Group is well placed to manage
its business risks successfully.
After excluding short-term deferred revenue from current liabilities, the Group has net current assets including significant
cash balances and despite the loss making position, given the cash generative nature of the Group’s operations and the
visibility of future renewals, the Directors have a reasonable expectation that the Group has adequate resources to
continue in operational existence for the foreseeable future. Accordingly, the Directors continue to adopt the going concern
basis in preparing the annual Consolidated Financial Statements.
Further information regarding the Group’s business activities, together with the factors likely to affect its future
development, performance and position is set out in the Strategic Report on pages 16 to 43. Further information regarding
the financial position of the Group, its cash flows, liquidity position and borrowing facilities are described in the Strategic
Report and the notes to the Consolidated Financial Statements. In addition, note 25 to the Consolidated Financial
Statements includes the Group’s objectives, policies and processes for managing its capital, its financial risk management
objectives, and its exposures to credit risk and liquidity risk.
100/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple�3.3 Basis of Consolidation
The consolidated historical financial information has been prepared under the historical cost convention and is presented
in US Dollars. All values are rounded to the nearest 0.1 million ($M) unless otherwise indicated. The functional currency of
Sophos Group plc is US Dollars. The Group uses US Dollars as its presentation currency to aid comparability of its financial
information with that of its peers and the industry; whose information is generally presented in US Dollars.
The accounting policies used in preparing the consolidated historical financial information for the year-ended 31 March
2018 have been consistently applied to all years presented and are set out below. The historical financial information
consolidates the financial information of Sophos Group plc and the entities it controls (its subsidiaries) at 31 March 2018.
Control is achieved where the Company has the power to govern the financial and operating policies of an investee entity
so as to obtain benefits from its activities.
The financial information of the subsidiaries is prepared for the same reporting period as the parent Company, using
consistent accounting policies. Subsidiaries are fully consolidated from the date of acquisition, being the date on which the
Group obtains control, and continue to be consolidated until the date that such control ceases. All intra-group balances,
transactions, income and expenses and profits and losses resulting from intra-group transactions that are recognised
in the statement of financial position of the individual reporting entities, are eliminated in full on consolidation.
3.4 Foreign Currency Translation
The individual historical financial information of each Group company is prepared in the currency of the primary economic
environment in which it operates (its functional currency). Each entity in the Group determines its own functional currency
and items included in the historical financial information of each entity are measured using that functional currency.
In preparing the financial information of the individual companies, transactions in foreign currencies are recorded at
the rate of exchange prevailing at the date of the transaction. Monetary assets and liabilities in foreign currencies are
translated at the exchange rate prevailing at the reporting date. All exchange differences are taken to the Consolidated
Statement of Profit or Loss, except for differences on monetary assets and liabilities that form part of the Group’s net
investment in a foreign operation. These are taken directly to equity until the disposal of the net investment, at which
time they are recognised in the Consolidated Statement of Profit or Loss. Tax charges and credits attributable to
exchange differences on those borrowings are also dealt with in equity. Non-monetary items that are measured in terms
of historical cost in a foreign currency are translated using the exchange rates as at the dates of the initial transactions.
Any goodwill arising on the acquisition of a foreign operation and any fair value adjustments to the carrying amounts of
assets and liabilities arising on the acquisition are treated as assets and liabilities of the foreign operation and translated
at the closing rate.
On consolidation, assets and liabilities of foreign subsidiaries are translated into the presentation currency (US Dollars) at
the exchange rate prevailing at the reporting date. Income and expense items are translated into US Dollars at the prior-
month closing rate to that in which the transaction took place because they approximate the rate of exchange at the
transaction dates. Exchange differences arising on the translation of opening net assets of entities whose functional
currency is not US Dollars, together with differences arising from the translation of the net results at average or actual
rates to the exchange rate prevailing at the reporting date, are taken to equity.
On disposal of a foreign entity, the deferred accumulated amount recognised in equity relating to that particular foreign
operation is recognised in the Consolidated Statement of Profit or Loss.
3.5 Critical Accounting Judgments and Key Sources of Estimation Uncertainty
The preparation of Consolidated Financial Statements requires Directors to make estimates and assumptions that affect
the amounts reported for assets and liabilities as at the reporting date and the amounts reported for revenues and
expenses during the period.
Judgments
In the process of applying the Group’s accounting policies described in this note, Directors have made the following
judgments that have a significant effect on the amounts recognised in the historical financial information.
Revenue
The Group sells software products under fixed term contracts and perpetual licences. Where there is a multi-element
arrangement, the consideration receivable is allocated to each element of the arrangement and this is done on the basis of
an estimate of their respective fair values. In determining the relative fair values of each element, Directors make reference
to current prices of individual elements and adjust this by its relative share of discounts applied to the entire sale, regardless
of any separate prices stated within the contract. See note 6.
/101
IntroductionGovernanceFinancial StatementsStrategic Report�3 Significant Accounting Policies continued
3.5 Critical Accounting Judgments and Key Sources of Estimation Uncertainty continued
Classification of exceptional items and presentation of non-GAAP measures
Directors exercise their judgement in the classification of certain items as exceptional and outside of the Group’s
underlying results. The determination of whether an item should be separately disclosed as an exceptional item or other
adjustments requires judgement on its materiality, nature and incidence, as well as whether it provides clarity on the
Group’s underlying trading performance. In exercising this judgement, Directors take appropriate regard of IAS 1
“Presentation of financial statements’’ as well as guidance issued by the Financial Reporting Council and the European
Securities and Market Authority on the reporting of exceptional items and alternative performance measures. The overall
goal of the Directors is to present the Group’s underlying performance without distortion from one-off or non-trading
events regardless of whether they be favourable or unfavourable to the underlying result. Further details of the individual
exceptional items, and the reasons for their disclosure treatment, are set out in note 7.
Research and development costs
Development costs will be capitalised in accordance with the accounting policy set out in this note. Determining the
amounts to be capitalised requires the Directors to make assumptions regarding the capitalisation criteria requirements
of IAS 38 – Intangible assets. See note 15.
Legal proceedings
The Directors, at the reporting date, form a judgement in relation to the probable outcome of ongoing litigation against
the Group. These judgements take account of available information, historical experience and the likelihood of different
possible outcomes. See note 33.
Estimates
The key assumptions concerning the future, and other key sources of estimation uncertainty at the reporting date, that
have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next
financial year, are discussed below. The nature of estimation means that actual outcomes could differ from those
estimates:
Business combinations
Where a business combination includes a contingent consideration, the Directors are required to make an assessment at
the time of the acquisition of the most likely amount required to be settled. This will include estimates of the outcome of
future performance measures as agreed between the parties. Note 23 sets out the financial liability at the end of the period
and details the method of calculation as estimated at the balance sheet date.
Income tax
The liability for income taxes at the balance sheet date includes the Directors estimates of the amount of tax payable on
open tax computations where the liabilities remain to be agreed with the tax authorities. These estimates may differ from
the actual outcome and are further discussed in 3.16 and note 13 below.
3.6 Revenue Recognition
The Group operates exclusively through a channel distribution model using a two-tier channel distribution structure
around the world, with the exception of the UK where it operates a one-tier structure. Under the two-tier arrangement,
the Group will contract with and invoice distributors, who will in turn transact with partners, who will ultimately transact
with the end user. Under the one-tier arrangement the Group will transact with the partner who will transact with the
ultimate end user. Sales contracts are therefore not with the end user. In both scenarios, the accounting treatment of
sales contracts is the same.
In cases where support has been purchased, the responsibility for providing that support, and for all products providing
maintenance and definition updates, remains with the Group rather than with channel partners and distributors.
Software licences sold by the Group provide security protection, amongst other things, against ransomware, malware
and malicious viruses.
102/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple�The vast majority of the Group’s software licences include rights to support and frequent product updates, the access to
which is granted at the point a licence is provided to the customer and continues through the term of the licence to which
the customer has subscribed, resulting in the software licence service being performed over a period of time. As a result,
billings occur on day one whilst revenue is recognised over time, because of the ongoing obligations to provide updates over
the term of the licence.
Standard sales contracts do not include return rights; and in accordance with industry practice, customers only have a
right of refund for undelivered product on the hardware or software licences that they have purchased. In a minority of
cases, agreements do allow for some limited returns. These very limited return rights are taken into account when
considering the recognition of revenue.
The Group does not recognise billings nor revenue until the criteria requiring delivery of hardware or software licences to be
completed have been met.
Revenue is therefore recognised to the extent that it is probable that the economic benefits will flow to the Group and
the revenue can be reliably measured. Revenue is measured at the fair value of the consideration received, after
discounts and rebates but excluding VAT and other sales taxes or duty. The following specific recognition criteria must
also be met before revenue is recognised:
Where there is a multi-element arrangement, the consideration receivable is allocated to each element of the arrangement
and this is done on the basis of an estimate of their respective fair values. In determining the relative fair values of each
element, Directors make reference to current prices of individual elements and adjust this by its relative share of discounts
applied to the entire sale, regardless of any separate prices stated within the contract.
Revenue from software licences and service contracts
The Group sells software products under fixed-term contracts and under perpetual licences. Revenue on software licences
and service contracts is recognised when the Group has met its obligation in relation to the product or services, which is on
delivery of all relevant components for perpetual licences and over the life of the agreed licence for termed products.
Fixed-term contracts
Customers who receive software products at the start of the contract under a fixed-term licence are entitled to receive
regular updates and upgrades for the duration of the licence term which runs for periods ranging up to five years. Revenue
for these fixed-term contracts is recognised rateably over the period that the contractual obligation exists. Accrued and
deferred revenue arising on long-term contracts is included in receivables as accrued income and payables as deferred
revenue, as appropriate.
Where the Group contracts with an original equipment manufacturer (OEM) or a service provider, rather than an end user,
it mirrors the above policy and recognises the revenue in line with the contractual terms granted to the end user.
Perpetual licences
Revenue is recognised immediately where customers purchase software products under a perpetual licence. Revenue in
respect of support and maintenance contracts associated with perpetual licences is recognised rateably over the life of
the support / maintenance contract.
Sale of goods
Where software licences and hardware are sold together, if the software is not essential to the functionality of the tangible
product, then the revenue from the sale of goods is recognised immediately. However, where the software is essential to
the functionality of the tangible product and the hardware cannot function without the software, revenue from the sale of
goods is recognised rateably over the period of the associated software licence contract.
Interest income
Interest income is recognised as interest accrues.
/103
IntroductionGovernanceFinancial StatementsStrategic Report�3 Significant Accounting Policies continued
3.7 Property, Plant and Equipment
Property, plant and equipment is stated at cost less accumulated depreciation and accumulated impairment losses.
Cost comprises the aggregate amount paid and the fair value of any other consideration given to acquire the asset and
includes costs directly attributable to making the asset capable of operating as intended.
Except for freehold land, depreciation is provided to write off the cost less the estimated residual values of all property,
plant and equipment on a straight-line basis over their estimated useful life as follows:
Freehold buildings
25 years
Leasehold improvements
Over the lease period
Computer equipment
3 – 5 years
Other plant and equipment
Motor vehicles
5 years
4 years
Fixtures and fittings
6 – 10 years
The carrying values of property, plant and equipment are reviewed for impairment if events or changes in circumstances
indicate the carrying value may not be recoverable and are written down immediately to their recoverable amount.
An item of property, plant and equipment is de-recognised upon disposal or when no future economic benefits are
expected to arise from the continued use of the asset. Any gain or loss arising on de-recognition of the asset is included
in the Consolidated Statement of Profit or Loss in the period of de-recognition.
The residual values, useful lives and methods of depreciation of the assets are reviewed, and adjusted if appropriate,
at each financial year-end.
3.8 Business Combinations and Goodwill
Business combinations are accounted for using the acquisition accounting method. This involves recognising identifiable
assets (including previously unrecognised intangible assets) and liabilities (including contingent liabilities and excluding
future restructuring) of the acquired business at fair value.
Business combinations on or after 1 April 2004 are accounted for under IFRS 3. Any excess of the cost of the business
combination over the Group’s interest in the net fair value of the identifiable assets, liabilities and contingent liabilities is
recognised in the Consolidated Statement of Financial Position as goodwill and is not amortised. To the extent that the net
fair value of the acquired entity’s identifiable assets, liabilities and contingent liabilities is greater than the cost of the
investment, a gain is recognised immediately in the Consolidated Statement of Profit or Loss. Goodwill recognised as an
asset as at 31 March 2004 is recorded at its previous carrying amount under UK GAAP and is not amortised.
After initial recognition, goodwill is stated at cost less any accumulated impairment losses, with the carrying value being
reviewed for impairment, at least annually and whenever events or changes in circumstances indicate that the carrying
value may be impaired. Goodwill assets considered significant in comparison to the Company’s total carrying amount of
such assets have been allocated to cash-generating units or groups of cash-generating units. Where the recoverable
amount of the cash-generating unit is less than its carrying amount including goodwill, an impairment loss is recognised
in the Consolidated Statement of Profit or Loss.
The carrying amount of goodwill allocated to a cash-generating unit is taken into account when determining the gain or
loss on disposal of the unit, or of an operation within it.
3.9 Intangible Assets
Intangible assets are carried at cost less accumulated amortisation and accumulated impairment losses.
Intangible assets acquired separately from a business are carried initially at cost. An intangible asset acquired as part of
a business combination is recognised outside goodwill if the asset is separable or arises from contractual or other legal
rights and its fair value can be measured reliably. Expenditure on internally developed intangible assets is taken to the
Consolidated Statement of Profit or Loss in the period in which it is incurred to the extent that the expenditure does not
qualify for capitalisation under research and development costs.
Where computer software is not an integral part of a related item of computer hardware, the software is classified as an
intangible asset. The capitalised costs of software for internal use include external direct costs of materials and services
consumed in developing or obtaining the software, and incremental payroll and payroll-related costs arising from the
assignment of employees to implementation projects. Capitalisation of these costs ceases no later than the point at which
the software is substantially complete and ready for its intended internal use.
104/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�Intangible assets with a finite life have no residual value and are amortised over their expected useful lives as follows:
Intangible assets arising on acquisition of subsidiaries
–
Intellectual property
5 – 15 years reducing balance basis
Brand names
Customer base
–
–
15 – 20 years reducing balance basis
6 – 14 years reducing balance basis
Other purchased intangible assets
Software
–
3 years straight-line basis
The amortisation expense on intangible assets with finite lives is recognised in the Consolidated Statement of Profit or
Loss as a general finance and administration cost. The amortisation period and the amortisation method for an intangible
asset with a finite useful life are reviewed at least annually.
The carrying value of intangible assets is reviewed for impairment whenever events or changes in circumstances indicate
the carrying value may not be recoverable.
Intangible assets with indefinite useful lives are tested for impairment annually either individually or at the cash-generating
unit level. Such intangibles are not amortised. The term of their useful life is reviewed annually to determine whether
indefinite life assessment continues to be appropriate.
3.10 Research and Development Costs
Expenditure on research activities is expensed as incurred.
Development expenditure is recognised as an intangible asset when its future recoverability can reasonably be regarded
as assured and technical feasibility and commercial viability can be demonstrated.
During the period of development, the asset is tested for impairment annually. Following the initial recognition of the
development expenditure, the cost model is applied requiring the asset to be carried at cost less any accumulated
amortisation and accumulated impairment losses. Amortisation of the asset begins when development is complete
and the asset is available for use. It is amortised over the period of expected future sales.
Development expenditure incurred on minor or major upgrades, or other changes in software functionalities does not
satisfy the criteria, as the product is not substantially new in its design or functional characteristics. Such expenditure
is therefore recognised as an expense in the Consolidated Statement of Profit or Loss as incurred.
3.11 Impairment of Assets
At least annually, or when otherwise required, Directors review the carrying amounts of the Group’s tangible and intangible
assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such
indication exists, the recoverable amount or value in use of the asset is estimated in order to determine the extent of
any impairment loss.
Where the asset does not generate cash flows that are independent from other assets, the Group estimates the
recoverable amount of the cash-generating unit to which the asset belongs.
The recoverable amount is the higher of fair value less costs to sell and value in use. In assessing value in use, the
estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current
market assessments of the time value of money as well as risks specific to the asset for which the estimates of future
cash flows have not been adjusted.
If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying
amount of the asset or cash-generating unit is reduced to its recoverable amount. An impairment loss is recognised as an
expense immediately in the Consolidated Statement of Profit or Loss.
Where an impairment loss subsequently reverses, the carrying amount of the asset is increased to the revised estimate
of its recoverable amount, but not beyond the carrying amount that would have been determined had no impairment loss
been recognised for the asset in prior-years. A reversal of an impairment loss is recognised immediately as income in the
Consolidated Statement of Profit or Loss, although impairment losses relating to goodwill may not be reversed.
/105
IntroductionGovernanceFinancial StatementsStrategic Report
�3 Significant Accounting Policies continued
3.12 Inventories
Inventories are stated at the lower of cost and net realisable value. Cost includes all costs incurred in bringing each product
to its present location and condition. The cost of raw materials, consumables and goods for resale is based on the purchase
cost and is determined on a first-in, first-out basis.
Net realisable value is based on estimated selling price less any further costs expected to be incurred to completion
and disposal.
3.13 Financial Instruments
Financial assets and liabilities are recognised in the Group’s statement of financial position when the Group becomes party
to the contractual provisions of the instrument. When financial instruments are recognised initially they are measured at
fair value, being the transaction price plus, in the case of financial assets and financial liabilities not at fair value through
profit or loss, directly attributable transaction costs.
Trade receivables
Trade receivables, which generally have 30-90 day payment terms mainly depending on the jurisdiction, are carried at
original invoice amount, including value added tax and other sales taxes, less an estimate made for doubtful receivables
based on a review of any outstanding amounts at the period-end and on historical performance. Provision for bad debts is
made in the period in which they are identified.
Cash and cash equivalents
Cash and cash equivalents comprise cash in hand and bank deposits repayable in 90 days or less. For the purpose of the
Consolidated Statement of Cash Flows, cash and cash equivalents consist of cash in hand and bank deposits net of
outstanding bank overdrafts.
Trade payables
Trade payables are recognised at cost, which is deemed to be materially the same as the fair value.
Classification of equity instruments as debt or equity
Financial liabilities and equity instruments are classified according to the substance of the contractual arrangements
entered into. An equity instrument is any contract that evidences a residual interest in the assets of the Group after
deducting all of its liabilities.
When equity instruments are issued, any component that creates a financial liability of the Group is presented as a liability
in the Consolidated Statement of Financial Position; measured initially at fair value net of transaction costs and thereafter
at amortised cost until extinguished on conversion or redemption. The corresponding dividends relating to the liability
component are charged as interest expense in the Consolidated Statement of Profit or Loss.
Equity instruments issued by the Company are recorded as the proceeds received, net of direct issue costs. Equity
instruments are classified according to the substance of the contractual arrangements entered into.
Interest bearing loans and borrowings
Obligations for loans and borrowings are recognised when the Group becomes party to the related contracts and are
measured initially at fair value less directly attributable transactions costs.
After initial recognition, interest bearing loans and borrowings are subsequently measured at amortised cost using the
effective interest method.
Gains and losses arising on the re-purchase, settlement or other cancellation of liabilities are recognised respectively in
finance income and finance expense.
Derivative financial instruments
The Group sometimes uses derivative financial instruments, principally forward foreign currency contracts to reduce its
exposure to exchange rate movements and interest rate caps to reduce its exposure to fluctuating interest rates. The
Group does not hold or issue derivatives for speculative or trading purposes.
106/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple�Derivative financial instruments are recognised as assets and liabilities measured at their fair values at the reporting date.
Changes in the fair values are recognised in the Consolidated Statement of Profit or Loss and this is likely to cause volatility
in situations where the carrying value of the hedged item is either not adjusted to reflect fair value changes arising from the
hedged risk or is so adjusted but that adjustment is not recognised in the Consolidated Statement of Profit or Loss.
Provided the conditions specified by IAS 39 — Financial Instruments are met, hedge accounting may be used to mitigate
this volatility.
3.14 Leases
Leases are classified as finance leases whenever the terms of the lease transfer substantially all the risks and rewards of
ownership to the lessee. All other leases are classified as operating leases.
Rentals payable under operating leases are charged to income on a straight-line basis over the term of the relevant lease.
Benefits received and receivable as an incentive to enter into an operating lease are also spread on a straight-line basis over
the lease term.
3.15 Provisions
A provision is recognised when the Group has a legal or constructive obligation as a result of a past event and it is probable
that an outflow of economic benefits will be required to settle the obligation and a reliable estimate can be made of the
amount of the obligation. If the effect is material, expected future cash flows are discounted using a current pre-tax rate
that reflects, where appropriate, the risks specific to the liability.
Where the Group expects some or all of a provision to be reimbursed, for example under an insurance policy, the
reimbursement is recognised as a separate asset but only when recovery is virtually certain.
The expense relating to any provision is presented in the Consolidated Statement of Profit or Loss net of any
reimbursement.
Where discounting is used, the increase in the provision due to unwinding the discount is recognised as a finance expense.
3.16 Taxation
The income tax charge represents the sum of the current and deferred taxes. Current tax payable or recoverable is based
on the taxable profit for the period. Taxable profit differs from profit reported in the Consolidated Statement of Profit or Loss
because some items of income or expense are taxable in different periods or may never be taxable or deductible. The
Group’s liability for current tax is calculated using UK and foreign rates and laws that have been enacted or substantively
enacted by the reporting period date.
A current tax provision is recognised when the Group has a present obligation as a result of a past event and it is probable
that the Group will be required to settle that obligation. Tax liabilities are recognised when it is considered probable that
there will be a future outflow of funds to a taxing authority. They are measured using one of the following methods,
depending on which of the methods management expects will better reflect the amount it will pay over to the tax authority:
• The single best estimate method is used where there is a single outcome that is more likely than not to occur. This will
happen, for example, where the tax outcome is binary or the range of possible outcomes is limited. The most likely
outcome may be that no tax is expected to be payable, in which case the provision is nil; or
• A probability weighted expected value is used where, on the balance of probabilities, something will be paid to the tax
authority but the possible outcomes are widely dispersed with low individual probabilities (i.e. there is no single outcome
more likely than not to occur). In this case, the provision is the sum of the probability-weighted amounts in the range. In
assessing provisions against uncertain tax positions, management uses in-house tax experts, professional firms and
previous experience of the taxing authority to evaluate the risk. However, it remains possible that uncertainties will
ultimately be resolved at amounts greater or smaller than the liabilities provided.
The Group’s current tax provision relates to the management’s estimate of the amount of tax payable on open tax
computations where the liabilities remain to be agreed with authorities. The uncertain tax items for which provision is
made (see note 13), relate to the interpretation of tax legislation impacting arrangements entered into in the ordinary
course of business. Due to the uncertainty associated with such items, it is possible that at a future date, on conclusion
of open tax matters, the final outcome may vary. We report cross-border transactions undertaken between Group
subsidiaries on an arm’s-length basis in tax returns in accordance with OECD guidelines. However, transfer pricing relies
on the making of estimates and it is frequently possible for there to be a range of legitimate and reasonable views. This
means that it is impossible to be certain that the tax returns basis will be sustained on examination. Discussions with
tax authorities relating to cross-border transactions and other matters are ongoing in several of the Group’s major
trading jurisdictions.
/107
IntroductionGovernanceFinancial StatementsStrategic Report�3 Significant Accounting Policies continued
3.16 Taxation continued
Although the timing and amount of final resolution of these uncertain tax positions cannot be reliably predicted, no
significant impact on the profitability of the Group is expected to result.
Deferred tax is the tax expected to be payable or recoverable in the future arising from temporary differences between the
carrying amounts of assets and liabilities in the Consolidated Financial Statements and the corresponding tax bases used
in the computation of taxable profit. It is accounted for using the balance sheet liability method. Deferred tax liabilities are
generally recognised for all taxable temporary differences and deferred tax assets are recognised to the extent that it is
probable that taxable profits will be available against which deductible temporary differences can be utilised.
Such assets and liabilities are not recognised if the temporary difference arises from the initial recognition of goodwill or
from the initial recognition (other than in a business combination) of other assets and liabilities in a transaction that affects
neither the tax profit nor the accounting profit.
Deferred tax liabilities are recognised for taxable temporary differences arising on investments in subsidiaries, except
where the Group is able to control the reversal of the temporary difference and it is probable that the temporary difference
will not reverse in the foreseeable future. The carrying amount of deferred tax assets is reviewed at each reporting date and
reduced to the extent that it is no longer probable that sufficient taxable profits will be available to allow all or part of the
asset to be recovered.
Deferred tax is calculated at the tax rates that are expected to apply in the period when the liability is settled or the asset is
realised. The rate is based on tax rates that have been enacted or substantively enacted by the reporting period date.
Deferred tax is charged or credited in the Consolidated Statement of Profit or Loss, except when it relates to items charged
or credited to other comprehensive income or directly to equity, in which case the deferred tax is dealt with in other
comprehensive income or in equity. Deferred tax assets and deferred tax liabilities are offset if a legally enforceable right
exists to set off current tax assets against current tax liabilities and the deferred taxes relate to the income taxes levied in
the same taxation authority on either the same entity or on different taxable entities which intend to settle the current tax
assets and liabilities on a net basis.
Disclosures relating to tax are set out in note 13
3.17 Pensions and Other Post-Retirement Benefits
The Group operates defined contribution pension schemes for its employees. The assets of the schemes are held
separately from those of the Group in independently administered funds. Contributions to defined contribution schemes
are recognised in the Consolidated Statement of Profit or Loss in the period in which they become payable.
3.18 Share-Based Payments
Employees (including senior executives) of the Group receive remuneration in the form of share-based payment
transactions, whereby employees render services as consideration for equity instruments (“equity-settled transactions”).
The Group also grants cash-settled awards in certain jurisdictions in order to ensure compliance with tax, regulatory or
legal country specific requirements.
Equity-settled transactions
The cost of equity-settled transactions with employees is measured by reference to the fair value at the date on which they
are granted. The fair value is determined by using an appropriate pricing model, further details of which are given in note 28.
The cost of equity-settled transactions is recognised, together with a corresponding increase in equity, ending on the date
on which the relevant employees become fully entitled to the award.
At each reporting date before vesting, the cumulative expense is calculated, representing the extent to which the vesting
period has expired and the Directors best estimate of the achievement or otherwise of non-market conditions and of the
number of equity instruments that will ultimately vest or, in the case of an instrument subject to a market condition, be
treated as vesting as described above. The movement in cumulative expense since the previous reporting date is
recognised in the Consolidated Statement of Profit or Loss, with a corresponding entry in equity.
Where the terms of an equity-settled award are modified or a new award is designated as replacing a cancelled or settled
award, the cost based on the original award terms continues to be recognised over the original vesting period. In addition,
an expense is recognised over the remainder of the new vesting period for the incremental fair value of any modification,
based on the difference between the fair value of the original award and the fair value of the modified award, both as
measured on the date of the modification. No reduction is recognised if this difference is negative.
108/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple�Where an equity-settled award is cancelled, it is treated as if it had vested on the date of cancellation, and any cost not yet
recognised in the Consolidated Statement of Profit or Loss for the award is expensed immediately. Any compensation paid
up to the fair value of the award at the cancellation or settlement date is deducted from equity, with any excess over fair
value being treated as an expense in the Consolidated Statement of Profit or Loss.
Cash-settled transactions
A liability is recognised for the fair value of cash-settled transactions. The fair value is measured at grant and each
subsequent reporting date up to and including the settlement date. The change in fair value is recognised in the
Consolidated Statement of Profit or Loss with a corresponding entry in liabilities for cash-settled transactions.
3.19 Exceptional Items
Exceptional items are those that in the judgment of the Directors need to be disclosed by virtue of their size, nature or
incidence, in order to draw the attention of the reader and to show the underlying business performance of the Group. Such
items are included within the income statement caption to which they relate, and are separately disclosed either in the
notes to the Consolidated Financial Statements or on the face of the Consolidated Statement of Profit or Loss.
3.20 Events After the Reporting Date
Events between the reporting date and the date on which the Consolidated Financial Statements are approved, favourable
and unfavourable, providing evidence of conditions that existed at the reporting date, adjust the amounts recognised in the
Consolidate Financial Statements. Those that indicate conditions arising after the reporting date are disclosed but are not
recognised within the Consolidated Financial Statements.
4 Alternative Performance Measures (“APMs”)
The Group uses certain financial measures that are not defined or recognised under IFRS. The Directors believe that these
non-GAAP measures supplement GAAP measures to help in providing a further understanding of the results of the Group
and are used as key performance indicators within the business to aid in evaluating its current business performance. The
measures can also aid in comparability with other companies, particularly in the cybersecurity industry, who use similar
metrics. However as the measures are not defined by IFRS, other companies may calculate them differently or may use
such measures for different purposes to the Group. Constant currency measures have limitations, particularly as the
currency effects that are eliminated may constitute a significant element of the Group’s revenue and expenses and could
materially impact the Group’s performance. The Directors do not evaluate the Group’s results and performance on a
constant currency basis without also evaluating the Group’s financial information prepared at actual foreign exchange rates
in accordance with IFRS.
The definition of non-GAAP measures in the year-ended 31 March 2018 is consistent with those presented for the year-
ended 31 March 2017. The reconciliation of non-GAAP measures to GAAP measures is set out below.
Billings
Billings represent the value of products and services invoiced to customers after receiving a purchase order from the
customer and delivering products and services to them, or for which there is no right to a refund. Billings do not equate to
statutory revenue.
Revenue
Net deferral of revenue (see note 22)
Billings
Currency revaluation
Constant currency billings
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
640.7
127.9
768.6
(30.2)
738.4
529.7
102.4
632.1
(8.8)
623.3
/109
IntroductionGovernanceFinancial StatementsStrategic Report
�4 Alternative Performance Measures (“APMs”) continued
Adjusted Operating Profit and Cash EBITDA
Adjusted operating profit provides a supplemental measure of earnings that facilitates review of operating performance on
a period-to-period basis by excluding non-recurring and other items that are not indicative of the Group’s underlying
operating performance.
Adjusted operating profit is a key profit measure used by the Board to assess the underlying financial performance of the
Group. Adjusted operating profit is stated before the following items for the following reasons
• Exceptional items, as set out in Note 7, are one of the items that in the Director’s judgment should be disclosed separately
by virtue of their size, nature or incidence, in order to show the underlying business performance of the Group.
• Charges for the amortisation of acquired intangibles are excluded from the calculation of adjusted operating profit.
This is because these charges are based on judgments about their value and economic life, are the result of the
application of acquisition accounting rather than core operations, and whilst revenue recognised in the income
statement does benefit from the underlying technology that has been acquired, the amortisation costs bear no
relation to the Group’s underlying ongoing operational performance. In addition, amortisation of acquired intangibles
is not included in the analysis of segment performance used by the chief operating decision maker.
• Share-based payment charges are similarly excluded from the calculation of adjusted operating profit because these
represent a non-cash accounting charge for transactions that could otherwise have been settled in cash or not be
limited to employee compensation. These charges also represent long-term incentives designed for long-term
employee retention, rather than reflecting the short-term underlying operations of the Group’s business. The Directors
acknowledge that there is an ongoing professional debate on the add-back of share-based payment charges but
believe that as they are not included in the analysis of segment performance used by the chief operating decision
maker and their add-back is consistent with metrics used by a number of other companies in the global cybersecurity
industry, that this treatment remains appropriate.
Cash earnings before interest, taxation, depreciation and amortisation (“Cash EBITDA”) is defined as the Group’s operating
profit / (loss) adjusted for depreciation and amortisation charges, any gain or loss on the sale of tangible and intangible
assets, share option charges, unrealised foreign exchange differences (on the basis that they are non-cash income and
expenses) and exceptional items, with billings replacing recognised revenue. The unrealised foreign exchange differences
are included within the foreign exchange loss of $6.9M disclosed on the face of the Consolidated Statement of Profit or
Loss. The Directors consider this metric a useful supplemental measure of earnings that provides visibility on actual cash
earned in the year. The replacement of revenue with billings adjusts for the net deferral of revenue, whereas the weighted
average contract term is around 28 months, a more material adjustment is generated than for the short-term working
capital variations derived from the application of the accruals concept. Therefore, whilst Cash EBITDA is not a pure cash
flow metric, it represents a closer approximation to cash earned in the period from the trading that has taken place.
Depreciation and unrealised foreign exchange differences are adjusted as they do not represent cash costs of the business.
Operating loss
Amortisation of intangible purchased assets
Share-based payments expense
Exceptional items
Adjusted operating profit
Depreciation
Unrealised foreign exchange loss
Net deferral of revenue
Cash EBITDA
Billings
Revenue
Net deferral of revenue
110/
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
Note
(31.9)
(44.3)
7
25.2
39.6
13.2
46.1
11.6
8.1
127.9
193.7
768.6
(640.7)
127.9
19.9
31.3
31.4
38.3
9.4
–
102.4
150.1
632.1
(529.7)
102.4
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�Unlevered Free Cash Flow
Unlevered free cash flow represents net cash flow from operating activities adjusted for exceptional items and net
capital expenditure. Unlevered free cash flow provides an understanding of the Group’s cash generation and is a
supplemental measure of liquidity in respect of the Group’s operations without the distortions of exceptional and
other non-operating items.
Net cash flow from operating activities
Exceptional items – cash-settled
Net capital expenditure
Unlevered free cash flow
Cash EBITDA
Net capital expenditure
Change in working capital
Corporation tax paid
Unlevered free cash flow
5 Segment Information
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
147.7
13.0
(21.1)
139.6
118.5
31.4
(16.5)
133.4
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
193.7
(21.1)
(10.9)
(22.1)
139.6
150.1
(16.5)
19.0
(19.2)
133.4
For internal management reporting purposes, the operating segments are determined to be geographic segments as the
Group’s risks and rates of return are affected predominantly by the different economic environments. This is consistent
with the information provided to the Chief Operating Decision Maker. The Group has only one operating segment based on
product on the basis that the products and services offered to external customers are very similar and therefore do not
result in different risks and rates of return for the Group.
The Group’s geographical segments are based on the location of the Group’s operations consisting of Europe, Middle East
and Africa (“EMEA”), The Americas and Asia Pacific and Japan (“APJ”).
Billings are classified by the geographic location of direct customers, OEMs and the distributors which purchase our
products. The geographic location of OEMs or distributors may be different from that of end customers. A disclosure of
billings and revenue by region is included in the Financial Review on pages 29 to 31.
The accounting policies of the reportable segments are the same as the Group’s accounting policies described in note 3.
Segment profits represent the profit earned by each segment without allocation of central administration costs including
Directors’ salaries, finance costs and income tax expense. This is the measure reported to the Chief Operating Decision
Maker, the Chief Executive Officer, and Senior Management Team for the purposes of resource allocation and assessment
of segment performance.
Transfer prices between geographical segments are set on an arm’s length basis in a manner similar to transactions with
third parties.
/111
IntroductionGovernanceFinancial StatementsStrategic Report�5 Segment Information continued
Geographical Segments
The following tables present billings, expenditure and certain asset information regarding the Group’s geographical
segments for the year-ended 31 March 2018 and 31 March 2017.
Year-ended 31 March 2018
Billings
Regional cost of sales
Regional gross margin
Regional sales and marketing expense
Regional operating profit
Revenue deferral
Central costs
Amortisation
Depreciation
Operating loss
Year-ended 31 March 2017
Billings
Regional cost of sales
Regional gross margin
Regional sales and marketing expense
Regional operating profit
Revenue deferral
Central costs
Amortisation
Depreciation
Operating loss
Other Segment Information
Segment assets
Americas
EMEA
APJ
Total segment assets
Unallocated assets
Consolidated total assets
Americas
$M
270.0
(14.7)
255.3
(76.7)
178.6
Americas
$M
217.6
(16.2)
201.4
(64.2)
137.2
EMEA
$M
395.1
(38.1)
357.0
(79.0)
278.0
EMEA
$M
319.5
(36.5)
283.0
(69.0)
214.0
APJ
$M
103.5
(16.2)
87.3
(32.0)
55.3
APJ
$M
95.0
(15.2)
79.8
(29.5)
50.3
Total
$M
768.6
(69.0)
699.6
(187.7)
511.9
(127.9)
(379.1)
(25.2)
(11.6)
(31.9)
Total
$M
632.1
(67.9)
564.2
(162.7)
401.5
(102.4)
(314.1)
(19.9)
(9.4)
(44.3)
31 March 2018
$M
31 March 2017
$M
377.8
690.4
150.4
1,218.6
125.8
1,344.4
369.4
599.4
149.1
1,117.9
105.3
1,223.2
Unallocated assets relate to deferred tax, as the measure of segment assets reviewed by the Chief Operating Decision
Maker does not include deferred tax. Following the finalisation of the segment allocation of goodwill arising on the
acquisition of Invincea, Inc. in the prior-year, comparatives have been re-stated.
112/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�Depreciation and amortisation
Americas
EMEA
APJ
Total depreciation and amortisation
Non-current assets by country
UK
USA
Germany
Other countries
Total non-current assets by country
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
7.5
24.9
4.4
36.8
4.9
22.0
2.4
29.3
31 March 2018
$M
31 March 2017
$M
39.8
13.6
2.7
14.5
70.6
42.4
13.6
3.0
12.4
71.4
Non-current assets by country excludes deferred tax assets and goodwill. Goodwill has been excluded as a split by country
is not available and the Directors consider that the cost to develop such analysis would be excessive.
Revenue from external customers by country
UK
USA
Germany
Other countries
Total
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
74.0
203.9
127.4
235.4
640.7
58.7
169.3
103.1
198.6
529.7
The Group’s revenue is diversified across its entire end customer base and no single end user accounted for greater than 10
per cent of the Group’s revenue in either 2017 or 2018. In 2018 three distributors accounted for 15 per cent, 14 per cent and
12 per cent each of Group billings which were attributable to all segments of the Group (2017: three distributors accounted
for 15 per cent, 13 per cent and 11 per cent each).
/113
IntroductionGovernanceFinancial StatementsStrategic Report�6 Revenue
Revenue recognised in the Consolidated Statement of Profit or Loss is analysed as follows:
Revenue by Product:
Network
Enduser
Other
Total
Revenue by Type:
Subscription
Hardware
Other
Total
7 Exceptional Items
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
315.6
294.7
30.4
640.7
271.2
231.6
26.9
529.7
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
515.3
114.2
11.2
640.7
410.7
106.7
12.3
529.7
Exceptional items are those that in the judgment of the Directors need to be disclosed by virtue of their size, nature or
incidence, in order to draw the attention of the reader and to show the underlying business performance of the Group. Such
items are included within the income statement caption to which they relate and are separately disclosed on the face of the
Consolidated Statement of Profit or Loss.
During the year-ended 31 March 2018, restructuring and integration costs of $10.2M (2017: ($0.4M)) and costs incurred in
relation to the defence of certain intellectual property (“IP”) litigation of $3.0M (2017: $24.6M) were incurred. In the prior-
year intellectual property litigation costs included an omnibus agreement entered into with Finjan Inc. on 30 March 2017
resolving all the parties’ disputes. Additionally, in the prior-year, acquisition related expenses of $7.2M, including earn-outs
from acquisitions in earlier periods, were incurred. This resulted in total exceptional items of $13.2M (2017: $31.4M). Tax
relief on these exceptional items amounted to $2.6M (2017: $4.8M).
8 Loss on Ordinary Activities
The loss on ordinary activities before taxation is stated after charging:
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
11.6
25.2
145.8
12.5
1.6
8.4
0.6
6.9
9.4
19.9
117.8
10.8
1.4
6.5
0.1
1.2
Depreciation of property, plant and equipment
Amortisation of intangible assets
Research and development expenditure
Operating lease rentals:
Property
Other
Pension scheme contributions
Impairment of trade receivables
Net foreign currency differences
114/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�9 Auditor’s Remuneration
The Group paid the following amounts to its auditors in respect of the audit of the historical financial information and for
other non-audit services provided to the Group.
Audit of the financial statements
Subsidiary local statutory audits
Total audit fees
Taxation compliance services
Total non-audit fees
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
0.4
0.4
0.8
–
–
0.4
0.2
0.6
0.2
0.2
The audit of a number of foreign subsidiaries were transferred from other auditors to the Group’s auditor during the
current-year.
10 Employee Costs
Wages and salaries
Social security costs
Pension costs
Other costs
Share-based payments (see note 28)
Total employee costs
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
280.9
27.3
8.4
12.1
328.7
42.2
370.9
234.2
22.2
6.5
9.2
272.1
32.5
304.6
The average number of employees during the period, analysed by category, was as follows:
Technical
Sales and marketing
Administration
Total average number of employees
11 Directors’ Remuneration
Directors’ emoluments
Share-based payment - equity-settled
Total Directors’ remuneration
Year-ended
31 March 2018
Year-ended
31 March 2017
1,868
1,124
327
3,319
1,830
998
294
3,122
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
3.3
7.0
10.3
3.2
7.9
11.1
Directors’ emoluments represent all earnings and aggregate contributions to pension schemes made during the year as a
Director of Sophos Group plc and its subsidiaries. Further details can be found in the Group’s Remuneration Report on
pages 72 to 81.
/115
IntroductionGovernanceFinancial StatementsStrategic Report
�12 Finance Income and Expense
Finance income
Interest on bank deposits
Finance expense
Interest expense on loans and borrowings
Other interest and bank charges
Accretion on contingent consideration
Foreign exchange loss / (gain) on borrowings
Amortisation of facility fees
Total finance expense
13 Taxation
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
0.3
0.1
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
8.7
0.3
9.0
0.9
9.6
1.2
20.7
7.8
0.4
8.2
0.2
(4.2)
0.9
5.1
UK corporation tax for the year-ended 31 March 2018 is calculated at 19 per cent (2017: 20 per cent) of the estimated
assessable loss for the period.
Current income tax:
UK corporation tax
Adjustments in respect of previous years UK tax
Overseas tax before exceptional items
Overseas tax on exceptional items
Adjustment in respect of previous years
Total current tax charge
Deferred tax:
Origination and reversal of temporary differences
Origination and reversal of temporary differences on exceptional items
Impact of changes in US tax rate
Adjustment in respect of previous years
Total deferred tax credit
Total income tax charge / (credit)
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
(2.5)
0.3
23.0
–
11.1
31.9
(19.8)
–
5.4
(3.5)
(17.9)
14.0
(4.0)
(1.1)
22.5
0.1
4.1
21.6
(18.9)
(5.0)
–
(0.3)
(24.2)
(2.6)
116/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�The charge for the year can be reconciled to the loss for the year before taxation per the Consolidated Statement of Profit
or Loss as follows:
Loss for the year before taxation
Loss for the year before taxation multiplied by the standard
rate of corporation tax in the UK of 19% (2017: 20%)
Effects of:
Adjustments in respect of previous years
Change in tax rate during the year
Expenses not deductible for tax purposes
Losses not recognised
Higher tax rates on overseas earnings
Research and development and other tax credits
Impact of US tax reform on deferred tax
Other movements
Charge / (credit) for taxation on loss for the year
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
(52.3)
(9.9)
7.9
3.7
9.4
–
3.8
(5.1)
5.4
(1.2)
14.0
(49.3)
(9.9)
2.7
1.6
(1.8)
1.8
6.5
(5.4)
–
1.9
(2.6)
The Group’s taxation strategy is aligned to its business strategy and operational needs. Oversight of taxation is within the
remit of the Audit and Risk Committee. The Chief Financial Officer is responsible for tax strategy supported by a global team
of tax professionals. Sophos strives for an open and transparent relationship with all revenue authorities and are vigilant in
ensuring that the Group complies with current tax legislation. The Group proactively seeks to agree arm’s length pricing
with tax authorities to mitigate tax risks of significant cross-border operations. The Group actively engages with policy
makers, tax administrators, industry bodies and international institutions to provide informed input on proposed tax
measures, so that it and they can understand how those proposals would affect the Group. However, a tax authority may
seek adjustment to the filing position adopted by a Group company and it is accepted that interpretation of complex
regulations may lead to additional tax being assessed. Uncertain tax positions are monitored regularly and a provision
made in the accounts where appropriate.
Key Influences
The Group’s tax rate is sensitive to the geographic mix of profits and reflects a combination of higher rates in certain
jurisdictions, such as Germany and India, a low rate in the UK and other rates that lie in between. The Group receives
incentives in certain jurisdictions. In the UK, the Research and Development Expense Credit resulted in a lower tax charge
in the income statement and a lower net cash tax payment. There is no guarantee that these incentives will continue to be
applicable in future years.
In the UK, a reduction in the corporate tax rate from 19 per cent to 17 per cent from April 2020 was enacted on 6 September
2016. The US Tax Cuts and Jobs Act was enacted on 22nd December 2017, reducing the statutory rate of US federal
corporate income tax from 35 per cent to 21 per cent with effect from 1st January 2018. The US Tax Cuts and Jobs Act is
expected to positively impact future after tax earnings, primarily because of the reduced tax rate. Consequently, the Group
has measured its US deferred tax assets and liabilities at the end of the reporting period at a combined (federal and state)
tax rate of 27.08 per cent. The value of US deferred tax assets has reduced by $5.4M in the year-ended 31 March 2018 as a
result of the reduced statutory rate of US federal corporate income tax rate; this is identified in tax rates movement in the
reconciliation of effective tax rate. The re-evaluation has resulted in a one-off charge of $5.4M to the taxation charge. The
current tax adjustment in respect of prior periods of $11.1M includes an update in the estimate of tax of $5.6M arising in the
US when the group modified it’s transfer pricing policy, on an arm’s length basis, to ensure that policies continue to reflect
the ongoing development of our management and commercial structure as the business grows. The remainder includes a
$5.1M increase in the provision for uncertain tax positions and $0.4M for tax filing position adjustments across all other
territories..Tax liabilities are recognised when it is considered probable that there will be a future outflow of funds to a taxing
authority. The methodology used to estimate liabilities is set out in note 3.16. Within current liabilities is $21.8 million
(FY17: $16.7 million) in respect of liabilities for uncertain tax positions, the majority of which relates to the risk of challenge
from tax authorities to the geographic allocation of profits across the Group. The Group anticipates that a number of tax
audits are likely to conclude in the next twelve to twenty four months. Due to the uncertainty associated with such tax
items, it is possible at a future date, on the conclusion of open tax matters, the final outcome may vary significantly.
/117
IntroductionGovernanceFinancial StatementsStrategic Report
�13 Taxation continued
Expected Future Rate
Over the medium-term the tax rate is likely to stabilise as the integration of acquisitions in higher rate jurisdictions are
completed. However, the tax rate may fluctuate if business changes are implemented in response to legislation arising from
the OECD’s Base Erosion & Profit Shifting Project. Legislative change in key territories is being monitored and acted upon.
The Group does not anticipate any significant impact on the future tax charge, liabilities or assets, as a result of the triggering
of Article 50(2) of the Treaty on European Union, but cannot rule out the possibility that, for example, a failure to reach
satisfactory arrangements for the UK’s future relationship with the European Union, could have an impact on such matters.
The European Commission has announced that an investigation will be opened in to the UK’s controlled foreign company
(“CFC”) rules. The CFC rules levy a charge on foreign entities controlled by the UK that are subject to a lower rate of tax,
however there is currently an exemption available for 75 per cent of this charge if the activities being undertaken by the CFC
relate to financing. The EC considers that this exemption is in breach of EU State Aid rules. No provision for this potential
liability of £3.2M has been provided in these Consolidated Financial Statements as it is not clear what, if any, the ultimate
financial result will be.
Deferred tax assets and liabilities are attributable to the following:
Deferred income tax assets in relation to:
Deferred revenue
Tax value of carry forward losses of UK subsidiaries
Tax value of carry forward losses of overseas subsidiaries
Advanced capital allowances
Share-based payments
Other timing differences
Total
Deferred income tax liabilities in relation to:
Intangible assets
Other timing differences
Total
31 March 2018
$M
31 March 2017
$M
45.1
24.2
6.4
7.7
27.7
14.7
37.1
15.4
13.1
6.2
19.7
13.8
125.8
105.3
5.9
0.1
6.0
14.4
–
14.4
As at 31 March 2018 the aggregate amount of temporary differences associated with undistributed earnings of
subsidiaries for which deferred tax liabilities have been recognised was $Nil (2017: $Nil). No liability has been recognised
because the Group is in a position to control the reversal of temporary differences and it is probable that such differences
will not reverse in the foreseeable future.
Deferred tax assets and liabilities are measured at the tax rates that are expected to apply in the period when the asset is
realised or the liability settled, based on tax rates that have been enacted or substantively enacted at the reporting date.
Losses
A deferred tax asset has been recognised in respect of losses where current forecasts indicate profits will arise in the
forecast period against which the losses recognised will be offset. At the balance sheet date the Group has unused tax
losses of $500.4M (2017: $336.6M) available for offset against future profits. A deferred tax asset has been recognised in
respect of $166.4M (2017: $118.2M) of such losses. No deferred tax asset has been recognised in respect of the remaining
$334.0 (2017: $218.4M) as it is not considered probable that there will be the required type of future trading or non-trading
profits available in the correct entities necessary to permit offset and recognition.
118/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�Share-Based Payments
A remuneration expense for share based payments is recorded in the Consolidated Statement of Profit or Loss over the
period from the award date to the vesting date of the relevant options. Where there is a temporary difference between the
accounting and tax bases, a deferred tax asset may be recorded. Any deferred tax asset arising on share option awards is
calculated as the estimated amount of tax deduction to be obtained in the future. This is based on the Group’s share price
at the reporting date so will be impacted by share price movement and is pro-rated to the extent that the services of the
employee have been rendered over the vesting period. If this amount exceeds the cumulative amount of the remuneration
expense at the statutory rate, the excess is recorded directly in equity, against retained earnings. Similarly, current tax relief
in excess of the cumulative amount of the remuneration expense at the statutory rate is also recorded in retained earnings.
Deferred tax assets have only been recognised in jurisdictions in which future tax deductions are expected.
14 Earnings Per Share
Basic earnings per share (“EPS”) is calculated by dividing the profit for the period attributable to equity holders of the
parent by the weighted average number of ordinary shares outstanding during the period.
Diluted EPS is calculated by dividing the profit for the period attributable to equity holders of the parent by the weighted
average number of ordinary shares outstanding during the period plus the weighted average number of shares that would
be issued if all dilutive potential ordinary shares were converted into ordinary shares. In accordance with IAS 33, the dilutive
earnings per share are without reference to adjustments in respect of outstanding shares when the impact would be
anti-dilutive.
Adjusted Operating EPS is calculated by dividing the Adjusted Operating Profit for the period attributable to equity holders
of the parent by the weighted average number of ordinary shares outstanding during the period.
In each case, the weighted average number of shares takes into account the weighted average number of own shares held
during the period.
The following reflects the income and share data used in calculating EPS:
Loss for the period attributable to the equity holders of the Company
Adjusted Operating Profit for the period attributable to the equity holders
of the Company (see note 4)
Weighted average number of shares (000’s):
Effects of dilution from:
Share options
Restricted Share Units
Diluted
Basic and diluted EPS
Adjusted operating EPS
Diluted adjusted operating EPS
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
(66.3)
(46.7)
46.1
38.3
Year-ended
31 March 2018
Year-ended
31 March 2017
459,969
452,338
11,475
17,125
488,569
11,434
10,589
474,361
Year-ended
31 March 2018
$ Cents
Year-ended
31 March 2017
$ Cents
(14.4)
10.0
9.5
(10.3)
8.5
8.1
/119
IntroductionGovernanceFinancial StatementsStrategic Report
�15 Intangible Assets
Cost
At 31 March 2016
Additions
Acquired through business combinations
Effect of movements in exchange rates
At 31 March 2017
Additions
Disposals
Effect of movements in exchange rates
At 31 March 2018
Amortisation/Impairment loss
At 31 March 2016
Charge for the year
Effect of movements in exchange rates
At 31 March 2017
Charge for the period
Effect of movements in exchange rates
At 31 March 2018
Net book value
At 31 March 2017
At 31 March 2018
Goodwill
$M
Intellectual
Property
$M
716.3
368.9
–
99.8
(6.6)
809.5
–
–
16.7
826.2
0.2
–
–
0.2
–
–
0.2
809.3
826.0
–
21.6
(2.2)
388.3
14.8
–
5.1
408.2
356.3
7.4
(2.1)
361.6
13.4
5.0
380.0
26.7
28.2
Software
$M
36.2
5.1
–
(4.2)
37.1
6.1
–
4.4
47.6
20.9
7.0
(2.6)
25.3
8.1
3.1
36.5
11.8
11.1
Others
$M
267.2
–
1.2
(3.1)
Total
$M
1,388.6
5.1
122.6
(16.1)
265.3
1,500.2
–
–
7.6
20.9
–
33.8
272.9
1,554.9
254.6
5.5
(3.0)
257.1
3.7
7.5
268.3
8.2
4.6
632.0
19.9
(7.7)
644.2
25.2
15.6
685.0
856.0
869.9
Intellectual property is amortised on a reducing balance basis over its estimated useful life of up to 15 years.
Other intangibles comprise customer relationships, with a gross value of $250.4M and a net book value of $2.6M, and
brand names with a gross value of $22.5M and a net book value of $2.0M.
Customer relationships are amortised on a reducing balance basis over a period of up to 14 years and brand names on a
reducing balance basis over a period of up to 20 years.
Software is amortised on a straight-line basis over three years.
The Group does not have any intangible assets with indefinite useful lives.
The Group has not capitalised development costs in the year-ended 31 March 2018 (2017: $Nil) as the Directors believe the
criteria set out in IAS38 has not been met. See note 3.
120/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�16 Impairment of Goodwill and Intangibles
Before recognition of impairment losses, the carrying amount of goodwill had been allocated as follows:
Americas
EMEA
APJ
31 March 2018
$M
31 March 2017
$M
288.2
434.2
103.6
826.0
253.0
473.2
83.1
809.3
Impairment of goodwill and intangible assets is tested annually, or more frequently where there is indication of impairment.
The goodwill of $96.4M arising on the acquisition of Invincea, Inc. on 21 March 2017 was initially allocated to the EMEA CGU.
During the year the Directors have re-assessed and re-allocated this goodwill based upon synergies provided to each CGU,
the comparatives have also been re-stated.
Where the asset does not generate cash flows that are independent from other assets, the Group estimates the
recoverable amount of the cash-generating unit to which the asset belongs. If the recoverable amount of an asset or
cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating
unit is reduced to its recoverable amount. An impairment loss is recognised as an expense immediately in the Consolidated
Statement of Profit or Loss.
Goodwill is considered impaired if the carrying value of the cash-generating unit to which it relates is greater than the
higher of fair value less costs of disposal and the value in use.
For the year-ended 31 March 2018, the Directors have reviewed the value of goodwill based on internal value in use
calculations. The key assumptions for these calculations are discount rates, growth rates and expected changes to billings
and direct costs during the period.
The Group prepares cash flow forecasts derived from the Directors’ most recent financial forecasts for the following five
years. The growth rates for the five-year period are based on Directors expectations of the medium-term operating
performance of the cash-generating unit, planned growth in market share, industry forecasts, growth in the market and
specific regional considerations and are in line with past experience. Discount rates have been estimated based on rates
that reflect current market assessments of the Group’s weighted average cost of capital.
The key assumptions used in the assessments in the year-ended 31 March 2018 are as follows:
Long-term regional growth rate beyond five years
Discount rate
Americas
%
2.5%
9.5%
The key assumptions used in the assessments in the year-ended 31 March 2017 were as follows:
Long-term regional growth rate beyond five years
Discount rate
Americas
%
2.5%
10.5%
EMEA
%
1.5%
9.5%
EMEA
%
1.5%
10.0%
APJ
%
2.0%
10.5%
APJ
%
2.0%
11.5%
As at 31 March 2018, there were no indicators of impairment that suggested the carrying amounts of the Group’s long-lived
assets are not recoverable.
/121
IntroductionGovernanceFinancial StatementsStrategic Report
�17 Property, Plant and Equipment
Cost
As at 31 March 2016
Additions
Acquired through business combinations
Disposals
Effect of movements in exchange rates
As at 31 March 2017
Additions
Disposals
Effect of movements in exchange rates
As at 31 March 2018
Depreciation
As at 31 March 2016
Charge for the year
Acquired through business combinations
Disposals
Effect of movements in exchange rates
As at 31 March 2017
Charge for the year
Disposals
Effect of movements in exchange rates
As at 31 March 2018
Net book value
As at 31 March 2017
As at 31 March 2018
Land and
Buildings
$M
Plant and
Machinery
$M
Fixtures
and Fittings
$M
20.5
0.9
–
–
(6.4)
15.0
0.9
–
5.4
21.3
8.8
2.7
–
–
(3.3)
8.2
2.6
–
3.1
13.9
6.8
7.4
29.4
9.8
0.5
(0.3)
(2.5)
36.9
7.8
(0.4)
4.0
48.3
18.9
6.0
0.4
(0.3)
(2.0)
23.0
8.1
(0.3)
2.8
33.6
13.9
14.7
4.4
0.7
0.1
–
(0.3)
4.9
1.3
–
0.6
6.8
1.7
0.7
–
–
(0.2)
2.2
0.9
–
0.4
3.5
2.7
3.3
Total
$M
54.3
11.4
0.6
(0.3)
(9.2)
56.8
10.0
(0.4)
10.0
76.4
29.4
9.4
0.4
(0.3)
(5.5)
33.4
11.6
(0.3)
6.3
51.0
23.4
25.4
Included in the net book value of property, plant and equipment are assets under finance lease of $0.0M (2017: $0.1M).
There has been no impairment to the property, plant and equipment held by the Group during the year.
18 Inventories
Finished goods and goods for resale
31 March 2018
$M
31 March 2017
$M
16.0
16.2
The amount of write-down of inventories included as an expense within the Consolidated Statement of Profit or Loss was
$1.4M (2017: $0.1M).
122/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�19 Trade and Other Receivables
Current
Trade receivables
Prepayments
Other receivables
Total current trade and other receivables
Non-current
Other receivables
Total non-current trade and other receivables
31 March 2018
$M
31 March 2017
$M
151.8
18.6
7.4
177.8
1.3
1.3
123.1
14.1
8.0
145.2
1.3
1.3
Trade receivables are non interest-bearing and are generally on 30–90 day payment terms depending on the geographical
territory in which sales are generated. The carrying value of trade and other receivables also represents their fair value.
During the year-ended 31 March 2018 a provision for impairment of $0.6M (2017: $0.1M) was recognised in operating
expenses against receivables.
At 31 March 2018, trade receivables at a nominal value of $0.9M (2017: $0.4M) were impaired and fully provided for.
Movements in the provision for impairment of receivables were as follows:
At 1 April
Charge for the year
Amounts written off
Unused amounts reversed
At 31 March
The analysis of trade receivables that were past due, but not impaired is as follows:
Up to 3 months
3 to 6 months
Greater than 6 months
Total
20 Cash and Cash Equivalents
Cash at bank and in hand
Short-term deposits
Total cash and cash equivalent
31 March 2018
$M
31 March 2017
$M
0.4
0.6
(0.1)
–
0.9
1.5
0.2
1.0
2.7
0.7
0.1
(0.3)
(0.1)
0.4
0.4
–
0.4
0.8
31 March 2018
$M
31 March 2017
$M
67.2
52.8
120.0
62.3
5.8
68.1
Cash at bank earns interest at floating rates based on daily bank deposit rates. Short-term deposits are made for varying
periods of between one day and three months, depending on the immediate cash requirements of the Group, and earn
interest at the respective short-term deposit rates.
/123
IntroductionGovernanceFinancial StatementsStrategic Report
�21 Trade and Other Payables
Current
Trade payables
Accruals
Social security and other taxes
Other payables
Total current trade and other payables
Non-current
Other payables
Total non-current trade and other payables
31 March 2018
$M
31 March 2017
$M
39.6
68.4
14.9
11.2
134.1
8.2
8.2
34.9
53.5
11.5
7.4
107.3
3.9
3.9
Trade payables are non interest-bearing and are normally settled on 30-day terms or as otherwise agreed with suppliers.
22 Deferred Revenue
Current
Non-current
At 1 April
Billings deferred during the year
Revenue released to the Consolidated Statement of Profit or Loss
Net deferral
Acquired through business combinations
Translation and other adjustments
Current
Non-current
At 31 March
31 March 2018
$M
31 March 2017
$M
330.6
250.4
581.0
768.6
(640.7)
127.9
–
46.8
423.9
331.8
755.7
286.5
212.2
498.7
632.1
(529.7)
102.4
4.1
(24.2)
330.6
250.4
581.0
On acquisition of Invincea, Inc. on 21 March 2017, acquired deferred revenue of $6.1M was reduced by $2.0M representing
the fair value of original selling cost and associated profit. $3.1M (2017: $4.1M) remains unamortised at 31 March 2018.
23 Financial Liabilities
The fair values of financial assets and liabilities are included at the price that would be received to sell an asset, or paid to
transfer a liability, in an orderly transaction between market participants at the end of the reporting period. The following
methods and assumptions are used to estimate the fair values:
• Cash and cash equivalents
– approximates to the carrying amount
• Finance leases
• Bank loans
– approximates to the carrying amount
– approximates to the carrying amount
• Receivables and payables
– approximates to the carrying amount
Where financial assets and liabilities are measured at fair values their measurement should be classified into the
following hierarchy:
• Level 1 – quoted prices (unadjusted) in active markets from identical assets or liabilities
• Level 2 – inputs other than quoted prices included within level 1 that are observable for the asset or liability, either
directly (i.e. as prices) or indirectly (i.e. derived from prices)
• Level 3 – inputs for the asset or liability that are not based on observable market data
124/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�The Group had a Level 3 financial liability of $17.9M of contingent consideration measured at fair value through profit and
loss at 31 March 2018 (2017: $21.7M). The fair value of contingent consideration is determined using a probability-weighted
average of outcomes discounted back to the acquisition date.
The primary unobservable inputs comprise the forecast billings ($Nil to $20M) and billings growth rate (83 per cent) and the
risk adjusted discount rate (5.0 per cent – 10 per cent). The estimated fair value would increase / (decrease) if the revenue
growth rate was higher / (lower) or the risk adjusted discount rate was lower / (higher).
Total financial liabilities at the end of the reporting period were as follows:
Current instalments due on finance leases
Current instalments due on bank loans
Contingent consideration
Total current financial liabilities
Non-current instalments due on bank loans
Contingent consideration
Unamortised facility fees
Total non-current financial liabilities
Total financial liabilities
Finance Leases
31 March 2018
$M
31 March 2017
$M
–
–
17.4
17.4
308.8
0.5
(2.5)
306.8
324.2
0.1
50.0
21.0
71.1
299.2
0.7
(3.6)
296.3
367.4
The Group acquired lease obligations on certain of its fixtures and fittings under finance leases with terms of three to five
and a half years and at underlying interest rates ranging from 5.2 per cent – 6.3 per cent per annum as part of the
acquisition of Reflexion Inc. At 31 March 2018, the present value of future lease payments was $0.0M (2017: $0.1M).
Contingent Consideration
Invincea, Inc.
As part of the purchase agreement with the previous owners of Invincea, Inc., a contingent consideration has been agreed.
The consideration is dependent on the billings of products including the intellectual property acquired with Invincea, Inc. for
the 12 month period to 21 March 2018 with a maximum payout of $20.0M. The fair value of the contingent consideration at
the acquisition date was estimated at $19.3M. The contingent consideration is due for measurement to the former
shareholders on 30 June 2017, 30 September 2017, 31 December 2017 and 21 March 2018 respectively. The final
instalment is due for payment in the year-ending 31 March 2019.
Silent Break LLC
As part of the purchase agreement with the previous owners of the “PhishThreat” technology, a contingent consideration
has been agreed. The consideration is dependent on the billings of the “PhishThreat” product range for three annual periods
commencing 1 March 2017 and ending on 28 February 2020 with a maximum payout of $2.0M. The fair value of the
contingent consideration at the acquisition date was estimated at $1.2M. The contingent consideration is due for
measurement to the sellers on 28 February 2018, 2019 and 2020 respectively.
Movements in contingent consideration during the year-ended 31 March 2018 were as follows:
Contingent Consideration
At 31 March 2016
Assumed on business combination
Accretion
Cash paid
At 31 March 2017
Fair value contingent consideration
Accretion
Cash paid
At 31 March 2018
Invincea, Inc.
$M
Silent Break
Security LLC
$M
Reflexion
Networks Inc.
$M
–
19.3
0.1
–
19.4
–
0.6
(3.7)
16.3
–
1.2
–
–
1.2
0.2
0.2
–
1.6
2.2
–
0.1
(1.2)
1.1
–
0.1
(1.2)
–
Total
$M
2.2
20.5
0.2
(1.2)
21.7
0.2
0.9
(4.9)
17.9
/125
IntroductionGovernanceFinancial StatementsStrategic Report�23 Financial Liabilities continued
The undiscounted contingent consideration is due as follows;
Due within one year
Due between two and five years
Total undiscounted contingent consideration
Loans and Borrowings
31 March 2018
$M
31 March 2017
$M
17.4
0.6
18.0
21.8
0.9
22.7
Included in borrowings are bank loans of $308.8M (2017: $349.2M) as analysed below. This note provides information about
the contractual terms of the Group’s interest-bearing loans and borrowings, which are measured at amortised cost. For
more information about the Group’s exposure to interest rate, foreign currency and liquidity risk, see note 25.
Current instalments due on bank loans
Non-current instalments due on bank loans
Total bank loans
The bank loans are repayable as follows:
Due within one year
Due between two and five years
Total bank loans
31 March 2018
$M
31 March 2017
$M
–
308.8
308.8
50.0
299.2
349.2
31 March 2018
$M
31 March 2017
$M
–
308.8
308.8
50.0
299.2
349.2
The Group entered into an amended Senior Facilities agreement on 6 February 2017, whereby an additional Revolving
Credit Facility was added to the existing agreement. Following the amendment, the following terms apply to the bank loans
outstanding at 31 March 2018:
Facility
Facility – A
Facility – B
Revolving Credit Facility 1
Revolving Credit Facility 2
Repayment and Maturity
Interest
Libor
Euribor
Libor
Libor
Margin
1.50%
1.50%
1.25%
2.25%
Principal
M
$ 235.0
€ 60.0
–
–
Principal
$M
235.0
73.8
–
–
308.8
Facility A ($235.0M), Facility B (€60.0M), Revolving Credit Facility 1 (multicurrency up to $30.0M) are repayable in full on the
termination date at the end of the 60-month term on 1 July 2020. Revolving Credit Facility 2 (multicurrency up to $40.0M)
is repayable in full on the termination date on 2 July 2020.
Any utilisation of a Revolving Credit facility is repayable on the last day of its interest period, any amount repaid may be
re-borrowed. The margin payable on the facilities is dependent upon the ratio of the Group’s net debt to Cash EBITDA as
defined in the facility agreement.
The bank loans are secured by fixed and floating charges over the assets of certain Group companies including businesses,
undertakings, securities, properties, revenues or rights of every description.
126/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�24 Provisions
At 31 March 2016
Arising during the year
Utilised
Released during the year
Disposal of a business
Exchange differences
At 31 March 2017
Arising during the year
Utilised
Released during the year
Disposal of a business
Exchange differences
At 31 March 2018
31 March 2018
Current
Non-current
Total provisions
31 March 2017
Current
Non-current
Total provisions
Other Provisions
Re-structuring
$M
0.3
–
(0.3)
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Other
$M
1.0
0.6
(0.1)
–
–
–
1.5
0.2
–
(0.4)
–
0.1
1.4
–
1.4
1.4
0.4
1.1
1.5
Total
$M
1.3
0.6
(0.4)
–
–
–
1.5
0.2
–
(0.4)
–
0.1
1.4
–
1.4
1.4
0.4
1.1
1.5
The opening provisions partially related to the Group’s obligations to make good the dilapidations of various leasehold
premises at the end of the lease periods. Additionally, in France the Group operates an unfunded, compulsory retirement
indemnity plan, payable only if the employees are working for the Group when they retire. The provision arising in the
year-ended 31 March 2018 relating to the retirement indemnity plan was $0.2M (2017: $0.1M).
25 Financial Risk Management
Financial risk management is conducted at a Group level, applying treasury policies which have been approved by the
Board. The major financial risks to which the Group is exposed relate to interest rate risk, credit risk and movements in
foreign currency exchange rates. Where appropriate, cost effective and practicable, the Group uses various financial
instruments to manage these risks. The main purpose of these financial instruments is to reduce the impact on the Group
operations of changes in market rates. No speculative use of derivatives, currency or other instruments is permitted.
The Directors review and agree policies for managing each of these risks as summarised below:
Liquidity Risk
The Group prepares budgets annually in advance. This enables the Group’s operating cash flow requirements to be
anticipated and to ensure sufficient liquidity is available to meet foreseeable needs, financial obligations and to invest
any surplus cash assets safely and profitably. Quarterly covenant tests are performed and monitored by the Directors at
quarterly Board meetings.
The Group’s objective is to maintain a balance between continuity of funding, minimising finance costs and maintaining
flexibility through the use of short-term deposits and intra-group loan arrangements.
/127
IntroductionGovernanceFinancial StatementsStrategic Report
�25 Financial Risk Management continued
Capital Management
The primary objective of the Group’s capital management is to ensure that it maintains a strong credit rating and healthy
capital ratios in order to support its business and maximise shareholder value.
The capital structure of the Group consists of cash and cash equivalents as disclosed in note 20, borrowings as disclosed in
note 23 and equity attributable to equity holders of the parent, comprising issued capital, reserves and retained earnings,
as disclosed in the Consolidated Statement of Changes in Equity.
The Group manages its capital structure, and makes adjustments to it, in light of changes in economic conditions. The
Group reviews the capital structure on a regular basis and considers the cost of capital and the risks associated with each
class of capital.
Credit Risk
The Group’s principal financial assets are cash and bank deposits and trade and other receivables.
The Group’s credit risk is primarily attributable to its trade receivables. In order to manage credit risk, the Directors set
limits for customers based on a combination of payment history and third party credit references. Credit limits are reviewed
by the credit controller on a regular basis in conjunction with debt ageing and collection history.
The amounts presented in the Consolidated Statement of Financial Position are net of allowance for doubtful debts.
An allowance for impairment is made where there is an identified loss event which, based on previous experience, is
evidence of a reduction in the recoverability of cash flows. The expense recognised in the Consolidated Statement of
Profit or Loss in respect of doubtful debts during the period was $0.6M, as disclosed in note 19.
The Group has no significant concentration of credit risk in trade receivables; exposure is spread over a large number of
counterparties and customers.
With respect to cash and deposits, the Group’s exposure to credit risk arises from the risk of default by the counterparty
with a maximum exposure equal to the carrying amount of these assets. To mitigate this risk, cash and deposits are only
held with reputable banking institutions. The Group reduces the concentrations of credit risk in cash and deposits by
holding balances with a number of separate institutions, wherever possible with banks that are also lenders to the Group.
Interest Rate Risk
The Group is exposed to interest rate risk primarily due to the long-term debt obligations with floating rates of interest.
Interest Rate Sensitivity
A change of 100 basis points in market interest rates would have increased/(decreased) equity and profit and loss by the
amounts shown below.
Increase in interest rates
Decrease in interest rates
Foreign Currency Risk
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
(3.3)
3.3
(3.1)
3.1
The Group is exposed to translation and transaction foreign exchange risk. Several other currencies in addition to the
reporting currency of US Dollar are used, including Sterling and the Euro. The Group experiences currency exchange
differences arising upon retranslation of monetary items (primarily short-term inter-company balances and long-term
borrowings), which are recognised as an expense in the period the difference occurs. The Group endeavours to match the
cash inflows and outflows in the various currencies; the Group typically invoices its customers in their local currency and
pays its local expenses in local currency, as a means to mitigate this risk.
The Group is also exposed to exchange differences arising from the translation of its subsidiaries’ financial statements into
the Group’s reporting currency of US Dollar with the corresponding exchange differences taken directly to equity.
The following table illustrates the movement that 10 per cent in the value of Sterling or the Euro against the USD would
have had on the Group’s profit or loss for the period and on the Group’s equity as at the end of the period.
128/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple�10% movement in Sterling to US Dollar value
Profit or loss
Equity
10% movement in Euro to US Dollar value
Profit or loss
Equity
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
5.1
37.4
7.5
(10.8)
0.6
25.9
6.5
(11.9)
Any foreign exchange variance would be recognised as unrealised foreign exchange in the Consolidated Statement of Profit
or Loss and have no impact on cash flows.
26 Share Capital
Shares issued and fully paid
At 1 April of £0.03 each
Issued for cash on exercise of options
Issued under the Sophos Group Long Term Incentive Plan 2015
At 31 March, Ordinary shares of £0.03
27 Distributions Made and Proposed
Year-ended 31 March 2018
Year-ended 31 March 2017
000’s
459,642
3,445
5,401
468,488
$M
21.6
0.4
–
22.0
000’s
452,172
4,087
3,383
459,642
$M
21.3
0.3
–
21.6
Cash dividends on ordinary shares declared and paid
Final dividend for the year-ended 31 March 2016 at $0.011 per share
Interim dividend for the year-ended 31 March 2017 at $0.013 per share
Final dividend for the year-ended 31 March 2017 at $0.033 per share
Interim dividend for the year-ended 31 March 2018 at $0.014 per share
Total cash dividends paid
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
–
–
15.3
6.5
21.8
5.0
5.9
–
–
10.9
The Directors have proposed that the Company will pay a full-year dividend for the year-ended 31 March 2018 amounting to
3.5 US Cents per share.
Proposed final dividends on ordinary shares are subject to approval at the Annual General Meeting to be held on 30 August
2018, and are not recognised as a liability at 31 March 2018.
28 Share-Based Payments
On 25 June 2015, and in connection with the reorganisation of the Group immediately prior to admission of the
Company’s shares for trading on the London Stock Exchange, participants with existing options outstanding under the
Pentagon Holdings SARL approved share plans were offered to exchange their options for new options over shares in
Sophos Group plc.
On 11 June 2015, and in connection with the admission of the Company’s shares for trading on the London Stock
Exchange, the Company’s Board of Directors approved the following share-based payment plans:
The Sophos Group Long Term Incentive Plan 2015, (“2015 LTIP”)
The 2015 LTIP plan aims to motivate and retain employees and align their interest with shareholders. Under the plan the
remuneration committee of the Board can award the following types of awards: Performance Share Units, Restricted Share
Units, Share Options, Conditional Share Awards, Cash-Based Awards or Forfeitable Shares.
Sophos Group SAYE Option Scheme 2015 (“SAYE”)
The SAYE plan aims to encourage wider share ownership amongst UK employees of the Group by offering an HMRC
approved share save scheme, whereby employees are offered options to buy shares at a discount following a pre-set
savings period.
/129
IntroductionGovernanceFinancial StatementsStrategic Report
�28 Share-Based Payments continued
Sophos Group 2015 Employee Stock Purchase Plan (“ESPP”)
The ESPP plan aims to encourage wider share ownership amongst US employees of the Group by offering options
compliant with Section 423 of the Internal Revenue Code. Employees are offered options to buy shares at a discount
following a pre-set savings period.
Sophos Group International SAYE Option Scheme 2015 “(International SAYE”)
The International SAYE plan aims to encourage wider share ownership amongst the Group’s employees outside of the
UK and US by offering options to buy shares at a discount following a pre-set savings period.
Share-Based Payment Expense
The expense recognised for employee services received during the year is as follows:
Cash-settled transactions
Equity-settled transactions
Total share-based payment expense
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
2.7
39.6
42.3
1.2
31.3
32.5
The cash-settled expense comprises cash-based awards together with certain social security taxes. The carrying value of
the liability as at 31 March 2018 was $3.1M (2017: $1.8M).
Share Options
The fair value of equity-settled share options granted is measured as at the date of grant using a Black-Scholes model,
taking into account the terms and conditions upon which the options were granted.
The following table illustrates the weighted average inputs into the Black-Scholes model in the year:
Weighted average share price ($ cents)
Weighted average exercise price ($ cents)
Expected volatility
Expected life of options (years)
Risk free rate
Dividend yield
Year-ended
31 March 2018
Year-ended
31 March 2017
628.23
516.70
38.20%
2.08
1.49%
3.56%
291.00
234.00
42.40%
3.20
0.92%
0.62%
The weighted average fair value of options granted during the year was $ cents 185.33 (2017: $ cents 51.75).
The expected volatility reflects the assumption that the historical share price volatility is indicative of future trends, which
may not necessarily be the actual outcome. An increase in the expected volatility will increase the estimated fair value.
The expected life of the options is based on historical data and is not necessarily indicative of exercise patterns that may
occur. The expected life used in the model has been adjusted, based on the Director’s best estimate, taking into account
the effects of exercise restrictions, non-transferability and behavioural considerations. An increase in the expected life will
increase the estimated fair value.
130/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�The number and weighted average exercise prices (“WAEP”) of, and movements in, share options during the year are set
out below:
Year-ended 31 March 2018
Year-ended 31 March 2017
Outstanding at the start of the year
Awarded
Forfeited
Exercised
Outstanding at the end of the year
Number
000’s
16,973
1,667
(648)
(3,768)
14,224
WAEP
£ pence
79.9
317.2
138.6
92.7
94.0
Number
000’s
22,677
1,725
(642)
(6,787)
16,973
Exercisable at the end of the year
10,030
58.3
10,958
WAEP
£ pence
51.8
162.0
105.0
33.9
79.9
59.0
The weighted average share price for options exercised during the year was £ pence 512 (2017: £ pence 262).
Options outstanding at the end of the year had the following range of exercise prices and weighted average remaining
contractual terms (“WARCT”):
Exercise price
$ Cents / £ pence
Number
000’s
WARCT
Years
Number
000’s
WARCT
Years
31 March 2018
31 March 2017
$ 1.8598
$ 47.5891
$ 51.9154
$ 59.7813
$ 70.7937
$ 91.2452
$ 155.7461
$ 210.8078
£ 162.0000
£ 371.0000
£ 367.8800
–
259
–
8,134
300
23
2,742
371
1,537
620
238
14,224
–
2.2
–
4.7
6.2
6.2
6.5
6.9
1.9
2.9
0.3
4.6
153
676
32
9,972
378
175
3,523
419
1,645
–
–
16,973
3.2
3.2
5.7
5.7
7.2
7.2
7.5
7.9
2.9
–
–
5.9
Outstanding at the end of the year
Restricted Shares
The following table illustrates the number and weighted average share price (“WASP”) on date of award of, and movements
in, non-vested restricted shares in the year:
Restricted shares
Outstanding at the start of the year
Vested
Outstanding at the end of the year
Year-ended 31 March 2018
Year-ended 31 March 2017
Number
000’s
127
(63)
64
WASP
$ Cents
155.75
155.75
155.75
Number
000’s
127
–
127
WASP
$ Cents
155.75
–
155.75
/131
IntroductionGovernanceFinancial StatementsStrategic Report
�28 Share-Based Payments continued
Restricted Share Units
The following table illustrates the number and weighted average share price (“WASP”) on date of award, and movements in,
restricted share units (“RSUs”) and cash based awards granted under the 2015 LTIP:
Restricted share units
Outstanding at the start of the year
Awarded
Forfeited
Released
Outstanding at the end of the year
Year-ended 31 March 2018
Year-ended 31 March 2017
Number
000’s
15,350
6,337
(1,421)
(5,426)
14,840
WASP
£ pence
215.92
453.14
284.15
218.49
316.09
Number
000’s
9,389
10,930
(1,652)
(3,317)
15,350
WASP
£ pence
264.74
187.00
209.94
261.81
215.92
RSUs and cash-based awards vest as to 25 per cent (20 per cent in the case of RSUs with a five year vesting period) on the
anniversary of the award and the remaining 75 per cent (or 80 per cent in the case of RSUs with a five year vesting period)
quarterly thereafter.
Performance Share Units
The following table illustrates the number and weighted average share price (“WASP”) on date of award, and movements in,
performance share units (“PSUs”) granted under the 2015 LTIP:
Performance share units
Outstanding at the start of the year
Awarded
Forfeited
Released
Outstanding at the end of the year
Year-ended 31 March 2018
Year-ended 31 March 2017
Number
000’s
6,024
1,719
(197)
–
7,546
WASP
£ pence
219.41
440.50
223.96
–
269.65
Number
000’s
2,785
4,090
(745)
(106)
6,024
WASP
£ pence
265.00
186.75
203.99
265.00
219.41
PSUs vest on one vesting date following a three year vesting period which will comprise three financial years. The awards
are divided into three equal parts which will each be subject to a separate annual performance condition linked to the
financial performance of the Group.
29 Pension Schemes
The Group contributes to defined contribution pension schemes in the UK and to similar or state pension schemes
overseas for the benefit of the employees and Directors. The assets of the schemes are administered by trusts or other
bodies in funds independent from the Group.
The pension cost charge for the period represents contributions payable by the Group to the funds and amounted to $8.4M
(2017: $6.5M).
Contributions of $1.3M (2017: $1.5M) to the defined contribution pension scheme were outstanding, but not overdue,
at 31 March 2018.
132/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple�30 Related Party Transactions
The consolidated financial information includes the financial information of Sophos Group plc and the subsidiaries listed in
the following table:
Country of
incorporation
Subsidiary
undertaking
Principal activity /
registered address
Class of
shares held
Percentage
of shares held
Australia
Sophos Pty Ltd 3
Selling IT security solutions
Ordinary
100%
Level 11, 1 Elizabeth Plaza, North Sydney,
NSW 2060, Australia
Canada
Sophos Inc 3
Selling IT security solutions
Common
100%
France
Sophos Sarl 3
Selling IT security solutions
Ordinary
100%
3400, 350-7th Ave SW, Calgary AB T2P 3N9, Canada
Germany
Sophos Holdings GmbH 3
Holding Company
Ordinary
100%
River Ouest, 80 Quai Voltaire, 95870 Bezons, France
Gustav-Stresemann-Ring 1, 65189 Wiesbaden,
Germany
Sophos Technology GmbH 4 Research and Development
Ordinary
100%
Amalienbadstr. 41/ Bau 52 76227 Karlsruhe, Germany
Hong Kong
Sophos Hong Kong Co Ltd 3 Selling IT security solutions
Ordinary
100%
Hungary
Sophos Hungary Kft 3
Research and Development
Ordinary
100%
Unit K, 12/F., MG Tower, No. 133 Hoi Bun Road, Kwun
Tong, Kowloon, Hong Kong
India
Sophos Technology
Private Ltd 10
Aliz Utca, 1 Office Garden, Irodahaz A Epulet, 1117
Budapest, Hungary
Selling IT security solutions
Ordinary
100%
Sophos House, Saigulshan Complex, Beside White
House, Panchwati Cross Road, Ahmedabad 380006,
Gujarat, India
Ireland
Sophos Security
Technology Ltd 3
Research and Development
Ordinary
100%
Unit C/D, Building 2100, Cork Airport Business Park,
Cork, T12 KV8R, Republic of Ireland
Italy
Sophos Italia Srl 3
Selling IT security solutions
Ordinary
100%
Japan
Sophos KK 3
Selling IT security solutions
Ordinary
100%
Via Tonale 26, CAP 20125 Milano (MI), Italy
Izumi Garden Tower 10F, 1-6-1 Roppongi,
Minato-ku Tokyo 106-6010 Japan
Luxembourg
Aspen Finance Co Sarl 2
Financing Company
Ordinary
100%
Netherlands
Sophos BV 3
Selling IT security solutions
Ordinary
100%
1-3, Boulevard de la Foire, L-1528, Luxembourg
Hoevestein 11B, 4903 SE Oosterhout NB, Netherlands
Threatstar Holding BV 8
Holding Company
Threatstar BV 9
Research and Development
SurfRight BV 8
Selling IT security solutions
Ordinary
Ordinary
Ordinary
100%
100%
100%
Singapore
Sophos Computer
Security Pte Ltd 3
Lansinkesweg 4, 7553 AE Hengelo, Netherlands
Selling IT security solutions
Ordinary
100%
60 Paya Lebar Road, #08-13 Paya Lebar Square,
Singapore 409051
Spain
Sophos Iberia Srl 3
Selling IT security solutions
Ordinary
100%
Calle Orense 81, 28020 Madrid, Spain
/133
IntroductionGovernanceFinancial StatementsStrategic Report
�30 Related Party Transactions continued
Country of
incorporation
Subsidiary
undertaking
Principal activity /
registered address
Class of
shares held
Percentage
of shares held
Sweden
Sophos AB 3
Selling IT security solutions
Ordinary
100%
Switzerland
Sophos Schweiz AG 3
Selling IT security solutions
Ordinary
100%
Färögatan 33, 164 51 Kista, Stockholms län, Sweden
Bernstrasse 388, 8953 Dietikon, Switzerland
Astaro Trading AG 5
Historical purchasing entity
Ordinary
100%
Blumenaustr. 28, 8200 Schaffhausen, Switzerland
Taiwan
Sophos Taiwan Ltd 3
Services Company
Ordinary
100%
5F-4, No. 57, Sec. 1 Chongqing S. Road, Zhongzheng
Dist., Taipei City 100 Taiwan (R.O.C.)
Turkey
Sophos Turkey Technoji
Ltd Sirketi 3
Services Company
Ordinary
100%
19 Mayıs Mah. Turaboğlu Sok., Hamdiye Yazgan, İş M.
Apt. No: 4 / 2 Kadıköy, İstanbul, Turkey
UK
Sophos Holdings Ltd 1
Holding Company
Sophos Treasury Ltd 2
Financing Company
Sophos Limited 2
Selling IT security solutions
Sophos Overseas Limited 3 Services Company
Sophos Nominees Limited 3 Share nominee company
Ordinary
Ordinary
Ordinary
Ordinary
Ordinary
100%
100%
100%
100%
100%
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK
USA
Sophos Inc 3
Selling IT security solutions
Ordinary
100%
3 Van de Graaff Drive, 2nd Floor, Burlington,
MA 01803, USA
Cyberoam Inc 6
Services Company
Ordinary
100%
10 Schalks Crossing Road, Suite 501-329,
Plainsboro, NJ 08536, USA
Reflexion Networks Inc 7
Selling IT security solutions
Ordinary
100%
1209 Orange St, Wilmington, County of
New Castle DE 19801, USA
Invincea, Inc 7
Selling IT security solutions
Sandboxie Holdings, LLC 11
Services Company
Ordinary
Ordinary
100%
100%
2711 Centerville Rd Suite 400, Wilmington,
New Castle, DE 19808, USA
1 Shares held by Sophos Group Plc
5 Shares held by Sophos Technology GmbH
9 Shares held by Threatstar Holding BV
2 Shares held by Sophos Holdings Ltd
6 Shares held by Sophos Technology Private Ltd
10 Shares held by Sophos Limited and
3 Shares held by Sophos Limited
7 Shares held by Sophos Inc
4 Shares held by Sophos Holdings GmbH
8 Shares held by Sophos BV
Sophos Nominees Limited
11 Shares held by Invincea, Inc
134/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�Other Related Parties
During the year the Group entered into transactions, in the ordinary course of business, with other related parties.
During the year-ended 31 March 2018, no provisions were made for doubtful debts relating to amounts owed by related
parties (2017: $Nil).
Sales and purchases between related parties are made at normal market prices. Outstanding balances with entities other
than subsidiaries are unsecured, interest free and cash settlement is expected within 60 days of invoice. Terms and
conditions for transactions with subsidiaries are the same, with the exception that balances are placed on inter-company
accounts with no specified credit period.
The Group has not provided or benefitted from any guarantees for any related party receivables or payables.
The Company and certain subsidiaries have provided unsecured guarantees to certain third parties within the normal
course of business, the majority of which were in favour of certain lenders in respect of some of the Group’s borrowing
facilities. As at 31 March 2018, these guarantees totalled $308.8M (2017: $349.2M) relating to the Group’s financing facilities.
Compensation of Key Management Personnel (Including Directors)
Short-term employee benefits
Post-employment benefits
Share-based payments – equity-settled
Total
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
9.1
0.1
17.7
26.9
9.7
0.1
16.0
25.8
Short-term employee benefits comprise fees, salaries, benefits and bonuses earned during the year as well as non-
monetary benefits.
Post-employment benefits comprise the cost of providing defined contribution pensions to senior management in respect
of the current period.
Share-based payments comprise the cost of senior management’s participation in share-based payment plans for the
period as measured by the fair value of awards in accordance with IFRS2.
31 Business Combinations
The Group has not entered into any business combinations during the year-ended 31 March 2018.
Invincea, Inc.
In the prior-year, on 21 March 2017, Sophos Inc. acquired for cash 100 per cent of the share capital of Invincea, Inc.,
a company based in Fairfax, Virginia, United States. The acquisition is significantly strengthening the Group’s industry
leading next-generation endpoint protection product by adding Invincea, Inc.’s machine learning and artificial intelligence
technology threats.
Acquisition-related expenses of $4.1M have been excluded from the consideration transferred and have been recognised
as an expense within General finance and administration – exceptional items.
/135
IntroductionGovernanceFinancial StatementsStrategic Report
�31 Business Combinations continued
Assets acquired and liabilities assumed on the day of acquisition were as follows:
Non-current assets:
Intangible assets
Intellectual property
Customer relationships
Plant and equipment
Current assets:
Trade and other receivables
Deferred tax asset
Cash and cash equivalents
Non-current liabilities:
Deferred tax liability
Current liabilities:
Deferred revenues
Trade and other payables
Lease obligations
Net assets recognised at the date of acquisition
Cash paid
Contingent consideration
Goodwill arising on acquisition – Invincea, Inc.
Book value
$M
Adjustment
$M
Fair value
$M
–
–
0.2
1.3
13.8
0.3
–
6.1
3.7
–
5.8
18.5
1.2
–
–
–
–
18.5
1.2
0.2
1.3
13.8
0.3
8.7
8.7
(2.0)
–
–
13.0
4.1
3.7
–
18.8
95.9
19.3
96.4
Prior to the acquisition, Invincea, Inc. operated in a complimentary market sector to the Group and, accordingly, the results
of Invincea, Inc. are incremental to those of the Group. Revenue of $529.7M for the twelve-months to 31 March 2017
includes $0.2M in respect of Invincea, Inc. The impact of Invincea, Inc. on the operating loss of the Group for the period-
ended 31 March 2017 was insignificant. Had Invincea, Inc. been owned since 1 April 2016, revenue for the year-ended
31 March 2017 would have increased over the reported revenue by approximately $19.1M. The impact on the operating
loss of the Group would have been $7.0M.
Included in the assets acquired was a deferred taxation balance of $13.8M. The deferred tax asset relates to tax losses
of $11.3M, deferred revenue of $1.1M and intangible assets of $1.4M. Sufficient profits are forecasted, in the timeframe
in which the Group forecasts, against which the recognised tax losses will be offset.
136/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�Intellectual Property – Silent Break Security
In the prior-year, on 18 November 2016, Sophos Limited entered into an agreement to buy for cash the trade and assets of
Silent Break Security LLC and acquire the Intellectual Property of “PhishThreat”, a phishing attack simulator used to train
users to spot phishing attacks, dangerous attachments and bogus scripts. The Group also secured the ongoing services of
certain key employees.
Assets acquired
Cash paid
Contingent consideration
Goodwill arising on asset acquisition from Silent Break Security LLC
Fair value
$M
3.1
3.0
1.2
1.1
Had the trade and assets of Silent Break Security LLC been owned since 1 April 2016, the impact on the operating loss of
the Group would have been insignificant.
Barricade Security Systems Limited
In the prior-year, on 20 October 2016, Sophos Limited acquired for cash 100 per cent of the share capital of Barricade
Security Systems Limited, a company based in Cork, Ireland. The company was a start-up company providing cloud-based
security analytics and the acquisition has strengthened the Group’s machine learning and artificial intelligence expertise.
Non-current assets
Trade and other receivables
Cash and cash equivalents
Trade and other payables
Net liabilities recognised at the date of acquisition
Cash paid
Goodwill arising on acquisition – Barricade Security Systems Limited
Fair value
$M
0.1
0.1
–
0.5
0.3
1.9
2.2
Prior to the acquisition, Barricade Security Systems Limited had immaterial revenues and all trading ceased on the day
of acquisition. The impact of Barricade Security Systems Limited on the operating loss of the Group for the period is
insignificant. Had Barricade Security Systems Limited been owned since 1 April 2016, the impact on the operating loss
of the Group would have been insignificant.
Goodwill arose in all the above business combinations because the cost of the combination included amounts in relation
to the benefit of expected synergies, future market development and the assembled workforce. These benefits are not
recognised separately from goodwill because they do not meet the recognition criteria for identifiable intangible assets.
None of the goodwill recognised is expected to be deductible for income tax purposes.
/137
IntroductionGovernanceFinancial StatementsStrategic Report�32 Notes to the Consolidated Statement of Cash Flows
Acquisition of subsidiaries net of cash acquired
Consideration paid, satisfied in cash:
– Invincea, Inc.
– Intellectual Property - Silent Break Security
– Barricade Security Systems Limited
– Reflexion Networks Inc.
Net cash purchased
Acquisition of subsidiaries net of cash
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
3.7
–
–
1.2
–
4.9
95.9
3.0
1.9
1.2
(0.3)
101.7
Movement in net debt
Cash at bank and in hand
Short-term deposits
Cash and cash equivalents
Obligations under finance leases
Bank loans
Gross debt
Net debt
Movement in net debt
Cash at bank and in hand
Short-term deposits
Cash and cash equivalents
Obligations under finance leases
Bank loans
Gross debt
Net debt
31 March 2017
$M
Cash flow
$M
Non-cash
movements
$M
Effect of
movements in
exchange
rates
$M
31 March 2018
$M
(62.3)
(5.8)
(68.1)
0.1
345.6
345.7
277.6
1.1
(46.3)
(45.2)
(0.1)
(50.1)
(50.2)
(95.4)
–
–
–
–
1.1
1.1
1.1
(6.1)
(0.7)
(6.8)
–
9.7
9.7
2.9
(67.3)
(52.8)
(120.1)
–
306.3
306.3
186.2
31 March 2016
$M
Cash flow
$M
Non-cash
movements
$M
Effect of
movements in
exchange
rates
$M
31 March 2017
$M
(49.7)
(17.1)
(66.8)
0.2
324.7
324.9
258.1
(16.2)
8.7
(7.5)
(0.1)
24.1
24.0
16.5
–
–
–
–
0.9
0.9
0.9
3.6
2.6
6.2
–
(4.1)
(4.1)
2.1
(62.3)
(5.8)
(68.1)
0.1
345.6
345.7
277.6
Non-cash movements comprise amortisation of facility fees.
138/
Notes to the Consolidated Financial Statements continuedFor the year-ended 31 March 2018Cybersecurity made simple
�33 Commitments and Contingent Liabilities
Operating lease arrangements
Amount recognised for the year:
Property
Other
Total
Year-ended
31 March 2018
$M
Year-ended
31 March 2017
$M
12.5
1.6
14.1
10.8
1.4
12.2
At the reporting date, the Group had outstanding commitments for future minimum lease payments under non-cancellable
operating leases, which fall due as follows:
Within one year
In the second to fifth years inclusive
After five years
Total
31 March 2018
$M
31 March 2017
$M
14.0
34.8
19.7
68.5
12.0
34.8
20.6
67.4
Commitments for the Acquisition of Property, Plant and Equipment
At 31 March 2018 the Group had entered into contractual commitments for the acquisition of property, plant and
equipment amounting to $Nil (2017: $0.2M).
Guarantees
At 31 March 2018 the Group had outstanding guarantees provided to third parties of $1.3M (2017: $1.2M).
Legal Proceedings
The Group is involved in a number of legal proceedings that are incidental to our business. Although it is possible that
adverse decisions (or settlements) may occur in one or more of the cases, it is not currently possible to estimate the
potential loss or losses. The final outcome of these proceedings, individually or in the aggregate, is not expected to have
a material impact on the business.
Litigation is currently in process against an entity within the Group by RPost Holdings Inc. The company allege patent
infringements and claim unspecified damages. In accordance with IAS 37.92, the Group does not provide further
information on the grounds that this could seriously prejudice the outcome of the litigation. The Directors are of the
opinion that the claim can be successfully resisted by the Group.
34 Principal Exchange Rates
Principal exchange rates
Translation of Sterling into US dollar ($:£1.00)
Average
Closing
Translation of Euro into US dollar ($:€1.00)
Average
Closing
Year-ended
31 March 2018
Year-ended
31 March 2017
1.3264
1.4028
1.1664
1.2299
1.3200
1.2505
1.1017
1.0696
When calculating performance measures on a constant currency basis, the Group uses the closing balance sheet rate of
the previous year.
35 Events After the Reporting Period
There are no material events after the reporting period which require disclosure under IAS10.
/139
IntroductionGovernanceFinancial StatementsStrategic Report
�Company Only Statement of Financial Position
At 31 March 2018
Company registered number: 09608658
Note
31 March 2018
$M
31 March 2017
$M
Non-current assets
Deferred tax asset
Investments
Loan due from subsidiary
Current assets
Amounts due from subsidiaries
Total current assets
Total assets
Current liabilities
Trade and other payables
Amounts due to subsidiaries
Total current liabilities
Net assets
Represented by:
Share capital
Share premium
Retained earnings
Share-based payment reserve
Total equity
3
4
5
8.8
1,099.1
93.5
1,201.4
27.8
27.8
13.6
1,068.4
93.5
1,175.5
24.0
24.0
1,229.2
1,199.5
–
46.7
46.7
0.6
26.2
26.8
1,182.5
1,172.7
22.0
122.3
946.1
92.1
21.6
118.4
977.1
55.6
1,182.5
1,172.7
These Financial Statements were approved by the Board of Directors on 16 May 2018 and were signed on its behalf by:
Nick Bray
Chief Financial Officer
The notes on pages 142 and 143 form an integral part of these financial statements.
140/
Cybersecurity made simple
�Company Only Statement of Changes in Equity
At 31 March 2018
At 31 March 2016
Loss for the period:
Other comprehensive profit or loss:
Total comprehensive loss
Share options exercised
Disposal of EBT treasury shares
Share-based payments – expense
Share-based payments – deferred tax
Cash dividend
At 31 March 2017
Loss for the period:
Other comprehensive profit or loss:
Total comprehensive loss
Share options exercised
Share-based payments - expense
Share-based payments - taxation
Cash dividend
At 31 March 2018
Share Capital
$M
Share Premium
$M
Retained
Earnings
$M
Share Based
Payment
Reserve
$M
Total
$M
21.3
115.9
993.7
19.0
1,149.9
–
–
–
0.3
–
–
–
–
–
–
–
2.5
–
–
–
–
21.6
118.4
–
–
–
0.4
–
–
–
–
–
–
3.9
–
–
–
22.0
122.3
(5.6)
–
(5.6)
–
(0.1)
–
–
(10.9)
977.1
(9.2)
–
(9.2)
–
–
–
(21.8)
946.1
–
–
–
–
–
31.3
5.3
–
55.6
–
–
–
–
39.6
(3.1)
–
92.1
(5.6)
–
(5.6)
2.8
(0.1)
31.3
5.3
(10.9)
1,172.7
(9.2)
–
(9.2)
4.3
39.6
(3.1)
(21.8)
1,182.5
The notes on pages 142 to 143 form an integral part of these financial statements.
/141
IntroductionGovernanceFinancial StatementsStrategic Report�Notes to the Company Financial Statements
For the year-ended 31 March 2018
1 Principal Accounting Policies
The following accounting policies have been applied consistently in dealing with items which are considered material in
relation to the Company’s Financial Statements.
Basis of Preparation
The Company and its trading subsidiaries have considerable financial resources and a large number of customer contracts
across different geographic areas and industries. As a consequence, the Directors believe the Company is well placed to
manage its business risks successfully.
The Company operates as an investment company for the Sophos Group, holding investments in subsidiaries financed by
Group companies. As the Company is an intrinsic part of the Group’s structure, the Directors have a reasonable expectation
that Group companies will continue to support the Company through trading and cash generated from trading for the
foreseeable future. Thus the Group continues to adopt the going concern basis in preparing the Financial Statements.
The Financial Statements have been prepared in accordance with Financial Reporting Standard 102 (“FRS 102”) and under
the historical cost accounting rules.
Under section 408 of the Companies Act 2006, the Company is exempt from the requirement to present its own profit and
loss account.
The Company is considered to be a qualifying entity for the purposes of FRS 102 and has applied the exemptions available
under FRS 102 in respect of the cash flow statement and key management personnel compensation.
As the Consolidated Financial Statements of the Company include the equivalent disclosures, the Company has also taken
the exemptions available under FRS 102 in respect of disclosures in respect of share-based payments, financial
instruments and the requirements of Section 33 Related Party Disclosures paragraph 33.7.
Investments
Investments in subsidiary undertakings are stated at cost less any provision for impairment.
Foreign Currencies
Transactions in foreign currencies are recorded using the rate of exchange ruling at the date of the transaction. Monetary
assets and liabilities denominated in foreign currencies are translated using the rate of exchange ruling at the balance
sheet date and the gains or losses on translation are included in the profit and loss account. Non-monetary assets and
liabilities denominated in foreign currencies are stated at historical foreign exchange rates.
Interest-Bearing Loans and Borrowings
Obligations for loans and borrowings are recognised when the Company becomes party to the related contracts and are
measured initially at fair value less directly attributable transactions costs. After initial recognition, interest-bearing loans
and borrowings are subsequently measured at amortised cost using the effective interest method. Gains and losses arising
on the repurchase, settlement or otherwise cancellation of liabilities are recognised respectively in finance income and
finance expense.
Going Concern Basis
The Company operates as an investment company for the Sophos Group, holding investments in subsidiaries financed by
Group companies. As the Company is an intrinsic part of the Group’s structure, the Directors have a reasonable expectation
that Group companies will continue to support the Company through distribution or debt/financing supported by trading
and cash generated. Thus the Group continues to adopt the going concern basis in preparing the Financial Statements.
142/
Cybersecurity made simple�2 Profit and Loss Account
The loss after tax dealt with in the books of the Company was $9.2M (2017: $5.6M). Under section 408 of the Companies
Act 2006 the Company is exempt from the requirement to present its own profit and loss account.
3
Investments
Investment in Sophos Holdings Limited
Investment in Sophos Limited
At 31 March
31 March 2018
$M
31 March 2017
$M
1,035.8
63.3
1,099.1
1,035.8
32.6
1,068.4
The investment in Sophos Holdings Limited, a holding company for the Sophos Group, comprises 100 per cent of the
ordinary share capital.
The investment in Sophos Limited comprises share-based payment expenses for equity awards granted to participants
employed by Sophos Limited and its subsidiaries.
4 Loan Due From Subsidiary
As part of the re-financing of the Group on 1 July 2015, the Company lent $93.5M to Sophos Holdings Limited, a wholly
owned subsidiary.
The loan carries a variable interest rate based on the Group’s Senior Facility A loan plus a margin of 0.1 per cent and is
repayable in full at the end of a 60-month term on 1 July 2020.
5 Share Capital
Shares issued and fully paid
At 1 April of £0.03 each
Issued for cash on exercise of options
Issued under the Sophos Group Long Term Incentive Plan 2015
At 31 March, Ordinary shares of £0.03
6 Functional Currency
Year-ended 31 March 2018
Year-ended 31 March 2017
000’s
459,642
3,445
5,401
468,488
$M
21.6
0.4
–
22.0
000’s
452,172
4,087
3,383
459,642
$M
21.3
0.3
–
21.6
Sophos Group plc is registered in England and Wales and has a functional currency of US Dollars.
/143
IntroductionGovernanceFinancial StatementsStrategic Report�Glossary
Adjusted operating
profit
Adjusted operating profit represents the Group’s operating profit/(loss) adjusted for amortisation charges,
share option charges and exceptional items
AES
Americas
APJ
Billings
Advanced Encryption Standard
North and South America
Asia-Pacific and Japan
Billings represents the value of products and services invoiced to customers after receiving a purchase order
from the customer and delivering products and services to them, or for which there is no right to a refund
Blue chip
Channel partners who transact five or more deals in a trailing six-month period
Board
BYOD
CAGR
Cash EBITDA
The Board of Directors of Sophos Group plc
Bring Your Own Device
Compound annual growth rate
Cash EBITDA is defined as the Group's operating profit adjusted for depreciation and amortisation charges, any
gains or losses on the sale of tangible and intangible assets, share option charges, unrealised foreign exchange
differences and exceptional items with billings replacing revenue
Cash EBITDA margin
Cash EBITDA margin is calculated as cash EBITDA as a percentage of billings
Channel first
The distribution model used by the Group, where products are sold to end customers through a network of
channel partners and distributors
Company
Sophos Group plc
Constant currency
The group uses US Dollar-based constant currency models to measure performance. These are calculated by
applying a single exchange rate to local currency transactions for both the current and prior-year. This gives US
Dollar denominated measures that exclude variances attributable to foreign exchange rate movements
Deep Learning
An advanced form of machine learning inspired by the way the human brain works. It is the same type of
machine learning often used for facial recognition, natural language processing, self-driving cars, and other
advanced fields of computer science and research
Directors
The Executive and Non-Executive Directors of the Company
DPI
EBITDA
EMEA
Deep Packet Inspection
Earnings before interest, taxation, depreciation and amortisation
Europe, Middle East and Africa
Enduser / end user
Enduser being a sub-set of the Group’s products; end user being the ultimate user and customer of the Group’s
products
GHG
Group
HTML5
IASB
IFRS
KPI
MSP
OEM
RED
Greenhouse gas
The group of companies owned by Sophos Group plc
The fifth revision of the HyperText Markup Language of the internet used for structuring and presenting content
for the world wide web
International Accounting Standards Board
International Financial Reporting Standards
Key Performance Indicator
Managed Service Provider
Original Equipment Manufacturer
Remote Ethernet Device
Renewal rate
Retention rate
Renewal rates are calculated by comparing the US Dollar amount of contracts renewed in a period (including
instances of cross-sell and upsell) to the US Dollar amount of contracts available for renewal in the period
Retention rates are calculated by comparing the US Dollar amount of contracts renewed into the following
period (including instances of cross-sell and upsell) to the US Dollar amount of total contracts at the start of
the period
Secure SSL
Secure Sockets Layer, a standard security technology for establishing an encrypted link between a server and
a client
Unlevered free cash
flow
Unlevered free cash flow represents cash EBITDA less purchases of property, plant and equipment and
intangibles, plus cash flows in relation to changes in working capital and taxation
UTM/NGFW
Unified Threat Management/Next-Generation Firewall
VAR
VPN
Value-Added Reseller
Virtual Private Network
Weighted average
contract length
Weighted average contract length is calculated on a last twelve month basis, at constant currency and provides
an indication of the period over which future revenue will be recognised
144/
Cybersecurity made simple�Company Information
Directors
Peter Gyenes
Kris Hagerman
Nick Bray
Sandra Bergeron
Roy Mackenzie
Rick Medlock
Steve Munford
Vin Murria
Paul Walker
Registered Office
Sophos Group plc
The Pentagon
Abingdon Science Park
Abingdon
OX14 3YP
Registered number: 09608658
www.sophos.com
Registrar Services
Link Asset Services
34 Beckenham Road
Beckenham
BR3 4TU
Investor Relations
investors.sophos.com
investor.relations@sophos.com
Public Relations
Tulchan Communications
85 Fleet Street
London
EC4Y 1AE
Auditor
KPMG LLP
15 Canada Square
London
E14 5GL
/145
IntroductionGovernanceFinancial StatementsStrategic Report
�2
0
1
8
A
n
n
u
a
l
R
e
p
o
r
t
a
n
d
A
c
c
o
u
n
t
s
�