NCC Group plc (NCC) Earnings Call Transcript & Summary

Hi. I'm Mike Maddison, the CEO of NCC Group. So NCC Group is a global leader in providing cyber resilience services. At the heart of our business are our people. NCC is a people-powered but tech-enabled business. That has been as priority for us to ensure that there is visibility, transparency and understanding of the component parts of our business. NCC is made up of 2 [ significant ] businesses, our Software Resilience business, Escode, and a large part of our business is our Cyber Security services. So Cyber Security is the largest part of our business in terms of revenue. Our strategy is to build a business that delivers to our clients an end-to-end set of services that addresses the existential risk and primary risk of the digital age. And our capabilities range from instant response for helping clients in their moments of most distressed crisis, being able to support change and implement changes within environmental consulting and implementation services to help clients operate and run elements of their environment, our Managed security services, and then, ultimately, to be able to provide technical assurance across every single environment that they operate. And that's our Technical Assurance Services. And all of those capabilities together operate within a flywheel. So whatever our client requirements are, we can meet them. What I think makes NCC unique is the way we are able to bring together all of those capabilities together to solve clients' complex problems and manage risk in partnership with them. NCC Group is a unique business. We are global in nature with absolutely outstanding technical capabilities. And we are going through a transformation that is a very exciting time. It allows us to position ourselves quite uniquely globally to deliver truly outstanding service to our clients.

Well, thank you, and good afternoon, everybody. And it's great to welcome you to what I think is going to be a fantastic market event this afternoon. So it was great to hear Mike's intro. And as he said, today is about the Cyber part of our business, and we are going to immerse you all here in the room and online into our Managed Service part of our business. It's a part of our business that provides greater resilience, greater predictability to how we perform as a group. Now by way of introduction, I'm Kevin Brown. I'm our Global Chief Operating Officer. I'm responsible for all of our capabilities across the Cyber part of our business. Now, you might say that I'm slightly biased, but this is a fantastic business, and I'm only a year into my role in this journey. Well, I may have only been at NCC for a year, but actually, I've known NCC for a few longer -- a few more years than that because actually, in my previous role leading security at BT, NCC were a trusted partner to me then, providing help with regulations, but also for transformation. So it's going to be great today to really dive into it. As we look at the agenda for today, we've really built our agenda to take you through the journey that we're on at NCC Group, and in particular, the journey of our Managed Services. Before we get into the detail of our Managed Services, one of my colleagues is going to try and break down Cyber. We like acronyms. It's an acronym fest. So we're going to try and break it down into a really simple terms so we really understand it. But taking the agenda, what is this not only going to hear us talk about, but what are we going to demonstrate during the session? There are 5 things. Now, number one, we're going to talk to the fact that we're in a high-growth market. The second point, we're going to talk and explain and demonstrate that we are aligned to market demand. We're going to give you evidence and bring it to life. Actually, we're pretty good at what we do. Of course, we can always do better. We're going to talk to the fact and demonstrate that we are in a strong financial position. And when we bring these bits together, our final point is we are super optimistic about our future, and that will come out throughout the presentation. To help me today, let me introduce what's going to be a fantastic panelist of speakers. I'm going to start with introducing Doug Klotnia. Doug will be up after me. He's the Managing Director of our Managed Service business. Doug comes with a fantastic track record of growing managed service businesses across BAE, Trustwave. And Doug brings this unique blend of innovation, not just from the technical aspect, but from the commercial as well. We're then going to hear from Natalie Walker. Nestle is the Director of our Managed Service portfolio, very well regarded across the managed security service landscape. And Natalie comes with a great track record of having just worked with the business to grow a $1 billion managed service business. And then finally, we're going to come to Kevin. Kevin runs all of our operations. And I think it's fair to say that calmness is his key ingredient when it comes to managing operations, a great track record of working with clients throughout multiple geographies. So they're really going to bring our journey to life with you. Now, we've already heard reference to this from Mike. And actually, we're going to see it a few times in our presentation. Mike referred to it as a flywheel. But actually, this is a key component to our operating model across NCC Group and our Cyber business because this is our road to differentiation and success. And as Mike said, this is what makes us globally unique. Now, Natalie and Kevin are going to bring this to life with some great client stories. But put simply, us executing on this operating model means that we are not wholly reliant on selling managed services from scratch. There are many ways in which we have interaction with a client. It provides shortcuts to sales cycles, which means that actually we are more cost effective and efficient when it comes to selling managed services. And bringing and exposing this capability means that we can really demonstrate to our clients that we are their go-to, end-to-end cybersecurity trusted partner. So without further ado, I'm going to hand you over to Doug now to take us into the detail.

Great. Thank you, Kevin. Hello, everyone. We are very excited to have you here. We're eager to tell you the story about our Managed Services and the journey that we've been on. I'm not local, Chicago, but I've been here many times. So I'm going to try to present myself as local as possible. So a couple of key things. I just want to set the stage. As Kevin said, my role here at the outside is to kind of -- let's talk about what this market is. A lot of terms get thrown around interchangeably. And what does it mean in terms of the way that we think about it and talk about it? So a couple of things that I think are really important -- AI is literally everywhere. Our clients are using it. We as a service provider are using it. And guess what? Folks who are trying to steal data, they're using it too. What does that mean? Well, defending against a compromise becomes more complex than it's ever been before. But some of the tried and true things like good old-fashioned phishing attacks, still rule the day, and that hasn't changed. You're going to hear throughout our presentation today, and hopefully you walk out and you feel the way that I do, we have a plan for this. We're aligned to the market, and we'll be pursuing that eagerly. So as I said, I have the enviable position of kind of describing what Managed Security Services is in all of these terms that we talk about, because they do get thrown around in our industry pretty interchangeably. And we tend to do an acronym thing, and I'm sure I'm going to fall in that trap. I apologize for that, and I'll try to avoid at all cost. But just to set the stage, what is Managed Security Services? Well, simply put, it's an all-encompassing thing, all variations of outsourced security operations. That's what MSS stands for. You could call yourself an MSSP if all you did was manage firewalls. But that's not really where the market's at. That's not where the demand is at. The demand today is at I need you to help me find sensitive data. It could be in my environment. It could be outside my environment. I need to know that it exists. And then I need to know, geez, is it sensitive against an attack? And then, if it is, what are you going to do about it so I make sure I'm protected in real time? This is ultimately what our clients are asking for from us today and which we'll talk mostly about. As I said, it's a fast-growing market. Now, I'm going to talk a little bit about MXDR here for a second. MXDR, Managed Extended Detection Response -- see, I did an acronym before I used the word -- and Managed Detection Response are often used interchangeably with Managed Security Services. But this is the thing I just talked about. It's preventing against attack in real-time managing threat. That's essentially what Managed Extended Detection Response [ and MDR ] is. This is where the market is super-duper hot. IDC expects it to grow over 26% from 2023 through 2028. This is my favorite slide. So this is the classic alphabet soup of Managed Security Services and Security Services. But everything here, every element here, contributes to us delivering value to our clients. And they kind of neatly fall into 3 categories. You've got your far left column, which is fine sensitive data. And that can involve -- there's a thing on the dark web that I didn't know I had on the dark web, like my user name and credentials. It could be something in your own environment that you didn't know existed, but you ran a scan and you figured out it existed. And then lastly, you know all the stuff about this data. What are you going to do about it? I got to prioritize it. I got to reduce the vulnerability associated with it. Is it vulnerable at all? That's all kind of tell me about the data side of things. Okay. Now I've found the data. what am I going to do about it? Well, you've got to protect it because it means something to you. And there's a variety of ways that you can do this, but the most common technologies that are most sought after today are things like endpoint detection and response, which could be something as simple as a piece of software on your laptop and it's analyzing a threat against that machine. Again, it's a piece of software. It's not a service. That would be true of network detection response, which is the same thing, but it's doing it at a network level. And then MXDR is kind of a catchall. A refrigerator has an IP address. A machine in a factory has an IP address. Those would be examples of a catch-all for everything else, and that becomes what you know as -- sorry, Extended Detection Response. And then lastly, where we really bring value is we got to make sense of all this and help a client protect themselves in real time. And we use technology to help us do that, and there are some great SIM technologies out there. We have strategic partnerships, which you'll hear more about, with organizations like Splunk and Microsoft. And they help us understand, as a service provider, is a thing happening, or is this just something that's happening to an individual machine. It gives us context. It gives us the ability to respond in a systematic way and help our clients understand what the threat really is all about. And then you get into our space. So we're managing all this, which is what ultimately matters. All this stuff is shooting off a bunch of stuff. What does it mean? What do I do about it? Service providers like us say, "We'll help you understand if it's a thing or not, and we'll react to it and protect you in real time. There will be more acronyms, I promise you. Okay. Now, as a end-to-end cybersecurity company from, hey, we discovered a piece of data all the way through to we're going to defend you against a breach, you have to have a really intimate relationship with your client. And that's true for us as well. And our clients are telling us, pretty routinely, these are the things that really matter to them. Regulations are becoming more complex. They're changing every day. They're different by geography. They're different by industry. It's, frankly, hard to keep up, and you've got to manage your cyber risk in line with those compliance standards. They've got to prove they're doing what they say they're doing. They've got to prove to their stakeholders, internal, external stakeholders, that the service that they're using, the things that they're doing, are effective to protect the environment. Cost is a factor. It's probably the #1 buying decision, right? People are not making decisions without knowing exactly how much something costs. Can they afford it? Is it aligned with what they should spend on that problem? So they're guided cost-effectively. And then, most importantly, they've got to defend the environment. If something happens, did you know it happened? Could you solve it? Could you remediate it? Could you do it quickly? These are all the things that they expect from a service provider like NCC. Okay. With that, let me just spend a minute kind of whizzing through the market. So this is IDC's actual spend in the market as of 2023. And what I -- what this says to me is resiliency. Everyone is participating. This is not a vertical sector strategy. Now, I talked about regulation. I talked about geography and things that are challenging organizations. At the end of the day, the service they need to meet those standards that I just talked about are pretty dadgum consistent. So we can offer a very similar service even though the drivers are so varied by all these different verticals. It allows us to scale and also solve their problems, so great resiliency. This is not a single vertical strategy by any sense. I'll also say it's a sizable industry. It's GBP 20 billion as of 2023. And as I indicated -- that one of the hottest areas of growth is the MDR/XDR space, which is growing at 26% through 2028. Interestingly, only 42%, and I do say only because, guess what, according to IDC, in 2027, over 70% of organizations will have some form of an MDR/XDR solution. So you're going to see very significant growth not only with the existing community that's participating but future buyers who have not participated yet. And what are the drivers? The drivers are what I just described, but also the requirements -- I had to have trust, and I have to have confidence in your expertise. They don't have the resources. They can't scale. And so they're looking for someone to provide economies of scale. And a very good example of this is there's a major foundation in the U.S., $70 billion endowment or something of that sort. A year and a half or 2 back, they came to us, big brand, under constant phishing attack. They couldn't scale. They couldn't respond. They couldn't defend themselves. They came to us, and we quickly said, here's the thing, what you're trying to defend yourself against is really hard. It's not an easy problem to solve. I think we can help you do it. And we gave them a plan. By the way, you're getting a lot of this, and that's not going to stop tomorrow. We proved we could do it at scale. Those 2 things and the fact that we are very candid, that it's a hard problem and it wasn't an easy problem to fix, immediately created trust with them, and we demonstrated our ability to scale. That one is a really important deal. So with all that opportunity, guess what comes with it? Good, old-fashioned competition, and that's certainly true here, too. So the way I think of this is they kind of -- our compares kind of fall into 5 neat buckets. You've got your pure-play security service providers, which I think NCC certainly fits into. You've got your specialist MSSPs who today might call themselves an MDR or XDR provider. That could be like a BlueVoyant, could be an Expel, could be an Arctic Wolf, often PE-backed, maybe not necessarily focused on making money today, but certainly focused on growing. They tend to have a one-size-fits-all all for their customers, a platform-only based solution. You got your telcos who have a big relationship with a client. They're trying to get a bigger share of wallet. Why not getting the cyber? You've got your global system integrators. You've got your Accentures and your PwCs, et cetera. And they tend to do very custom solutions for very large enterprise. As I take a step back, and maybe I'm biased, it often looks a lot like staff augmentation to me and a lot of custom work. And then lastly, you've got your resellers. And frankly, they're trying to make a buck off of reselling software, and God bless them, good for them. So where do we fit? We are a broad cybersecurity services provider, everything from testing through to incident response with Managed Services in the middle. We've got global scale, but we also have local presence. There are unique needs in the market. Kevin Jonkers will talk a lot about our last mile and how we face off with clients to support them locally, but we also have the scale to do it globally. I really want to talk about the Unified Cyber Platform, which we're invariably going to call the UCP today, and that's what it means, and we apologize ahead of time for using acronyms. I'm sure we'll fall into that trap. But this is a really important investment we made. About 1.5 years ago, we had, through years of successful acquisitions, built up a lot of different ways of doing things that weren't very consistent. What did that mean? That meant that we had a fair amount of technical debt. Customers weren't getting consistent experience. We weren't able to scale. We weren't able to innovate for the next thing. So we made a decision to move forward, take a lot of the great things that we were doing, invest in those things, use modern technology and introduce something called Unified Cyber Platform. I'll leave it there because Natalie's got some detail on that, but it's a very exciting part of our strategy, and it's going to uncork our growth opportunity. We've always had amazing people, and the technology is becoming so advanced that marrying up with our people is a great opportunity. All those things together puts us in a position, and our clients tell us it's true, that we're very, very good at managing threat. Okay? That's a little scene-setting. With that, let me hand it off to Natalie Walker, who will go through the value proposition and tell you where we've gotten to on that front.

Okay. Thank you very much, Doug. So we've explored in detail the market. And now I'm going to explain our offering. We've touched on this, our operating model that drives our clients to us, but I'm going to bring it to life for you with a few examples. Understandably, a lot of our clients don't like to be named, and they particularly don't like to be named if we've helped them in an incident, but one that is in the public domain is the British Library. So if you imagine, that type of client is one that we've helped through their incident and beyond. And a journey through from incident response into Managed Services often starts with us deploying some software. So Doug touched on this, an endpoint software. We could be putting software on a laptop. And what that does in the incident is gives us additional visibility, and it allows us to work out what's going on and to solve the problem for the client. And that's great. At the end of that incident, often, the client finds that, that extra visibility is really useful, and they want that increased awareness of any other potential threats coming through. They're not used to managing that software themselves, so it's quite natural for them to have already built that trust with us and think, great, let's talk to you about a managed service. So a great example of that operating model driving a conversation through to business. And similarly, the same is true in all of our areas, but another example would be consultancy. So an example of a client that's used our consultancy services a number of times is the U.K. HSA, the Health Security Agency. Now, we helped them in the pandemic, and we still help them today. But similarly, a typical example of that journey through the organization could be our consultants helping a client design and then implement a security solution, any security solution. They may well start off thinking they're going to manage it themselves. They value our opinions. They value that trust. And that's fine if they want to do that. But it's not uncommon for them to then think, actually, we can see now that it's really efficient for you to do that for us. And so discussion then goes on to a managed service. This is all MXDR, the term that we used earlier on, Managed Detection and Response, that type of service. And absolutely, the reverse is true as well. So we could be managing a client's MXDR solution for them. We'll be monitoring it. We can see something's going on, and we bring in our incident response team at that point, for example, or it could be as early as our implementation of our solutions. So we're working through deploying a service for a client, and then we realized there's an opportunity for perhaps a deep dive in a particular area of risk. And so we bring our consultancy colleagues into the discussion at that point. So I want to describe to you our portfolio, first of all, with the problems that we solve. So again, kind of some terminology here, but vulnerability is effectively a risk. It's not happened yet. It could happen. And so it could be something as -- I guess as tangible as stolen credentials. Now, we know they've been stolen, they haven't actually been used yet, so it's a risk. It's not an actual threat at this point. Or similarly, outdated software. So somebody hasn't done a patching, we haven't updated our mobiles and so on. At this part of those sorts of challenges, we help a client to proactively protect. So this is a proactive action. Subsequently, you've then got a threat. So this is where something has actually happened, so laptop's compromised. Somebody has clicked on a link that they shouldn't have done or actually, for whatever reason, somebody unauthorized has got access to that network. At this point, what we're doing is we're monitoring and we're responding. So at high level, that's what our portfolio does. We can help our clients all the way through that journey or at any point in the journey. They don't have to start at the beginning. whatever suits their particular challenge in their particular stage of their journey to security. Who are those clients? So I've given you a couple of examples, but just to explain a little bit further, the mid-market, now, there's no one perfect definition, I don't think, for this particular group. We tend to find they're less than 5,000 employees, but it's less about the size. It's much more about their sort of security posture. They tend not to have their own operating team, so SOC. I'll use that term. They tend to have Board level understanding or decision-maker understanding that security is something that we absolutely want to invest in. For these groups of clients, what we do is we provide simplicity, and they do tend to take all of our solutions. They don't have to, but they do tend to. Again, the type of client would be law firms, building societies. They're all in our client base for this type of solution. And what we do, from a portfolio perspective and also from a platform perspective, is we design it for this mid-market group. But what that allows us to do is to tailor for our second group of clients, and they're the large enterprises. So these guys, clearly bigger. They tend to be more complex. And again, they don't have to, but they often pick a particular part of our solution. For these guys, they actually benefit from the scale that we have because we provide solutions across both types of clients. And examples of this type of group are universities. We serve a number of the universities in the U.K., and we serve large retail companies. So one portfolio, both types of clients. We focus on 3 areas of strength. In Managed Services, we call these our 3 pillars. And there is an ethos that flows throughout our organization, throughout our portfolio and throughout our design. Starting with quality and client centricity I think quality kind of speaks for itself. But client centricity is really that flexibility I've started to introduce and the fact that we can tailor but we can do it at scale. Threat Management, and I've alluded to this term, it's effectively that ability to monitor and to respond. We do this. We actually take the out-of-the-box capability, but we also have some engineers that design our own code. They -- we typically find that the threats that we find, 40% of those are found by the code that we've written ourselves. So clearly, that's an area of IP. We also have Threat Intel, which we, again, use external sources, but we also provide sector-specific, which we know our clients really value. And then that transparency is, again, a little bit of an ethos. It's a bit about the reporting that we provide. So we report at multiple levels, again, depending on what's appropriate for that client. And we also -- I'm going to drop an acronym, which we'll come back to, but it's a TAM. It's a Technical Account Manager. But effectively, they provide access to our clients to the experts. And we know, particularly for the mid-market, they really appreciate that. And then people-powered innovation, now, this is the blend of people and technology, and I hope that's starting to come through in our presentation, but Kevin Jonkers is going to talk to us about how people play across the 3 pillars. So back to our all-important clients, we introduced these challenges earlier on. And our 3 pillars, effectively, those areas of focus and strengths, play well into our client needs. So into the portfolio itself then, so this is structured in the same way as the problems I introduced. On the left, we've got those vulnerabilities. There is a risk. And on the right, there are the threats there, they're taking action. So it's essentially in 2 halves, and they are a collection of things in both cases, so a portfolio rather than a product, if you want to use those terms, or an umbrella, if you want -- if you prefer that. Now, I've used ASM, Attack Surface Management. Again, there are vulnerabilities, and we offer a suite of solutions which the client can take any or all, or they can take them over time. So again, examples that we used earlier could be we have a solution that allows you to check the deep and dark web for your online presence. You may find something that you weren't aware of. That is a very common challenge for our clients. Or they may want to do a scan and repeated scan and look for any assets that they weren't aware of, and just to double-check that they are correctly protected and then come up with a plan. So all of those are in that proactively protect. What we do is we add our expertise. So we add the prioritization, because what you have in all of these solutions is lots of data, lots of information. But because we're specialists, we deal with that every day. We're able to help the client to prioritize and decide which to take action on first. Our portfolio is constantly evolving. So an area here that we're launching this month is our new external Attack Surface Management. We have just piloted with 4 -- 5 clients. We struggled, actually. We had 10 that wanted to sign up. So we started with the 5, several of which are really quite keen to sign with us. And what that did is it allowed them to scan for those assets that I mentioned that were Internet-facing, that they may not have previously been aware of. One of our clients thought they had 70. We found over 300. It may not be a problem. It's an area of risk. Again, what they found really valuable was the [ rap ] that we then gave in saying, like, which ones are important? Which ones do we prioritize? Which should you take action with when, and which can you effectively discard? So that was great. A couple of examples to bring this area to life of the pilot customers, we had a hotel chain in there, a health organization, so, again, all sorts. So it's a quite exciting evolution. In terms of MXDR, so Managed Detection and Response, it's similar. It's a collection of different products and services. Again, our clients can take the choice of which they need and which is appropriate to them. This involves anything from endpoints, this endpoint software, putting software on your laptops, into your network, we can set honey traps, those types of things. And similarly, what we do here is we help to prioritize the alerts, and we help them to respond to the threats. I guess, all of these things, we need 3 key ingredients in order to deliver them. So I'm now going to take you through each of them in turn. This is a slide that Doug has been waiting for. This is back to our Unified Cyber Platform. So we talked you through a little bit of the journey. So 18 months ago, we had a look at where we were. We were lucky at that time because the technology was -- has been advancing at pace. And so, suddenly, we did have lots of good, modern software options available to us. We, at that point, had something like 5 different platforms and slightly different experience in each geography, so inconsistent client experience across the piece. And obviously, it's complex. Having done the analysis and set the strategy, I'm glad to say that it went live in February. So with that brings the cost saving, the additional margin, the better client experience, more consistency. And for me, I'm a product manager. So for me, the great thing is we can start to add new features, new functionality, really quickly, which is great, really exciting. So that really helps our evolution. As Doug has often said, the technology has finally caught up with our people. How does this look in portfolio terms? So this illustrates how that Unified Cyber Platform joins up Managed Services, so the 2 halves of this portfolio that I introduced earlier. What we do is we take all of the alerts from across our Managed Services and actually, in fact, across our group, if appropriate, as well. So we take that all into the Unified Cyber Platform, and then we add in external threat intelligence but also our own. So as an example, if we've just done some testing, penetration testing, pen testing is one of the biggest. We might take that data in and add that in, and that would be hugely complicated because, obviously, suddenly, you've got lots of alerts. But what the Unified Cyber Platform does is it enriches all of that. It cross-correlates all of that so that the view to our agents, to our team, is much more simple and, ultimately, for our clients, that gives them that quicker and more accurate response. That's the key. And for our clients also, they get that same portal that you can see, the same as our agents have seen. It comes back to our transparency point. So bringing this to life with a couple of examples, the first of which sort of falls under the migration. Now, as a product manager, that just fills somebody with dread, to have to do a client migration. Actually, thankfully, it's not been too bad at all. In fact, we proactively received quite a bit of good feedback. One of our clients, who's let's call them a tech firm, they're quite involved in the Internet in the U.K. They were one of the ones that proactively e-mailed and thanked us for that really seamless migration experience. But they went a step further and they -- rather than using their own tooling, they've decided to move and use our portal exclusively. So they've sort of seen the value of the tooling that we provided and changed their strategy on the back of it. So it kind of feels like we've made that simple and transparent, which is great. I think another example is perhaps -- is was one that we have -- was an early adopter onto our platform, but for a different reason, actually. They had -- again, it's a tech firm. They're more in the device manufacturing world. But their important piece was they had a really strong requirement around the presentation, the portal presentation. So, for us, with our old technology, that would have been an absolute nightmare, really difficult to do. But we can tailor at scale. We can tailor quickly and simply. So we moved them -- they were one of our early adopters. We moved them straight onto our new platform, and they were happy with the [ portal ] they got. So it kind of gives you those real-world examples. So that's -- the second ingredient that I mentioned was the partners. So we've covered the technology. The partners, so we use a number of different partners. And our strategy is to select the best from the market. We try and look for 4 things. So we're looking for the fact that they solve a problem and deliver an outcome that our client wants. We want them to be leaders in their area, in a specific area, or innovators, or both is great. We like to see current demand and confidence of future demand, and that's because some of our clients have a really strong opinion of the technology that they either want to use or if they don't want to use. So we can try and make sure that we've always got a choice to allow for that. Some of our clients are really quite happy just to take our recommendation. So both exist. And then we also look for kind of -- there's a relationship piece around that partner. We're looking for that win-win mentality in that partnership. And I guess a more practical aspect is most of our Managed Services partners bring us prospects. That's the reality. And back to that example of the external Attack Surface Management that I talked about, [ Cycle Beta ], we partnered with. We had those 5 pilot customers. By the time we were on the pilot, they'd already brought us a new client, new logo, to talk to you about when we're launching our service. So it's just an example of how that works. And when it works, it works really well. What we -- what they bring to us is they bring the technology, so they bring that great tech, all of the research that they do, all that investment that they do, to that particular challenge. And we layer on our expertise, our managed [ WAP ] and our own IP. Again, just to bring this to life, I'll just highlight a couple of kind of awards and accomplishments. So Microsoft, we're MISA, which means that we're approved as the managed XDR solution provider. Now, that is not easy to get as an accreditation. There is an awful lot of tech accreditation to get to that. So we're really proud of that. A lot of our clients ask for that in RFP. So that's really important. We've also been added to their -- what they call their Elite Partnership, which means that we get access to their technical features in advance, and we get to give feedback on those. So again, that's really helpful. And with Splunk, we'll probably touch on this again, but we won, last week, in Las Vegas, their Global Services Provider Award, which is their top award, which was pretty exciting. And we're also on their Advisory Board as well. So we get to have a say in their strategy. But we couldn't do all of this without that Unified Cyber Platform, which is why we're so keen on it, because what it does is it allows us to give that choice and that flexibility, but it still gives both us and our clients all the advantages that you get from the single platform. And again, coming back to the product manager in me, we also get to evolve it as the market evolves, so we can really quickly and easily add in additional partnerships. So they were 2 of the ingredients. I'm going to hand you to Kevin, who's going to talk about how we interact with clients and that third ingredient of people.

Thank you, Nathalie, and good afternoon. Happy to bring yet another foreign accent to the mix. Let me lift ahead a bit on how we deliver our services in practice. And let me start by saying why this platform is so important for me and the operations team I lead. We receive hundreds of millions of security alerts on an annual basis from our clients. And what the technology alone does is filter that down to only 0.1% of that, that needs human inspection. So that's a huge amount of work that's already taken off our plate by technology. But obviously, just reducing the numbers is not what counts. It's how we make those alerts actionable for our clients. So in the next few slides, I want to talk you through what our great people do to make those security alerts meaningful within the context of our clients' businesses. And I'll briefly pause at UCP one more time, and then we'll talk about people. But UCP is very important for another reason, and that's to tailor our service to every client's need because, as an MSP, especially in that mid-market that we focus on, we see a large variety in the cyber maturity that our clients have. So some will have no internal security teams. Others will have huge internal security teams that know what they're talking about. So we need to tailor our service, and that starts and ends with the Unified Cyber Platform. It's our single hub for client interactions. It's where we can look at -- our analysts look at the incidents but also where our clients look at that same stuff, where they can see the service performance, and basically where we have a single source of truth. And this links into that transparency that we've mentioned a few times already. So to bring that to life, on the lower end of cyber maturity, you might have, let's say, a smaller municipality. We have quite a few of those as clients where there's a handful of IT personnel that also is in charge of dealing with security incidents. Now, Dell might only log into their platform after they receive a call from us to check out what's up and see if they can add a few -- a little bit more business context to what we're seeing. And then we'll help them remediate and take action on that incident. On the other side, you might have your really high mature clients, maybe a heavily regulated one like in finance. So an example would be a pension fund that we have that has gone as far as integrating our platform into their own IT ticketing system, which means that their internal security team can work seamlessly with our security operations center and our experts to share the workload basically. So you can see how that platform plays a key role in delivering a tailored service to our client. Now, however important that technology is, you heard Mike say in the beginning people are still at the heart of our business, and I can only attest to that. So let's explore the 4 key roles that we have in our organization that allow us to bring a tailored service but also allow us to scale. At the top is the most important piece of what we do. It's our security operations center. It's 24/7, around the globe, analysts looking at the alerts that pop up in our platforms. They triage. They figure out if this might be actually a true breach going on or the first steps of that. They'll call the client and then make sure that the right action is taken or we can even take it for them. So this is very operational, but key to what we do. Then you've heard -- I think Doug mentioned already that we care a lot about the last mile to the client, which is adding a personalized touch. Anyone with the right technology could basically do that 24/7. What we care about is that middle layer a lot as well, where we have service delivery managers and technical account managers sitting in the region, close to the client, understanding the local context, the local culture, speaking the right language, literally even, and ensuring that, through the service delivery managers, we track service performance, we can do changes to the service, things like that. But I think the key thing here is the technical account managers. And as we often call them, they're our window into our Security Operations Center. So the SOC, they need to do the 24/7 thing, quickly handling alert after alert after alert, whereas the technical account manager is the person that will take the client through the more tactical and strategic topics, like what do all these incidents in a row tell you? What could you do better in your security posture? And then finally, we have our Service Improvement group, which is a key team that we set up over the last year, which runs our Client Advisory Board, but also takes on internal feedback to constantly improve our service, which has hugely increased the agility with which we develop. Now, these are all humans doing this work. And obviously, you've heard Doug say at the beginning that AI is everywhere. So we're also jumping on the opportunity to apply GenAI, especially into what we do here. We're not going to replace these people anytime soon by AI. It's just too complex for that. But we definitely believe that we can bolster what they do a lot. It will provide extra speed, new insight and context, and it will help us maintain and further improve our quality on an ongoing basis. And a good example of the GenAI is when Microsoft invited us onto their early preview of the Security Copilot Platform, which is their GenAI tool for security. We gave that to our detection engineers, the people who build our detection logic. And within a matter of days, they found a way to offload a lot of the testing they do of new detection logic to that AI. And it ultimately will save them around 10% of that team's time in not having to do that manually anymore. So I think you can imagine the scale at which we think we can take this in the future. Now, this operating model is built for scale, as I said before, and we've scaled it to hundreds of clients already. But it's also scaled for quality and that personal touch, which, as a result, you can see in our client satisfaction score, which is at 86% at the moment. As a final step, let's take a peek into the future and why I believe we can take this much further than where we are today. Our model for our operating model is as global as possible but as local as needed, which has to do with providing scale but also the personal touch. We're currently working from 5 operating centers around the globe so we can provide true follow-the-sun operations. There's always somebody awake and somebody's office hours. But we do the last mile in the region with those service delivery managers and technical account managers. And we can even do a full regional delivery for clients where data sovereignty really matters, like governments, finance and some parts of high-tech. And regardless of whether we do global or regional, it's all delivered by that same single, unified platform, which means that if we add a feature or technology there, it's available everywhere instantly. It will also allow us to scale effectively and efficiently. As I said, we have 5 operating centers with the most recent one being Manila that we opened, which means that we have 5 great pools of talent that we can recruit from and attract from, which will help us build the teams and the people that we need to scale to many, many more clients. At the same time, our operating model is built to plug in new services, if we want, over time. So I think you've seen, from Natalie's story, that the platform allows to plug in new partners and new technology. We can do the same with expertise. We just put new expertise into the Security Operations Center and all the other clients-supporting roles, they just do what they do today for that last-mile delivery. So you can see, I think, how we can scale in size but also in breadth of our service. And with that, I'd like to hand back over to the other Kevin for vision on the markets.

Thanks, Kevin. Okay. Before I -- we're going to change track and get into obviously what does it look like from a go-to-market strategy? But before I get into that, I just want to come back to something that Nathalie said, and that was about the award that we received last year -- last week, and actually the significance of it. Now, Splunk, for those that don't know Splunk, there are mainly a software-based cybersecurity provider. They were acquired by Cisco recently, around sort of $28 billion. So they're significant in size. As you can imagine, a global software provider, they've got thousands of partners across the world. But actually, it was us, NCC Group, who won the Global Services Partner of the Year. And what that means is it gives us a massive uplift when it comes to actually going to market, because we've got the sellers, we've got the Splunk sellers, who, like our own sellers, they want to cash a check. They want to close a deal. So they're going to go to the partner that is recognized globally. So it's quite a significant moment for us and recognition of the work that we've put in from that perspective. So as we look at our sort of go-to-market strategy, I'm going to take you through where we've come from, but more importantly, where we head to. Now let's just go back to the data that we saw earlier from IDC, obviously, our technology analyst partner who provides sort of an overview of the market. And as Doug said, every sector is pretty hot. But when we overlay actually our NCC Managed Service revenue, what you can see straightaway is we're successfully selling into all of those sectors. And whilst this is a global view, actually, our go-to-market strategy is a lot more regional-focused for the reasons that we've already heard, whether it's data sovereignty, whether it's certain requirements in a country. So it really is tailored in and recognizing that, actually, once we can look at the globe in the numbers, it's not a one-size-fits-all world when it comes to it. But in addition to looking at the larger organizations, I think it's fair to say that we've also been successful in selling into the mid-market. Now, in the mid-market, many people struggle with that because, in the mid-market, it's build once, sell many times, easy to consume services, easy to consume sales process as well. And we've had some great wins there. And we're seeing that constant growth coming because, actually, if you're in a mid-market, your world has got a whole lot more complex now with multi-cloud, with supply chains. So gone are the days you sat in the mid-market and think those [indiscernible] criminals, they're not going to attack us. I'm sorry to say they're coming for you. But as we look at our market approach as well, I think it's important to recognize, again, we're not selling it net new all the time. So when we're selling Managed Service, we're always looking to take and take advantage of the current installed base that we have, where we've sold other cybersecurity capabilities into a client. And what this means actually is we leverage that cross-sell motion, leading to faster deal velocity and a lower cost of sale. It's a unique advantage in this space. Now, if I just bring the vertical to life a little bit, we've heard about mid-market. We've heard about enterprise. So in the mid-market, we've got a great example of a client. We refer to them as SURF. They're a consortium in Northern Europe where we've successfully sold into that consortium. And we've been successful because we've had a really easy-to-consume Managed Service offering. We've built it once and we've sold it already over 60 times to 60 different organizations, and that's resulting in a considerable annual revenue, which is where we want to be heading to. But continuing in public sector, you take the other end, and as we heard from Natalie, university, sometimes you think of universities, are they really that complex? Well, unfortunately, they are. They're large in scale. They've got many different risks attached to it. Sometimes you've got some higher-risk users that are trying to access the system. And where we've been successful, certainly on too many occasions, is we started with our digital forensic and incident response. There's been an incident. But we've very quickly leveraged our cross-sell motion to bring our Managed Services closer to the client, again, speed, lower cost of sale. When I look at the market and the trends, as I'm sure most of us open an e-mail each day, I think, do I trust this? Do I click on it? So when we're looking through the criminals' eyes, they're pretty relentless. At times, they're not focused on a particular sector. They're just here to hit any sector. But really one that is -- we see a lot of priority coming now is around manufacturing industrials and the operational technology. For those that have sort of looked to operational technology, I'd probably best describe it as being the much loved -- unloved member of the family that hasn't been invested, that has just been left there. It would never be Internet-facing. It would never have the vulnerabilities. Well, most of this operational technology, it could be autonomous vehicles. It could be robotics. They're being attacked. Nation states know that's the quick route in. Guess what? Regulation is catching up fast. So we've got some great activities taking place there. Now, as we start to look at the globe and our share of revenue, it's important to reflect where did our managed security service journey began. And that was really 2 acquisitions around 2015, 1 in the U.K., 1 in the Netherlands. And that gave us a strong footprint to take the Managed Security Service that we had acquired, start to cross-sell our other capabilities into that. And then when we start to then look, actually, what's our distribution of Managed Service revenue across the globe, you sort of paint a similar picture where you'd expect, strong penetration in the U.K. and in Europe, but identify 2 areas where we've got great opportunities, APAC, North America. But let me just touch on the U.K. and indeed Europe. These are areas where we've got a great install base. These are areas where our brand is already trusted, in the U.K., NCC, and for example, in the Netherlands, we've got our Fox-IT brand, both strong brands, seen as thought leaders, well-regarded by governments. And for those that had the opportunity, you would have seen some of our literature that we've produced, some of our thought leadership around the up-and-coming elections. And that's the type that draws clients in, is that trust. In these regions, we've got established go-to-market motions. So we recognize different motions between an enterprise and a mid-market. And we've been able to embed our operating model where we've got our full capability to cross-sell, upsell with the right incentivization. Again, U.K., Europe, because of our penetration, we've been able to really get into the vertical focus, being able to talk about our UCP platform in the context of finance or in the context of retail. And we continue to build out our use cases. Then we go on to Asia Pacific. For NCC, it's a smaller footprint. It's a smaller market. And therefore, it's extreme focus and discipline that we adopt for that market. It's one where we're leveraging existing relationships that we've invested in. Now, that could be where actually we've invested in getting to a point where we've got a master service agreement with a financial institution. For anybody in this room that has gone through the enjoyment, should we say, of getting a master services agreement, it could be 6 months' worth of work, but actually, you've got it, use it. And like, where we've got existing client relationships or we've already invested in capability, it's about how do we leverage that footprint to cross-sell, upsell. And as Kevin alluded to, our global model means that actually we can service or tailor our service to, for example, clients in Australia. And this is a model where many other organizations really struggle to address, but I think we've got a strong model there. Let me just bring this to life with a client actually in Asia Pac, where we have the existing contractual relationship. It's one that we've worked with through other capabilities for a number of years. We've built up that trust. We can understand the demand that they would need. And as a client, their government financial -- they've got about AUD 140 billion under assets under management. But we were able to look at understanding the risks, looking at actually how we could take them to a journey to a managed service. And ultimately, we ended up selling them a 3-year deal, again, leveraging that cross-sell. The reason why they chose NCC, it was our high quality of threat management and our ability to help them resolve challenges incident far quicker. And then come back to North America. We look at North America. And naturally, I think it's fair to say we're disappointed with where we are as a business, 10% Managed Service in a massive market, but what a great opportunity. It is ripe for expansion. If we overlaid NCC's footprint here of our global revenue, actually, it would be about 40% of NCC's revenue comes from North America. So if we apply just some quick basis there, at the moment, we do around GBP 6 million of Managed Service revenue. Even getting to a point of matching our footprint of around GBP 26 million, that would be a massive jump forward. So what we're looking at doing there is -- and we've heard Mike Maddison talk about this on a few occasions around how do we diversify away from perhaps the traditional services that we've sold in North America? But let's make sure we're leveraging those relationships on the way so that it's not all about net new. As you've probably heard a couple of times, a lot of Managed Security Service providers have to win every client new all the time. We don't upsell, cross-sell. It means that, actually, we're faster to convert lower cost of sale. So how are we approaching that? To start off with, it's around brand amplification, making sure that actually we are a brand in the market that is known for managed services, not perhaps just the assurance part of the business. We're leveraging our digital channels to make sure that actually brand exposure takes place and leveraging digital channels and also outbound sellers to increase our top-of-funnel activity so we can then start to qualify a lot more. We've got a dedicated mid-market focus and a team focused on nothing else but that mid-market. And at the same time, we're really looking at the skills that we have across our sellers to make sure actually they're representative of what we need in the market. And Doug will touch on this shortly, but we're also looking at other opportunities to grow quicker there. And finally, I'm just going to bring this to life. Now, we've talked quite a bit about client stories, but sadly, more often than not, for good reasons, clients don't want to be named. But I'm going to name one because this is one that really brings to life what we've been talking about so far. Now, Glory Global, I have to say that slowly, but they're a global leader when it comes to cash technology solutions. Now, Glory were coming to market for a Managed XDR solution. And it's fair to say, like most organizations, they start a path of a normal standard procurement activity, probably takes about 12 months. We were able to recognize that actually there were some quite early signs of financial headwinds, again, not too dissimilar in the market. We look to take an alternative approach here and leverage the capabilities that we have across NCC Group. And on this occasion, we built the relationship with the key stakeholders, not just the CISO, but the economic buyer, the customer champion, to get that really rounded view, which identified the need to help the client with their business case. We started initial engagement with quite a low-level threat assessment to help them with that business case. But actually, whilst we started at fairly low-level, it became apparent within a very short space of time that there was a live incident that we'd come across. I'm not going to go into the details of the incident. It's out in the public domain for you to read about. That's to say we deployed the full force of our digital forensic instant response team to really deal with the incident and then really help the client really get into remediation, but more importantly, that path to maintaining and establishing control of the network. But what that did do overnight, switching from a threat assessment to a live incident, we build trust. And that trust is something that we took on that journey. That journey took us to a point of deploying early Managed Service capability and, ultimately, that client signing a 3-year deal for a Managed Service with us, which we've expanded considerably already. Why is this important? Early client trust. We're a global partner to Glory Global. But if we look at it, we took a sales cycle that was going to take over a year down to 3 months, and that's the capability we have. Doug, over to you.

Thanks, Kevin. I'm back. I'm back with my accent. Now, I've been told there's a soccer game tonight. It is a soccer game, right? That's what we call it? There's a football match on. So we are going to -- I'm just going to wrap this up and talk about our future growth and why we feel confident in the next stage of our journey. Now, if I only had one slide to share, I'd debate whether to do the UCP -- we use a lot of acronyms today, by the way. I caught you guys and I just did it myself -- Unified Cyber Platform slide or this one. It's really this one. This is where we're at. So in 2024, we delivered GBP 67 million-ish in annual revenue. 88% of that revenue is true recurring revenue. That gives us lots and lots of confidence in what we think could be next year. Additionally, our average term for our contracts are 3 years. So I could have, happily -- Guy wouldn't let me -- keep going here and showing confidence for future years, too, because the revenue is durable. It's resilient. It's highly predictable. We're experiencing a lot of growth. We've grown 20% over the most recent 3 years. And he stole my thunder this morning, but we also grew this previous year 36%. It's been a really good year. Now, I will say also, importantly, the reason why we have confidence about next year is our final month, May of this previous year, we delivered 60% more monthly recurring revenue than we did in the first month of that same year. Okay? A really good arc. So we have a lot of confidence in our growth and it really comes down to, I think, these 4 categories. We want to build from our amazing base of clients. Now, I've been in this business a long time, and I can tell you net retention at 77% isn't good enough. It, frankly, isn't good enough. And there's opportunity for improvement. There's lots of reasons why it looks that way. You heard a lot about how we pivoted our strategy. We think the changes that we're making are going to change that number. But to put that in perspective, if that was 90% for last year, we would have been GBP 5 million better last year than we had been. So think of the opportunity if we can execute better in that category. And that's despite a really high client satisfaction rate and a pretty good win rate. Next, growing the market through increased demand, we're really well known in some categories. Our testing services, we're really well known. Instant response, really well known. Managed Services, we're getting the brand out there. But we're closing at a pretty good rate. 37%, I would say, is market, maybe slightly better than market. If we can drum up more opportunity, there's lots of opportunity in brand-new customer acquisition. The Unified Cyber Platform has put us in a position to do cool, new stuff. We talked about the pilot on the Attack Surface Management capability. That is going to deliver revenue in 2025. We talked a little bit about operational technology. That is really just starting to explode as we speak. It's a huge opportunity we can deliver in that category now. Identity is another example. The point is, we've built a platform to go expand into new things. It's going to -- our customers, our clients, are telling us they have these needs. We're not just rolling out of bed and saying we should go do these things. We know, if we do and we do them right, we can expand our footprint with them. And then lastly, there's clearly inorganic opportunity. And we are in a really good position to take advantage of an inorganic opportunity. We've built a global delivery model. It's consistent in the way that we do things. We now have a single architecture that's built on a modern way of doing things. We can absorb a transaction, and we can take on that transaction and benefit from it. We know the geographies that are appealing to us. We know the client segment that's appealing to us. This is truly a really good opportunity for us, and we're ready for it. So I do get stuck with this story. I do this all the time. But I would say we've got awesome people. We've always had awesome people. And they've really -- they've really carried the water force through all these years. But now we've built a foundation. We're ready to grow into the future. And the technology has really caught up to where we can go. And we're just on the tip of the iceberg on things like GenAI, and it is going to be transformative. So Kevin kicked off and he said some key things. I want to come back to them. And I hope that you heard them today. I certainly feel strongly about them. We are, we believe, strongly in a high-growth market. We are reacting to the market with demand from our clients. We are aligned to the market demand. I think there's evidence that we're good at what we do. There's opportunity for improvement, and we've taken the feedback from our clients and made decisions based on that. We're in a really good financial position to go forward and feel confident about the future. All those things together make us think that we can continue to grow on the arc that we're on today. So that's it for us. With that, I will hand over to Guy, and he will run us through any potential Q&A.

Thank you. Thank you to the team. For those of you who don't know [indiscernible] I'm Guy Ellis. I'm the CFO. Mike would have loved to have been here today. But...

[indiscernible] on the mic.

In his absence [indiscernible] unfortunately [indiscernible] are otherwise engaged. They wanted to the CFO [indiscernible] so I'm trying to live up to the quality of their presentation that's been so far. So the team are going to join us. There are 2 bits of housekeeping. So I guess the elephant in the room is we obviously did our post-close announcement this morning. I'm not going to take Q&A on the broader business today. We've got a full presentation on the 1st of August when we give our strategic update. If people want to talk to me once [ again ] afterwards in terms of any specific questions on the year-end results of the overall group, I'm very happy to do so, but I don't want to kind of starve this team of some oxygen to talk about what we're here to talk about in terms of MS. When we come to you in terms of Q&A, if you could, particularly for the benefit of the people who are online, state your name and company, that would be very helpful. Just give your question, and we'll do our best to answer it. So sorry, can we go to Julian first? How many questions, Julian? First, remember last time?

3 with multiple parts. Two quick ones. Acquisitions, could you sort of outline the areas that you think you are missing in the pack that could, I guess, open even better growth prospects going forward? Do you need them, or are they sort of just options? And last question, margins, lots of talk about revenue growth, but nothing about profitability. Are you happy with profitability? Should we be assuming a 10% sort of Managed Services margin, kind of as for the industry? Any comments on that [indiscernible]?

So I'll answer the question about margins and then maybe we'll come to Kevin in a second to talk about the acquisitions point. So we are -- as people will have seen this morning, our Cyber margin for the second half of the year was around about 38%. That was actually probably a record level of gross margin. We see greater level of variability of gross margin within our client base than between our 4 capabilities, if that makes sense. So I am steering away from giving what the direct gross margins of each of the capabilities are other than to say Managed Services is in line, absolutely in line, with our overall gross margin and doesn't dilute as Managed Services grows our overall Cyber gross margin. So a roundabout way of saying it's broadly in line with the average gross margins as things stand. So...

Can I ask that question in a different way? With the Unified platform, should we be assuming expansion possibility from where it is at the moment? There's a [ bottom-up ] rate like that?

Well, that's for - Doug, did you want to answer that [indiscernible]?

Yes, just say that last bit again?

[indiscernible]

So with the Unified Cyber Platform cutback you've got, does that give more scale advantages and, hence, margin expansion from where the business is at the moment? Or are you happy with where it is at the moment in terms of [indiscernible]?

No, no, we are on a journey. You can't just migrate hundreds of customers overnight into that platform. And there is some legacy technology. There won't be legacy technology very soon in the future. And so, obviously, as a result of that, we'll be much more nimble. We'll be efficient. [ We'll have ] one way of doing things, you'd expect. I'd be in big trouble if gross margin didn't improve.

And I think -- let me just add, I think, a further bit to that as well. I think what our Unified Cyber Platform does, it unlocks our global opportunity of how we serve clients. So traditionally, because it was alluded to, we had, like, 5 stacks that we were serving clients. So if you were in Australia, you could only be det- served by the Australia [ SACs ]. Everybody had to be there. The Unified Cyber Platform means that, actually, there is a lot of activities that we can deliver from more effective and efficient locations tailored to the last mile. So it really does unlock that. And then I think, coming back to the acquisition, I think it's a great strategy. Mike has spoken a couple of times to say that, actually, we're -- we find capability that's right in terms of market, that is right in terms of the client type that we're looking for and would be a good strategic fit into NCC. It's one that we are going to push forward. Obviously, we've looked at some of the revenue share at the moment, where we've got strengths, where we've got opportunities. North America is one where absolutely we -- I think it's one where, strategically, we've got options to accelerate our growth there.

Tech holes? So tech holes within the service, within your suite [indiscernible].

Well, I think it's more about penetration. We're always going to be looking at new technology. And I think, as we've already heard, with our Unified Cyber Platform, actually, we've built a core platform to better serve our clients, which means that actually we can integrate other technologies quicker. So I think we've got a robust strategy around the technology, the offerings that we provide to clients. We're always going to look to add to that, but we're going to do it in a very focused and disciplined way.

Obviously, a big market...

Sorry [indiscernible].

Sorry. [ Max Rhode ] from [ Castro ] Partners, sorry about that. Obviously, it's a very big market. You haven't talked today about competition really at all. When you get down to that sort of [indiscernible] RFP, who do you really worry about?

Okay. Doug, do you want to take that?

Yes, yes. I can give that a go. Boy, that's a tricky one because it will vary by geography. It will vary by customer type. We had the one slide where I was through -- so if you're a large, complex opportunity, you might see in Accenture. If you're talking about a mid-market organization who's very cost-conscious and needs a comprehensive end-to-end solution, you might more likely see a BlueVoyant. And then you also have -- lots of boutiques have a foothold and are quite good at what they do. And so it's hard to say -- this is one of those ones where it's hard to say those are -- it's them, because it will vary by opportunity. But I will say that there will be competition on virtually every deal. There's no doubt. It's a very hot space and competition and other organizations are investing in it as well.

It's Charlie Brennan from Jefferies. Just 3 relatively quick ones actually. Firstly, just a clarification on the numbers, what's the difference between the net retention rate at 77% and the recurring revenues in the 80s%? I would have thought the recurring revenue would have been the net retention rate.

Yes. So there -- I'll give it a go. They are 2 separate things altogether. Recurring revenue is what is the true recurring revenue, so the contractually committed monthly recurring revenue that you can count on over some period of time. So of all of our revenue, the GBP 70-odd million or GBP 67 million, whatever that was, 88% of that revenue is not onetime revenue. It's recurring revenue. Net retention is we had this many customers spending this amount of money at the start of the year. At the end of the year, they were spending that amount of money.

So that says, out of every 100 clients, 77 we will retain come the end of the year. 13 might have come to the end of their contract and not [indiscernible].

Yes. You're talking - we're doing it on revenue, so we're being very clear. It's -- you could have -- yes. So retention is how much of those folks spend today versus what they spent at the start of the year? That's what net retention is.

So 23% churning every year, it feels like a big number. What's the biggest cause of that churn?

I'll just keep going, I guess. Yes, I mean, I think it's competitive. I mean renewals also go out to bid pretty much every time. So even a renewal often feels like a net new opportunity. But I think, for us, as we hopefully made somewhat clear, we had an inconsistent solution suite that wasn't necessarily meeting the client outcome, which is why we said hold on, what are we doing really well and what should we do well in the future and take advantage of? And that's what drove the Unified Cyber Platform. That drove our global operating model. That's where we're looking at common consistency. And you're starting to see that come through in the customer sat numbers. So we expect that to improve based on the decisions we're making.

Some of that, again -- and apologies, you tell me if I'm putting words in your mouth here which aren't right. If I come back to the slide in terms of the multiple solutions available, if we were to look at this business 2, 3 years ago, we didn't have multiple solutions available to a client. We would be pushing a solution that sometimes suited us rather than the client. So that's why we're very confident of seeing an improvement in that retention rate, because actually we're more client-centric. You're leaning on Mike's words. He spoke about in the past about providing the right solution for that client at that moment in time.

Let me just sort of bring this to life. Actually, it was -- and I know we've had lots of discussions about this one, Doug. But I guess a client that I sort of first encountered when I joined NCC was on the verge of leaving us. They were -- they wanted a global model. We could only service them locally. Actually, the technology that they wanted, we actually had to do it in a totally different time zone. So you sat there as a client, you've bought a managed service, but actually I can't speak to my local SOC because they're not onboarded with that technology. So that -- coming back to those strategic investments, that service improvement, actually, we can unlock our global capability. So if you're a client, let's say, in Australia, actually, you can have the right technology delivered locally through our global model. And that was a client we actually saved in the end by changing to a global model.

Maybe I'll keep going some more questions. The next one is, does this cannibalize any of the other revenues within Cyber? So if I'm a Managed Services client, do I need less technical assurance, or should we think about them as being totally separate?

Kevin, do you want to take that?

Yes. I think -- so first of all, I think this is additive all the time. Coming back to our capabilities, how do we grow our share of wallet across our clients? I think Managed Service takes us to a new level, and it gives us also a different revenue stream in terms of a client. So it's not the unpredictability or the volatility that may come with am I going to have some consultants or do I need some servicing? I think one of the reasons why we've launched our Attack Surface Management is to make sure, actually, we're recognizing client needs. And when we look at perhaps how clients used to test historically, it was more perhaps a point in time of anything sort of Internet-facing. Now, we've got technology that's going to be able to do it. So I think, over time, there will be a natural transition, which we're, I think, ahead of the curve in terms of using the right technologies to provide the right level of service based upon the client needs.

So it's just coincidental that you're growing strongly and technical assurance isn't?

Yes, I think that's fair. We're not seeing clients saying I want less [ band ] testing all of that because I'm delivering that solution in a different way.

And then the last one, I promise, loads of people can go and buy technology from Splunk and Microsoft and RacketServer and build a platform that doesn't feel uniquely difficult. Can you just talk a little bit more about the intellectual property that knits this together? And I think you said 40% of the threats that you catch are from your own intellectual property. Can you just put some more flesh on that for me?

Are you going to take that, Natalie?

Yes.

Thank you.

[indiscernible] chip in. So yes, in a way, they can. It's very difficult to do that if you've got that choice of technology. They would be more restricted to kind of one flavor, if you like, and then having to select that. So there's a number of different parts of it. One is that effectively then we can layer in those different solutions, which you would be restricted [ to do ] today. I think it's -- it isn't easy to do. It does take expertise. For those that can, obviously, we bring the economies of scale because we're doing that across a number of different clients. So that's a different aspect. But as you say, we layer on top a number of different things, and it does vary depending on the actual service that we're offering. But you take the technology, most of our clients will take multiple. I mean, the average is 10s. It's almost in the hundreds, depending on the clients. So they are not picking 1 or 2 technologies. So it is difficult to knit together. We layer on a few different things. So one is that 24/7, so that monitoring it all the time, which you've got to be fairly sizable to able to do that efficiently yourself. You mentioned that IP. So we do that in lots of different places, so partly that, the Threat Intel that we bring in. So we've got teams that do this specifically today. They'll do that on a sector basis. So that's very kind of easy for our clients to consume. And then you mentioned that -- our detection engineers. So they actually code. You can call them our detection engineering team. I refer to them with that 40% figure. It's the same group of people. And effectively, they're a bunch of engineers who we pay to code software, to test software, and that finds more threats. So if you take it out of the box, you're using whatever it is that that supplier had designed at the start of their cycle. We're doing that continuously all the time when we're deploying it. So we're slightly ahead of the curve all the time because we're doing it ourselves. So the important thing there is that speed to response but also the quality, because what you don't want, with all of the alerts that Kev had on his slide, you don't want false positives. So it's quite easy to get those false positive. You spend time looking at those. You've been distracted from what actually the real problem is. Because we've got all of that IP and all that enriched data, we get very, very few false positives. So when we're talking to a client, we have that greater confidence. So it's absolutely true to say you can do this yourself, but it's difficult to do it as efficiently as it is for us to do it at scale. That's ultimately why lots of people use a Managed Service provider. It's why the market is so competitive.

Yes. I would just say, so that's underpinning the whole Unified Cyber Platform strategy, which is everything from we found a thing, some piece of data that you care about that we can actually tell you what -- if it's meaningful to you, through to we can protect it in real time, and if something happens, we can help you defend it in real time, and storing all of that in one place with the context of all the sources from the client that we have and the data that it brings to bear, that we can weave that story together to make it relevant to them so we know we're taking the right action, plus all the other information we have in the world from our testing services and our threat intelligence. And all of that will tell us, actually, that's a thing, or we could say that's just not a thing, which, if you go back to Kevin Jonkers' slide, that's how we get down to, well, geez, there's hundreds of millions of alerts, but actually the customer is only seeing 0.001% or something. And that's ultimately where the value comes from. And you can't get there by just managing technology.

On the side?

Melwin Mehta from Sterling Investments, shareholder. Over the last 12 months, really, I'm very happy to see Mike give some new energy to the team and really realize how sloppy the previous management was. But basically coming back to the panel who have merely managed the show very well and made very good presentations, on one hand, I'm totally, totally convinced of basically really pushing an open door, no CFO or under cost-cutting disguise can say, "I don't need Cyber." On the other hand, we've got NCC who understands basically this space like nobody better in the market. And I was kind of -- I would expect kind of more organic growth with our acquisitions. So why are we not able to grow organically? Is the market getting very price conscious and we've got a particular pricing below which we don't quote? Are clients trying to kind of do it themselves? And I'm sure there are multiple reasons, but probably [indiscernible].

Let me try and answer past that question. So I think one of the -- actually, one of the statistics we talked about for the first time at the half year results was the fact that 76% of our clients who spend more than GBP 0.25 million a year take multiple services. So there has been quite -- and you probably expect me as CFO to kind of say we have focused, quite understandably, on cross-selling all of our services to our existing client base. And that has been enormously successful in the U.K. and in Europe from a Managed Services point of view. I think we talked about earlier there's clearly an opportunity to improve our sales cadence in North America, and that's very much a focus for us. As we kind of -- I wouldn't say we have utilized all that opportunity of our existing client base [indiscernible] it becomes harder and harder as you sell more to the existing client base. So we have to actually improve our overall go-to-market and probably drive more top-of-funnel through our website and through top line marketing activity. That has not been our priority to this point. I think that's fair to say, Kevin? We spend -- no one's asked the question, but from a pure marketing spend on top-of-funnel, we probably spend less than 1% of Managed Services revenue on pure marketing for top-of-funnel right now. It's clearly a great investment to start looking at improving that number and starting, now that we've made the most of the existing client base, to turn in that [ dialer ] number to create effectively to get more, as it were, greenfield clients, which is what we will focus on there now that we've gone through a pretty hefty year of transformation in terms of not just this team have brought together Managed Services as the first -- the most globalized capability that we have inside the kind of the flywheel of fall that we talked about earlier on. I think these guys are leading the field in that sense internally. So now we'd start moving to the next stage. So I think it's about how quickly we can go and be focused in our execution, given everything that's gone on. So that's -- so there's maybe a little bit of an internal dynamic that was [indiscernible].

Yes, I think, just to add to that, I think that we're at a point where we've got a fantastic, solid foundation now. So I think it would be remiss of us if we didn't consider strategic options to accelerate that growth. If we were 12 months back and we've still got sort of spaghetti of how we're serving clients, I think, quite rightly, people would say, why do you even bother, it's a distraction? But actually, we've got that foundation. You've heard we've got solid operating models. We've got fantastic road maps. And actually, we can consume something that would help accelerate that growth even further. But what we're not doing is we're not going to sit and think, well, that's our only way to grow. As we've -- we've spoken about North America, absolute relentless focus now to continue to grow that organically whilst we look at strategic options. So I think it's a really exciting time for us.

[indiscernible] how are you strengthening your [ C&C ]?

Yes, absolutely. And this is a journey because, actually, this is not a point-and-shoot market. We're selling trust long before we ever get to talking about the offerings that we have. So it's about investment in those client relationships. Traditionally, in North America, it's been quite transactional. We've dealt with a lot of the large tech companies where it has been we want to service, fire off. So there's been a change in some of our sort of field sales, the skills, the requirements, the methodology, like we're just starting to take our sales team through what we call a medic methodology. It's a proven sales methodology as opposed to more of a transactional. But let's not forget the role of our consultancy team in this as well -- is making sure that actually our consultants are engaged far earlier in any sales cycle, because they can -- we can get a consultant engaged. Actually, they can start to build a road map with a client. And actually, if we can get the client to a point where we don't need RFPs, it's cost the client a lot of money. If we can demonstrate that early value, it means that we're on that road map already. So I think the journey of our sales colleagues is one that we're into it. We're transforming. We're going to have different sales motions, depending whether it's a mid-market, whether it's an enterprise client. And again, a great opportunity for us.

[indiscernible] Managed Services specifically because we bolstered that by realigning our solution architects team to the sales team, so they start to build a relationship. But it's the same thing. We bring them in just that bit earlier because we know, once they're talking directly to the clients and they really understand the solution, then we stand a much higher chance of closing it. So we've removed a few internal barriers just to bring them in much earlier in the sales cycle, which works really nicely for us in Managed Services.

Thank you. Any more q- who has the next question?

[indiscernible] also from [ Castro ] Partners. I suppose the way you describe onboarding customers, you make it sound quite simple. Sometimes, maybe you download a piece of software and then monitor it, then you sell [ the ] Managed Service. And the way you referred to the customer, Glory Global, again, quite a rapid sales cycle, the rapid onboarding process. Compared to other IT services, which is often open-heart surgery, it feels like the polar opposite. But -- and maybe that plays into the reason that the customer retention numbers are quite low. Is it quite easy just to -- because you're not heavily integrated, for people just to pick off bits of business and experiment and steal customers from you? Can you talk around how that might change a little bit over time?

I'll let Doug take this.

I'll take the last bit. I think that was a very astute observation you made. And it is true that it's slicker to implement clients than it's ever been before because the technology's become more powerful. And so the old days of a client saying, "I'm just going to renew and I'll be there for 15 years", it's not quite true any longer. So it's that much more important that we're delivering value through the process. I do think you're absolutely right. That does affect net retention.

Yes. There's one thing, this sort of links to an earlier question. I think, if you look at a lot of the RFPs we're getting now that the market is growing but also maturing at the same time -- is that clients also start to figure out that, hey, I could buy the technology or a vendor that just brings me that technology with a bit of service. But they start to ask more and more specific questions, even in the RFPs, around what do you do for service improvements continuously? How do I make sure that, if I enter a 5-year contract with you, you're not still doing exactly the same thing in 5-year time, but it's up with the market trends at that point? And I think it's -- so the reasons we sell or are selected by our clients are changing from, oh, it's this technology or it's the best-in-class thing that you can deliver to more what is it that you do as part of that service that is a differentiator for them?

[indiscernible] yes, I mean, obviously, we've tried to describe it as simple software and it is perhaps less so. But, again, it's the ethos. So partly, we provide a service delivery manager to work directly with our clients. There's a fair bit of prep that goes on to make sure that we fully understand their estate, and we'll often use that during the sales cycle actually to start preplanning. But I guess, crucially, we also try to get to value quickly and it's value for them, not for us. So it's that 80/20 rule. You can often do 80% of the deployment and start to provide quite a bit of protection for them at that point. And then, as that [ moves forward, then ] 20% that we'll then do over time. So your open-heart surgery is bumped to the back end, if you like, but you're already seeing value and you're already seeing sort of the element of protection. So it's an ordering thing, which is not linear. It's about getting to value for them sooner.

Just wrap that up very quickly, we talk a lot across NCC about client centricity. And client centricity is that continuous relationship demonstrating business value all the time. And that's the key to us improving our retention.

Okay. I think we've got time for one written question and then we'll draw things to a close. And we'll be available in the room next door for more G&A, and the Public Affairs team will also be here to talk about what we do in that space as well for people who want to chat with them [indiscernible] have a chat with them. So online question, please?

Perfect. Okay. So we've got an online question from [ Vishal Gasha ] from [ Jonah Hamburg ]. He says, could you see NCC going into Managed Services RFPs as the specialist cyber partner with any of the big 4 audit firms, given they seem to have more communication channels open at the Board level?

[indiscernible]

I'll touch on that one briefly. And look, I think it comes back to actually what are the services, because we can offer that true strength of global capability. And I think what we see and what we hear in client feedback is sometimes you look at the big 4 and you say, yes, global organization. But actually, when you get into it, there is a risk they can't operate globally. There is a risk that actually they come up against conflicts of an [ order ]. But it comes back to really what that client demand is. And as Doug alluded to, there's lots of people who want to operate in this space who will be competitive in some of those bids. And I think it's more about going to the strengths that we have of NCC really getting into understanding the client requirements. And if we get into a blind shootout on an RFP, then it's not an RFP we should have been in. It really is around getting upfront, understanding those client requirements and really playing to our strengths. Doug, I don't know if there's anything else you want to add now?

I think that's exactly right, nothing to add.

Okay. I'm conscious it's now exactly 4:30 pm, which is when we planned to wrap up. So I would like to say thank you very much to the team on the stage for doing a great job presenting today and taking your questions. Thank you all. And the people behind the scenes as well, most notably, [ Yvonne ], who's been with the team, supporting them through this process, too. So thank you very much indeed to [ Yvonne ]. And thank you, everybody, for making the time today to come and listen to what the team have had to say. Hopefully, we've done a fantastic job about articulating what clients want for Managed Services, what it is, why we're good at it and why there's a very, very compelling case for this growing long into the future with NCC. Thank you very much, indeed.