NCC Group plc (NCC) Earnings Call Transcript & Summary

Good morning, everyone. Thank you for joining us for the interim results for NCC Group. Just to recap, these are interim unaudited results up to the 31st of March 2025. I'm Mike Maddison. I will start with a bit of a -- firstly, a recap. I think it's important just to reset -- just to refresh a few points in terms of the overall group. And we've been very consistent. We -- this is a group of 2 distinct businesses. We have a Cyber Security business, which supports organizations managing cyber security risks, and Escode, which is a business that focuses on providing a very diverse client base with escrow services, software escrow and verification services. We are a trusted partner to organizations, public and private, a very diverse client base. And both our businesses operate in a market which has a number of diverse but multiple drivers for growth. Very positively, as a group, as a technology company, we have strong financials. And as we'll talk through today, hopefully, that continues to come through. So just a few highlights, and I'll deal firstly with our 2 individual businesses. Let me start with Escode. I'm delighted to say that as a business, we've had now 10 consecutive quarters of growth. And very pleasingly and really importantly, that is sustainably improved gross margin as well. Now I would just like to confirm we are indeed investigating options for Escode and are holding a number of discussions with interested parties. Clearly, if they conclude successfully, it would enable a return of capital to shareholders, which would give us the optionality to invest in our Cyber business, particularly, as we see significant opportunities in that domain. Now clearly, it is a confidential process. And as a result, I won't be taking questions on the process, although obviously, we'll be discussing in more detail the financial performance of that business as we hand over to Guy. If I could then just move on to Cyber Security. Now clearly, we've seen a slight revenue decline in the Cyber Security business, and I wanted to just give you some of the nuances of that because there's quite a lot of detail as we play through in terms of under the numbers. So firstly, let me deal with, I think, the NCC historic and highly successful, let's face it, high volume but lower value transactional business, particularly in penetration testing. Now that's been under pressure for quite some time and due to the challenges both what our clients face in a macro environment. But in H1, that became particularly evident and was amplified those trends, which we've historically seen. There's now more than ever a greater emphasis on larger, more strategic projects that focus on risk reduction and remediation with our clients, and that is quite a shift from a market perspective. The challenges that we see in that transactional business, the penetration space, penetration testing space is not unusual to NCC. We certainly see that in our competition. We're not unusual in that regard. In our Managed Services business, we've continued to win some marquee clients. The proportion of revenue from this area has increased as we always intended in terms of our strategy. That is despite an incredibly competitive environment, particularly in the renewal space and particularly in the SME sector or the mid-market. The strategic growth areas that we focused on, such as Digital Identity and Operational Technology are experiencing strong pipeline growth in H1. And again, that is from a standing start. These were new areas of investment, and we're very pleased with the build of the pipeline, which we are seeing revenue growth in H2 and also into FY '26. But these are longer sales cycles because they're more strategic, more complex and therefore, need the support of an entire team to actually close out, but very positive progress in those investment areas. I wanted now just to sort of maybe give you a little bit of a feel for the market environment in which we're operating. And actually, some of the positive market tailwinds, which I think we are very well now capital -- placed to capitalize on and gives us confidence for our future growth prospects. And it's really -- they are really important as we continue to pivot the business from where we were to our goal. Firstly, let me talk about the escalating threat. I think this is very evident. We see it reported every day. It is very clear that a number of the sectors in which we operate are completely unprepared for the level of challenge in which they now face. This is now a core business risk. It's been elevated to the executive layer and indeed to the Board from the Chief Information Security Officer as a fundamentally IT problem. It's also facing increasing regulatory risk. There's greater momentum in this domain, which is something that we are very well placed to capitalize on because of our relationships within the regulators and also within various government institutions. There's a very clear shortage of talent globally. And that's important as we have over 1,000 deeply technical cyber security experts, but it's also important from a client perspective as we see greater emphasis on strategic shifts, the need to outsource and use third-party suppliers to achieve strategic change within an organization. And as I say, changing buyer habits. This is very evident that shift from transactional compliance-driven activity to strategic, impactful programs of work that focus on remediation. That's driving it from an IT-only issue into a C-Suite executive layer conversation. So they're all great things, and I think we are, as an organization, incredibly well set to be able to capitalize on it. And with that, I'd just like to maybe give a little bit of context or a little bit of a reminder of the journey we've been on as we pivot this organization. We put in place a strategy that reflected many of these positive tailwinds I've just talked about and to evolve this business into something that is really fit for the future. This coincided the strategy launch, coincided in very early 2023 with a series of significant market shifts post COVID, which highlighted many of the operational issues within NCC Group. To give you a flavor, we had very high borrowings, and therefore, that limited our strategic flexibility. We were a fragmented and overly complex business in some places. That was the product of multiple acquisitions over a long period of time. And many of these had not been fully integrated to drive their inherent value. We had limited global infrastructure and systems with a number of geographical silos, with also a complex product set and quite diverse product set. Finally, I think we had an incredibly diverse client base. And we had an overreliance and concentration risk on our major U.S. tech firms, tech firm clients. All of that in the round highlighted some significant risks for the business. We've done a huge amount, and I've got to pay credit to all of the colleagues within NCC for their incredibly hard work in shifting and changing the business in a relatively short pace of time. But we continue to evolve, and we are now far better positioned and more -- with more resilience to adapt and capitalize on a very different market environment. So today, NCC looks and feels different. We're significantly simpler and a more focused group. The judicious disposals that we've made, the most recent of which we've just concluded, which was a very complex, highly regulated Fox Crypto business, means we are now debt-free, which gives us far greater resilience, but I think this is really important, also far greater flexibility and strategic options. We've also signed new financial facilities on very attractive terms to give ourselves greater financial firepower. And we have a world-class technical capability now in Manila, which this makes us significantly more efficient and competitive. We're undergoing a journey of transformation. I think that's very clear. Our client -- in both our client base and in terms of our operations. We've successfully secured a number of marquee clients on multiyear contracts as we shift from that low-value transactional work I highlighted towards broader, deeper strategic relationships with those clients. Now the way I say we are at a pivotal point in our development from being that complex provider of transaction, single capability services into what we aim to be, which is a strategic cyber security partner for some of the world's leading organizations and for government divisions. So let me just take that and talk about why I think we win and we are able to win well in the market. As I say, I'm now confident that we are well set to be the business we want to be. We've set the foundations. We've built it. We've now got to leverage it. And just to recap, our aim is to drive recurring revenues either through direct sales of our Managed Services, security operations centers or other as-a-service offerings and then upsell our professional services capability or use the strong relationships we build through our professional services to upsell either our Managed Services or security operation offerings. This is what we describe as our flywheel. We have all of the touch points within our client, and it's about leveraging those relationships to get a broader, deeper set of client relationships, the flywheel to deliver the full life cycle of cyber security services. Now this emphasizes why we're able to win and often actually displace our competition. The point of differentiation are things like we have a truly prestigious global client base, an absolutely outstanding set of client credentials. We have broad and very deep client capabilities and multiple client touch points, as I talked about in terms of that flywheel. We're able now, thanks to the build of our global hub in Manila, to deliver globally competitively. And we have a strong brand, particularly amongst the technical community who understand this domain and recognize the pedigree and capability within NCC Group. And I think there are proof points. And certainly, as I look at this business, there are a number of things under the sort of headline numbers, which I think really do reflect the trajectory, which we've set and which we're executing on. So to give you some of those examples, in FY '22, only 72% of our contracts exceeded GBP 50,000. In 2025, that's increased to 82%. That means we are addressing that lower value transactional component, the tail within the business and driving value up. Now 57% of our contracts sold in FY '25 exceed GBP 500,000. That's compared with 31% in FY '22, which is a significant shift into more strategic and therefore, visible impactful projects within clients. I talked about the flywheel and the multiple touch points in clients. Well, very pleasingly, 48% of clients now use 2 or more of our capability areas. So it's a richer, deeper engagement with our clients. Our average win rate in -- since FY '22 has increased for contracts over GBP 500,000 by 26%. That emphasizes we are moving to larger, stickier projects, and we're winning really well. FY '22, we had no strategic global partnerships in the technology space. Now we have Microsoft, Dragos, Splunk, where we were awarded the Global Security Partner of the Year last year. And indeed, last week, we were awarded the UK&I Security Partner. We're also the paid research partner on behalf of Google, who we do security research on and on whose behalf we publish a number of research papers. They're significant and really, really key brands, which I think demonstrate the credibility and the reputation and the abilities of the colleagues within NCC. I talked about a shifting client base and types of projects, particularly in terms of that regulatory component, the momentum in that space. Our Red Team, which is effectively the true hacking team, who operate in that regulated space, have seen sales in H1 FY '25 double compared to previous years. And in fact, it's double the average of every half since FY '18. We're expecting revenue growth in that domain alone to be over 25%. Now it wouldn't be a cyber security conversation without highlighting a very topical area, which is ransomware. And clearly, incidents remain widespread, although trajectionally, they were maybe less in the first half. But what we've seen is a client's response tends to be to turn immediately to the embedded technology relationships. And this emphasizes to us the need to build and maintain long-term conversations at a senior level within the client and to remain stickier as that is -- those are the partners that clients will turn to. I'm very pleased to say there are great examples of how we are continuing to support a number of clients in this domain. Now clearly, quite often, it's highly confidential, but there are names within the public domain, which I'm very happy to mention such as the British Library. There's a very, very good case study about Eindhoven University, where we supported them through a very targeted attack. And Microlise is again another great example where we help them through a very challenging incident. So great work from the team around that, and we continue to be able to respond and support clients around the whole ransomware agenda. Now clearly, if I think about our areas of focus, there are many positives. We operate in a positive marketplace, but it's fair to say we still have challenges as we transform the business. And there are things we need to address and areas to invest. Historically, we've not invested enough in our sales and go-to-market, particularly around business development and marketing. And as we seek to reflect the focus on being a multidisciplinary cyber consulting business, that requires quite a shift. More specifically, we've also need to reengineer our sales and marketing, so it's aligned to strategic client needs, meeting that Chief Information Security Officer, but more importantly, the C-level executive layer buyers requirements. So you'll see us focus on that in the months ahead. There is more to do to simplify our business. Whilst we've already done a huge amount, there's still a lot of work ahead to ensure we have a single coherent go-to-market strategy optimized around delivery across all of our operations and around the world, leveraging the investment we have made in improving our global systems. While we're going to generate acceptable returns or have business that are aligned to our global model, we will continue to rationalize. Finally, upskilling our people. We have a great track record on this, and it remains a significant area for all of us to focus on. We're recognizing the opportunity also, though, to introduce more technology to drive greater efficiency. For example, we've got a really great partnership that is developed with leading providers like Horizon3.ai and their NodeZero technology, which will put AI at the heart of our network penetration testing capability, driving significant efficiencies. So how do I bring all that together? Well, I think if I put it all together, I honestly say I'm more excited about the prospects for NCC now than any time since I've joined. The business fundamentally looks and feels very, very different. We've done an awful lot, huge program of change, and we made great strides forward to position ourselves as the business we want to be. With the potential sale of Escode, we may shortly be able to deliver a significant return of value to shareholders, and that return of shareholder value remains front and center to our minds. After that, we'll be able to focus entirely on our Cyber Security division, which is a series of those unique capabilities and areas that where I think we are very well placed to win in a field that has never seen greater demand. Whilst the short-term results for Cyber Security do not yet reflect, I think, the shift that we'd hoped, we've got great confidence that we are doing the right things, and we'll do so before long. With that, I'm very pleased to pass over to Guy, who will talk you through some of the numbers.

Fantastic. Thank you, Mike, and good morning to you all. So I'm going to spend a few minutes going through our financial performance as normal. So in summary, our revenue was down 4.9% for the overarching reasons that Mike has just set out, and I will provide a breakdown of in the coming few minutes. Strong operational control plus proceeds from the completion of the excellent crypto disposal at the end of March has resulted in a 97.6% increase in our profit before tax and a transformed balance sheet. So in the coming slides, we'll go into the details of the different drivers of all of that at an adjusted measures level. I'm going to start with our income statement. So everyone will be pleased to see this is much simpler than the income statement we talked through in December as we've now fully adopted all of the accounting classification changes we announced a year ago. Overall group revenue dropped by GBP 10 million from the prior year to GBP 156.8 million, driven by Cyber with Escode delivering strongly. Adjusted profit after tax and earnings per share were largely insulated from the revenue falloff as we maintain the benefits of improved operational control of the business that we've established over the last 3 years. Our GP percent improved by 0.4 percentage points. Overhead gains made previously have held, and we've taken action in half 1, which will yield incremental cost benefits in FY '26. Our tax percentage dropped to 8.3% as a result of some North American research and development provision releases and a movement in unrecognized tax deferred assets. The resilience of the P&L and balance sheet is a result of the strategic actions, which Mike mentioned, and good delivery against the FY '25 financial framework that I set out in December and is now shown on this slide. This is the set of financial metrics, which we hold ourselves accountable to and slot in directly against the strategy for the business. As I talk through each division in the coming slides, I'll pull out areas of strength and opportunity from the financial framework, and this absolutely remains relevant to us as we move forward to the second half of this year and into future years and beyond. So looking at divisional performance, I'm going to start with Escode. It has been another excellent half for Escode. As Mike mentioned before, 10 consecutive quarters of growth and increasing number of strategic sales wins. This slide shows on the left-hand side, as normal, the revenue in the bar charts by half for each of our 3 geographies of the U.K., North America and Europe with an income statement beneath it. And to the right-hand side, it shows the revenue by our 2 service lines of escrow and escrow contracts, excuse me, and verification services. Overall, our adjusted EBITDA rose to 44.4%. That's up 3.1 percentage points year-on-year. And that's a result of better pricing, delivering efficiencies through the P&L and cost control towards the bottom line. The business is really well set for the second half of the year and for the future. I'm now going to take Cyber Security, and I'm going to do this across 2 slides. Firstly, talking about the geographical performance and splitting them out by market. And the second slide will show between our 4 capability service lines areas. So similar to Escode, the left-hand side shows the revenue over performance by our 3 key geographies of the U.K. and Asia Pac combined, North America and Europe and the last 4 halves, plus on the right-hand side, we have the income statement. So revenues declined for the reasons that Mike referred to earlier. We focus our efforts on more strategic, better margin but slower sales cycle engagements while operating in a challenging investment market for our clients. What is pleasing is that the GBP 10.2 million drop-off in revenue was mitigated through the P&L, and that's a result of solid utilization, leveraging our global delivery model that which we now have, improved MI and strong overhead control. This was not historically the case. If I look back to the first half and second half of 2023, our gross margins dropped to 32% and 28%, respectively. Our resilience is playing. The U.K. held up strongly pegged back by Asia Pac, which dropped by about 11%. North America fell at 13% at constant currency. It's in this market where we are historically exposed to a greater proportion of transactional and compliance activity, which is under the greatest market pressure for the reasons that Mike mentioned earlier. We have naturally seen a greater drop-off in revenue in this market as it's further to pivot, but it is on that journey, and we can see that in the sales pipeline. Gross profit percentage of the market remained consistent with the previous period, which is in no small part due to the value of our investment in the global delivery and in Manila, where we're now seeing more consistent and normalized utilization. Our EU business going forward will not include the crypto revenue as that sale completed on the 31st of March, as Mike mentioned earlier, the revenue relating to crypto in the first half of the year was GBP 11.5 million. Let's look at the performance by capability. So our 4 capabilities of testing, Consulting & Implementation, Managed Services and Digital Forensics and Incident Response. MS saw some excellent new logo wins in the first half with renewals increasingly competitive. So that did lead to a higher churn in previous periods. We're confident that the MS pipeline will continue to build, and we're very focused on improving our renewals performance. TAS and C&I experienced in the half lower demand for compliance-driven activity, but we're now benefiting from very strong performance in Red teaming, as Mike mentioned, AI complemented services, Identity and Access Management and so forth, where we have invested in the previous 18 months. New logo wins in those new services are already building pipeline across our portfolio, and this is benefiting the flywheel that Mike mentioned earlier. So what has that meant for our net debt position overall? Our balance sheet has transformed. If we think back to May 2022, our net debt was GBP 52.4 million. Since then, we've maintained our highly valued dividend policy for shareholders. We've taken advantage of the markets -- of the opportunity to make an acquisition of shares for our employee trust last December. And we have cleared all of our debt following the disposal of the crypto business in March. There was a working capital outflow of about GBP 7 million. This was around about GBP 5 million higher than normal run rate, circa GBP 3 million -- GBP 3.5 million of that was as a consequence of bonus payments for the stub periods made to our colleagues in December 2024, which didn't occur in the prior periods in comparison. And the remainder was down to a seasonal swing in our movements between payables and receivables. As mentioned recently and announced, we have agreed a new rolling credit facility of GBP 120 million for 4 years this spring. So in summary, despite the decline in Cyber, there is a tangible improvement in the quality of our revenue in both businesses and the Escode momentum continues. Our gross margin has been excellent in Escode, and we expect to hold those gains going forward, and we've demonstrated clear resilience in Cyber. Cost has been controlled, and we've taken action which will reduce costs further in FY '26 and the balance sheet has transformed. With that, I'm going to hand back to Mike.

Thank you, Guy. So in summary, we are continuing to strengthen the business to make it fit for the future. Adjusted EBITDA remains in line with previous guidance, thanks to the strong operational controls Guy highlighted. FY '25 group revenues, excluding noncore disposals, to decline marginally, but with a single-digit growth for Escode as that continues to perform strongly. Our current Cyber pipeline is building, particularly in those areas of investment like Operational Technology and Digital Identity, and we expect to return to revenue growth in FY '26. And as I previously highlighted, the discussions regarding Escode continue with interested parties and updates will follow as appropriate. With that, I will conclude the formal part of the presentation and hand over for questions.

Thank you very much. We have a number of questions that have come in. Our first question is, where do you think you are subscale or missing higher-value capability that can only be addressed organically, but potentially addressed through M&A?

Thank you. So the -- I think we've invested -- we have the chassis and the framework for the business. We've hired the right leadership in some of those areas. Those are predominantly things like Digital Identity, which is at the core actually of every single breach pretty much and also in terms of Operational Technology. To scale those, I think there will be a degree of organic, which we've already done in terms of the hiring and particularly in the leadership team. But wherever there are opportunities for inorganic growth in those domains, we'll obviously look at them as long as they make financial sense. But the leadership and everything else being in place, I think, gives us that the options around those areas. We do continue, and we talked about having strategic flexibility now. Now the balance sheet has transformed, where there are opportunities to either to grow into areas through M&A, we will clearly look at.

Damindu from Peel Hunt has a second question. Could you talk to some sustainable improvements that you've made to the Cyber business across gross margin, global delivery, et cetera, that you think will show up when the market turns?

I'm just trying to sustainable -- so I think the global delivery has been a great example how we're now able to shift work and have a single visibility of all of our delivery colleagues globally. We're able now to identify work and move it to be able to be delivered at a price point which is commercially advantageous. I think that's one of our -- the core shifts from a systems perspective. From the perspective of building capability, I think what will come through in terms of our consulting and implementation offerings is now showing really good trajectory compared to where we were 12 months ago. We had no leadership, no team that has been built from scratch. And I think that is starting to have a very positive impact, both in terms of the way we're winning work, actually displacing competition, but also starting to drive through -- come through in the revenue numbers. So I think those are some of the very positive things, which we've seen embedded now in the business and starting to pay dividends. Guy, if there's anything you want to add to that?

Thank you. Now in order of tank, where is the competition greatest? And where is it more manageable? For example, is compliance-type TAS work now priced out for NCC? And is consulting somewhere you think that you can hold your own? And where Managed Services has not renewed, is it always down to pricing?

Right. There's quite a lot to unpick in that one. I'll try and do it. So from a compliance perspective, we're not priced out. We've now -- we've been able to position ourselves with that more flexible global delivery model, which I think is helping. There will be some work that we -- I think we are now better informed to be able to make a decision on whether it is work we wish to pursue. That was historically not the case. I think that is a really important strategic shift actually to have a much more discerning view about profitability. We're not -- it's not perfect yet, but I think we've made some strategic -- some really significant strides in that. From a perspective of the renewals, I think there are a number of things just to talk about. Firstly, I think the market. If we look at historically, NCC would have played in the mid-market. That is an incredibly competitive area. There are a number of very small boutiques, frankly, buying work. And I think particularly in the U.K. context and actually also in our sort of Northwest Europe, I think quite times, NCC and Fox-IT, our other brand there, has been the party to displace or beat or emulate. So we have seen aggressive competition in that domain. However, the converse side of that is we are winning incredibly important strategic enterprise clients. So that is offsetting it. So that has been an area where we've seen some churn. From a vendor's perspective, there is definitely a market shift. from the point of view of we have a huge Splunk installed base as an example. With the Cisco acquisition, there's some changes in strategy there. But we're seeing a lot of competitors to Cisco and Splunk being very aggressive in the market, looking to swap out in clients. As we get larger, more strategic, bigger deals, those are very different sales. So our sales experience needs to change. So we need longer-term relationships and a very different sales force to achieve that. So that's obviously had quite a bit of an impact. And also, if we look at the sort of the revenue mix in terms of those renewals, our original sort of mid-market deal size was probably in the low GBP 100,000 type region. We're now seeing 7-figure per annum recurring revenues from some of the strategic deals. So there's a bit of a revenue mix. So it's quite a -- it's a fluid, very competitive market in the Managed Services space, but I think we're starting to see ourselves being positioned pretty well for the future.

Thank you. Our next question is a number of listed Cyber Security companies have been talking about increased focus on cost takeouts and demand for flexible purchasing, basically reduced spend without reducing protection. Are you now better able to accommodate these requests given global resourcing and ability to price better due to better tooling like Kantata?

Yes. So the answer -- the short answer is yes. It's very interesting. That is very much one of the strategic shifts and changes in buyer behaviors that I talked about. There is definitely a need for conversations within clients to be able to do more with the same or indeed more with less of driving efficiencies. That is one of those strategic conversations, which historically, we would just not have been positioned to be able to capitalize on it just become a price discussion. Now we far better be able to talk about driving efficiencies, operational gains for clients, whilst working in partnership. That is quite a seismic shift for us.

Our next question is from Tintin at Deutsche Numis. Can you give a sense of the size and shape of the M&A you would consider in Cyber Security? Given historic problems in properly integrating previous acquisitions, how would you go about avoiding those?

So we don't have a limit in our minds, either large or small. It would clearly need to be something, which is strategically sensible for shareholders. So we're prudent about that and it's something we're very confident about being able to deliver. Mike has spoken at length over the last few years about getting to a kind of consistent chassis of the business and making sure that whatever we do is integratable into what we have rather than buying something to leave it as a bolt-on on the side of business. So that would be clearly a very key criteria that it's something which we can execute. We've gone through an awful lot of change as a business. So internally, the colleagues have delivered an amazing amount of change over the last 2, 3 years, as Mike spoke about. And if we're going to bring more change in the business, we'll make sure that we can build on that capability we have now developed in terms of an ability to change and move the organization and adapt and it would be kind of building on those strengths. And we're building on the strength of the existing business rather than to fill in geographical weaknesses. I think we could certainly say it wouldn't be about flag planting into the Far East, for example.

Damindu has another question. Could you give us more color into the strategic high-value contracts, so over GBP 0.5 million, where you've made good progress on. What progress have you made across the key areas within Cyber to move up the value chain? For example, have you managed to double the red team size?

Yes. So let me give you an anonymous but real example of a recent win that we have, which is a utility company where we are now, and this is a 7-figure project. So it's not one of the GBP 500,000, Damindu. It is a 7-figure deal where we are helping them assess, design and then implement the Operational Technology and Cyber Security controls in that domain, which is a displacement of a very well-known competitor. Those are the sorts of highly impactful projects, which are multi-month in duration, which are something historically we probably would have done on a very ad hoc basis and would have been very unusual. It's a great example, I think, of hiring the right leadership, putting the right team around them and then driving that into the market. So that's one example. In terms of some of the Managed Services, we've -- we're now operating -- and TikTok again is one where I'd highlight the things we are doing there, which is just phenomenal in terms of, frankly, protecting the users across the whole of Europe and engaging with the regulators to talk about some of those things. It's just a phenomenal example of really clever thinking having strategic impact and huge value at a level where we are having regular touch points and engagement, not at the technical -- not just at the technical level, security level, but actually at a senior regulatory, legal, CEO to CEO conversation.

Our next question comes from Julian Yates of Investec. Can you talk about how you see TAS in a couple of years' time in terms of margins and mix of higher-end value contracts? How much lower end do you think needs to fall away still?

Sorry, I missed that one, sorry.

So the question is on TAS, to what extent do we think the lower end will continue to fall away? And how should we think about margins? So I think on margins first, we're not seeing -- we now have a level of MI that never used to exist to be able to see what our profitability on engagements is, and we're able to price on a profitability basis, whereas we used to price on a day rate basis. So there's definitely an element now of some of the fall away is we're not bidding for work, which was never going to be profitable, which I think we're pretty relaxed about. There are -- within the margin, though, even at the kind of the more transactional level, there are investments that we're making into the utilization of software and into the global delivery model in terms of where work is delivered and training, which will mean that we'll have a lower cost to serve model to our clients, which will enable us to reduce day rates for them, providing better value. So we don't see this as something -- this is not bad work. This is good work. There's things that we can do through our globalized model to make that very compelling to come to us from a cost point of view as well as the fact that we're renowned as having the very best people and people do a fantastic job. So -- and the overlay to that is the demand profile is famously difficult to predict in those works. It does depend on, candidly, the overall investment environment for our clients and the way in which they're engaging programs and projects.

And just maybe just a couple of builds on that because I think, firstly, there's a question about the red teaming, the highly -- the regulated piece. Regulation is doing nothing but increasing. And the model of being able to use very skilled, capable individuals to test an organization's defenses is not going to go away from a regulatory perspective. We have probably the world's largest dedicated Red Team penetration testing capability. And they are, frankly, outstanding and have brilliant reputation in the marketplace, and that is where we're seeing significant growth from the perspective from that regulatory piece. The other really important piece about the technical assurance work, and I think it's worth emphasizing is there is the client buying patterns, then there's the skill sets. And I think we need to be careful not to conflate the 2. Whilst the way clients may buy and what they may buy, may not be at the point we want to generate the profits, those skill sets are highly useful. And we are seeing in terms of our repositioning and the story and the engagement we're having with clients, those skills are still incredibly useful to support clients in some of their strategic challenges. So for example, we've recently won a project for a client who, again, have to remain anonymous, where we are providing at scale assurance over their code base. And so the technical assurance, skill sets that we've got have been redeployed to support them on that strategic challenge. So still very useful, incredibly highly utilized and as a result, incredibly profitable work. So rather than doing small transactional pieces of work using those skill sets, we're now deploying them on truly impactful strategic projects. So I think differentiation between what clients are buying and how versus what our skill sets are and our skill sets remain incredibly in demand.

Thank you. Our next question on consulting. Can you talk more about the growth coming through into H2 and full year '26? Looks very strong. What are you delivering? Are you able to sell in a number of capabilities, increasing client depth? And how sustainable or scalable would you see the path forward?

So the sort of engagements that we are seeing around the consulting space, and I mentioned Digital Identity, Operational Technology and those change programs associated with those. Those are particularly sticky types of projects, which are driving the pipeline growth from 0 from a starting base. So that's very good. If I take Digital Identity as a great example, those tend to be long-term projects that can start with an assessment, strategy piece, but then go into the implementation of various tools, driving operational efficiencies within the client. The really great thing that we have already seen from the very start point is they have a pull-through of our other services as well. And that's, again, really fundamentally important to us because what we want to drive -- be able to drive is those multi-capability relationships where we have skills all brought together to solve the client's problem. And Digital Identity is proving a great example of that already.

Our next question from Tintin again. Fox Crypto contributed GBP 11.5 million of revenue and adjusted EBITDA of GBP 2.9 million within the half year results you announced. What was the year-ago comparator? That was a 25% EBITDA margin. Are there areas of the cyber market you can enter that hold that level of margin to?

So I will confess that I don't know the EBIT number from the same period for Crypto on its own for the prior period. So I'm going to have to get back to you on that, Tintin. Apologies.

Follow-on question from Damindu. Can you talk to your go-to-market engine? How can this be better? For example, what sales motions are in place to sell more capabilities to the 52% or clients who use less than 2%? Can consulting be the spearhead for doing this?

The short answer is, yes, consulting can be part of that. So again, if we take the historic sales motion that we would have had in place was very traditional. It was almost a product sales mentality. So we have a sales team who would approach a client and sell our service, the service. What we are now seeing, particularly in those larger scale projects is whilst the initial opportunity may be identified by a salesperson, it is very much often -- it becomes a team sport where we have consulting are actively engaged to shape, scope, scale those opportunities. We have presales involved. We have a commercial team involved in terms of the pricing model. So it becomes a whole team approach, which is, again, really very, very different, not only operationally, but culturally from where we were 2 years ago. And I think some of those examples of the utility I gave, of the confidential client I gave of TikTok, you've seen that really coming through. And actually, the engagement level and the way we manage stakeholders as a result of that on an ongoing basis is really fundamentally different. But it's something that we've got to scale. And again, we go from where we were to where we are to where we want to be. That is an evolution, which is it's not easy to do. It involves people. It's sometimes very easy to say, but people are at the heart of this, and we've got to make that change culturally and bring some of our people on the journey with us fill that.

Our next question is from Andrew Ripper of Panmure Liberum. Why did deferred revenue in the balance sheet fall by GBP 6 million year-on-year? How would you characterize the mix of business in TAS? How much is lower than -- how much is lower-end transactional revenue?

So in terms of the deferred revenue, I won't give a kind of detailed breakdown on that. There were some balance sheet movements and there's some seasonality swings as we changed kind of the year-end. So the second part of the question was the margin on lower-end TAS work. Was that -- I think we don't see that as being different from other margin. I wouldn't want there to be -- and we're not going to start reporting gross margin by different kind of TAS capabilities and different skill sets within TAS. But we certainly don't operate on a basis of kind of loss leading or operating more commodity work at a much lower margin. That's not the way we operate the business.

Our next question is from Oliver Tipping at Peel Hunt. Back at your Escode Capital Markets Day, which was about a year ago, you mentioned that you were starting out operations in Australia with a few -- with a view to formulate a blueprint for taking Escode to new geographies. I just wanted to check how this has gone. Do you feel there are opportunities abroad and where the brand is less well known, noting Europe and the U.S. are both down?

So we did deploy capability to Australia and literally from a standing start. We started to see positive progress in terms of the pipeline and revenues from that point of view. It is generating, I think, a good option for us for the future. We're seeing probably more significant opportunity developing in the Middle East. And I know we talked about at the Capital Markets Day, some of the client wins such as Doha Metro. We've seen that trajectory continue, which gives us some really, really positive feel for what the opportunity is in that as a market. And we continue to look at options and how best to invest in that as a geography. So definitely starting to see some of those things, and we definitely believe that there is upside in other geographies, particularly where there is increasing regulation for escrow-type services.

Our next question from Martin O'Sullivan at Shore Capital. Have you noticed any shifts in the competitive landscape, such as changes in day rate pricing or increased activity in Cyber from value-added resellers?

Well, from value-added resellers, I can't say the competition that we have seen most of the competition tends to be from a consulting services-type perspective. We are definitely seeing price pressures. And I mentioned particularly around that renewal space where there are a number of boutiques who are trying to buy market share and trying to grow aggressively with all of the challenges that subsequently come from that. But those tend to be our main sort of areas of competition. Again, it depends by service. Quite often, it can range from the sort of the mega SIs to some particular niche boutiques depending upon the service and the client requirement.

We have another question from Andrew Ripper. How much visibility do you have in Cyber? Can you quantify the pipeline and how that's changed in the last 6 to 12 months? How much confidence can you have in the return to growth in full year '26? And do you expect that return to growth to happen in the first quarter of that financial year?

So we now have single instance of sales force across the whole organization. That's part of the transformation change, and we're kind of -- we're seeing improved disciplines about how that's being used. We can see by month and the sales pipeline by stage is now set out, and you can see very clearly that the opportunity creation that Mike spoke about back in December actually has converted into sales orders and particularly in consulting and to a lesser but positive extent in TAS, we can see how that's turning into confirmed sales now and is beginning to drop into the diary into the second half of the year. So yes, that does give very good comfort that we're expecting strong growth in consulting in the second half of this year off the back of seeing what we can see in salesforce and what's in the diaries. And yes, we're pretty confident we return to growth in FY '25 -- '26, excuse me. We're in '25.

We have another question from Martin O'Sullivan. I'd be interested to hear your thoughts on AI agents that simulate ethical hackers and offer continuous penetration testing as a service. I believe you mentioned that your deployment of Horizon3.ai is expected to deliver significant efficiency gains. Could you elaborate on how those benefits will be achieved and when your team will be fully up and running with these AI-driven pen testing agents?

So yes, absolutely. So if I take our partnership with Horizon3.ai, that is a great example where we've taken the view is about partnering with the best in the marketplace, embedding it in with our talent to drive an efficiency in the way we deliver particular elements of our work. So reducing the amount of, frankly, time that a consultant has to work on a particular type of test by using the agents is a big part of that. We're also deploying agents increasingly within the context of our Managed Services. That's really important. Within our own organization in terms of -- from an operational perspective, we're also using AI to help drive efficiencies in terms of, for example, proposal generation. That's another element of our AI strategy. But it continues to evolve. And I think AI is about use cases. It's not about the technology and really understanding how you deploy it. A great example is we've very -- been very clear upon the strategy about NodeZero and how we deploy that in our network penetration testing. We have a team which have deployed it. They've taken it to market. They're working very closely with our sales team in a geography, proving it, working closely with clients, refining it, and then we're rolling it out on a global basis. So like I say, this is evolving really quickly. AI is clearly top of mind for many people, but having a very clear use case and being very deliberate about how you execute on it is pretty key.

We have 2 questions now from Bob from Zeus. Digital Forensics and Incident Response revenues have fallen consistently for 4 quarters straight. What trends are you seeing in that business and market?

So by the nature of Incident Response, it's highly flexible. And increasingly, we're deploying people and teams from across the business as part of an Incident Response rather than it being all about a single dedicated team. It requires a multidisciplinary response, whether it's from -- so a great example, if we are supporting a breach, actually an increased part of it would be the crisis management component, which comes from our consulting domain. A big part of the sort of the response would come from our engineering domain. So in technical assurance, for example. And the Incident Response team are very much the blue light responders. So the flex -- and this is a really important part in terms of having the multi-capability and multidisciplinary team. It is about all of them coming together to deliver something to a client. So it's not always just about the individual team. But incidents, I think, are -- do vary. I think we saw a reduction in the number of incidents we certainly responded to in the first half. That has changed significantly in the second half. So there is a flexibility to it. But I would bake it all together in terms of how we're servicing clients rather than very much it's a small team doing one thing.

His follow-on question is, we did not see a reiteration of medium-term guidance in your press release. Are you still confident of reaching mid-teen growth in margins in Cyber Security?

Yes. So what we'd expect to see next year is revenue growth of 4% to 5% in Cyber, in terms of what we can see in the books at the moment. We would expect our gross margins to tick up from where they are today back to the kind of 37%, which we normally talk about 37%, 38%. There are -- inevitably, most businesses are facing some cost headwinds, and we've also got the benefit of some cost-saving activity that we've done. I do believe we're on track to head towards mid-teens EBITDA, and we can absolutely see a kind of a route to getting there. Whether we get there in FY '26 will depend a little bit on some of the market tailwinds and how consistent the investment arena remains for our clients.

We have one last question. The Cyber Security platformization, vendor rationalization seems to be in full swing. And when you listen to results meetings from the likes of Palo Alto Networks, Zscaler, CyberArk, CrowdStrike, it sounds like managed partners and integrators are crucial enablers for them. Are you taking active steps to broaden your vendor relationships beyond the ones you mentioned?

Yes. We are -- it is a very active element of our strategy. And I do come back to the point I made in the slide deck, which is in 2022, we had 0. Now we've got some of the largest in the world. And again, I think it's a testament to the hard work because these require legal support, legal -- our legal team have been very actively engaged on a number of topics as we've gone through the process for the last few years, not least 3 disposals. So the answer is yes, and we have a very active plan. We are very close to a number. It is an element of our strategy.

Thank you very much. There are no further questions. So Mike, I'll hand back to you for any closing remarks.

I will just close by saying thank you very much, again, reflecting my thanks to the whole of NCC Group for an incredible amount of work to get us into a far more resilient position and very confident for the future and exciting times ahead. Thank you very much.